The Crisis in Online Privacy and Security
CRC Press – 2013 – 398 pages
Going beyond current books on privacy and security, Unauthorized Access: The Crisis in Online Privacy and Security proposes specific solutions to public policy issues pertaining to online privacy and security. Requiring no technical or legal expertise, the book explains complicated concepts in clear, straightforward language.
The authors—two renowned experts on computer security and law—explore the well-established connection between social norms, privacy, security, and technological structure. This approach is the key to understanding information security and informational privacy, providing a practical framework to address ethical and legal issues. The authors also discuss how rapid technological developments have created novel situations that lack relevant norms and present ways to develop these norms for protecting informational privacy and ensuring sufficient information security.
Bridging the gap among computer scientists, economists, lawyers, and public policy makers, this book provides technically and legally sound public policy guidance about online privacy and security. It emphasizes the need to make trade-offs among the complex concerns that arise in the context of online privacy and security.
"… a guide though the thicket of contradictions and trade-offs in this area. … The well-written collection of 12 chapters starts with the basics of computing, networking, and data mining, and proceeds through systems vulnerabilities, attacks, and defenses, all within the perspectives of costs (economy), law, social engineering, and public policy. … Highly recommended"
—J Beidler, University of Scranton for CHOICE Magazine, April 2014
"Sloan and Warner’s new book comprehensively analyzes consumer privacy and security from a game theoretic viewpoint. Their approach crisply explains both consumer and firm behavior and offers useful predictions for where market or regulatory approaches are needed for consumer protection."
—Chris Jay Hoofnagle, Lecturer in Residence, UC Berkeley Law
The Good, the Bad, and the In Between
Today and Tomorrow: Web 1.0, 2.0, 3.0
A Look Ahead
An Explanation of the Internet, Computers, and Data Mining
Primer on the Internet
Primer on Computers
Primer on Data, Databases, and Data Mining
Norms and Markets
Value Optimal Norms
Norms and Markets
Norms and Game Theory
Informational Privacy: The General Theory
Personally Identifiable: A Distinction without (Much of) a Difference
The Requirement of Free and Informed Consent
Problems with Notice and Choice
Ensuring Free and Informed Consent
The Ideal of Norm Completeness
Informational Privacy: Norms and Value Optimality
Direct Marketing: Retailers as Information Brokers
The Health Insurance Industry
Collaborate or Resist?
Software Vulnerabilities and the Low-Priced Software Norm
What Buyers Demand
Product Liability for Defective Design
The Statutory Alternative
We Are Trapped and Only Legal Regulation Will Release Us
Three Examples of Value Optimal Product-Risk Norms
The Low-Priced Software Norm
We Need to Create a Value Optimal Norm—but What Should It Be?
Software Vulnerabilities: Creating Best Practices
Best Practices Defined
Best Practices for Software Development
Creating the Best Practices Software Norm
Norm Creation in Real Markets
Unauthorized Access: Beyond Software Vulnerabilities
Computers and Networks: Attack and Defense
Types of Doors
Attacks on Availability
Attacking Confidentiality: Hanging Out in the Neighborhood
Attacks on Authentication
Attacks on Integrity
Multiplying, Eliminating, and Locking Doors
Loc king and Guarding Doors Is Hard and We Do a Poor Job
Should ISPs Lock Doors and Check Credentials?
Malware, Norms, and ISPs
A Malware Definition
The Malware Zoo
Why End-User Defenses Are So Weak
The "End-User-Located Antivirus" Norm
Fire Prevention and Public Health
Is Better Protection Worth Violating Network Neutrality?
The Value Optimal Norm Solution
Malware: Creating a Best Practices Norm
Current Best Practices for ISP Malware Defense
An Additional Wrinkle: The Definition of Malware Is Not Fully Settled
Defining Comprehensive Best Practices
Creating the Norm
Norm Creation in Real Markets
The End-to-End and Network Neutrality Principles
Has Our Focus Been Too Narrow?
Was Our Focus Too Narrow in Another Way?
Tracking, Contracting, and Behavioral Advertising
Behavioral Advertising and the Online Advertising Ecosystem
How Websites Gain Information about You: Straightforward Methods
Other Ways of Getting Your Online Information
What Is Wrong with Behavioral Advertising?
The Second-Order Contractual Norm
How the Norm Arises in Ideal Markets
Real Markets: How the Coordination Norm Arises
The Lack of Consent to Pay-with-Data Exchanges
From One-Sided Chicken to Value Optimal Norms
Chicken with Cars
The Pay-with-Data Game of One-Sided Chicken
Norm Creation in Perfectly Competitive Markets
Norm Creation in the Real Market
Does Facebook Play One-Sided Chicken?
Do-Not -Track Initiatives
More "Buyer Power" Approaches to Norm Generation
Two Versions of the Best Practices Statute Approach
The Need for Trust
If We Fail to Create Norms
The Big Data Future
Notes, References, and Further Reading appear at the end of each chapter.
Robert H. Sloan is a professor and head of the Department of Computer Science of the University of Illinois at Chicago. He has published extensively in the areas of computer security, theoretical computer science, and artificial intelligence. He received a PhD in computer science from the Massachusetts Institute of Technology.
Richard Warner is a professor and Norman and Edna Freehling scholar at the Illinois Institute of Technology Chicago-Kent College of Law, where he is the faculty director of the Center for Law and Computers. He is the director of the School of American Law, which has branches in Poland, Ukraine, and Georgia; editor-in-chief of Emerging Markets: A Review of Business and Legal Issues;and a member of the US Secret Service’s Electronic and Financial Crimes Taskforce. He received a PhD in philosophy from the University of California, Berkeley, and a JD from the University of Southern California. His research interests include privacy, security, contracts, and the nature of values and their relation to action.