Unauthorized Access The Crisis in Online Privacy and Security

Going beyond current books on privacy and security, Unauthorized Access: The Crisis in Online Privacy and Security proposes specific solutions to public policy issues pertaining to online privacy and security. Requiring no technical or legal expertise, the book explains complicated concepts in clear, straightforward language. The authors—two renowned experts on computer security and law—explore the well-established connection between social norms, privacy, security, and technological structure. This approach is the key to understanding information security and informational privacy, providing a practical framework to address ethical and legal issues. The authors also discuss how rapid technological developments have created novel situations that lack relevant norms and present ways to develop these norms for protecting informational privacy and ensuring sufficient information security. Bridging the gap among computer scientists, economists, lawyers, and public policy makers, this book provides technically and legally sound public policy guidance about online privacy and security. It emphasizes the need to make trade-offs among the complex concerns that arise in the context of online privacy and security.

Introduction Introduction The Good, the Bad, and the In Between Making Trade-offs ValuesPolitics Today and Tomorrow: Web 1.0, 2.0, 3.0 A Look Ahead An Explanation of the Internet, Computers, and Data Mining Introduction Primer on the InternetPrimer on Computers Primer on Data, Databases, and Data Mining Norms and Markets Introduction Norms Defined Coordination NormsValue Optimal NormsNorms and MarketsNorms and Game Theory Informational Privacy: The General Theory Introduction Personally Identifiable: A Distinction without (Much of) a Difference The Requirement of Free and Informed Consent Problems with Notice and Choice Informational Norms Ensuring Free and Informed Consent The Ideal of Norm Completeness Informational Privacy: Norms and Value Optimality Introduction Direct Marketing: Retailers as Information BrokersInformation Aggregators The Health Insurance IndustryMore Examples Collaborate or Resist? Software Vulnerabilities and the Low-Priced Software Norm Introduction What Buyers Demand Strict Liability Negligence Product Liability for Defective Design The Statutory Alternative We Are Trapped and Only Legal Regulation Will Release Us Three Examples of Value Optimal Product-Risk Norms The Low-Priced Software NormWe Need to Create a Value Optimal Norm—but What Should It Be? Software Vulnerabilities: Creating Best Practices Introduction Best Practices Defined Best Practices for Software Development Creating the Best Practices Software NormNorm Creation in Real MarketsUnauthorized Access: Beyond Software Vulnerabilities Computers and Networks: Attack and Defense Introduction Types of Doors Attacks on Availability Attacking Confidentiality: Hanging Out in the Neighborhood Attacks on Authentication Attacks on Integrity Multiplying, Eliminating, and Locking Doors Posting GuardsLoc king and Guarding Doors Is Hard and We Do a Poor Job Should ISPs Lock Doors and Check Credentials? Malware, Norms, and ISPs Introduction A Malware Definition The Malware Zoo Why End-User Defenses Are So Weak The "End-User-Located Antivirus" NormFire Prevention and Public Health Compare Malware Is Better Protection Worth Violating Network Neutrality?The Value Optimal Norm Solution Malware: Creating a Best Practices Norm Introduction Current Best Practices for ISP Malware Defense An Additional Wrinkle: The Definition of Malware Is Not Fully Settled Defining Comprehensive Best Practices Creating the Norm Norm Creation in Real Markets The End-to-End and Network Neutrality Principles Has Our Focus Been Too Narrow? Was Our Focus Too Narrow in Another Way? Tracking, Contracting, and Behavioral AdvertisingIntroduction Behavioral Advertising and the Online Advertising Ecosystem How Websites Gain Information about You: Straightforward Methods Other Ways of Getting Your Online Information What Is Wrong with Behavioral Advertising? The Second-Order Contractual Norm How the Norm Arises in Ideal Markets Real Markets: How the Coordination Norm Arises The Lack of Consent to Pay-with-Data Exchanges From One-Sided Chicken to Value Optimal Norms IntroductionChicken with Cars The Pay-with-Data Game of One-Sided Chicken Norm Creation in Perfectly Competitive Markets Norm Creation in the Real Market Does Facebook Play One-Sided Chicken? Do-Not -Track Initiatives More "Buyer Power" Approaches to Norm Generation Two Versions of the Best Practices Statute Approach Prisoner’s Dilemma The Need for Trust If We Fail to Create Norms The Big Data Future Index Notes, References, and Further Reading appear at the end of each chapter.

Robert H. Sloan is a professor and head of the Department of Computer Science of the University of Illinois at Chicago. He has published extensively in the areas of computer security, theoretical computer science, and artificial intelligence. He received a PhD in computer science from the Massachusetts Institute of Technology. Richard Warner is a professor and Norman and Edna Freehling scholar at the Illinois Institute of Technology Chicago-Kent College of Law, where he is the faculty director of the Center for Law and Computers. He is the director of the School of American Law, which has branches in Poland, Ukraine, and Georgia; editor-in-chief of Emerging Markets: A Review of Business and Legal Issues; and a member of the US Secret Service’s Electronic and Financial Crimes Taskforce. He received a PhD in philosophy from the University of California, Berkeley, and a JD from the University of Southern California. His research interests include privacy, security, contracts, and the nature of values and their relation to action.