Practical Software Engineering

Privacy and Security


Security is a matter that has to be decided upon and dealt with by managers.

The management of an organization must take an active role in setting policies and creating standards and procedures to be followed by the users and the administrators of the systems.

The managers must divide the tasks of maintaining the system among several people in order to prevent one person from having too much power and control over the system.

In developing in house systems the management must take steps to create security standards to which all software developed internally must comply.

An organization must assess how sensitive and valuable their information is, and how much security and assurance they are willing to pay for.

The systems that are going to be purchased must meet these security standards. It is often possible to install a systems with different security features activated or not. The management must decide on activating or not activating these security features.

Security Inside Organizations

Computer (In)security: Infiltrating Open Systems

I.H. Witten Abacus, 4, 1987 pp.7-25.

It is very easy to infiltrate computer systems.

Security is a fundamentally human issue:

One way of maintaining security is to keep things secret, trusting people.
The other alternative is to open the system and rely on technical means of ensuring security.

Trend Toward Openness:
Unix is open in that any user can look at the password file, and the source code is widely available.

One way functions: irreversible, although the output can be calculated from the input, the input cannot be calculated from the output. These provide a sense of security but in fact the security of a system is severely compromised by people who have intimate knowledge of the system -- i.e.. those people that you rely on to provide the security.

A Potpourri of Security Problems: security may be compromised by/when:

Trojan Horses

Getting under the skin -- implants code that secretly reads or alters files in an unauthorized way.


Spreading infection like an epidemic Exorcising a virus: how do you get rid of it once you found it?


Technical mechanisms cannot limit the damage done by infiltrators.


  1. mutual trust between users of a system, coupled with physical security
  2. multitude of checks and balances -- educate users.
  3. secrecy -- do not make information available
  4. talented programmers have power.
  5. cultivate a supportive trusting atmosphere so that those with power are not tempted.


Four factors that contribute to growing public concern about communication privacy:
  1. The rapid growth of electronic transactions
  2. The accelerated collection of personal information
  3. The dramatic increase in the number of communications carriers and service providers.
  4. The growing use of technically unsecured channel, such as mobile communication.
On the communication network, the right of privacy can be divided into three categories:
  1. Confidentiality: The existence of the communication should be known only by the parties involved, without disclosure to a third party.
  2. Anonymity: The individual's right to disclose his/her identity in a network.
  3. Data protection: The collection and use of personal data.
Exception of privacy protection: The five principles of personal record keeping:
  1. There must be no personal data record-keeping systems whose very existence is secret
  2. There must be a way for an individual to find out what information about him/her is in a record and how it is used
  3. There must be a way for an individual to prevent information about him/her that was obtained for one purpose from being used or made available for other purposes without his/her consent
  4. There must be a way for an individual to correct or amend record of identifiable information about him/her
  5. Any organization creating, maintaining, using, or disseminating records of identifiable personal data must assure the reliability of the data for their intended use and must take precautions to prevent misuse of the data.

The Clipper Chip

This chip uses a sophisticated encryption algorithm that ensures data remains private.

One of the biggest drawbacks to using the Clipper chip for privacy is that the US government plans to regulate the keys that can decrypt any encrypted messages.

Under the proposed plan, two government agencies would have access to the decrypting keys and should law enforcement agencies have probable cause that a crime was being committed, they can get access to these keys to decrypt any files or communication that they feel they need to.

Information Technology and Dataveillance

R.A. Clark, Communications of the ACM, 31(5), 1988 pp. 498-512.

Concern about freedom from tyranny is a trademark of democracy. Surveillance is one of the elements of tyranny.

Nevertheless, some classes of people, at least when they undertake some classes of activity, are deemed by society to warrant surveillance.

The computer has been accused of harboring a potential for increased surveillance of the citizen by the state, and the consumer by the corporation.


is the systematic investigation or monitoring of the actions or communications of one or more persons.

Its primary purpose is generally to collect information about them, their activities, or their associates.


is the systematic use of personal data systems in the investigation or monitoring of the actions or communications of one or more persons.

Personal surveillance is the surveillance of an identified person.

In general, a specific reason exists for the investigation or monitoring.

Mass surveillance is the surveillance of groups of people, usually large groups.

In general, the reason for investigation or monitoring is to identify individuals who belong to some particular class of interest to the surveillance organization.

Computer matching

is the merging of data held on separate data systems of large numbers of individuals.

Dangers of personal dataveillance

Dangers of mass dataveillance

To the individual

To society Surveillance is not, of itself, evil or undesirable. Its nature must be understood, and society must decide the circumstances in which it should be used, and the safeguards that should be applied to it.

There are benefits tosociety in terms of security, tax and social welfare, finance and insurance.

IT professionals and academics alike have a moral responsibility to appreciate the power of the technology in which they play a part.

Both groups must publicize the nature and implications of their work for affected individuals and for society as a whole. This applies to the negative consequences as well as the potential benefits.

Dispersion of authority and power, and hence, of information, has long been regarded as vital to the survival of individualism and democracy.

Until and unless comprehensive information privacy protection is in place, effective controls over the techniques of dataveillance will not be possible.

Bill C-60 Copyright Legislation

Phase 1 of Bill has been in place since June 8/89.

Major points of the Bill

Implications of Bill C- 60 for educators.
Remember that copyright law protects the expression of ideas, while patent law protects the structural and operational processes. Does NOT touch on some issues: "fair use", ownership of work done by employee
Practical Software Engineering, Department of Computer Science 11-Jan-96