1

Compiled: Er. Ayush Shrestha

Introduction to E-Commerce
PRINCIPLES OF MANAGEMENT :

Compiled By: Er. Ayush Shrestha [ 9841515311 ]

Lesson 8: Law, Ethics, and Cyber Crime

Compiled: Er. Ayush Shrestha

Topics 4
8 Law, Ethics, and Cyber Crime
1. Legal issues vs ethical issues
2. Privacy
3. Intellectual property rights
4. Free speech and censorship on the Internet
5. Cyber crime
6. Internet security

Compiled: Er. Ayush Shrestha

8.1 Legal issues vs ethical issues 5

 Ethics—the branch of philosophy that deals with what is considered to be right and wrong

 Businesspeople engaging in e-commerce need guidelines as to what behaviors are reasonable

under any given set of circumstances

 What is unethical in one culture may be perfectly acceptable in another

Compiled: Er. Ayush Shrestha

 6
 It is a known fact that most laws are based upon ethics. It is because of this reason that
ethical and legal issues often overlap each other, thereby making it quite difficult to make
a distinction between the two. However, it must be made clear that ethical and legal issues
are two different types of issues that must be dealt with in different manners.

 Ethical issues are not governed by a set of rules and thereby are not punishable by law.
Legal issues have a set of rules on which they are based and are punishable by law if those
rules are not adhered by.

 What is legal can be unethical. For example, the firing of an employee by a company is not
illegal but may be unethical.

 What is ethical can be illegal. For example, euthanasia may be viewed as ethical, but it is
illegal in most jurisdictions.
Compiled: Er. Ayush Shrestha
MP3, Napster, and Intellectual Property Rights 7

 The Problem

 MP3.com enabled users to listen to music from any computer

with an Internet connection without paying royalties

 Napster supported the free distribution of music and other

digitized content among millions utilizing peer-to-peer (P2P)
technology

 These services could not be ignored because they could

result in the destruction of millions of jobs and revenue

Compiled: Er. Ayush Shrestha

 The Solution
8
 Emusic.com filed a copyright infringement lawsuit against MP3.com

 Copyright laws and copyright cases have been in existence for years but:
 Were not written for digital content
 Financial gain loophole was not closed

 The Results

 All commerce involves a number of legal, ethical, and regulatory issues

 EC adds a number of questions about what constitutes illegal behavior versus

unethical, intrusive, or undesirable behavior

Compiled: Er. Ayush Shrestha

8.2 Privacy 9

 Privacy—the right to be left alone and the right to be free of unreasonable

personal intrusions

 Two rules have been followed fairly closely in court decisions:

1. The right of privacy is not

. absolute. Privacy must be balanced against the needs of society
2. The public ’s right to know is superior to the individual’s right of privacy

Compiled: Er. Ayush Shrestha

 Privacy Advocates Take On DoubleClick 10

 DoubleClick is one of the leading providers of online advertising

 DoubleClick uses cookies to personalize ads based on consumers’

interests

 In January 1999, DoubleClick bought catalog marketer Abacus Direct

and announced plans to merge Abacus’s off-line database with their
online data

Compiled: Er. Ayush Shrestha

 Several class action lawsuits were brought against DoubleClick, claiming 11
that the company was “tracking Internet users and obtaining personal and
financial information with-out the individual’s knowledge

• In violation of the state’s Consumer Protection Act and asked it to stop placing
cookies on consumers’ computers without their permission

• In January 2001, the FTC ruled that DoubleClick had not violated FTC policies

 DoubleClick agreed to enhance its privacy measures and to pay legal fees
and costs up to $18 million

 Key provision of the settlement requires DoubleClick to “obtain permission from

 consumers before combining any personally identifiable data with Web

surfing history”

Compiled: Er. Ayush Shrestha

 12
Web-Site Self-Registration

 Registration questionnaires

 50% disclose personal information on a Web site for the chance to win a
sweepstakes

 Uses of the private information collected:

 For planning the business

 May be sold to a third party

 Must not be used in an inappropriate manner

Compiled: Er. Ayush Shrestha

 13
Cookies
 Cookie—a small piece of data that is passed back and forth between a Web site
and an end user’s browser as the user navigates the site; enables sites to keep track
of users’ activities without asking for identification

 Cookies can be used to invade an individual ’s privacy

 Personal information collected via cookies has the potential to be used in illegal and
unethical ways

Compiled: Er. Ayush Shrestha

 Solutions to unwanted cookies
14
 Users can delete cookie files stored in their computer

 Use of anti-cookie software

 Passport—a Microsoft component that lets consumers permanently enter a

profile of information along with a password and use this information and
password repeatedly to access services at multiple sites

Compiled: Er. Ayush Shrestha

Protection of Privacy 15
 Notice/awareness

 Choice/consent

 Access/participation

 Integrity/security

 Enforcement/redress

 Supported in the U.S. by the Federal Internet Privacy Protection Act

 Supported in the European Union by EU Data Protection Directive

Compiled: Er. Ayush Shrestha

 16

Compiled: Er. Ayush Shrestha

8.3 Intellectual property rights 17
 Intellectual property (IP)—creations of the mind, such as inventions, literary and
artistic works, and symbols, names, images, and designs used in commerce

© ®
 Copyright—an exclusive grant from the government that allows the owner to
reproduce a work, in whole or in part, and to distribute, perform, or display it to the
public in any form or manner, including the Internet

Digital watermarks—unique identifiers imbedded in digital content that make it possible

to identify pirated works

Compiled: Er. Ayush Shrestha

 Trademarks—a symbol used by businesses to identify their goods and services;
18
government registration of the trademark confers exclusive legal right to its use

 Gives exclusive rights to:

• Use trademark on goods and services registered to that sign

• Take legal action to prevent anyone from using trademark without consent

 Patent—a document that grants the holder exclusive rights on an invention for a fixed
number of years

Compiled: Er. Ayush Shrestha

 8.4 Free speech and censorship on the Internet 19

 The issue of censorship is one of the most important to Web surfers

• “ Most citizens are implacably opposed to censorship in any form — except censorship of
whatever they personally happen to find offensive.”

• Citizen action groups desiring to protect every ounce of their freedom to speak

• Children ’s Online Protection Act (COPA)

• Governments protective of their role in society

Compiled: Er. Ayush Shrestha

Controlling Spamming 20

 Spamming—the practice of indiscriminately broadcasting messages

over the Internet (e.g., junk mail)

• Spam comprised 25 to 50% of all e-mail

• Slows the internet in general; sometimes Shuts ISPs down completely

• Electronic Mailbox Protection Act

• ISPs are required to offer spam-blocking software

• Recipients of spam have the right to request termination of future spam

from the same sender and to bring civil action if necessary

Compiled: Er. Ayush Shrestha

 21
8.5 Cyber crime

 Fraud

 Intentional deceit or trickery, often with the aim of financial gain

 Cyber attack

 An electronic attack, either criminal trespass over the Internet (cyber

intrusion) or unauthorized access that results in damaged files, pro-grams, or
hardware (cyber vandalism)

Compiled: Er. Ayush Shrestha

The Players: Hackers, Crackers, and Other Attackers
 Hackers
22

 Original hackers created the Unix operating system and helped build the Internet, Usenet, and
World Wide Web; and, used their skills to test the strength and integrity of computer systems

 Over time, the term hacker came to be applied to rogue programmers who illegally break into
computers and networks

 Crackers

 People who engage in unlawful or damaging hacking short for “criminal hackers”

 Other attackers

 “Script kiddies” are ego-driven, unskilled crackers who use information and software (scripts)
that they download from the Internet to inflict damage on targeted sites

Compiled: Er. Ayush Shrestha

8.6 Internet security 23

 Cyber attacks are on the rise

 Internet connections are increasingly a point of attack
 The variety of attacks is on the rise
 Why now?
Because that’s where the money and information is!

Compiled: Er. Ayush Shrestha

 Factors have contributed to the rise in cyber attacks:
24
 Security and ease of use are antithetical to one another

 Security takes a back seat to market pressures

 Security of an EC site depends on the security of the Internet as a whole

 Security vulnerabilities are mushrooming

 Security is compromised by common applications

Compiled: Er. Ayush Shrestha

Basic Security Issues 25
 From the user ’s perspective:
 How can the user be sure that the Web server is owned and
operated by a legitimate company?
 How does the user know that the Web page and form do not
contain some malicious or dangerous code or content?
 How does the user know that the Web server will not distribute
the information the user provides to some other party?

 From the company ’s perspective:

 How does the company know the user will not attempt to break into
the Web server or alter the pages and content at the site?
 How does the company know that the user will not try to disrupt the
server so that it is not available to others?

Compiled: Er. Ayush Shrestha

 From both parties ’perspectives: 26
 How do they know that the network connection is free from eavesdropping by
a third party “listening in ”on the line?
 How do they know that the information sent back and forth between the server
and the user ’s browser has not been altered?

 Authorization
The process that ensures that a person has the right to access certain resources
 Authentication
The process by which one entity verifies that another entity is who they claim to be
by checking credentials of some sort

Compiled: Er. Ayush Shrestha

 Auditing
27
The process of collecting information about attempts to access particular
resources, use particular privileges, or perform other security actions

 Confidentiality (privacy)

 Integrity

As applied to data, the ability to protect data from being altered or

destroyed in an unauthorized or accidental manner

Compiled: Er. Ayush Shrestha

 Integrity
28
As applied to data, the ability to protect data from being altered or destroyed in an
unauthorized or accidental manner

 Availability

 Nonrepudiation

The ability to limit parties from refuting that a legitimate transaction took place, usually by
means of a signature

Compiled: Er. Ayush Shrestha

General Security Issues at E-Commerce Sites 29

Compiled: Er. Ayush Shrestha

 30
Types of Cyber Attacks

 Technical attack

An attack perpetrated using software and systems knowledge or expertise

 Nontechnical attack

An attack in which a perpetrator uses chicanery or other form of persuasion to trick

people into revealing sensitive information or performing actions that compromise the
security of a network

Compiled: Er. Ayush Shrestha

 31
 Common vulnerabilities and exposures (CVEs)

Publicly known computer security risks or problems; these are

collected, enumerated, and shared by a board of security-related
organizations (cve.mitre.org)

 Denial-of-service (DoS) attack

An attack on a Web site in which an attacker uses specialized

software to send a flood of data packets to the target computer with
the aim of overloading its resources

Compiled: Er. Ayush Shrestha

 32
 Distributed denial of service (DDoS) attack

A denial-of-service attack in which the attacker gains illegal

administrative access to as many computers on the Internet as
possible and uses these multiple computers to send a flood of data
packets to the target computer

 Malware

A generic term for malicious software

Compiled: Er. Ayush Shrestha

Using Zombies in a DDoS Attack 33

Compiled: Er. Ayush Shrestha

 Virus 34
A piece of software code that inserts itself into a host, including the operating
systems, to propagate; it cannot run independently but requires that its host
program be run to activate it

 Worm
A software program that runs independently, consuming the resources of its host
from within in order to maintain itself and propagating a complete working
version of itself onto another machine

 Trojan horse
A program that appears to have a useful function but that contains a hidden
function that presents a security risk

Compiled: Er. Ayush Shrestha

 35

Two of the better-known Trojan horses “Back Orifice

”and “NetBus”
Self-contained and self-installing utilities that
can be used to remotely control and monitor the
victim ’s computer over a network (execute
commands, list files, upload and download files
on the victim’s computer)

Compiled: Er. Ayush Shrestha

Security Technologies 36
 Internet and EC security is a thriving business
 Firewalls and Access Control
 One major impediments to EC is the concern about the security of internal networks
 Sidestep the issue by letting third parties host their Web sites
 Primary means of access control is password

Compiled: Er. Ayush Shrestha

 Firewall 37
 A network node consisting of both hardware and software that isolates a
private network from a public network
 Intrusion detection system (IDS)
 A special category of software that can monitor activity across a network or
on a host computer, watch for suspicious activity, and take automated
action based on what it sees

 Security risk management

A systematic process for determining the likelihood of various security attacks and
for identifying the actions needed to prevent or mitigate those attacks
 Assessment
 Planning
 Implementation
 Monitoring

Compiled: Er. Ayush Shrestha

 38

Managerial Issues

Compiled: Er. Ayush Shrestha

 39

How can the global nature of EC impact business operations?

What sorts of legal and ethical issues should be of major concern to an EC enterprise?

What are the business consequences of poor security?

Are we safe if there are few visitors to our EC site?

Is technology the key to EC security?

Where are the security threats likely to come from?

Compiled: Er. Ayush Shrestha

 40

Assignment
Deadline: 3rd March 2019

Compiled: Er. Ayush Shrestha

 41

Thank You

Compiled: Er. Ayush Shrestha

 42

Any Question?

Compiled: Er. Ayush Shrestha