(These notes are mainly from Snyder's chapter on privacy and security.)
Snyder's definition: "the right of people to choose freely under what circumstances and to what extent they will reveal themselves, their attitude, and their behavior to others."
What have they got to hide? Dating for Dummies.
A range of possibilities for control of business transaction information:
Snyder notes that in Europe or several other places, law and standards are between (1) and (2), but closer to (1); in the US, law and standards are between (3) and (4), but closer to (4). How do you feel about the fact that as an American, you have less legal protection of the right of privacy than Europeans?
OECD Fair Information Practices (Organization of Economic Cooperation and Development — 29 country organization mostly concerned with international trade; the USA is a member)
Eight principles (for information collectors and holders, e.g., corporations doing business with individual consumers, employers, medical care providers, insurers, government agencies):
The US does NOT have privacy laws based on the OECD principles; the European Union does, and many non-EU nations such as Australia, Switzerland.
Instead, the US takes a piecemeal ("sectoral") approach to regulating privacy. Specific laws cover, e.g., electronic communication, video rentals, drivers' privacy (BMV records). HIPPA (medical information, enacted 1996, took effect 2003), FERPA (education, 1974).
Is this better or worse?
Whether it's better or worse for individual Americans, it presents a problem for US business doing business with Europeans. The US Department of Commerce developed a Safe Harbor program in which US companies can certify that they comply with European privacy laws, enabling them to transfer personal data from Europe. But does this protect U.S. citizens?
We will skip the heavy math and just note the most important points.
Simple ciphers transform each letter or character of a message in a uniform way, for example, a → b, b → c, ..., y → z. The key in this case is 1, because we are adding one to each character code, or shifting each letter by one position.
Birthday → Cjsuiebz
Because of statistical regularities, simple ciphers are easy to break. E.g., whatever character occurs most frequently most likely represents E, the most frequent character in English writing.
Besides, there are only 26 ciphers of this kind; with computers, it would be easy to try all 26 in an attempt to crack the code.
Both sender and receiver need to possess the key, so this is called a "private key" system.
A weakness in private key encryption: how can sender and receiver securely agree on which key to use? If someone is intercepting their messages … A big problem for Internet commerce.
Solution: public key encryption. The ingenious idea developed by Whit Diffie and Martin Helman, 1976.
Use two keys: one, the public key, to encrypt; the other, the private key, to decrypt. The public key is the product of two large prime numbers (typically a few hundred or thousand bits). The private key is derived from the prime numbers in another way (for the curious, the formula is at the top of page 499).
Prime numbers are numbers like 2, 3, 5, 7, 11, 13, ..., which are divisible without remainder only by themselves and 1. For example, 10 is not prime, because it can be divided by 2 and 5 without remainder.
Why does this work? If the public key is public, can't the snooper reconstruct the private key from it? The answer depends on the difficulty of factoring large numbers into primes. The only known algorithms for doing this employ a brute force technique of trying each prime number in turn as a potential divisor — it just takes huge amounts of time to do this, even for supercomputers
Example: what are the prime factors of (decimal) 199201? Is it divisible by 2? 3? 5? 7? 11? You can see this is going to take a while.
US Government Encryption Policy
The US government for a long time suppressed strong encryption, especially its export, fearing what criminals and terrorists could do with it, but at the same time putting a big obstacle in the way of international e-commerce. Now we seem to recognize that encryption protects the privacy of all of us.
Internet commerce depends heavily on encryption (
https) to secure credit card numbers and other private data.
Especially since the terrorist attacks on September 11, 2001, Americans have increasingly had to balance the needs of security and privacy. How do you balance two such important needs? Very carefully, I hope!
Most frequent application? https
My contact page tells you my public key so you can send me an encrypted email.
IU East does not provide any encryption software in the computer labs; however, if you have a good email program (MUA) on your home or office computer, it probably contains a plugin for encryption.
Demonstration: KGpg or GPA on Linux via VNC
(Incidentally, notice how easy Linux is to use)
Digital signatures. Ever wonder if email you received was really from the person who seemed to have sent it? Digital signatures use public key encryption in reverse to provide verifiable signatures. The sender uses his/her private key to encrypt the message; the receiver uses the sender's public key to decrypt the message. If the decryption works, the message could only have been sent by someone possessing the sender's private key.
Also used in distributing software: software developers digitally sign their product, so users will know it is genuine.
Back up important data systematically and regularly — or risk massive loss of data!
How many have experienced this?
When disposing of old disks or other storage media, do not just throw them away. Securely remove sensitive data first. This requires more than just erasing files; you have to "shred" the data. There are various ways to do this, ranging from the GNU shred program to physically smashing disks.