Professional Documents
Culture Documents
I N F O R M AT I Č A R E
Copyright © 2017 – UNIVERZITET METROPOLITAN, Beograd. Sva prava zadržana. Bez prethodne pismene dozvole
od strane Univerziteta METROPOLITAN zabranjena je reprodukcija, transfer, distribucija ili memorisanje nekog
dela ili čitavih sadržaja ovog dokumenta., kopiranjem, snimanjem, elektronskim putem, skeniranjem ili na bilo
koji drugi način.
Copyright © 2017 BELGRADE METROPOLITAN UNIVERSITY. All rights reserved. No part of this publication may
be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical,
photocopying, recording, scanning or otherwise, without the prior written permission of Belgrade Metropolitan
University.
www.metropolitan.ac.rs
Uvod
TRAILER
This week in NT213
3
Uvod
4
Poglavlje 1
Data Security
I believe that you all know that computers are widely used for computer crime. You know
about viruses, hacking and different kinds of a scam (a clever and dishonest plan for making
money). Computers can be both abused and misused. Do you know the difference between
these two words?
There are also computer and network intrusions, ransomware (an insidious type of malware
that encrypts, or locks, valuable digital files and demands a ransom to release them), identity
theft and online predators.
In this lesson we will talk about different type of computer crimes and how to protect yourself
and your device.
Ova lekcija sadrži video materijal. Ukoliko želite da pogledate ovaj video morate da
otvorite LAMS lekciju.
5
Poglavlje 1 Data Security
6
Poglavlje 1 Data Security
Slika 1.1 How a virus infects a program [Izvor: Oxford English for Information Technology, p. 124]
Scan the text, that is, read it in such a way to quickly recognize the information that you need.
Here you need to focus just on the information that will help you answer again the questions
1-3 in the previous exercise and check you previous answers.
Successful scanning depends not only on recognizing quickly the information you want but
also on learning to ignore information which is not relevant to your task. The first sentence of
a paragraph often is a good clue to its contents as a whole. If it suggests the paragraph may
contain the answer to one of the questions, it is worth reading on with more care.
A biological virus is a very small, simple organism that infects living cells, known as the
host, by attaching itself to them and using them to reproduce itself. This often causes harm
to the host cells. Similarly, a computer virus is a very small program routine that infects a
computer system and uses its resources to reproduce itself. It often does this by patching the
operating system to enable it to detect program files, such as COM or EXE files. It then copies
itself into those files. This sometimes causes harm to the host computer system. When the
user runs an infected program, it is loaded into memory carrying the virus. The virus uses a
common programming technique to stay resident in memory. It can then use a reproduction
routine to infect other programs. This process continues until the computer is switched off.
The virus may also contain a payload that remains dormant until a trigger event activates it,
such as the user pressing a particular key. The payload can have a variety of forms. It might
do something relatively harmless such as displaying a message on the monitor screen or it
might do something more destructive such as deleting files on the hard disk. When it infects a
file, the virus replaces the first instruction in the host program with a command that changes
the normal execution sequence. This type of command is known as a JUMP command and
causes the virus instructions to be executed before the host program. The virus then returns
control to the host program which then continues with its normal sequence of instructions
and is executed in the normal way. To be a virus, a program only needs to have a reproduction
routine that enables it to infect other programs. Viruses can, however, have four main parts.
A misdirection routine that enables it to hide itself; a reproduction routine that allows it to
copy itself to other programs; a trigger that causes the payload to he activated at a particular
time or when a particular event takes place; and a payload that may he a fairly harmless joke
or may he very destructive. A program that has a payload but does not have a reproduction
routine is known as a Trojan.
7
Poglavlje 1 Data Security
A computer virus is a program that can reproduce itself and is written with the purpose
of causing damage or causing a computer to behave in an unusual way. It infects other
programs i.e. it attaches itself to other programs, known as host programs, and therefore
reproduces itself. It operates by replacing the first instruction in the host program with a JUMP
command. This is a command that changes the normal instruction sequence in a program,
causing the virus instructions to be executed processed by the processor) before the host
program instructions. When the virus has been executed, the host program is executed in
the normal way. When it attaches to operating system programs to integrate itself with the
operating system (the set of programs that control the basic functions of a computer and
provide communication between the applications programs and the hardware), it is said to
have patched the operating system. Viruses normally attach themselves to programs that
have a COM extension (e.g. command.com) that are known as command files or COM files,
or to programs that have an EXE extension (e.g. explorer.exe) that are known as executable
files or EXE files. A virus is loaded into memory (copied from the storage media into memory)
when a program it has attached itself to is run or executed (processed by the processor). It
then becomes memory resident i.e. it stays in the memory until the computer is switched off.
When the virus is triggered by a predetermined event, it operates the payload (the part of
the virus that causes the damage).
Although a virus is the term used to describe any program that can reproduce itself, viruses
usually have four main parts:
1. a misdirection routine that enables it to hide itself
2. a reproduction routine that allows it to copy itself to other programs
3. a trigger that causes the payload to be activated at a particular time or when a particular
event takes place
4. a payload that may be a fairly harmless joke or may be very destructive.
A program that has a payload but does not have a reproduction routine is known as a Trojan.
Each virus is given a name e.g. Love Bug and can be classified as a particular type of virus.
Virus types include: logic bombs that destroy data when triggered; boot sector viruses that
store themselves in the boot sector of a disk (the part of a disk containing the programs used
to start up a computer); file viruses that attach themselves to COM files; macro viruses that
are small macro programs that attach themselves to wordprocessor files and use the macro
programming facilities provided in some wordprocessor programs.
Key
8
Poglavlje 1 Data Security
Here are some vocabulary items that you use to talk about data security. Note the whole word
family: noun, adjective, negative adjective and verb.
safety /‘sejfti/, safe, unsafe /λnsejf/, to save /sejv/
security /sə’kjuriti/, secure, insecure, to secure
There is almost no difference in meaning, but always use the collocation data security. With
measures, the collocation can be both security measures and safety measures.
protection, protector, protected, unprotected, to protect
prevention /prɪˈvenʃn/, preventive, to prevent (from)
Here are some common verbs that you can use to describe computer viruses. Note the whole
word families:
to infect, to disinfect, infection, disinfection, infected, uninfected
to direct, direction, misdirection
to reproduce /ˌriːprəˈdjuːs/, reproduction /ˌriːprəˈdʌkʃn/, reproduced
to trigger, a trigger = potstaknuti, inicirati, okidač
More vocabulary that can be used to talk about computer crime and computer viruses:
reveal /rivi:l/ = to discover; revelation /revelejςn/ = otkriće, otkrovenje
inundate /ˈɪnʌndeɪt/ =synonyms: overwhelm, swamp = preplaviti
swamp /swomp/ = synonyms: overwhelm, inundate = preplaviti: This is a big task and I am
finding myself swamped.
illicit /i’lisit/= nedozvoljen
illegal /i’li:gəl/ = nelegalan, nezakonit
scam /skem/ = a plan to cheat people for money
There are a variety of different crimes that can be committed in computing. Have you ever
heard of these? Do you know what they mean?
9
Poglavlje 1 Data Security
• Mail bombing
• Software piracy [pairəsi]
• Piggybacking
• Spoofing [spu:fing]
• Defacing [di:fejsing]
• Hijacking [hajdzeking]
• Data diddling
Ova lekcija sadrži video materijal. Ukoliko želite da pogledate ovaj video morate da
otvorite LAMS lekciju.
Spreading viruses: distributing programs that can reproduce themselves and are written
with the purpose of causing damage or causing a computer to behave in an unusual way
10
Poglavlje 1 Data Security
Salami shaving: manipulating programs or data so that small amounts of money are
deducted from a large number of transactions or accounts and accumulated elsewhere.The
victims are often unaware of the crime because the amount taken from any individual is so
small.
Trapdoors: a technique that involves leaving, within a completed program, an illicit program
that allows unauthorised - and unknown – entry
Mail bombing: inundating an email address with thousands of messages, slowing or even
crashing the server
Software piracy: unauthorised copying of a program for sale or distributing to other users
Piggybacking: using another person's identification code or using that person's files before
he or she has logged off (disconnected from a network account)
Spoofing: tricking a user into revealing confidential information such as an access code or a
credit- card number
Data Diddling: the changing of data before or during entry into the computer system or
altering the raw data just before it is processed by a computer and then changing it back after
the processing is completed. Using this technique the criminal can manipulate the output and
it is not so easy to identify. But using cyber forensic tools we can trace out when the data was
changed and changed it back to the original form.
11
Poglavlje 2
During last week we talked about prefixes and mentioned verb prefixes. We said that en- in
one of the prefixes that means "to cause to be something".
Most of the verbs that either start with en- or end in –en have causative meaning, that is, they
mean ‘to make something happen’ or ‘to cause something’ that is expressed in the other part
of the verb. Some of these verbs have a corresponding noun, which is also given.
• enable /ɪˈneɪb(ə)l/
• encode /ɪnˈkəʊd/, encoder /ɪnˈkəʊdə/
• encourage /ɪnˈkʌrɪdʒ/, encouragement /ɪnˈkʌrɪdʒm(ə)nt/
• encrypt /ɛnˈkrɪpt/, encryption /ɪŋˈkrɪpʃ(ə)n/
• enhance /ɪnˈhɑːns/, enhancement /ɪnˈhɑːnsm(ə)nt/
• enlarge /ɪnˈlɑːdʒ/, enlargement /ɪnˈlɑːdʒm(ə)nt/
• ensure /ɪnˈʃɔː/
• brighten /ˈbrʌɪt(ə)n/
• widen /ˈwʌɪd(ə)n/
Replace the verbs in these sentences with the appropriate form of en verb from
the list: enable, encrypt, ensure, encode, enhance, brighten, encourage, enlarge,
widen.
1. A MIDI message makes sound into code as 8•bit bytes of digital information.
2. The teacher is using a new program to give courage to children to write stories.
3. The new version of SimCity has been made better in many ways.
4. A gateway makes it possible for dissimilar networks to communicate.
5. You can convert data to secret code to make it secure.
6. Make sure the machine is disconnected before you remove the case.
7. Designers can offer good ideas for making your website brighter.
8. Electronic readers allow you to make the print size larger.
9. Programmers write software which makes the computer able to carry out particular
tasks.
10. You can make the picture on your monitor wider.
12
Poglavlje 3
-ISE/-IZE VERBS
Verbs ending in -ise (US -ize) often have a causative meaning.
New phones will revolutionise the way we communicate. = New phones will make a revolution
in the way we communicate.
The other option is to initialize the hard drive and reload all your programs. = initialize
something = to make a computer program or system ready for use or format a disk
Replace the words in italics in each sentence with the appropriate form of an -ise
verb.
1 Players let you group songs into playlists and make the selection random.
2 If you adopt differential backup, this reduces to a minimum the size of your backup set.
3 Most hotels use systems which have been converted for computers.
4 Software developers can produce solutions which are tailored to the customer.
5 Some software houses produce specially written applications.
6 Utilities can be put into categories as editors, filters or communications programs.
7 You can protect data by putting it in a form only users with authority can understand.
8 It is an offence to make copies of software which are done without authority.
Key
1 Players let you group songs into playlists and randomise the selection.
2 If you adopt differential backup, this minimises the size of your backup set.
3 Most hotels use computerised systems.
4 Software developers can produce customised solutions.
5 Some software houses produce specialised applications.
6 Utilities can be categorised as editors, filters or communications programs.
7 You can protect data by putting it in a form only authorised users can understand.
8 It is an offence to make unauthorised copies of software.
13
Poglavlje 3 Word Formation: -ise Verbs
dramatize; itemize; motorize), “to subject to (as a process, sometimes named after its
originator)” (galvanize; oxidize; simonize; winterize). Also formed with -ize are a more
heterogeneous group of verbs, usually intransitive, denoting a change of state
(crystallize), kinds or instances of behaviour (apologize; moralize; tyrannize), or activities
(economize; philosophize; theorize).
14
Poglavlje 4
New developments in computing are often designed to make something easier. These verbs
are often used to describe such developments: allow, enable, help, let, and permit.
1. A GUI lets you use a computer without knowing any operating system commands.
2. A GUI allows you to use a computer without knowing any operating system
commands.
3. The Help facility enables users to get advice on most problems.
4. Voice recognition software helps disabled users (to) access computers.
Verbs+object + infinitive
Complete the gap in each sentence with the correct for of the verb in brackets.
1 The Help facility enables users ….. (get) advice on most problems.
2 Adding more memory lets your computer ….. (work) faster.
3 Windows allows you ….. (display) two different folders at the same time.
4 The shift key allows you ….. (type) in upper case.
5 The MouseKeys feature enables you ….. (use) the numeric keyboard to move the mouse
pointer.
6 ALT + TAB allows you ….. (switch) between programs.
15
Poglavlje 4 Cause and Effect
7 The StickyKeys feature helps disabled people ….. (operate) two keys simultaneously.
8 ALT + PRINT SCREEN lets you ….. (copy) an image of an active window to the clipboard.
Key
1 to get
2 work
3 to display
4 to type
5 to use
6 to switch
7 (to) operate
8 copy
This unit looks at further ways of expressing a key relationship in technology - cause and
effect. In this class we will revise and learn various grammar devices for expressing cause
and effect, and especially to practice using them in technical descriptions.
Talking about cause and effect it is important to note that the cause of something is not
the same as the reason for doing something. For the reason, we ask the question ‘why’ and
answer with ‘because’.
Many transitive verbs have a causative meaning, such as activate, raise, lower. For example,
16
Poglavlje 4 Cause and Effect
Finally, show how a when clause often indicates cause and effect.
But note that not all when clauses indicate a cause and effect relationship. Some are simple
time relationships, for example, When /switch on my computer, I check for emails. Other
ways of showing cause and effect relationships are covered -ing clauses, If- sentences and
therefore.
For example, there may be two events, A and B, where the even A causes the event B.
For instance: event A (cause) You press the switch. What happens? The event B, effect The
lights turn on.
1. WHEN or IF: When/If you press the switch, the lights turn on.
2. BY + -ing: By pressing the switch, you turn on the lights.
3. And then: You press the switch and then the lights turn on.
4. Therefore: You press the switch, therefore the lights turn on.
5. Verb cause + Subj. + to + verb
6. Verb make + subj. + verb
Pressing the switch causes the lights to turn on./
You press the switch, which causes the lights to turn on./
You press the switch, which makes the lights turn on.
Pressing the switch makes the lights turn on.
7. Various causative verbs: activate, trigger, raise, lower, stop, start… + noun
You press the switch, which activates/starts the lights.
Both let and make are used with the infinitive without "to".
'Let' can mean 'allow' or 'give permission' or 'allow' in the sense of 'make something
possible':
17
Poglavlje 4 Cause and Effect
'Make' can mean 'force someone to do something that he or she doesn't want to do' or
'cause someone to do something' (the thing can be good or bad).
What is the cause and effect relationship among the events? The event in 1 prevents the
happening of event in 2.
For example:
a/ The keyboard remains locked, and this stops/prevents you from using the PC.
a1/ The keyboard remains locked, stopping/preventing your from using the PC.
Pay attention to the difference in a/ and a1/. The coordinated sentence (and this stops/
prevents…) in a/ can normally be reduced to the –ing phrase without the linker and without
the subject in a1/.
Allow/Prevent
Look at these three sentences 1-3:
1. The scanner finds a match for your fingertip.
2. The keyboard remains unlocked.
3. You can use the PC.
What is the cause and effect relationship among the events?
Each previous event is the cause for the following. These events form a cause and effect
chain.
For example:
a/ The scanner finds a match for your fingertip and this allows/permits the keyboard to be
unlocked.
a1/ The scanner finds a match for your fingertip, allowing/permitting the keyboard to be
unlocked.
b/ The keyboard is unlocked and this allows/permits you to use the PC.
b1/ The keyboard is unlocked,allowing/ permitting you to use the PC.
Note that in a/ and a1/ and b/ and b1/ we have the same situation as explained previously.
The sentence starting with ‘and this… can be reduced to the –ing phrase.
18
Poglavlje 4 Cause and Effect
EXERCISE 1
The aim of this section is to practice structures that express cause –
effect relationship.
Here are examples of some viruses and destructive programs. Connect the sentences
(a,b,c…) related to each virus (1-6) to express the cause and effect relationship.
Note: for the examples 1-5 try to make just one sentence and for 6 you can make 3 sentences.
It is useful to write down the answers before checking them in the answer key. For example:
When a dismissed employee’s name is deleted from the company’s payroll, a logic bomb is
activated, which causes all payroll records to be destroyed.
Describe the effects of these viruses and other destructive programs.
1 logic bomb — example
a A dismissed employee's name is deleted from the company's payroll.
b A logic bomb is activated.
c All payroll records are destroyed.
2 Form (Boot sector virus)
a A certain date occurs.
b A trigger routine is activated.
c Keys beep when pressed and floppies are corrupted.
3 Beijing (Boot sector virus)
a The operator starts up the computer for the one hundred and twenty-ninth time.
b A trigger routine is activated.
c The screen displays, 'Bloody! June 4,1989'.
4 AntiEXE
a The infected program is run.
b The boot sector is corrupted.
c The disk content is overwritten.
d Data is lost.
5 Cascade (File virus - COM files only)
a A particular date occurs.
b The payload is triggered.
c Characters on a text mode screen slide down to the bottom.
6 macro virus - example
a An infected document is opened in the word processor.
b The virus macro is executed.
c The virus code is attached to the default template.
d The user saves another document.
e The virus code attaches to the saved document.
f The saved document is opened in the word processor.
g The virus destroys data, displays a message or plays music.
19
Poglavlje 4 Cause and Effect
1 When a dismissed employee's name is deleted from the company's payroll, a logic bomb
is activated which causes the payroll records to be destroyed. 2 When a certain date occurs,
a trigger routine is activated which makes keys beep when pressed and corrupts floppies.
3 When the operator starts up the computer for the one hundred and twenty-ninth time, a
trigger routine is activated which causes the screen to display,'Bloody! June 4,1989'. 4 When
the infected program is run, the boot sector is corrupted which causes the disk content to
be overwritten and data to be lost. 5 When a particular date occurs, the payload is triggered
which makes characters on a text mode screen slide down to the bottom. 6 When an infected
document is opened in the word processor, the virus macro is executed which attaches the
virus code to the default template. When the user saves another document, the virus code
attaches to the saved document. When the saved document is opened, the virus destroys
data.
EXERCISE 2
The aim of this section is to practice structures that express cause –
effect relationship (allow, permit, prevent, cause).
A smart card is a plastic card containing a processor and memory chip. It can be used to
store large amounts of confidential data including coded data that can be used as digital
cash (electronic currency that is used for making electronic purchases over the Internet).
It can also be used as a security device to prevent or allow access to a system and allow a
user to withdraw cash from a bank ATM (automatic teller machine - a type of machine used
by banks for enabling customers to withdraw money from their bank accounts). A smart
card reader is a device used for reading smart cards by detecting radio signals emitted
from a radio antenna (aerial) in the form of a small coil inside the smart card.
Put the verbs in brackets in the correct form in this description of how smart cards
work.
Smart cards prevent unauthorised users ............. (access) systems and permit authorised
users ............. (have) access to a wide range of facilities. Some computers have smart card
readers ............. (allow) you ............. (buy) things on the Web easily and safely with digital
cash. A smart card can also send data to a reader via an antenna ............. (coil) inside
the card. When the card comes within range, the reader's radio signal ............. (create) a
slight current in the antenna ............. (cause) the card ............. (broadcast) information to the
reader which ............. (allow) the user, for example, ............. (withdraw) money from an ATM
or ............. (get) access to a system.
Key
Smart cards prevent unauthorised users accessing systems and permit authorised users to
have access to a wide range of facilities. Some computers have smart card readers allowing
20
Poglavlje 4 Cause and Effect
you to buy things on the Web easily and safely with digital cash. A smart card can also
send data to a reader via an antenna coiled inside the card. When the card comes within
range, the reader's radio signal creates a slight current in the antenna causing the card
to broadcast information to the reader which allows the user, for example, to withdraw
money from an ATM or get access to a system.
EXERCISE 3
Decide on the relationship between these events. Then link them using
structures from this and earlier lessons.
1 Anti-virus program
a A user runs anti-virus software.
b The software checks files for virus coding.
c Coding is matched to a known virus in a virus database.
d A message is displayed to the user that a virus has been found.
e The user removes the virus or deletes the infected file.
f The virus cannot spread or cause further damage.
2 Face recognition
a You approach a high-security network.
b Key features of your lace are scanned.
c The system matches your features to a database record of authorised staff.
d Your identity is verified.
e You can log on.
f Your Identity is not verified.
g You cannot use the system.
3 Voice recognition
a Computers without keyboards will become more common.
b These computers are voice-activated.
c The user wants to log on.
d She speaks to the computer.
e It matches her voice to a database of voice patterns.
f The user has a cold or sore throat.
g She can use the system.
h Stress and intonation patterns remain the same.
Key
1 When a user runs anti-virus software, the software checks files for virus coding. If coding
is matched to a known virus in a virus database, a message is displayed to the user that a
virus has been found. If the user removes the virus or deletes the infected file, the virus is
prevented from spreading or causing further damage.
2 When you approach a high-security network, key features of your face are scanned. If
the system matches your features to a database record of authorised staff, your identity is
verified allowing you to log on. If your identity is not verified, you are stopped from using the
system.
3 Voice-activated computers without keyboards will become more common. When the user
wants to log on, she speaks to the computer which matches her voice to a database of voice
21
Poglavlje 4 Cause and Effect
patterns. If the user has a cold or sore throat, she is allowed to use the system because stress
and intonation patterns remain the same.
• Even when error-correcting codes are used (e.g., on wireless links) some errors will be
too severe to be corrected. As a result, some corrupt frames must be discarded.
• The compressed video does not flow at a constant rate, but varies with time according
to factors such as the amount of action and detail in the picture and the compression
algorithm being used. Therefore, it is possible to say what the average bandwidth
requirement will be, but the instantaneous rate may be more or less.
• In many networks, there is no limit to the size of messages transmitted in the layer
4 protocol, but there is nearly always a limit imposed by the layer 3 protocol.
Consequently, layer 3 must break up the incoming messages into smaller units, packets,
prepending a layer 3 header to each packet.
• U.S. Department of Defense original desire in funding and building the ARPANET was to
have a network that would continue functioning even after multiple direct hits by nuclear
weapons wiped out numerous routers and transmission lines. Thus, fault tolerance was
high on their priority list; billing customers was not. This approach led to a connectionless
design in which every packet is routed independently of every other packet. As a
consequence, if some routers go down during a session, no harm is done as long as
the system can reconfigure itself dynamically so that subsequent packets can find some
route to the destination, even if it is different from that which previous packets used.
• In this section we will show how their ideas could be applied to the Web. Accordingly,
in the description below, we will use Web terminology rather than the file system
terminology used in the paper.
• We use a cloud to denote any type of network, whether it is a single point-to-point link,
a multiple-access link, or a switched network. Thus, whenever you see a cloud used in a
figure, you can think of it as a placeholder for any of the networking technologies covered
in this book.
• Long audio packets would mean high latency due to packetization, which has a negative
effect on the perceived quality of conversations.
22
Poglavlje 5
Homework Assignment 4
Write a 250-300 word cause and effect essay on ONE of the topics:
• It is observed that in many countries not enough students are choosing to study science
subjects. What are causes? And what will be effects on society?
• It is observed that in many countries not enough FEMALE students are choosing to study
software engineering. What are causes? And what will be effects on society?
• In many countries, people do not recycle their e-waste as much as they could. Why do
you think this is? What can be done to change this?
SAMPLE ESSAY
Read the following example of how to write a cause/effect essay.
In several parts of the world, there is currently a lack of students choosing to study science in
universities and colleges. This problem happens due to some reasons, and it can have some
adverse impacts on society.
There are several reasons why fewer university students are choosing science as their major.
Firstly, these subjects are usually more difficult and demanding, which requires students to
put much effort into their study. For example, my friend who is doing a course in Biology
said that he had to conduct too many experiments and complete numerous projects, which
prevented him from having any free time. As a result, science subjects seem to be less
attractive to students compared to economics or business-related subjects. Secondly, as
there are currently fewer employment opportunities available for graduates in science fields,
23
Poglavlje 5 Homework Assignment 4
learners are less likely to decide to select these majors. Instead, they tend to choose other
subjects which allow them to find jobs more easily.
A shortage of learners in science fields can result in some negative effects. The first impact
is that when fewer students decide to learn about science, there would be a serious shortage
of employees working in these fields. This would lead to fewer technological developments,
which would also prevent improvements in people’s life quality. For instance, it would be
difficult for humans to produce newer smart phones with better functions. Additionally, while
a significantly increasing number of students are choosing economics and business to study,
the number of job vacancies in these areas is limited. Therefore, many university graduates
would have to face unemployment, which increases burden on society.
(290 words)
24
Poglavlje 6
PRE-READING
Introducing the topic
Discuss.
Do you know what personal data is?
Are e-mail addresses personal data?
How important is it to protect your personal data?
How do you protect personal data?
Is there any law (national/international) that protects you and your data?
What actions do you take?
Look at the following actions you should take to protect your personal data. Prioritise them in
order of importance.
- Set up two-factor authentication on your financial and email accounts.
- Update your software regularly.
- Don't give out personal information on the phone or through email or text.
- Be careful about opening email attachments or clicking links.
Reading for gist
Read the text quickly. What is the main theme in the text? What kind of a text is it?
Reading for details
Read the text again and answer the questions that follow.
The main theme in the text is GDPR, a regulation in EU law on data protection and privacy in
the European Union.
GDPR explained: How the new data protection act could change your life
Ova lekcija sadrži video materijal. Ukoliko želite da pogledate ovaj video morate da
otvorite LAMS lekciju.
25
Poglavlje 6 GDPR and Learning Management Systems
1. INTRODUCTION
As of May 25, 2018, all companies collecting or storing personal information about anyone
who lives in the European Union, must be compliant with the GDPR. The GDPR the acronym
for the General Data Protection Regulation - a document that was finally approved by the
EU Parliament on 14 April 2016 and enforced on 25 May 2018. The EU GDPR replaces the
Data Protection Directive 95/46/EC and is designed to protect individuals’ personal data
and give people in the European Union more control over how their personal information
is used. Organizations must get explicit permission to collect and use an individual’s data,
and it must be just as easy to withdraw consent as it is to give it. The regulation applies to
companies everywhere around the world—not just in the EU. It is also important to realize
that universities offering online courses, especially on learning management systems, have
to become GDPR compliant.
The aim of this paper is to help course administrators and course creators on learning
management systems become GDPR compliant by providing them with the basic information
about GDPR, what personal data are, how to collect, store and what they are allowed to
do with users’ personal data. There are many definitions of learning management systems;
however, this would be the most comprehensive one: it is a software application that
automates the administration, tracking, and reporting of training events. Furthermore, it
should:
Since users on such systems leave their personal data in order to complete the course they
enrolled in, GDPR is fully applicable and must be observed.
Generally speaking, GDPR is about personal data and how to protect EU citizens from both
misusing and abusing their personal data from the third parties. The subject-matter of GDPR
is with regard to the processing of personal data and rules relating to the free movement of
personal data (GDRP, Art. 1).
26
Poglavlje 6 GDPR and Learning Management Systems
The GDPR defines personal data as any information about a person that can be used to
identify them—either directly or indirectly: a name, an identification number, location data,
an online identifier or to one or more factors specific to the physical, physiological, genetic,
mental, economic, cultural or social identity of that natural person (GDRP, Art. 4). When
we talk about sites and LMS, this definition refers to a name, an email address, account
information, a photo, an IP address, and more. It even includes pseudonymous information, if
it can be easily deciphered to discover a person’s identity. For example, in order to enrol to
an online course on Moodle, users usually have to submit the following data (required fields):
username, first name, surname, and email address. The administrators can choose “email
display” - this setting controls who can see the user's email address: whether the submitted
email address will be hidden from everyone, allowed to be seen by everyone or allowed only
to other course members to be seen. Additional information that can be submitted by a user
is city/town, country, time zone, description (some text about the user him/herself which
will then be displayed on the user's profile page for others to view), user picture, additional
names, interests and many more (Web page, ICQ number, Skype ID, AIM ID, Yahoo ID, MSN
ID, ID number, Institution, Department, Phone, Mobile phone, Address). As we can see from
this list of both required and optional fields, they are all subject to GDPR because on the basis
of which a person can be identified.
Material scope of this Regulation applies to the processing of personal data wholly or partly
by automated means and to the processing other than by automated means of personal data
which form part of a filing system or are intended to form part of a filing system. Processing
of personal data includes collecting, recording, organising, structuring, storing, adapting or
altering, retrieving, consulting, using, disclosing by transmission, dissemination or otherwise
making available, aligning or combining, restricting, erasing or destructing. A filing system
is defined as any structured set of personal data which are accessible according to specific
criteria, whether centralised, decentralised or dispersed on a functional or geographical basis
(GDRP, Art. 2). If we take the example of any LMS, personal data is collected, recorded,
organized etc. for the purposes of keeping track of user’s progression and in formal education
it is a must that the activity is connected to the learner.
Territorial scope of GDPR refers to the processing of personal data in the context of the
activities of an establishment of a controller (the natural or legal person, public authority,
agency or other body which, alone or jointly with others, determines the purposes and means
of the processing of personal data) or a processor (a natural or legal person, public authority,
agency or other body which processes personal data on behalf of the controller) in the Union,
regardless of whether the processing takes place in the Union or not (GDRP, Art. 3). Any
school/faculty/university (the controller) that conducts data processing that offer service such
as online courses, whether by payment or for free to EU citizens must comply with the
requirements outlined in GDPR. Although Serbia is not yet a member state, if there is a single
one user on LMS from the European Union, the LMS used at university has to become GDPR
compliant.
3. IMPLICATIONS
Even though GDPR has become one of the most controversial regulative in the last couple of
years, there are many reasons for laying down stricter rules relating to collection, sharing and
processing of user personal data. There have been recently cases of misuse of users’ personal
data, such as „The Facebook and Cambridge Analytica Scandal “. It all contributed to the
stricter implementation of GDPR. What does GDPR imply? On one hand, the most important
27
Poglavlje 6 GDPR and Learning Management Systems
change is for the organizations offering services. They have to become aware of the concept
„personal data“, what it means, what it refers to and how the data must and must not be
used. Furthermore, they must inform users in succinct, clear, plain and simple language what
they need the data for and ask for consent about it. On the other hand, users themselves
must be informed about the use of their data, who has their data, why they have it, where
it's stored and who is accessing it, and provide consent for all this: „Consent under the GDPR
must be a freely given, specific, informed and unambiguous indication of the individual’s
wishes. There must be some form of clear affirmative action – or in other words, a positive
opt-in – consent cannot be inferred from silence, pre-ticked boxes or inactivity“. Moreover, a
user has the right to withdraw his or her consent at any time and can request for his or her
data to be removed or deleted when there is no compelling reason for a course to continue
processing that information. A site policy can be used to collect consent for the purposes
of GDPR compliance. The site policy document for any LMS should be reviewed carefully to
make sure it covers all the information required by GDPR in clear and simple language.
If schools or universities collect personal information for the purposes of marketing, they
must obtain a separate consent from each user to use this data for this purpose. Consent to
use the data for marketing must be separately withdrawable by the user.
If schools or universities collect personal information for the purposes of research, they must
either obtain a specific consent from each user to use the data for this purpose, or completely
anonymise the data before using it for research. [3] For example, when backing up the course
in Moodle, there is an option to anonymize user information which "protects user identities"
by making each user anonymous.
4. RECOMMENDED PRACTICE
Some LMS are already fully compliant with GDPR, some require plug-ins. Just simply installing
the plugin doesn’t make LMS GDPR-compliant. The administrators still need to set them up
properly and make sure practices and policies of the university/faculty/school are in line with
the regulation. In simple language, the administrators have to provide information to users
about:
• The purpose of all processing to be performed on the user’s data. Marketing must be listed
separately with a separate revocable “consent”.
• List of rights
28
Poglavlje 6 GDPR and Learning Management Systems
• List of third parties that data will be shared with (This includes integrations such as LTI,
portfolios, plagiarism, repositories, authentication etc.)
1. INTRODUCTION
As of May 25, 2018, all companies collecting or storing personal information about anyone
who lives in the European Union, must be compliant with the GDPR. The GDPR the acronym
for the General Data Protection Regulation - a document that was finally approved by the
EU Parliament on 14 April 2016 and enforced on 25 May 2018. The EU GDPR replaces the
Data Protection Directive 95/46/EC and is designed to protect individuals’ personal data
and give people in the European Union more control over how their personal information
is used. Organizations must get explicit permission to collect and use an individual’s data,
and it must be just as easy to withdraw consent as it is to give it. The regulation applies to
companies everywhere around the world—not just in the EU. It is also important to realize
that universities offering online courses, especially on learning management systems, have
to become GDPR compliant.
The aim of this paper is to help course administrators and course creators on learning
management systems become GDPR compliant by providing them with the basic information
about GDPR, what personal data are, how to collect, store and what they are allowed to
do with users’ personal data. There are many definitions of learning management systems;
however, this would be the most comprehensive one: it is a software application that
automates the administration, tracking, and reporting of training events. Furthermore, it
should:
Since users on such systems leave their personal data in order to complete the course they
enrolled in, GDPR is fully applicable and must be observed.
Generally speaking, GDPR is about personal data and how to protect EU citizens from both
misusing and abusing their personal data from the third parties. The subject-matter of GDPR
is with regard to the processing of personal data and rules relating to the free movement of
personal data (GDRP, Art. 1).
The GDPR defines personal data as any information about a person that can be used to
identify them—either directly or indirectly: a name, an identification number, location data,
an online identifier or to one or more factors specific to the physical, physiological, genetic,
mental, economic, cultural or social identity of that natural person (GDRP, Art. 4). When
29
Poglavlje 6 GDPR and Learning Management Systems
we talk about sites and LMS, this definition refers to a name, an email address, account
information, a photo, an IP address, and more. It even includes pseudonymous information, if
it can be easily deciphered to discover a person’s identity. For example, in order to enrol to
an online course on Moodle, users usually have to submit the following data (required fields):
username, first name, surname, and email address. The administrators can choose “email
display” - this setting controls who can see the user's email address: whether the submitted
email address will be hidden from everyone, allowed to be seen by everyone or allowed only
to other course members to be seen. Additional information that can be submitted by a user
is city/town, country, time zone, description (some text about the user him/herself which
will then be displayed on the user's profile page for others to view), user picture, additional
names, interests and many more (Web page, ICQ number, Skype ID, AIM ID, Yahoo ID, MSN
ID, ID number, Institution, Department, Phone, Mobile phone, Address). As we can see from
this list of both required and optional fields, they are all subject to GDPR because on the basis
of which a person can be identified.
Material scope of this Regulation applies to the processing of personal data wholly or partly
by automated means and to the processing other than by automated means of personal data
which form part of a filing system or are intended to form part of a filing system. Processing
of personal data includes collecting, recording, organising, structuring, storing, adapting or
altering, retrieving, consulting, using, disclosing by transmission, dissemination or otherwise
making available, aligning or combining, restricting, erasing or destructing. A filing system
is defined as any structured set of personal data which are accessible according to specific
criteria, whether centralised, decentralised or dispersed on a functional or geographical basis
(GDRP, Art. 2). If we take the example of any LMS, personal data is collected, recorded,
organized etc. for the purposes of keeping track of user’s progression and in formal education
it is a must that the activity is connected to the learner.
Territorial scope of GDPR refers to the processing of personal data in the context of the
activities of an establishment of a controller (the natural or legal person, public authority,
agency or other body which, alone or jointly with others, determines the purposes and means
of the processing of personal data) or a processor (a natural or legal person, public authority,
agency or other body which processes personal data on behalf of the controller) in the Union,
regardless of whether the processing takes place in the Union or not (GDRP, Art. 3). Any
school/faculty/university (the controller) that conducts data processing that offer service such
as online courses, whether by payment or for free to EU citizens must comply with the
requirements outlined in GDPR. Although Serbia is not yet a member state, if there is a single
one user on LMS from the European Union, the LMS used at university has to become GDPR
compliant.
3. IMPLICATIONS
Even though GDPR has become one of the most controversial regulative in the last couple of
years, there are many reasons for laying down stricter rules relating to collection, sharing and
processing of user personal data. There have been recently cases of misuse of users’ personal
data, such as „The Facebook and Cambridge Analytica Scandal “. It all contributed to the
stricter implementation of GDPR. What does GDPR imply? On one hand, the most important
change is for the organizations offering services. They have to become aware of the concept
„personal data“, what it means, what it refers to and how the data must and must not be
used. Furthermore, they must inform users in succinct, clear, plain and simple language what
they need the data for and ask for consent about it. On the other hand, users themselves
30
Poglavlje 6 GDPR and Learning Management Systems
must be informed about the use of their data, who has their data, why they have it, where
it's stored and who is accessing it, and provide consent for all this: „Consent under the GDPR
must be a freely given, specific, informed and unambiguous indication of the individual’s
wishes. There must be some form of clear affirmative action – or in other words, a positive
opt-in – consent cannot be inferred from silence, pre-ticked boxes or inactivity“. Moreover, a
user has the right to withdraw his or her consent at any time and can request for his or her
data to be removed or deleted when there is no compelling reason for a course to continue
processing that information. A site policy can be used to collect consent for the purposes
of GDPR compliance. The site policy document for any LMS should be reviewed carefully to
make sure it covers all the information required by GDPR in clear and simple language.
If schools or universities collect personal information for the purposes of marketing, they
must obtain a separate consent from each user to use this data for this purpose. Consent to
use the data for marketing must be separately withdrawable by the user.
If schools or universities collect personal information for the purposes of research, they must
either obtain a specific consent from each user to use the data for this purpose, or completely
anonymise the data before using it for research. [3] For example, when backing up the course
in Moodle, there is an option to anonymize user information which "protects user identities"
by making each user anonymous.
4. RECOMMENDED PRACTICE
Some LMS are already fully compliant with GDPR, some require plug-ins. Just simply installing
the plugin doesn’t make LMS GDPR-compliant. The administrators still need to set them up
properly and make sure practices and policies of the university/faculty/school are in line with
the regulation. In simple language, the administrators have to provide information to users
about:
• The purpose of all processing to be performed on the user’s data. Marketing must be listed
separately with a separate revocable “consent”.
• List of rights
• List of third parties that data will be shared with (This includes integrations such as LTI,
portfolios, plagiarism, repositories, authentication etc.)
31
Poglavlje 6 GDPR and Learning Management Systems
• Whether the personal data will be used for any automated decision-making process,
including the significance and details of the process (e.g. analytics).
5. CONCLUSION
GDPR came into force on 25th May 2018. It applies to all citizens, residents and companies
of the European Union, regardless of the company’s location. Developing LMS to become
compliant with the GDPR is not only about developing the tools. Schools/faculties/universities
have to customize their LMS in order to use the tools properly and make sure you’re their own
practices are in line with the regulation.
READING COMPREHENSION
Check your understanding of the text.
Key
1. GDPR is a regulation (srp. uredba) that involves the protection of personal data and
the rights of individuals.
2. The Regulation came into effect on the 25th May 2018.
3. Any organisation which processes and holds the personal data of EU citizens is
obliged to abide by the laws set out by GDPR. This applies to every organisation,
regardless of whether or not they themselves reside in one of the 28 EU member
states.
4. GDPR applies to personal data, meaning any information relating to an identifiable
person who can be directly or indirectly identified by reference to an identifier.
5. Personal data must be:
◦ Processed lawfully, fairly and in a transparent manner
◦ Collected only for specified, explicit and lawful purposes
◦ Adequate, relevant and limited to what is necessary
◦ Accurate and kept up to date
◦ Kept only for as long as it is needed and no longer
◦ Protected in a manner that ensures its security and integrity
6. The right to be informed, the right of access, the right of rectification, the right
to erasure, the right to restrict processing, the right to data portability, the right to
object, rights related to automated decision making and profiling.
7. No.
32
Poglavlje 6 GDPR and Learning Management Systems
VOCABULARY
Practice vocabulary from the text: compliant, enforce, applicable,
irrevocable.
Read the sentences below carefully and match the words in bold with their
definitions.
1 This site is HTML compliant.
2 The legislation will be difficult to enforce.
3 This section of law is applicable only to EU citizens.
4 They said their resignations were irrevocable.
a relevant to or affecting a particular situation or group of people
b in agreement with a set of rules
c that cannot be changed; final
d to make sure that people obey a particular law or rule
Key
1b
2d
3a
4c
Now use the words from the previous exercise in bold to complete the sentences
1-4.
1. This part of the law is only _____ to companies employing more than five people.
2. Advances in robotics and other innovations such as 3 D printing are likely to further erode
the advantages of a cheap and _____ workforce.
3. He said the decision was _____ .
4. It is the job of the inspectors to _____ compliance with the regulations.
Key
1 applicable
2 compliant
3 irrevocable
4 enforce
33
Poglavlje 7
Zaključak
There are a variety of security measures that can be used to protect hardware (the physical
components of a computer system) and software (programs and data) including:
1 Controlling physical access to hardware and software.
2 Backing up data and programs (storing a copy of files on a storage device to keep them
safe).
3 Implementing network controls such as:
a using passwords (a secret code used to control access to a network system) b installing a
firewall (a combination of hardware and software used to control the data going into and out
of a network. It is used to prevent unauthorised access to the network by hackers).
c encrypting data (protecting data by putting it in a form only authorised users can
understand) d installing a callback system (a system that automatically disconnects a
telephone line after receiving a call and then dials the telephone number of the system
that made the call, to reconnect the line. It is used in remote access systems to make sure
that connections can only be made from permitted telephone numbers), e using signature
verification or biometric security devices (security devices that measure some aspect of a
living being e.g. a fingerprint reader or an eye scanner).
4 Separating and rotating the computing functions carried out by employees and
carrying out periodic audits of the system i.e. observing and recording events on the
network systematically.
5 Protecting against natural disasters by installing uninterruptible power supplies
(battery backup systems that automatically provide power to a computer when the normal
electricity source fails) and surge protectors (electronic devices that protect equipment from
damage due to a sudden surge in a power supply).
6 Protecting against viruses by using antivirus programs (computer programs or sets
of programs used to detect, identify and remove viruses from a computer system) and
ensuring that all software is free of viruses before it is installed. Particular care must be taken
when using public domain software (free software) and shareware (software that is free to try
out but must be paid for if it is used after the trial period).
You should know and be able to use terms associated with Data Security such as: defacing,
denial of service attack, hijacking, mail bombing, piggybacking, salami shaving, software
piracy, spoofing, trapdoors, trojan horse, viruses. callback, incremental backups, full backups,
biometric security devices, encrypt/ion, firewalls, password protect, surge protectors,
uninterruptible power supplies, anti-virus, virus protection.
34
Poglavlje 7 Zaključak
REFERENCES
The following references were used for this lesson.
Glendinning, Eric H., McEwan, John. (2003). Oxford English for Information Technology,
Second Edition. Oxford University Press, UK.
Murphy, Raymond. (2015). English Grammar in Use, Fourth Edition. Cambridge University
Press, UK.
Oshima, A., Hogue, A. (1997). Introduction to Academic Writing, Second Edition. New York:
Addison Wesley Longman.
Remacha Esteras, Santiago. (2011). Infotech Student's book: English for Computer Users
(Cambridge professional English). Cambridge University Press, UK.
Remacha Esteras, Santiago., Marco Fabre;, Elena. (2007). Professional English in Use – ICT For
Computers and the Internet. Cambridge University Press, UK.
35