Chapter 4

Information, Control, and Privacy

Learning Outcome

At the end of this chapter the students should be able to:

1. Identify computer crimes
2. Define security
3. Explain concepts of Data Privacy Act of 2012
4. Describe the different common internet privacy issues
5. Enumerate and explain the 10 commandments of using computer
6. Explain the different social issues of using Information Systems
7. Explain concept of e-commerce law
8. Differentiate cybercrime with cybersecurity
9. Identify different information security controls
10. Apply intellectual property law concept on their daily lives
11. Compare deep web with dark web
12. Evaluate cases related to Latest Privacy

Learning Contents

Relationship of internet and the freedom of expression

What is freedom of Expression?
Democracy
Scope
Restrictions
Internet privacy
Risks to Internet privacy
Computer crimes
Types of Cybercrime
IT Security
Computer security
Vulnerabilities and attacks
Special Topics:
Data Privacy Act of 2012.
Ten Commandments of using Computer
Social Issues in using Information Systems
Five Moral Dimensions of the Information Age
BASIC CONCEPTS OF ETHICAL ANALYSIS
 Cybercrime and Cybersecurity
Common information Security Control
What are the Types of Information Security Controls?
Types of information security controls, intended to strengthen cybersecurity
Security controls
The most widely used information security frameworks and standards include:
Intellectual Property Law

Relationship of internet and the freedom of expression

What is freedom of Expression?

Everyone has the right to communicate his or her opinions and ideas and share
information in whatever form. In human rights this is called freedom of expression. It
prohibits the state and other people in society from censorship and it can be restricted
for only very serious reasons.

Democracy
Freedom of expression is an important human right which is essential for a society
to be democratic. It enables the free exchange of ideas, opinions and information and
thus allows members of society to form their own opinions on issues of public
importance. Freedom of expression serves public debate and supports a free and
independent press, informed citizenship and the transparent functioning of the state.

Scope
Freedom of expression protects almost all the ways in which you can express
yourself, regardless of the content or tone of your message. It covers all:

• Spaces (public and private)

• Purposes (political, artistic and commercial)
• Forms (words, pictures and sounds)
• Media (films, cartoons, radio, television and social media)

EXAMPLE You might be writing a comment to an article on an internet portal,

playing a song in public place, displaying an advertisement on a street or wearing a t-
shirt expressing a certain idea.

Freedom of expression protects you from unjustified restrictions of your expressions,

but it does not guarantee you access to the means for expressing your ideas.

EXAMPLE A magazine or internet portal can refuse to publish your article or

comment and a social media company might remove a comment.

Restrictions
The right to freedom of expression is very broad, but it has limits and can be
restricted. This is when the freedom of expression of one person violates the rights of
another person or the values of society as a whole. In situations like these, the state can
lawfully restrict or punish expressions that cause harm.
 Examples of this are:
• Violations of private life
• Defamation
• Hate speech
• Obscenity
• Pornography
• Public order
• National security
• Classified information
• Trade secrets or copyright violations

Any measures that restrict freedom of expression must be stated in law, can only
be applied for valid reasons (legitimate aim) and must be an exception based on the
individual situation.

Internet privacy
Internet privacy involves the right or mandate of personal privacy
concerning the storing, repurposing, provision to third parties, and displaying of
information pertaining to oneself via the Internet. Internet privacy is a subset of
data privacy. Privacy concerns have been articulated from the beginnings of
large-scale computer sharing.

Privacy can entail either personally identifiable information (PII) or non-PII

information such as a site visitor's behavior on a website. PII refers to any
information that can be used to identify an individual. For example, age and
physical address alone could identify who an individual is without explicitly
disclosing their name, as these two factors are unique enough to identify a
specific person typically. Other forms of PII may soon include GPS tracking data
used by apps, as the daily commute and routine information can be enough to
identify an individual.

It has been suggested that the "appeal of online services is to broadcast

personal information on purpose."[5] On the other hand, in his essay "The Value of
Privacy", security expert Bruce Schneier says, "Privacy protects us from abuses by
those in power, even if we're doing nothing wrong at the time of surveillance."

Internet and digital privacy are viewed differently from traditional

expectations of privacy. Internet privacy is primarily concerned with protecting
user information. Law Professor Jerry Kang explains that the term privacy expresses
space, decision, and information. In terms of space, individuals have an
expectation that their physical spaces (e.g. homes, cars) not be intruded. Privacy
within the realm of decision is best illustrated by the landmark case Roe v.
Wade. Lastly, information privacy is in regards to the collection of user information
from a variety of sources, which produces great discussion.
 Information Privacy - is an individual's claim to control the terms under
which personal information--information identifiable to the individual--is acquired,
disclosed, and used.

The privacy concerns of Internet users pose a serious challenge (Dunkan,

1996; Till, 1997). In an online survey, approximately seven out of ten individuals
responded that what worries them most is their privacy over the Internet, rather
than over the mail or phone. Internet privacy is slowly but surely becoming a
threat, as a person's personal data may slip into the wrong hands if passed around
through the Web.

Risks to Internet privacy

• Internet protocol (IP) addresses. All websites receive, and many track,
which IP address is used by a visitor's computer. Companies match data
over time to associate name, address, and other information to the IP
address.
• HTTP cookies. An HTTP cookie is data stored on a user's computer that assists
in automated access to websites or web features, or
other state information required in complex web sites. It may also be used
for user-tracking by storing special usage history data in a cookie, and such
cookies—for example, those used by Google Analytics—are
called tracking cookies. Cookies are a common concern in the field of
Internet privacy. Although website developers most commonly use cookies
for legitimate technical purposes, cases of abuse occur. In 2009, two
researchers noted that social networking profiles could be connected to
cookies, allowing the social networking profile to be connected to browsing
habits.
• Flash cookies. Flash cookies, also known as local shared objects, work the
same ways as normal cookies and are used by the Adobe Flash Player to
store information at the user's computer. They exhibit a similar privacy risk as
normal cookies, but are not as easily blocked, meaning that the option in
most browsers to not accept cookies does not affect Flash cookies. One
way to view and control them is with browser extensions or add-ons. Flash
cookies are unlike HTTP cookies in a sense that they are not transferred from
the client back to the server. Web browsers read and write these cookies
and can track any data by web usage
• Evercookies. Evercookies, created by Samy Kamkar,[37][38] are JavaScript-
based applications which produce cookies in a web browser that actively
"resist" deletion by redundantly copying themselves in different forms on the
user's machine (e.g., Flash Local Shared Objects, various HTML5 storage
mechanisms, window.name caching, etc.), and resurrecting copies that
are missing or expired. Evercookie accomplishes this by storing the cookie
data in several types of storage mechanisms that are available on the local
browser. It has the ability to store cookies in over ten types of storage
 mechanisms so that once they are on one's computer they will never be
gone. Additionally, if evercookie has found the user has removed any of
the types of cookies in question, it recreates them using each mechanism
available.[39] Evercookies are one type of zombie cookie. However, modern
browsers and anti-malware software can now block or detect and remove
such cookies.
• Device fingerprinting. A device fingerprint is information collected about
the software and hardware of a remote computing device for the purpose
of identifying individual devices even when persistent cookies (and
also zombie cookies) can't be read or stored in the browser, the client IP
address is hidden, and even if one switches to another browser on the same
device. This may allow a service provider to detect and prevent identity
theft and credit card fraud, but also to compile long-term records of
individuals' browsing histories even when they're attempting to avoid
tracking, raising a major concern for internet privacy advocates.
• Third Party Requests. Third Party Requests are HTTP data connections from
client devices to addresses in the web which are different than the website
the user is currently surfing on. Many alternative tracking technologies to
cookies are based on third party requests. Their importance has increased
during the last years and even accelerated after Mozilla (2019), Apple
(2020), and google (2022) have announced to block third party cookies by
default
• Photographs on the Internet. Today many people have digital
cameras and post their photographs online, for example street
photography practitioners do so for artistic purposes and social
documentary photography practitioners do so to document people in
everyday life. The people depicted in these photos might not want them to
appear on the Internet. Police arrest photos, considered public record in
many jurisdictions, are often posted on the Internet by online mug shot
publishing sites.
• Google Street View. The medium through which Street View disseminates
information, the photograph, is very immediate in the sense that it can
potentially provide direct information and evidence about a person's
whereabouts, activities, and private property. Moreover, the technology's
disclosure of information about a person is less abstract in the sense that, if
photographed, a person is represented on Street View in a virtual
replication of his or her own real-life appearance. In other words, the
technology removes abstractions of a person's appearance or that of his
or her personal belongings – there is an immediate disclosure of the person
and object, as they visually exist in real life.
• Search engines. Search engines have the ability to track a user's searches.
Personal information can be revealed through searches by the user's
computer, account, or IP address being linked to the search terms used.
Search engines have claimed a necessity to retain such information in
order to provide better services, protect against security pressure, and
 protect against fraud. [54] A search engine takes all of its users and assigns
each one a specific ID number. Those in control of the database often
keep records of where on the internet each member has traveled to.

Privacy focused search engines/browsers. Search engines such

as Startpage.com, Disconnect.me and Scroogle (defunct since 2012) anonymize
Google searches. Some of the most notable Privacy-focused search-engines are:

• DuckDuckGo: DuckDuckGo is a meta-search engine that combines

the search results from various search engines (excluding Google)
and providing some unique services like using search boxes on
various websites and providing instant answers out of the box.
• Qwant: is an EU-based web-search engine that is focusing on
privacy. It has its own index and has servers hosted in the European
Union.
• Fireball: Fireball is Germany's first search engine and obtains web
results from various sources (mainly Bing). Fireball is not collecting any
user information. All servers are stationed in Germany, a plus
considering the German legislation tends to respect privacy rights
better than many other European countries.
• MetaGer: MetaGer is a meta-search engine (obtains results from
various sources) and in Germany by far the most popular safe search
engine. MetaGer uses similar safety features as Fireball.
• Ixquick: IxQuick is a Dutch-based meta-search engine (obtains
results from various sources). It commits also to the protection of the
privacy of its users. Ixquick uses similar safety features as Fireball.
• Yacy: Yacy is a decentralized-search engine developed on the basis
of a community project, which started in 2005. The search engine
follows a slightly different approach to the two previous ones, using a
peer-to-peer principle that does not require any stationary and
centralized servers. This has its disadvantages but also the simple
advantage of greater privacy when surfing due to basically no
possibility of hacking.
• Search Encrypt: Search Encrypt is an internet search engine that
prioritizes maintaining user privacy and avoiding the filter bubble of
personalized search results. It differentiates itself from other search
engines by using local encryption on searches and delayed history
expiration.
• Tor Browser (The Onion Router): Tor Browser is free software that
provides access to anonymised network that enables anonymous
communication. It directs the internet traffic through multiple relays.
This encryption method prevents others from tracking a certain user,
thus allowing user's IP address and other personal information to be
concealed.
• Privacy issues of social networking sites. The advent of the Web 2.0 has
caused social profiling and is a growing concern for internet privacy. Web
2.0 is the system that facilitates participatory information sharing and
collaboration on the internet, in social networking media websites like
Facebook, Instagram, Twitter, and MySpace. These social networking sites
have seen a boom in their popularity starting from the late 2000s. Through
these websites many people are giving their personal information out on
the internet.
• Internet service providers. Internet users obtain internet access through
an internet service provider (ISP). All data transmitted to and from users
must pass through the ISP. Thus, an ISP has the potential to observe users'
activities on the internet. However, ISPs are usually prohibited from
participating in such activities due to legal, ethical, business, or technical
reasons. Normally ISPs do collect at least some information about the
consumers using their services. From a privacy standpoint, ISPs would ideally
collect only as much information as they require in order to provide internet
connectivity (IP address, billing information if applicable, etc.).
• HTML5. HTML5 is the latest version of Hypertext Markup
Language specification. HTML defines how user agents, such as web
browsers, are to present websites based upon their underlying code. This
new web standard changes the way that users are affected by the internet
and their privacy on the internet. HTML5 expands the number of methods
given to a website to store information locally on a client as well as the
amount of data that can be stored. As such, privacy risks are increased. For
instance, merely erasing cookies may not be enough to remove potential
tracking methods since data could be mirrored in web storage, another
means of keeping information in a user's web browser.[78] There are so many
sources of data storage that it is challenging for web browsers to present
sensible privacy settings. As the power of web standards increases, so do
potential misuses.
• Big data. Big data is generally defined as the rapid accumulation and
compiling of massive amounts of information that is being exchanged over
digital communication systems. The data is large (often
exceeding exabytes) and cannot be handled by conventional computer
processors, and are instead stored on large server-system databases. This
information is assessed by analytic scientists using software programs; which
paraphrase this information into multi-layered user trends and
demographics. This information is collected from all around the internet,
such as by popular services like
Facebook, Google, Apple, Spotify or GPS systems.

• Other potential Internet privacy risks

• Cross-device tracking identifies users' activity across multiple devices.
 • Malware is a term short for "malicious software" and is used to describe
software to cause damage to a single computer, server, or computer
network whether that is through the use of a virus, trojan horse, spyware,
etc.[87]
• Spyware is a piece of software that obtains information from a user's
computer without that user's consent.
• A web bug is an object embedded into a web page or email and is
usually invisible to the user of the website or reader of the email. It allows
checking to see if a person has looked at a particular website or read a
specific email message.
• Phishing is a criminally fraudulent process of trying to obtain sensitive
information such as user names, passwords, credit card or bank
information. Phishing is an internet crime in which someone
masquerades as a trustworthy entity in some form of electronic
communication.
• Pharming is a hacker's attempt to redirect traffic from a legitimate
website to a completely different internet address. Pharming can be
conducted by changing the hosts file on a victim's computer or by
exploiting a vulnerability on the DNS server.
• Social engineering where people are manipulated or tricked into
performing actions or divulging confidential information.
• Malicious proxy server (or other "anonymity" services).
• Use of weak passwords that are short, consist of all numbers, all
lowercase or all uppercase letters, or that can be easily guessed such
as single words, common phrases, a person's name, a pet's name, the
name of a place, an address, a phone number, a social security
number, or a birth date.
• Use of recycled passwords or the same password across multiple
platforms which have become exposed from a data breach.
• Using the same login name and/or password for multiple accounts
where one compromised account leads to other accounts being
compromised.
• Allowing unused or little used accounts, where unauthorized use is likely
to go unnoticed, to remain active.
• Using out-of-date software that may contain vulnerabilities that have
been fixed in newer, more up-to-date versions.
• WebRTC is a protocol which suffers from a serious security flaw that
compromises the privacy of VPN tunnels, by allowing the true IP
address of the user to be read. It is enabled by default in major browsers
such as Firefox and Google Chrome.

Computer crimes
 New technologies create new criminal opportunities but few new types of
crime. What distinguishes cybercrime from traditional criminal activity? Obviously,
one difference is the use of the digital computer, but technology alone is
insufficient for any distinction that might exist between different realms of criminal
activity. Criminals do not need a computer to commit fraud, traffic in child
pornography and intellectual property, steal an identity, or violate someone’s
privacy. All those activities existed before the “cyber” prefix became ubiquitous.
Cybercrime, especially involving the Internet, represents an extension of existing
criminal behavior alongside some novel illegal activities.

Types Of Cybercrime
Cybercrime ranges across a spectrum of activities. At one end are crimes that
involve fundamental breaches of personal or corporate privacy, such as assaults
on the integrity of information held in digital depositories and the use of illegally
obtained digital information to blackmail a firm or individual. Also at this end of
the spectrum is the growing crime of identity theft. Midway along the spectrum lie
transaction-based crimes such as fraud, trafficking in child pornography, digital
piracy, money laundering, and counterfeiting. These are specific crimes with
specific victims, but the criminal hides in the relative anonymity provided by the
Internet. Another part of this type of crime involves individuals within corporations
or government bureaucracies deliberately altering data for either profit or
political objectives. At the other end of the spectrum are those crimes that involve
attempts to disrupt the actual workings of the Internet. These range from spam,
hacking, and denial of service attacks against specific sites to acts of
cyberterrorism—that is, the use of the Internet to cause public disturbances and
even death. Cyberterrorism focuses upon the use of the Internet by non-state
actors to affect a nation’s economic and technological infrastructure. Since the
September 11 attacks of 2001, public awareness of the threat of cyberterrorism
has grown dramatically.

Security
Computer security, also known as cybersecurity or IT security, is the protection
of information systems from theft or damage to the hardware, the software, and to
the information on them, as well as from disruption or misdirection of the services they
provide.

Vulnerabilities and attacks

• Backdoor. A backdoor in a computer system, a cryptosystem or an algorithm,
is any secret method of bypassing normal authentication or security controls.
They may exist for a number of reasons, including by original design or from
poor configuration. They may have been added by an authorized party to
allow some legitimate access, or by an attacker for malicious reasons; but
regardless of the motives for their existence, they create a vulnerability.
Backdoors can be very hard to detect, and detection of backdoors are
 usually discovered by someone who has access to application source code
or intimate knowledge of the computer's Operating System.
• Denial-of-service attack. Denial of service attacks (DoS) are designed to make
a machine or network resource unavailable to its intended users.[5] Attackers
can deny service to individual victims, such as by deliberately entering a
wrong password enough consecutive times to cause the victim's account to
be locked, or they may overload the capabilities of a machine or network and
block all users at once. While a network attack from a single IP address can be
blocked by adding a new firewall rule, many forms of Distributed denial of
service (DDoS) attacks are possible, where the attack comes from a large
number of points – and defending is much more difficult. Such attacks can
originate from the zombie computers of a botnet or from a range of other
possible techniques, including reflection and amplification attacks, where
innocent systems are fooled into sending traffic to the victim.
• Direct-access attacks. An unauthorized user gaining physical access to a
computer is most likely able to directly copy data from it. They may also
compromise security by making operating system modifications, installing
software worms, keyloggers, covert listening devices or using wireless mice.
Even when the system is protected by standard security measures, these may
be able to be by-passed by booting another operating system or tool from a
CD-ROM or other bootable media. Disk encryption and Trusted Platform
Module are designed to prevent these attacks.
• Eavesdropping. Eavesdropping is the act of surreptitiously listening to a private
computer "conversation" (communication), typically between hosts on a
network. For instance, programs such as Carnivore and NarusInSight have
been used by the FBI and NSA to eavesdrop on the systems of internet service
providers. Even machines that operate as a closed system (i.e., with no
contact to the outside world) can be eavesdropped upon via monitoring the
faint electromagnetic transmissions generated by the hardware; TEMPEST is a
specification by the NSA referring to these attacks.

• Phishing. Phishing is the attempt to acquire sensitive information such as

usernames, passwords, and credit card details directly from users by deceiving
the users.[8] Phishing is typically carried out by email spoofing or instant
messaging, and it often directs users to enter details at a fake website whose
"look" and "feel" are almost identical to the legitimate one. The fake website
often asks for personal information, such as log-in details and passwords. This
information can then be used to gain access to the individual's real account
on the real website. Preying on a victim's trust, phishing can be classified as a
form of social engineering. Attackers are using creative ways to gain access
to real accounts. A common scam is for attackers to send fake electronic
invoices to individuals showing that they recently purchased music, apps, or
other, and instructing them to click on a link if the purchases were not
authorized.
• Spoofing. Spoofing is the act of masquerading as a valid entity through
falsification of data (such as an IP address or username), in order to gain
access to information or resources that one is otherwise unauthorized to
obtain. There are several types of spoofing, including:
o Email spoofing, where an attacker forges the sending (From, or source)
address of an email.
o IP address spoofing, where an attacker alters the source IP address in a
network packet to hide their identity or impersonate another computing
system.
o MAC spoofing, where an attacker modifies the Media Access Control
(MAC) address of their network interface to pose as a valid user on a
network.
o Biometric spoofing, where an attacker produces a fake biometric sample
to pose as another user.
• Tampering. Tampering describes a malicious modification or alteration of
data. So-called Evil Maid attacks and security services planting of surveillance
capability into routers are examples.

Special Topics:

Data Privacy Act of 2012. This Act shall be known as the “Data Privacy Act of
2012”. It is the policy of the State to protect the fundamental human right of
privacy, of communication while ensuring free flow of information to promote
innovation and growth.

Ten Commandments of using Computer

1. Thou shalt not use a computer to harm other people.
2. Thou shalt not interfere with other people's computer work.
3. Thou shalt not snoop around in other people's computer files.
4. Thou shalt not use a computer to steal.
5. Thou shalt not use a computer to bear false witness.
6. Thou shalt not copy or use proprietary software for which you have not
paid (without permission).
7. Thou shalt not use other people's computer resources without authorization
or proper compensation.
8. Thou shalt not appropriate other people's intellectual output.
9. Thou shalt think about the social consequences of the program you are
writing or the system you are designing.
10. Thou shalt always use a computer in ways that ensure consideration and
respect for other humans.
11. Dark Web and Deep Web

Social Issues in using Information Systems

Five Moral Dimensions of the Information Age
The major ethical, social, and political issues raised by information systems
include the following moral dimensions:

1. Information rights and obligations. What information rights do individuals and

organizations possess with respect to information about themselves? What can
they protect? What obligations do individuals and organizations have
concerning this information?
2. Property rights and obligations. How will traditional intellectual property rights
be protected in a digital society in which tracing and accounting for
ownership are difficult and ignoring such property rights is so easy?
3. Accountability and control. Who can and will be held accountable and liable
for the harm done to individual and collective information and property rights?
4. System quality. What standards of data and system quality should we demand
to protect individual rights and the safety of society?
5. Quality of life. What values should be preserved in an information-and
knowledge-based society? Which institutions should we protect from
violation? Which cultural values and practices are supported by the new
information technology?
BASIC CONCEPTS OF ETHICAL ANALYSIS
1. RESPONSIBILITY
This means that you accept the potential costs, duties and obligations for the
decisions you make.
2. ACCOUNTABILITY
It means mechanisms are in place for identifying who took responsible actions
and who are the responsible parties.
3. LIABILITY
• Liability is a feature of the political systems in which a body of laws
permits individuals and firms to recover damages to them by other
actors, systems or attacker. Backdoor Trojans are often used to create
botnets for criminal purposes.
• Botnets—A group of Internet-connected devices configured to forward
transmissions (such as spam or viruses) to other devices, despite their
owners being unaware of it.
• Cybercrime—Also known at computer crime or netcrime, cybercrime is
loosely defined as any criminal activity that involves a computer and a
network, whether in the commissioning of the crime or the target.
• DoS—An attempt to interrupt or suspend host services of an Internet-
connected machine causing network resources, servers, or websites to
be unavailable or unable to function.
• DDoS—Distributed denial of service attack. A DoS attack that occurs
from multiple sources.
• Malware—An overarching term describing hostile and/or intrusive
software including (but not limited to) viruses, worms, Trojans,
ransomware, spyware, adware, scareware, and other more, taking the
form of executables, scripts, and active content.
• Phishing—An attempt to acquire sensitive information like usernames,
passwords, and credit card details for malicious purposes by
masquerading as a trustworthy entity in a digital environment.
• Rootkit—Trojans that conceal objects or activities in a device’s system,
primarily to prevent other malicious programs from being detected and
removed
 • Social Engineering—Non-technical malicious activity that exploits
human interaction to subvert technical security policy, procedures, and
programs, in order to gain access to secure devices and networks.
• Trojan—Malicious, non-replicating programs that hide on a device as
benign files and perform unauthorized actions on a device, such as
deleting, blocking, modifying, or copying data, hindering performance,
and more.
• Zero-Day Vulnerability—a security gap in software that is unknown to its
creators, which is hurriedly exploited before the software creator or
vendor patches it.

Common information Security Control

What are the Types of Information Security Controls?

Types of information security controls, intended to strengthen cybersecurity, include:

• Security policies
• Procedures
• Plans
• Devices
• Software

They fall into three categories:

• Preventive controls, designed to prevent cybersecurity incidents

• Detective controls that detect a cybersecurity breach attempt (“event”) or
successful breach (“incident”) while it is in progress, and alert cybersecurity
personnel
• Corrective controls, used after a cybersecurity incident to minimize data loss
and damage to information systems and restore systems as quickly as possible.

Security controls come in the form of:

• Access controls, including restrictions on physical access such as security

guards at building entrances, locks, and perimeter fences, and on virtual
access, such as privileged access authorization
• Procedural controls such as security awareness education, security framework
compliance training, and incident response plans and procedures
• Technical controls such as multi-factor user authentication at login (login),
antivirus software, and firewalls
• Compliance controls such as privacy laws and cybersecurity frameworks and
standards designed to minimize security risks. These typically require an
information security risk assessment, and impose information security
requirements, with penalties for non-compliance.

The most widely used information security frameworks and standards include:
 • The National Institute of Standards and Technology (NIST) Special Publication
800-53, Security and Privacy Controls for Federal Information Systems and
Organizations
• The International Organization for Standardization (ISO) standard ISO 27001,
Information Security Management
• The Payment Card Industry Data Security Standard (PCI DSS)
• The Health Insurance Portability and Accountability Act (HIPAA)

Intellectual Property Law

A wide body of federal and state laws protects creative property such as writing,
music, drawings, paintings, photography, and films. Collectively, this body of law is called
“intellectual property” law, which includes copyright, trademark, and patent laws, each
applicable in various situations and each with its own set of technical rules. When
obtaining permission to use creative works, you’re concerned primarily with copyright
law. However, trademarks, trade secrets, and publicity and privacy rights sometimes
come into play when permission to use certain types of works is sought.
Below is a summary of the various types of intellectual property laws that are
relevant to the permissions process:

• Copyright. Federal copyright law protects original creative works such as

paintings, writing, architecture, movies, software, photos, dance, and music. A
work must meet certain minimum requirements to qualify for copyright
protection. The length of protection also varies depending on when the work
was created or first published.
• Trademark. Brand names such as Nike and Apple, as well as logos, slogans,
and other devices that identify and distinguish products and services, are
protected under federal and state trademark laws. Unlike copyrighted works,
trademarks receive different degrees of protection depending on numerous
variables, including the consumer awareness of the trademark, the type of
service and product it identifies, and the geographic area in which the
trademark is used.
• Right of Publicity. A patchwork of state laws known as the right of publicity
protects the image and name of a person. These laws protect against the
unauthorized use of a person’s name or image for commercial purposes—for
example, the use of your picture on a box of cereal. The extent of this
protection varies from state to state.
• Trade Secrets. State and federal trade secret laws protect sensitive business
information. An example of a trade secret would be a confidential marketing
plan for the introduction of a new software product or the secret recipe for a
brand of salsa. The extent of trade secret protection depends on whether the
information gives the business an advantage over competitors, is kept a secret,
and is not known by competitors.
• Right of Privacy. Although not part of intellectual property laws, state privacy
laws preserve the right of all people to be left alone. Invasion of privacy occurs
when someone publishes or publicly exploits information about another
person’s private affairs. Invasion of privacy laws prevent you from intruding on,
exposing private facts about, or falsely portraying someone. The extent of this
 protection may vary if the subject is a public figure—for example, a celebrity
or politician.

Dark Web and Deep Web

Dark web definition

The dark web is a part of the internet that isn't indexed by search engines. You've
no doubt heard talk of the “dark web” as a hotbed of criminal activity — and it is.
Researchers Daniel Moore and Thomas Rid of King's College in London classified the
contents of 2,723 live dark web sites over a five-week period in 2015 and found that 57%
host illicit material.
A 2019 study, Into the Web of Profit, conducted by Dr. Michael McGuires at the
University of Surrey, shows that things have become worse. The number of dark web
listings that could harm an enterprise has risen by 20% since 2016. Of all listings (excluding
those selling drugs), 60% could potentially harm enterprises.

You can buy credit card numbers, all manner of drugs, guns, counterfeit money,
stolen subscription credentials, hacked Netflix accounts and software that helps you
break into other people’s computers. Buy login credentials to a $50,000 Bank of America
account for $500. Get $3,000 in counterfeit $20 bills for $600. Buy seven prepaid debit
cards, each with a $2,500 balance, for $500 (express shipping included). A “lifetime”
Netflix premium account goes for $6. You can hire hackers to attack computers for you.
You can buy usernames and passwords.

But not everything is illegal, the dark web also has a legitimate side. For example,
you can join a chess club or BlackBook, a social network described as the “the Facebook
of Tor.”

Deep web vs. dark web: What’s the difference?

The terms “deep web” and “dark web” are sometimes used interchangeably, but
they are not the same. Deep web refers to anything on the internet that is not indexed
by and, therefore, accessible via a search engine like Google. Deep web content
includes anything behind a paywall or requires sign-in credentials. It also includes any
content that its owners have blocked web crawlers from indexing.

Medical records, fee-based content, membership websites, and confidential

corporate web pages are just a few examples of what makes up the deep web.
Estimates place the size of the deep web at between 96% and 99% of the internet. Only
a tiny portion of the internet is accessible through a standard web browser—generally
known as the “clear web”.

The dark web is a subset of the deep web that is intentionally hidden, requiring a
specific browser—Tor—to access, as explained below. No one really knows the size of the
dark web, but most estimates put it at around 5% of the total internet. Again, not all the
dark web is used for illicit purposes despite its ominous-sounding name.