Monday, February 9, 2009

Form4 : 1.2.2.1 List ways to protect privacy.

LESSON 9
PRIVACY IN COMPUTER USAGE



WHAT IS PRIVACY?
Privacy in IT refers to data and information privacy.

Data refers to a collection of raw unprocessed facts, figures and
symbols. Then, computer is used to process data into information. In
general, data include texts, numbers, sounds, images and video.

Information privacy is described as the rights of individuals and companies to deny or restrict the collection and use of information about them.


WAYS COMPUTER TECHNOLOGY THREATEN OUR PRIVACY

Every time you click on an advertisement or register a software product online, your information is entered into a database. Computer technology can also threaten privacy through spam. Do you know what spam is? Spam is unsolicited e-mail messages, advertisements or newsgroup postings sent to many recipients at once.

How does computer technology threaten the privacy of our data?

It is done through:

• Cookies
• Electronic profile
• Spyware

Computer technology threatens our privacy through electronic profiling. For example, when we fill out a form such as a magazine subscription, purchasing products or contest entry form on the Internet, this data is kept in the database. It will include age, address, marital status and other
personal details.

Cookies
• are used to identify users by web casting,e-commerce and other web
applications
• contain user information and are saved in the computer hard disk
• are used by some websites to store passwords and track how regularly we
visit a website, that’s how we become potential targets for web advertisers
• enable web sites to collect information about your online activities and
store them for future use, then the collected details will be sold to any
company that requests for it.

Electronic profile
• electronic profile is the combining of data in a database that can be sold
to the Internet by the company to the interested parties.
• this database is in a form such as magazine subscription or product
warranty cards that had been filled by online subscribers.
• the information in electronic profile includes personal details such as your
age, address and marital status.

Spyware
• refers to a program that collects user information without the user’s
knowledge.
• can enter computers, sneaking in like a virus.
• is a result of installing new programs.
• communicates information it collects to some outside source while we are
online.


WHY DO WE NEED PRIVACY?
We need privacy for anonymity. For example, the Internet creates an elaborate trail of data detailing a person surfing on the Web because all
information is stored inside cookies. We do not want our trail to be detected.

We also need privacy for confidentiality. For example, online information generated in the course of a business transaction is routinely used for
a variety of other purposes without the individual’s knowledge or consent.

We do not want our private lives and habits exposed to third parties.

CAN PRIVACY BE PROTECTED?
Privacy can be protected by:

(a) Privacy law
The privacy laws in Malaysia emphasises on the following:
• Security Services to review the security policy
• Security Management to protect the resources
• Security Mechanism to implement the required security services
• Security Objects, the important entities within the system environment

(b) Utilities software
Example: anti-spam program, firewall, anti-spyware and antivirus.


1.2.2.2 - State authentication and verification methods/technologies.

AUTHENTICATIONS

Authentication is a process where users verify that they are who they say they are. The user who attempts to perform functions in a system is in fact the user who is authorised to do so.

For Example : When you use an ATM card, the machine will verify the validation of the card then the machine will request for a pin number. This is where the authentication process takes place.

METHODS OF AUTHENTICATION
There are two commonly used authentication methods, which are biometric device and callback system.

Biometric device is a device that translates personal characteristics into a digital code that is compared with a digital code stored in the database.

Callback system refers to the checking system that authenticates the user.

BIOMETRIC DEVICES

Fingerprint Recognition
In order to prevent fake fingers from being used, many
biometrics fingerprint systems also measure blood flow, or check for correctly arrayed ridges at the edges of the
fingers.

Facial Recognition
Facial recognition analyses the characteristics of an individual's face images captured through a digital video camera. Facial recognition is widely used, touted as a fantastic system for recognising potential threats
(whether terrorists, scam artists, or known criminals).

Hand Geometry Scanning
Hand scanning involves the measurement and analysis
of the shape of one's hand.

Unlike fingerprints, the human hand isn't unique.
Individual hand features are not descriptive enough for
identification.

It is possible to devise a method by combining various individual features and measurements of fingers and hands for verification purposes.

Iris Scanning
Iris scanning analyses the features that exist in the
coloured tissues surrounding the pupil which has more than 200 points that can be used for comparison, including rings, furrows and freckles.

The scans use a regular video camera and can be done from further away than a retinal scan.It will work perfectly fine through glasses and in fact has the ability to create an accurate enough measurement that it can be used for identification purposes.

The accuracy of this method is excellent while the cost involved is high.
Retinal Scanning
Retinal biometrics involves the scanning of retina and analysing the layer of blood vessels at the back of the eye.

Retinal scanning involves using a low-intensity light source and an optical coupler and can read the patterns at a great level of accuracy.

Retina scanning requires the user to remove glasses, place their eye close to the device, and focus on a certain point. Whether the accuracy can outweigh the public discomfort is yet to be seen.

The accuracy in retinal scanning is very good and the cost involved is fair.

Voice Recognition
Voice recognition system compares a person’s live speech with their stored voice pattern.

Voice recognition biometrics requires user to speak into a microphone. What he speaks can be his password or an access phrase.

Verification time is approximately 5 seconds. To prevent recorded voice
use, most voice recognition devices require the high and low frequencies of the sound to match, which is difficult for many recording instruments to recreate well. Also, some devices generate random number of sequences for
verification.

The accuracy in voice recognition is fair and the cost involved is very reasonable.


Signature Verification System
Signature verification system uses special pen and tablet. After pre-processing the signature, several features are extracted.

The authenticity of a writer is determined by comparing an input signature to a stored reference set (template) consisting of three signatures.

The similarity between an input signature and the reference set is computed using string matching and the similarity value is compared to a threshold.

The accuracy in signature verification system is fair and the cost involved is excellent.

CALLBACK SYSTEM
The callback system is commonly used in the bank operation and business transaction.

For example, when you book for the taxi service, the operator will ask you to hang up and she will call you back to confirm for the service required.

WHY IS AUTHENTICATION IMPORTANT?
Authentication is important in order to safeguard against the unauthorised access and use.

VERIFICATION
Verification is the act of proving or disproving the correctness of a system with respect to a certain formal specification.

METHODS OF VERIFICATION
There are two methods commonly used in verification, which are user identification and processed object.

User identification refers to the process of validating the user.

Processed object refers to something the user has such as identification card, security token and cell phone.

USER IDENTIFICATION
The examples of validating process using the user identification are:

• Key in the user name to log-in to a system and the system will verify whether the user is valid or invalid user
• Show the exam slip to verify that you are the valid candidate for the exam.
• show a passport before departure.

PROCESSED OBJECT
The examples of validating process using the processed object are:
• the policeman will check on the driver’s license to identify the valid driver
• employees have to swipe their security card to enter the building
• buy blouses at the mall using a credit card

Labels