UNIT NAME: ICT AND SOCIETY UNIT CODE: DICT 009 LESSON ONE: INTRODUCTION OF INFORMATION AND COMMUNICA OMMUN ICATIO TION N TECHNOL TEC HNOLOG OGY Y (ICT) (IC T)
How our ancestor used to disperse information to others? o In the early year of Tanah Melayu, when there was no television or radio. The ‘Beduk’ play an important role. o The Headman of the village was the one who announced any news, be it birth, death, time of prayers or even when the village was in danger. o Different rhythms signified different events. The rhythm of the ‘Beduk’ to announce death was different from the rhythm used to announce prayers. What is ICT? O ICT is the technology required for information processing, in particular, the use of electronic computers, communication devices and software applications to convert, store, protect, process, transmit and retrieve information from anywhere, anytime.
A.) Information o Information refers to the knowledge obtained from reading, investigation, study or research. o The tools to transmit information are the telephone, television and radio. o We need information to make decisions and to predict the future. For example, scientists can detect the formation of a tsunami using the latest technology and warn the public to avoid disasters in the affected areas. o Information is knowledge and helps us to fulfill our daily tasks. For example, forecasting the stock exchange market. B.) Communication o Is an act of transmitting messages. It is a process whereby information is exchanged between individuals using symbols, signs or verbal interactions. o Previously, people communicated through sign or symbols, performing drama and poetry. With the advent of technology, these ‘older’ forms of communication are less utilized as compared to the use of the internet, e-mail or video conferencing.
C.) Technology
o Is the use of scientific knowledge, experience and resources to create processes and product that fulfill human needs. o Aiding Communication - telephone and fax machines are the devices used in extending communication o Spreading Information – To broadcast information such as news or weather reports effectively. Radio, television, satellites and the World Wide Web (www) are powerful tools that can be used.
Timeline for the Development of Technology YEAR
CREATION
3500 BC
Sumerians developed cuneiform writing
1500 BC
The Phoenicians developed the alphabet
105 BC
Tsai Lun of China invented paper
1454
The first printing began with the creation of printing machine.
1793
Telegraph line was invented
1876
The first telephone was introduced
1925
Television was made known to public
1941
Computer was created
1958
Photocopier machine was introduced
1963
Communication satellite was introduced
1969
The first internet known as ARPANET started
LESSON TWO: EVOLUTION OF COMPUTER
Before the era of computer begins, counting machine was invented to help people with business industry. The usage of counting machine, begin as early as 200 B.C. Evolution of computers can be traced at 7 stages: a) The early years b) First generation generation
o Is the use of scientific knowledge, experience and resources to create processes and product that fulfill human needs. o Aiding Communication - telephone and fax machines are the devices used in extending communication o Spreading Information – To broadcast information such as news or weather reports effectively. Radio, television, satellites and the World Wide Web (www) are powerful tools that can be used.
Timeline for the Development of Technology YEAR
CREATION
3500 BC
Sumerians developed cuneiform writing
1500 BC
The Phoenicians developed the alphabet
105 BC
Tsai Lun of China invented paper
1454
The first printing began with the creation of printing machine.
1793
Telegraph line was invented
1876
The first telephone was introduced
1925
Television was made known to public
1941
Computer was created
1958
Photocopier machine was introduced
1963
Communication satellite was introduced
1969
The first internet known as ARPANET started
LESSON TWO: EVOLUTION OF COMPUTER
Before the era of computer begins, counting machine was invented to help people with business industry. The usage of counting machine, begin as early as 200 B.C. Evolution of computers can be traced at 7 stages: a) The early years b) First generation generation
c) Second generation d) Third generation e) Fourth generation f) Fifth generation g) New era generation A. The early years Timelines of Counting Machine
Year
Invention
200 BC
Chinese Abacus (First counting machine)
500 BC
Egyptian Abacus
1620
John Napier invented Napier’s Bone (Multiplication table carves on bones)
1653
Blaise Pascal invented Pascaline
1673
Gottfried Wilhelm Von Leibniz invented Leibniz’s Rechner (which use first binary mathemathic calculating machine)
1801
Joseph Marie Jacquard invented weaving loom (using punch card technology)
1823
Charles Babbage invented mechanical calculator machine.
1941
Mark 1 was invented in Harvard University. The first computer which is slow, expensive and unreliable. It uses mechanical switches
B. First Generation (1940 – 1956) 1. Presper Eckert and William Mauchly built the ENIAC (Electronic Numerical Integrator and Computer) in 1946. 2. ENIAC use vacuum tubes rather than mechanical switches in Mark 1.
3. In 1951, Eckert and Machly build UNIVAC (Universal automatic computer) which can calculate at the rate of 10 thousand additions per second. 4. New technology was needed in the invention of technology. These technologies are a) Vacuum tube – an electronic tube about the size of light bulbs. It was used as the internal computer components. Thousands of them were used. b) Punched card – used to store data c) Magnetic tape – introduced in 1957. It is used to store data. Was a faster and more compact method of storing data. 5. Problems: a) The vacuum tubes generated great deal of heat causing many problems in temperature regulation and climate control. b) The tubes burnt out frequently. c) People operating the computer did not know that the problem was in the programming machine. C. Second Generation (1956 – 1963)
1. The second generation computer scientists invented something new due to lots of problem created by vacuum tubes. 2. The famous computer scientists during the second generation era were: a) John Bardeen b) Walter Houser Brattain c) William Shockley 3. The creation of transistor sparks the production of second generation computers. Transistor is a small devices use to transfer electronic signal across a resistor. 4. The advantages of transistor: a) Smaller than vacuum tubes b) Need no warm up time c) Consumed less energy d) Generated much less heat e) Faster f) More reliable D. Third Generation (1964 - 1971)
1. IBM 370 series were introduced in 1964. It came in several models and sizes. It is used for business and scientific programs.
2. Other computer models introduced were CDC 7600, BZ 500. 3. New hardware technology: a) Silicone chip were manufactured in 1961 at the silicone valley. 5 Form 4 Lesson Notes Part 1 ICT & Society b) Integrated circuit technology, which had reduced the size and cost of computers. It is a complete electronic circuit or a small chip of silicone which is also known as semiconductor. c) The magnetic core memory was replaced by microchip. (The first 253 bit Ram, basis for the development of the 1K bit Ram). 4. Advantages: a) Silicone chips were reliable, compact and cheaper. b) Sold hardware and software separately which created the software industry. c) Customer service industry flourished (reservation and credit checks) 5. Software technology: a) More sophisticated b) Several programs run at the same time c) Sharing computer resources d) Support interactive processing E. Fourth Generation (1971 – Present)
1. It took only 55 years for the 4th generations to evolve. 2. The growth of the computer industry developed technologies of computer inventions. 3. There are many types of computer models such as a) Apple Macintosh b) IBM c) DELL d) ACER 4. 5. 6. 7.
In 1971, Intel created first microprocessor In 1976, Steve Jobs built the first Apple computer In 1981, IBM introduced its first personal computer Among the famous inventors in fourth generations were:
a) Bill Gates who invented Microsoft b) Michael Dell who invented Dell Computer 8. Hardware technology invented in fourth generation were a) Silicone chip b) Microprocessor a specialized chip developed for computer memory and logic It is a large-scale integrated circuit which contained thousands of transistors. •
•
•
The transistors on this one chip are capable of performing all of the functions of a computer’s central processing unit. c) Storage devices 9. Advantages: a) 100 times smaller than ENIAC (the first computer) b) Faster c) Reliable d) Greater storage capacity e) Personal and software industry boomed F. Fifth generation (present and beyond)
1. New hardware technology: a) Silicone chips b) Processor c) Robotics d) Virtual reality e) Intelligent system f) Programs which translate languages G. New Era Computer
1. Super Computers - Fastest, most powerful, most expensive. - Used in applications such as sending astronauts into space, testing safety and aerodynamic features on cars and aircraft, controlling missile guidance systems, and weather forecasting which required extreme accuracy and immense speed to perform the complex calculation. 2. Mainframe computers - Large, expensive, powerful computer that can handle hundreds or thousands of connected user simultaneously. - Used in large organization to handle high volume processing of business transactions and routine paperwork. 3. Mini computer - Medium sized computer - Usually used as servers, with several PCs or other devices networked to access the midrange computer’s resources. 4. Personal computers - Small computer system, designed to be used by one person at a time. - Widely used in small and large businesses. Examples: tracking merchandise, billing customer, manage company accounts. 5. Mobile computers – personal computer that you can carry from place to place 6. Expert system – teleconferencing, speech recognition system
LESSON THREE: USAGE OF ICT IN DAILY LIFE
Computer plays major roles in our daily lives. We need computers to assists us in completing various tasks and jobs. Among the sector where ICT is used widely are: - education - banking - industry - business A.) Education 1. Today, most schools and higher education institution have computer in the classroom for teachers and students. 2. Computer is used in the sector of education because they can offer a) Enhanced learning b) Cognitive development c) Interactive experiences 3. User who benefits are a) Teacher – Teacher uses computers to research for teaching materials, participate in online forums and online conferences as well as to aid their teaching. b) Students – Students use the computers as a reference tool. They use computers to browse the internet to look for information c) Researchers – Researchers use computers to collect and process data. d) School administrators – They use computers for administrative purposes to make sure that the entire operation runs smoothly. B.) Banking 1. The computer is the nerve centre of the banking system around the world. It functions to control the entire banking system that also includes ‘Electronic Banking Services’. 2. Electronic Banking Services provide 24 hour services. The services include a) ATM (Automatic Teller Machine) b) Cash deposit c) Electronic fund transfer d) Direct deposit e) Pay by phone system f) Personal computer banking g) Internet banking 3. User who benefits are
a) Customers – Customers can make any transactions at the 24 hour service centre or via online. These services allowed them to do transaction at anytime they want. b) Business men – Businessmen can save their time by using the online services offered by banks. They can access company accounts for loan applications, business transactions and update on their cash flow at anytime c.) Bank administrators – Bank administrators can oversee the entire banking activities such as reconciliations, inter-branch transaction (IBT), telegraphic transfer and others by referring to the banking system C.) Industry 1. Computers are used to a) facilitate production planning and control systems, b) to support chain management c) to help in product design in the industrial sector 2. User who benefits are a)Workers – Workers use computers to analyze and collect research data for future reference. b) Researchers – Researchers use computers to analyze and collect research data for future reference. c.)Administrators – Administrators use computers to oversee the entire operations in the plant or factory to detect specific errors or defects that occurred in the process. D.) E-commerce a. E-commerce helps in boosting the economy. It makes buying and selling activities easier, more efficient and faster. For this application, computers, internet and shared software are needed. 2. User who benefits are a) Customers – Customers use computers to be connected online with suppliers to purchase products. This method can save time and cost as they do not have to go any outlet.
b) Suppliers – Suppliers use computers to keep track of their transactions. All products are bar coded and can be read by the computer scanner to help in determining prices and managing inventory. c) Employee s – Employees use computers and telephones to communicate with their customers for any enquiries. The system helps employees to get the latest updates on inventory to be informed to the customers. E.) Other sector that benefits from the usage of ICT Benefit - Architecture Use computer graphic to experience with possible interiors to give client a visual image. - Arts Modern artists use computers to express their creativity - Career Job opportunities that are related to ICT such as computer engineers, graphic designer, software engineers and programmer offer more technical skill and knowledge - Government To forecast weather, process immigrant - Healthcare Computers are use to promote telemedicine. Researchers found it useful in information sharing. Doctors and medical practical are able to apply modern treatment such as laser treatment.
- Home Computers are use for record keeping, writing letters, preparing budget and communicating with others Law enforcement In maintaining national fingerprints floes, modeling DNA and others information - Transportation In rapid transit system and tracking railway system - Travel Computers are use to do room reservation. It helps tourists to plan their holiday well -
LESSON FOUR: COMPUTERIZED AND NON-COMPUTERIZED SYSTEM Evolution of man and machine o The evolution of man and machine happened hundreds of years ago but the evolution of the computerized system happened only less than a century ago. o Many tasks can now be accomplished easily via the computerized system. Computer System o A system is an arrangement of elements that when it is put together it becomes an organized and established procedure. (In Latin-Greek, the term “system” means to combine, to set up, to place together) o A system typically consists of components connected together in order to facilitate the flow of information, matter or energy. o A computer system consists of a set of hardware and software which processes data in a meaningful way. A.) Education
1. Education is the science of teaching and learning of specific skills. 2. It also imparts knowledge, good judgment and wisdom. B.) Banking System Banking before ICT
Banking after ICT
Banking was done manually by taking deposits directly
All transactions are done by computers
Transactions can only be made during working hour Takes time to approve any loan applications
Transaction can be done at anytime and place Online services, phone banking system, credit cards are now available
C.) Industry
Industry before ICT
Industry after ICT
Industry was slow because everything was done manually and totally depended on human labor.
Computers and telecommunications industry became very popular and profitable since production can be increased through an all day operator.
D.) Commerce
1. Commerce is an activity of exchanging and buying and selling of commodities in large scale involving transportation from place to place. Commerce before ICT Trading was made using the barter system and it was then later developed into currency.
Commerce after ICT E-commerce plays an important role in the economic scene. It includes distribution, buying, selling and servicing products that are done electronically.
Advertisement was in the form of word of mouth, billboards and printed flyers.
Trading globally was extremely slow, late and expensive. Traders had to find ways to market global products in the global market
LESSON F IVE: IMPACT OF ICT ON THE SOCIETY
ICT development has changed every aspect of the human society. It has affected our life in many ways. A.) Faster communication speed
1. In the past, it took a long time for any news or messages to be sent. Now with the internet, news or messages are sent via e-mail to friends, business partners or to anyone efficiently. 2. With the capability of bandwidth, broadband and connection speed on the internet, any information can travel fast and at an instant. It saves time and is inexpensive. B.) Lower communication cost
1. Using the Internet is cost-effective than the other mode of communication such as telephone, mailing or Korea Service. It allows people to have access to large amounts of data at a very low cost. 2. With the internet we do not have to pay for any basic services provided by the Internet. Furthermore, the cost of connection to the internet is relatively cheap. C.) Reliable mode of communication 1. Computers are reliable. With the Internet we can access and retrieved information from anywhere and at anytime. This makes it a reliable mode of communication.
2. However, the input to the computer is contributed by the human. If the data pass through the computer is faulty, the result will be faulty as well. This is related to the form GIGO. GIGO is a short form for Garbage In Garbage Out. It refers to the quality of output produced according to the input. Normally bad input produces bad output. D.) Effective sharing of information 1. With the advancement of ICT, information can be shared by people all around the world. People can share and exchange opinions, news and information through discussion groups, mailing lists and forums on the Internet. This enables knowledge sharing which will contribute to the development of a knowledge-based society.
2. Some examples of popular discussion groups on the Internet are: a) Google Groups (www.googlegroups.com) b) Yahoo! Groups (www.yahoogroups.com) c.) Classic discussion group
E.) Paperless environment 1. ICT technology has created the term paperless environment. This term means information can be stored and retrieved through the digital medium instead of paper. Online communication via email, online chat and instant messages also helps in creating the paperless environment. F.) Borderless communication 1. Through the internet, information and communication can be borderless. 2. Internet offers fast information retrieval, interactivity, accessibility and versatility. It has become a borderless source for services and information. G.) Social problems 1. There are some negative effects of ICT. It has created social problems in the society. 2. Nowadays, people tend to choose online communication rather than having real time conversations.
3. People tend to become more individualistic and introvert theft, hacking, pornography and online gambling. This will result in moral decadent and generate threat to the society. H.) Health problems 1. A computer may harm user if they use it for long hours frequently. 2. Computers users are also exposed to bad posture, eyestrain, physical and mental stress. 3. In order to solve the health problems, an ergonomic chair can reduced back strain and a screen filter is to minimize eyestrain. Summary 1. The advantages of ICT in the society: a. faster speed of communication b. lower communication cost c. reliable mode of communication d. effective sharing of information e. paperless environment f. borderless communication g. urging for research and development of new products h. good competition among the producers 2. The disadvantages of ICT in the society: a. social problems b. health problems c. changing peoples attitude and demand
LESSON SIX : COMPUTER ETHICS A.) Ethics in general 1. We often see pirated CDs, software and VCD being sold at the night market. Buying pirated software is an example of unethical activity in computer ethic. 2. A guideline is needed to stop the current technology products from being exploited, for example by replicating originals CDs and selling them as pirated software. This unethical behavior can be controlled by the code of conducts. 3. Under the Malaysia Copyright act 1987, any individual charge with piracy will be fine up to 10,000 for each copy or up to 5 years imprisonment or both. 4. Computer ethics is a system of moral standards or values used as a guideline for computer users. COMPUTER ETHICS
Ethics in general, is amoral philosophy where a person makes specific moral choice and sticks to it. In computing, ethics are the moral guidelines to referred to when using the computer and computer networks. Computer ethics is a system of moral standards or values used as computer guidelines for computer users. DIFFERENCES BETWEEN ETHICS AND LAW Ethics Guidelines - as a guidelines to computer users
Law Control - as a rule to control computer users.
Judicial Standards - law is judge by Moral standards - ethical judicial standards. behavior is judge by moral Must follow - computers user must standards follow the regulations and law. Free to follow - computer users are free to follow or Penalties, imprisonments and other punishments - penalties, ignore the code ethics. imprisonments and other No punishments - no punishments for those who break the
punishment for anyone who violates ethics. Universals - Universals can be applied anywhere, all over the world. Produce ethical computer users - to produce ethical computer users. Immoral - not honoring computer ethics means ignoring the moral elements (immoral)
law. Depends on country - depends on country and state where the crime is committed Prevent misusing of computers to prevent misuse of computers Crime - not honoring the law means committing a crime.
B.) The ten commandments of computer ethics
1. The United States Institute of Computer Ethics has come out with the Ten Commandments of Computer Ethics. 2. These principles consider the effective code of conducts for the proper use of information technology. 3. The ten commandments of computer ethics i. You shall not use a computer to harm other people. ii. You shall not interfere with other people’s computer work. iii. You shall not snoop around in other people’s computer files. iv. You shall not use a computer to steal. v. You shall not use a computer to bear false witness. vi. You shall not copy or use proprietary software for which you have not paid. vii. You shall not use other people’s computer resources without authorization or proper compensation. viii. You shall not appropriate other people’s intellectual output. ix. You shall think about the social consequences of the program you are writing or the system you are designing. x. You shall always use a computer in ways that ensure consideration and respect for your fellow humans C.) Guidelines on the e-mail and Internet usage 1. The Department of Public Services of Malaysia has provided guidelines on the e-mail and Internet usage as reference to the s taff.
2. This guidance covers the usage of e-mail account, mailbox maintenance, and e- Mail preparation and delivery, mailing list and the Internet. 3. Some guidelines from the Department of Public Services of Malaysia: a) Use only individual e-mail address to forward individual opinion. b) Keep the identity name and password a secret to avoid the misuse of your e-mail without your knowledge. c) E-mail must be active to promptly reply the necessary actions needed for any matters. d) Ensure the total mail kept in the box is within the computer storage capacity. e) Scan files regularly to avoid the transmission of virus from one computer to another. f) Do not send e-mails that contain classified information which can be used to tarnish other people or country. g) Choose a suitable time to search Internet to save access time and cost. h) Beware of prohibited sites which could affect one’s moral, organization or nation. i) Print only relevant documents that you think can be used in future to save cost. D.) Unethical computer code of conducts
1. Have you copied materials from the internet and claims that it is your own and submit them as an assignment? If you have, you are reaching the computer code of conducts. In other word, you are breaking the law of intellectual property by stealing someone else’s idea. Intellectual property refers to any products of human intellect that is unique and has a value in the market place. This covers ideas, inventions, unique names, computer program codes and many more. 2. Examples of unethical computer code of conducts include: a) Modifying certain information on the internet, affecting the accuracy of the information b) Selling information to other parties without the owner’s permission c) Use information without authorization. 16 Form 4 Lesson Notes Part 1 ICT & Society d) Involvement in stealing software e) Invasion of privacy 3. With the advancement of ICT, it is easy for anyone to retrieve your information from the Internet. You may release that when you fill a form on the Internet, your information may be exposed and stolen.
4. Kevin David Mitnick was a famous hacker. He accessed computers without authorization. He deprived the privacy of many individuals by hacking into network of a few companies. He also managed to get valuable data unethically for his own usage. E.) Ethical computer code of conducts 1. Have you ever ask for permission to download materials from the internet such as music, articles, graphic and other material. If you have, you are following the computer code of conducts. There are many web sites with restriction where the public is allowed to use their material. Users may have to pay royalty to the owner or quote the website in their assignment or project, in order to be able to use this material. 2. Examples of ethical computer code of conducts include: a) Sending warning about viruses to other computer users b) Asking permission before sending any business advertisements to others c) Using information with authorization
Summary 1. Ethics refers to a standard of moral guideline that is used to determine proper behavior.
2. There are two codes of conducts that can be referred to which are the Ten Commandments of Computer Ethics by the United States Institute of Computer Ethics and the e-mails and Internet guidelines by the Department of Public Services of Malaysia. 3. Unethical computer code of conducts include modifying the accuracy of the information, selling information to other parties without the owner’s permission, using information without authorization, involvement in stealing software and invasion privacy. 4. Ethical computer code of conducts include sending warning about viruses to other computer users, asking permission before sending any business advertisements to others and using information with authorization
LESSON SEVEN: THE DIFFERENCES BETWEEN ETHICS AND LAW S A.) Definition of Ethics
1. In general, ethics is a moral philosophy where a person makes a specific moral choice and sticks to it. 2. On the other hand, ethics in computing means moral guidelines to refer to when using the computer and computer networks. This includes the Internet. B.) Definition of Law 1. Law is a legal system comprising of rules and principles that govern the affairs of a community and controlled by a political authority.
2. Law differs from one country to another. In the era of technology, computer law is needed to clarify goods or actions that fall under the computer law. Computer law refers to all areas in law that requires an understanding of computer technology such as hardware, software and Internet. 3. Examples of laws of computing in Malaysia include the Malaysian Communication and Multimedia Act, the computer Crime Act 1997 and the Telemedicine Act 1997. C.) Why do we need ethics and law in computing?
1. Respecting Ownership We must respect ownership by not stealing other people’s work either by duplicating or distributing it. Duplicating and distributing copies of audio tapes, video tapes and computer programs without permission and authorization from the individual or company that created the program are immoral and illegal. 2. Respecting privacy and confidentiality We should respect other people’s privacy and confidentiality by refraining ourselves from reading their mails or files without their permission. If we do so, it is considered as violating an individual’s right to privacy and confidentiality 3. Respecting property Property here means ownership. Since an individual data and information are considered as property, therefore, an act of tampering and changing electronic information is considered as vandalism and disrespect for other people’s property.
D.) Similarities between Ethics and Law
1. Both ethics and law are complimentary to each other and are made a. to guide user from misusing computers b. to create a healthy computer society, so that computers are used to contribute to a better life. c to prevent any crime. E.) Differences between ethics and laws
Ethics
Law
1. Guideline As a guideline to computer users
1. Control As a rule to control computer users. 2. Judicial standard Law is judged by judicial standards
2. Moral standard Ethical behavior is judged by moral standard. 3. Free to follow Computer users are free to follow or ignore the code of ethics 4. No punishments No punishments for anyone who violates ethics
3. Must follow Computer users must follow the regulations and law 4. Penalties, imprisonments and other punishments. Penalties, imprisonments and other punishments for those who break the law. 5. Universal 5. Depends on country Universal, can be applied Depends on country and state anywhere, all over the world where the crime is committed. 6. Produce ethical computer user 6. Prevent misusing of computers To produce ethical computer users To prevent misuse of computers 7. Immoral Not honoring computer ethics means ignoring the moral elements (immoral).
7. Crime Not honoring the law means committing a crime
F.) Unethical vs. law breaking conducts
Unethical
Law breaking
1. Using the office computer to do personal thing
1. Sending a computer virus via email
2. Reading your friend’s e-mail without his or her permission.
2. Hacking into your school database to change your examination results 3. Selling pirated software in a night market.
3. Plagiarizing and using materials from the Internet for your class assignments without giving credits to the original author. Summary
1. Ethics in computing means moral guidelines to refer to when using the computer, computer networks and the Internet. 2. Computer law is a concept from existing law, which is applied to the relatively new technologies of computer hardware and software, e-mail and Internet. 3. Ethical behavior is judged by moral standards while law is judged by judicial standards. LESSON EIGHT: INTELLECTUAL PROPERTY RIGHTS
It is important to have your creation patented to protect your rights. Reproducing other people’s inventions without their permission or piracy is illegal. We must respect the rights of others. A.) Definition of Intellectual Property 1. Intellectual Property (IP) refers to works created by inventors, authors and artists. Those works are unique and have value in the market value.
2. In our daily lives, we are surrounded by things that are protected by IP. Your school bags, your shoes and even your socks are protected by Intellectual Property Rights. Nike, Bata or Adidas, for example, are all protected by a group of legal rights.
B.) Intellectual Property Law 1. Intellectual property and intellectual property right can be protected under the Intellectual Property Law.
2. Intellectual Property Laws cover ideas, inventions, literary creations, unique names, business models, industrial processes, computer program codes and more.
C.) Inventions Protected By Intellectual Property Laws
1. As businesses continue to expand globally, business owners must realize the importance of getting professional advice on how to establish and safeguard their intellectual property rights. 2. This includes Trademarks, Service marks, Trade/Company names, Domain names, Geographical indications, Copyrights, Patents. 3. Example of creation that are covered under the Intellectual Property Law include architectural, audio visual, sound recording, Literary, musical and sculptural. D.) Intellectual Property Protection
There are four types of Intellectual Property Protection. They are: 1. Patents for invention Utility, design or plant patents that protect inventions and improvements to the existing inventions. It is a grant of a property right to the inventor. For example; Centrino is a processor which introduces efficient power management. The design of the processor is patented by Intel. •
•
2. Trademarks for brand identity Words, names, symbols, devices and images that represent products, goods or services Trademarks for brands, identity of goods and services allowed the distinction to be made between different traders. For example: Intel and AMD. •
•
3. Designs for product appearance The features of, in particular, the lines, contours, colors, shape, texture or material of the product itself or its ornaments. The design for product appearance covered the whole or a part of a product resulting from the feature such as the lines, contours, colors, shape, texture or material. For example: Apple IMAC. •
•
4. Copyright for material Literary and artistic material, music, films, sound recordings and broadcast, including software and multimedia. Copyrights protect the expression of idea in literary, artistic and musical works. For example, you can copyright the web content you have just designed. •
•
•
Copyrights give the holder some exclusive rights to control the reproduction of works of authorship, such as books and music for a certain period of time.
Summary 1. Intellectual Property (IP) refers to work created by investors, authors and artists. 2. Intellectual Property Rights are rights to which creators are entitled to for their inventions, writings and works of art.
3. Intellectual Property Laws cover ideas, inventions, literary creations, unique names, business models, industrial processes and computer program codes from being manipulated by people other than the owner. 4. Why do we need intellectual property law? o To appreciate other hard works and energy o To safeguard one property o To protect human relationship
LESSON NINE: PRIVACY IN COMPUTER USAGE
We should respect other people’s privacy by not invading their personal lives. People treasure privacy as there are some things that they do not wish to disclose to others. The same goes for privacy in ICT. A.) What is privacy?
1. Privacy in IT refers to data and information privacy. 2. Data refers to a collection of raw unprocessed facts, figures and symbols. Then, computer is used to process data into information. In general, data include texts, numbers, sounds, images and video. 3. Information privacy is described as the rights of individuals and companies to deny or restrict the collection and use of information about them. B.) Ways computer technology threaten our privacy
1. How does computer technology threaten the privacy of our data? It is done through: a. Cookies
o are used to identify users by web casting, e-commerce and other web applications. o contain user information and are saved in the computer hard disk. o are used by some websites to store passwords and track how regularly we visit a website, that’s how we become potential targets for web advertisers. o enable web sites to collect information about your online activities and store them for future use, then the collected details will be sold to any company that requests for it. b. Electronic profile o electronic profile is the combining of data in a database that can be sold to the Internet by the company to the interested parties. o this database is in a form such as magazine subscription or product warranty cards that had been filled by online subscribers. o the information in electronic profile includes personal details such as your age, address and marital status. c. Spyware o refers to a program that collects user information without user’s knowledge. o can enter computers, sneaking in like a virus. o is a result of installing new programs. o Communicates information it collects to some outside source while we are online. 2. Computer technology threatens our privacy through electronic profiling. For example, when we fill out a form such as a magazine subscription, purchasing products or contest entry form on the Internet, this data is kept in the database. It will include age, address, marital status and other personal details. 3. Every time you click on an advertisement or register a software product online, your information is entered into a database. 4. Computer technology can also threaten privacy through spam. Spam is unsolicited e-mail messages, advertisements or newsgroup postings sent to many recipients at once. C.) Why do we need privacy?
1. We need privacy for anonymity. 2. For example, the internet creates an elaborate trail of data detailing a person surfing on the web because all information is stored inside cookies. We do not want our trail to be detected.
3. We also need privacy for confidentiality. For example, online information generated in the course of a business transaction is routinely used for a variety of other purposes without the individual’s knowledge or consent. 4. We do not want our private lives and habits exposed to third parties. D.) Can privacy be protected?
Privacy can be protected by: 1. Privacy law
The privacy laws in KENYA emphasizes on the following: a. Security services to review the security policy b. Security Management to protect the resources c. Security Mechanism to implement the required security services d. Security objects, the important entities within the system environment. 2. Utilities software
Example: anti-spam program, firewall, anti-spyware and anti-virus Summary 1. Privacy in IT refers to data and information privacy and the right of individuals and companies to restrict the collection and use of information to others. 2. There are three ways computes technology can threaten our privacy: a. Cookies b. electronic profile c. spyware 3. Privacy can be protected by privacy law and utilities software
Identification:
-present what the user has (e.g. smart card)
Verification:
Verify the validity of the ID
Not Valid (F)
VALID (T)
Identification: Access Denied
-present what the user is (e.g. biometrics)
Authenticatio n:
Authenticate who the user is
TRU E
Access Granted
FALSE
LESSON TEN: AUTHENTICATIONS A.) What is authentication?
1. Authentication is a process where users verify that they are who they say they are. The user who attempts to perform functions in a system is in fact the user who is authorized to do so. 2. For example, when you use an ATM card, the machine will verify the validation of the card. Then, the machine will request for a pin number. This is where the authentication takes place. B.) Methods of Authentication
3. There are two commonly used authentication methods, which are biometric device and callback system. 4. Biometric device is a device that translates personal characteristics into a digital code that is compared with a digital code stored in the database. 5. Callback system refers to the checking system that authenticates the user. C.) Biometric devices
The examples of biometric devices are a.) Fingerprint recognition o A dedicated fingerprint reader is attached to a computer and takes the image data from the scanner and sends it to the database. The user is usually required to leave his finger on the reader for less than 5 seconds during which time the identification or verification takes place. The data received is compared to the information stored within the database. o In order to prevent fake fingers from being used, many biometrics fingerprint systems also measure blood flow, or check for correctly arrayed ridges at the edges of the fingers. o This authentication method is accurate and cost effective. b.) Facial Recognition
o Facial recognition analyses the recorded information of distance between eyes, nose, mouth and jaw edges of an individual's face images captured through a digital video camera. o Facial recognition is widely used, touted as a fantastic system for recognizing potential threats (whether terrorists, scam artists, or known criminals). o But so far, it has been unproven in high level usage. It is currently used in the verification only system with a good deal of success. o The accuracy is fair and the cost involve for this method is reasonable. c.) Hand Geometry Scanning o Hand scanning involves the measurement and analysis of the shape of one's hand. o It is a fairly straight forward procedure and it is surprisingly accurate. o Although it requires special hardware to use, it can be easily integrated into other devices or system. o Unlike fingerprints, the human hand is not unique. Individual hand features are not descriptive enough for identification. o It is possible to revise a method by combining various individual features and measurements of fingers and hands for verification purposes. d.) Iris Scanning o Iris scanning analyses the features that exist in the coloured tissues surrounding the pupil which has more than 200 points that can be used for comparison, including rings, furrows and freckles. o The scans use a regular video camera and can be done from further away than a retina scan. o It will work perfectly fine through glasses and in fact has the ability to create an accurate enough measurement that it can be used for identification purposes. o The accuracy of this method is excellent while the cost involved is high. e.) Retina Scanning o Retina biometrics involves the scanning of retina and analyzing the layer of blood vessels at the back of the eye. o Retina scanning involves using a low intensity light source and an optical coupler and can read the patterns at a great level of accuracy. o Retina scanning requires the user to remove glasses, place their eye close to the device and focus on a certain point. o Whether the accuracy can overweight the public discomfort is yet to be seen. o The accuracy in retina scanning is very good and the cost involves is fair. f.) Voice Recognition
o Voice recognition system compares a person's live speech with their stored voice pattern. o Voice recognition biometrics requires users to speak into a microphone. What he speaks can be his password or an access phrase. o Verification time is approximately 5 seconds. To prevent recorded voice use, most voice recognition devices require the high and low frequencies of the sound to match, which is difficult for many recording instruments to recreate well. Also, some devices generate random number of sequences for verification. o The accuracy in voice recognition is fair and the cost involved is very reasonable. g.) Signature Verification System o Signature Verification System recognizes the shape of your handwritten signature, as well as measuring the pressure exerted and the motion used to write the signature. o Signature Verification System uses special pen and tablet. o After pre-processing the signature, several features are extracted. o The authenticity of a writer is determine by comparing an input signature to a stored reference set (template) consisting of three signatures. o The similarity between an input signature and the reference set is computed using string matching and the similarity value is compared to a threshold. o The accuracy in Signature Verification System is fair and the cost involved is excellent. D.) Callback System
o The callback system is commonly used in the bank operation and business transaction. o For example, when you book for the taxi services, the operator will ask you to hang up and she will call you back to confirm for the service required. E.) Why is authentication important?
Authentication is important in order to safeguard against the unauthorized access and use. Summary 1. Authentication is a process where users verify that they are who they say they are. 2. There are 2 commonly used authentication methods, which are biometric device and callback system.
3. Biometric device is a device that translates personal characteristics into a digital code that is compared with a digital code stored in the database. 4. Callback system refers to the checking system that authenticates the user 5. Authentication is important in order to safeguard against the unauthorized access and use.
LESSON ELEVEN: VERIFICATION A.)What is verification?
Verification is the act of proving or disproving the correctness of a system with respect to a certain formal specification B.) Methods of verification
1. There are two methods, commonly used in verification, which are user identification and processed object. 2. User identification refers to the process of validating the user. 3. Processed object refers to something the user has such as identification card, security token and cell phone.
C.) User identification
The examples of validating process using the user identification are: 1. Key in the user name to log-in to a system and the system will verify whether the user is valid or invalid user. 2. Show exam slip to verify that you are the valid candidate for the exam. 3. Show a passport before departure. D.) Processed object
The examples of validating process using the processed object are: 1. The policeman will check on the driver’s license to identify the valid driver. 2. Employees have to swipe their security card to enter the building 3. Buy blouses at the mall using a credit card Summary 1. Verification is the act of proving or disproving the correctness of a system with respect to a certain formal specifications. 2. Two methods commonly used in verification are user identification and processed object.
3. User identification refers to the process of validating the user. Processed objects refer to something the user has such as identification card, security token, key, badge and cell phone.
LESSON TWELVE: CONTROVERSIAL CONTENT A.) Controversial content
A controversial content is information that causes disagreement in opinions and may cause the disruption of peace because different people or culture will have different views about the contents B.) Issues on controversial contents
o The issues on controversial contents are always focusing on pornography and slander. Malaysia considers pornography and slander as illegal. o Pornographic and slanderous activities can be in the forms of plots and actions displayed on video games, controversial rhythm or lyrics of music, controversial contents of books and controversial issues on religion and philosophy. C.) Pornography
o Cute pictures of innocent babies can’t be considered as pornography by normal standards. However these pictures may attract pedophiles. Pedophiles are people who are sexually arouse by young children. They exploit children for sexual pleasure. Sexual acts against children are a crime everywhere and must be curbed. These pictures are pornography to pedophiles. o The definition of pornography is any form of media or material (like books or photographs) that depicts erotic behaviour and is intended to cause sexual excitement. o Pornography tends to exploit men, women and children in a distasteful manner D.) Slander
o Slander is a legal term for false and malicious statement (meaning knowing that it is false or “reckless disregard” that it was false) about someone. Examples: You wrote an e-mail that a fellow classmate was having an affair with a teacher, even though it was not true. You then sent it to five other friends.
Ahmad is a Muslim. One day, he received a “spam” e-mail stating that his favourite soda drink “Soda Moda” uses non-halal food colouring, but he does not know if the source of the content is credible or true. He decides to forward the e-mail to 50 of his friends. Chin Wei spreads a rumour that a Government Minister is receiving bribes from an enemy government. IMPACTS ON KENYAN SOCIETY
What can you conclude about the impact of controversial content on the Kenyan society? Pornography • • • •
can can can can
lead to criminal acts such as exploitation of women and children lead to sexual addiction or perversion develop low moral value towards other men, women or children erode good religious, cultural and social beliefs and behaviour
Slander • • • •
can can can can
develop into a society that disregards honesty and truth develop bad habit of spreading untruths and rumours lead to unnecessary argument cause people to have negative attitudes towards another person
LESSON 13: THE PROCESS OF INTERNET FILTERING INTERNET FILTERING
It is our responsibility to ensure that the teenagers are protected from these corruptions of the mind by filtering access to the Internet. Internet filtering is a process that prevents or blocks access to certain materials on the Internet.
It is our responsibility to ensure that the teenagers are protected from these corruptions of the mind by filtering access to the Internet.
What is Internet filtering?
Internet filtering is a process that prevents or blocks access to certain materials on the Internet. Filtering is most commonly used to prevent children from accessing inappropriate material and to keep employees productive on the Internet. CONTROLLING ACCESS TO THE INTERNET
Controlling access to the internet by means of filtering software has become a growing industry in Kenya and elsewhere. Its use has increase as the mandatory response to the current plague of society, namely internet pornography, politically incorrect site, hatred, violence, hate and in general anything viewed to be unpleasant or threatening. The current preferred method of choice to limit access on the Internet is to filter content either by: keyword blocking site blocking web rating systems These methods require software to be installed at a client of server level. • • •
KEYWORD BLOCKING
One of the strategies is by using the keyword blocking method. This method uses a list of banned words or objectionable terms. As the page is downloading, the filter searches for any of these words. If the word is found, it will block the page completely, stop downloading the page, block the banned words and even shut down the browser. SITE BLOCKING • • • •
•
• •
software company maintains a list of ‘dubious Internet sites’ the software prevents access to any sites on this list ‘denial lists’ regularly updated some software provides control over what categories of information you block Who decides what goes on the ‘denial list’ and what criteria are they using? Can you keep track of the whole of the Internet? filters can use both site blocking and word blocking
WEB RATING SYSTEMS
Web sites are rated in terms of nudity, sex, violence and language. The Recreational Software Advisory Council (RSACI) is responsible for the rating of the websites on the content on the internet. •
•
Ratings done either by the web page author or by the independent bureau. Browsers set to only accept pages with certain levels of ratings. LESSON F OURTEEN: CYBER L AW
The rapid development and implementation of the information and communication technology ICT can result in the abuse of the World Wide Web, a service which is provided by the internet. Information and database in the Internet needs to be protected and secured against abuses. The security and privacy of the data on the Internet is provided by Cyber Law. A.) What is Cyber Law? o Cyber Law refers to any laws relating to protecting the Internet and other laws relating to protecting the Internet and other online communication technologies. B.) Needs for Cyber Law o In the recent years, many concerns and issues were raised on the integrity and security of information, legal status of online transactions, privacy and confidentiality of information, intellectual property rights and security of government data placed on the Internet. Integrity and Security
Security of
of Information
Government Data CYBER LAW
Intellectual Property
Legal Status of Online Rights Transactions Privacy and Confidentially of Information
o These concerns and issues clearly indicate why Cyber Laws are needed in online activities. C)
The Cyber Law Acts in Kenya
The Kenyan government has proposed cyber laws to control the internet abuse. The proposal looks at matters of ICT abuse in the following angle:
Identity-related Crimes: A Profile of East Africa from a Kenyan Perspective By resolution 2009/22, the Economic and Social Council (ECOSOC), concerned about the serious threats posed by economic fraud and identityrelated crime and by other illicit activities that those forms of crime support and concerned also about the use of new ICT technologies to perpetrate such crimes, reiterated the need to have effective domestic powers to detect and investigate, prosecute and punish as well as mechanisms for international cooperation to prevent and combat these forms of crime. In 2007, ECOSOC requested the United Nations Office on Drugs and Crime (UNODC) to provide legal expertise or other forms of technical assistance to Member States reviewing or updating their laws dealing with transnational fraud and identity related crime. Pursuant to that request, UNODC, in consultation with the United Nations Commission on International Trade Law, established a Core Group of Experts (CGE) on identity-related crime, bringing together on regular basis representatives from Governments, private sector, international and regional organizations and academia to pool experience, develop strategies, facilitate further research and agree on practical action against identity-related crime. The CGE’s work is aimed at assisting the UNODC to comply with ECOSOC’s request to collect, develop and disseminate: a. material and guidelines on the typology of identity-related crime and on relevant criminalization issues to assist Member States in establishing new identity-based criminal offences and the modernization of existing offences; b. Technical assistance material for training, such as manuals, compilations of useful practices or guidelines or scientific, forensic or other reference material for law enforcement officials and prosecution authorities in order to enhance their expertise and capacity. c. A set of useful practices and guidelines to assist Member States in establishing the impact of such crimes on victims; d. A set of material and best practices on public-private partnerships to prevent economic fraud and identity-related crime. The Core Group of Experts has held five meetings; the first meeting was held in Courmayeur, Italy, on 29 and 30 November 2007; and the other five meetings were held in Vienna, Austria, on 2 and 3 June 2008; 20 to 22 January 2009 and most recently, 6-8 December 2010. The latter meeting included the input of a wider group of new experts co-opted into the group, including yours truly, who presented his assessment of identity-related crime in East Africa in General and East Africa in particular.
East Africa has a union of five countries – Burundi, Kenya, Rwanda, Tanzania and Uganda. The East African Community (EAC) is the regional intergovernmental organisation of the East African Union. The Treaty for Establishment of the East African Community was signed on 30 November 1999 and entered into force on 7 July 2000 following its ratification by the original three Partner States – Kenya, Uganda and Tanzania. The Republic of Rwanda and the Republic of Burundi acceded to the EAC Treaty on 18 June 2007 and became full Members of the Community with effect from 1 July 2007. Progressively, the East African Region is moving towards political, social and economic integration: it established a Customs Union in 2005, a Common Market in 2010; a Monetary Union remains an imminent possibility by 2012 and ultimately a Political Federation of the East African States. The Union has a combined population of more than 125 million people, a land area of 1.82 million sq kilometers and a combined Gross Domestic Product of $73 billion (2009). Kenya, Tanzania and Uganda have the highest populations with each country exceeding 30 million (40 million for Kenya) and Burundi and Rwanda having 9 and 10 million respectively. The countries of union countries differ significantly in terms of population, cultural, ethnic patterns, and in the availability of natural resources. However, according to the United Nations’ assessment, these countries have in common some of the lowest economic indicators and standards of living and face severe development challenges. Kenya, Tanzania and Uganda share a similar legal system/tradition. They are all former colonies of Britain and their laws are largely descended from the English Common law. Burundi and Rwanda, on the other hand, are former colonies of Belgium and France and they both have civil law legal systems. General Observations about the Legal Framework on Identityrelated Crime in East Africa
Generally, just like many other regions in the world, East Africa has its share of identity related crimes, ranging from the serious and transnational to the minor and localized offences. Money laundering and human trafficking remains a major concern for both East Africa’s governments and its international partners. New patterns of criminal activities have emerged in the last decade due to the widespread availability and use of the mobile phone and to a limited extent, the internet. This, among other things, have prompted the EA countries to move towards enacting cyberlaws that define computer and identity-related offences, including some related to identity. However, even though the Union has adopted a general agreement of principles on Cyberlaw and individual country commitments to the
enactment of new laws, the pace and flavour of the implementation has hardly been uniform. International Law From the records of the United Nations, the following is the status of the EA countries with respect to four major international instruments concerned with cyber crime and identity related crime: • United Nations Convention against Transnational Organized Crime and the Protocols thereto – Kenya has signed and acceded; Tanzania & Rwanda have ratified; Burundi and Uganda have signed • United Nations Convention against Corruption – Burundi has acceded; all the other EA states have ratified. • Council of Europe Convention on Cybercrime – South Africa has for a long time been the only African country to accede to the Convention, though to be fair to other countries, this being by definition a European regional convention, it has served only as a model for many non-European countries and the failure to accede to it is not necessarily a reflection of a country’s attitude towards combating cybercrime. • UNCITRAL Model Law on Electronic Commerce –This model law has been the touchstone of principles and practices for many countries, including East African countries, in the formulation of cyberlaw legislation. Municipal Law Because of their common English descent, most of the Constitutional, criminal and procedural laws of three of the East African countries – Kenya, Tanzania & Uganda - are similar. On August 27, Kenya promulgated a new Constitution which replaced the old Constitution negotiated by the country’s founding fathers with the former English colonialists in the 1960s. In the three countries, with the new Constitution of Kenya being the recent exception, the right to privacy has not been expressly legislated as a constitutional or statutory right. Rather, it has been expressed as a broad constitutional norm encompassed in the freedom from unlawful entry into one’s premises, the search and seizure of one’s property and effects and freedom from interference with one’s correspondence. As a corollary, there has been no express constitutional right to confidentiality and the protection of personal information. The practice on the right to privacy and confidentiality has been guided by the English Common law as applied through judicial opinions.
However, Kenya’s new Constitution expressly creates the right to privacy (section 31) - Every person has the right to privacy, which includes the right not to have— (a) their person, home or property searched; (b) their possessions seized; (c) information relating to their family or private affairs unnecessarily required or revealed; or (d) the privacy of their communications infringed.
Identity-related offences In the three countries, identity-related offences are captured in the general corpus of criminal law, in what may now be referred to as traditional statutory offences that punish identity-related crime. These include the following and their related offences: o Obtaining by false pretences o Forgery o Fraud o Impersonation and falsification of identity o Theft
The East African Cyberlaw Framework was an initiative of the East African Community with the support of UNCTAD, to develop a general framework on legislative approaches to cyberlaw. The framework was adopted in June 2010. It seeks to promote regional harmonisation in the legal response to the challenges raised by the increasing use and reliance on ICTs for commercial and administrative activities and outlines agreed features to be transposed into national legislation in order to address the various issues identified in respect of: Electronic transactions, electronic signature and authentication, data protection and privacy, consumer protection and computer crime. On the subject of Data Protection and Privacy, the framework provides as follows: “For the purposes of the Framework, ‘data protection’ is used… to describe those obligations placed upon those entities that process information about living individuals, generally referred to as ‘personal data’. A data protection regime will also grant certain rights upon individual data subjects. The application of data protection rules may be limited only to private sector entities or public bodies. A sectoral regulatory response may be appropriate to address specific uses and abuses of personal data, whether driven by domestic or foreign concerns, such as the financial services sector. In terms of the entity responsible for the processing, the following minimum obligations represent international best practice in the area: • To comply with certain ‘principles of good practice’ in respect of their processing activities, including accountability, transparency, fair and lawful processing, processing limitation, data accuracy and data security. • To supply the individual with a copy of any personal data being held and processed and provide an opportunity for incorrect data to be amended. The cost of regulation will be a critical factor in data protection. The cost associated with a comprehensive or omnibus approach, specifically the
establishment of a dedicated regulatory authority, will generally be excessive for most developing countries, especially if borne by the private sector through licensing or notification fees. However, in terms of addressing privacy concerns vis-à-vis public sector infringements, an authority independent from government will generally be necessary in order to provide the necessary trust and assurance in its activities. The regulatory authority may not have an exclusively data protection remit, which mitigates the costs involved. Whilst a self-regulatory or co-regulatory approach may be appealing in terms of minimising the public costs of regulation, its success depends on a sufficiently strong and active private sector, willing and able to fund the regulatory activity. It is also unlikely to be appropriate in terms of the public sector use of personal data. The Task Force recognises the critical importance of data protection and privacy and recommends that further work needs to be carried out on this issue, to ensure that (a) the privacy of citizens is not eroded through the Internet; (b) that legislation providing for access to official information is appropriately taken into account; (c) the institutional implications of such reforms and (d) to take into account fully international best practice in the area.” Status of implementation of cyberlaws Any person carrying out an inquiry into this subject soon enough becomes aware of the dearth of country information on crime statistics including the typologies of cybercrimes and their differential distribution, the status of the implementation of international/regional country obligations, the text of laws and bills and even more importantly, victim data. As far as my best efforts could establish: • Burundi is still at the stage of drafting its cyberlaws in conformity with the Framework; • In Rwanda, a draft information and communication technology (ICT) bill was prepared in 2009 covering e-signatures, consumer protection, privacy, and content regulation. In early 2010, the country prepared a draft criminal law on cybercrime. Rwandan laws on digital copyright and e-contracting were passed in early 2010. • In Uganda, the legislature passed the Electronic Transactions Act and the Electronic Signatures Act in October 2010. The fate of the third bill, the Computer Misuse Act, could not be immediately established. • In Tanzania, the Law Reform Commission to the Ministry of Justice and Constitutional Affairs has proposed separate bills on Cyber crimes, regulation of electronic transactions and e-communications, privacy and data protection and the amendment of the Evidence statute. • In Kenya, the Kenya Communications (Amendment) Act 2008 came into force on January 2, 2010. This Act amended the Kenya Communications Act of 1998 to rename it the Kenya Information and Communications Act, 1998
and to introduce to it provisions on e-transactions, e-signatures, consumer protection, and computer crime. Key provisions of Kenya Information & Communications Act, 1998 on Privacy/Identity Data Protection Ministerial regulations on privacy of telecommunication The KIC Act empowers the Minister for Information and Communications to make regulations with respect to ‘the privacy of telecommunication’. The contravention of the Minister’s regulation would attract a fine of USD 4,375 or imprisonment for a term of up to 3 years or to both imprisonment and fine. However, no special regulations have been made under this section. Prohibition against unlawful interception and disclosure of a message The Act also makes it an offence for a telecommunications operator to intercept or disclose a message sent through the operator’s system or to disclose the statement or account of its subscriber. The prescribed punishment for the offence is a fine not exceeding USD 4375 or to imprisonment for a term of up to 3 years or to both imprisonment and fine. Prohibition against disclosure of personal information through radio communication apparatus Except where the authority of the Minister for Internal Security has been given, the Act forbids any person from using radio communication apparatus with the intention of obtaining information on the contents, the sender or addressee of any message. It also forbids, expect in the course of legal proceedings, the disclosure by any person of any information as to the contents, sender or addressee of any message coming to him or her through a radio communication. A conviction for contravening any of these provisions will lead to a fine of up to USD 12,500 or imprisonment for up to 5 years or both fine and imprisonment.
• Theft of information – the legislation introduced an amendment to section 267 of Kenya’s Penal Code which defines things that are capable of being stolen for the purpose of the offence of stealing or theft. The amendment, now in subsection (9) of the Code, states that ‘Information is capable of being stolen’. • Unauthorised access to computer data • Access with intent to commit offences • Unauthorised access to an interception of computer service - Knowingly securing access to a computer system for the purpose of obtaining any computer service or intercepting any function or any data held in the system. • Unauthorized modification of computer material - Knowingly doing an act which causes an unauthorized modification of data held in any computer system. • Damaging or denying access to a computer system • Unauthorized disclosure of password - Knowingly disclosing any password,
access code, or any other means of gaining access to any program or data held in any computer system: for any wrongful gain; for any unlawful purpose; or knowing that the disclosure is likely to cause prejudice to any person. • Electronic fraud - With intent to procure an advantage, fraudulently causing loss of property to another person by an input, alteration deletion or suppression of data; or any interference with the functioning of a computer system. • Knowingly creating, publishing or availing an electronic signature certificate for any fraudulent or unlawful purpose. • Unauthorized access to protected system - Securing or attempting to secure access to a protected system in contravention of the law. • Re-programming of mobile telephone - Not being a manufacturer of mobile phone devices or an authorized agent of such manufacturer, knowingly or intentionally, changes or interferes with the operation of mobile telephone equipment identity. ◦
◦
◦
With the widespread use of the mobile telephone in East Africa, (for example, over half of the Kenyan population has access to a mobile phone), a new pattern of offences began to emerge. o Kidnappings – with the kidnappers using the convenience of the mobile phone to get in touch with the victim’s family and make a ransom demand o Hoax promotions/raffles – where a subscriber is called by a person purporting to be from a mobile service provider or a company running a promotion and informed that they have won a prize in a draw and in order for them to collect their money they need to pay – via mobile money transfer – an ‘administrative charge’ o Or being falsely advised to dial a certain code ostensibly to register but the effect of dialing that code transfer’s airtime to the criminal’s number o A number of these crimes were being committed by convicts who had unathorised access to mobile phones while in custody. In July 2009, Kenya’s President Mwai Kibaki directed the Ministry of Information and Communication to establish a databank of all mobile telephone subscribers. The directive was preceded by the President’s concern over a reported increase in phone-related crime. Administrative/Institutional Framework for Combating Identity Related Crime: In Kenya, the Police Service is the principal law enforcement agent. According to the department's website (www.kenyapolice.go.ke), it is organized into twelve 'Formations' based on both administrative functions and crime typologies. Out of these twelve formations, the following deal with particular types of crimes: • General Service Unit – for riots and offences of public order • Criminal Investigation Department • Anti-stock Theft Unit – for livestock theft
• Traffic Police Department • Tourism Police Unit • Maritime Police Unit • Diplomatic Police Unit Three other police units are important in discussions of identity-related offences even though their place within the administrative structure of the Police Service could not be immediately established: • The Serious Crimes which deals with offences such as money laundering, kidnapping and organized crime; • The Anti-Banking Fraud Unit; • The Anti-Terrorism Unit. Evidently, identity-related crime is not given any special treatment as a subcategory or thematic subject both from a criminal justice or law enforcement perspective. There is therefore no general conceptual framework or official public study on identity-related crimes. Moreover, information on these types of crimes is not necessarily disaggregated from the general crime statistics that are compiled and published by the Kenya Police. These crime statistics published by the Kenya Police for various types of crime between 2006 and 2008 are presumably (because the report does not say so) reports of crime incidents recorded at police stations throughout the country and not necessarily actual convictions for the crimes. The categories of crimes included in the table above are those that are related to identity crime. Though I have included them in the table, it is not clear from the statistics what ranges of crimes are covered by the expressions ‘other offences against persons’ or ‘other Penal Code offences’. Identity crime typology and victim issues Based on decided cases and media reports, the most common types of identity-related crimes in East Africa (whether committed in their traditional sense or with the aid of information and communications technology) include: • Human trafficking • Money laundering • Terrorism • Fraud, forgery, impersonation and theft • Unlawful access to, modification, damage or theft of information in a computer system • Unlawful modification of mobile phone equipment identity
Even far from the immediate loss and damage suffered that is the consequence of the direct consequence of identity crimes on the part of the victim, there are other challenges for victims of such crimes that relate to access to legal aid and justice:
• Because identity crime is not sufficiently mapped or studied by law enforcement, there is inadequate information for both potential victims and victims on how to avoid and mitigate the effects of such offences. • Inadequate legal framework – While laws on certain aspects of identity related crime are lacking or insufficient, existing laws focus mostly on the punishment of the criminal and less on regulating the collection and management of personal information. • The subject of the technical measures and minimum compliance standards for protecting information, communications and commercial systems not captured in legislation • East Africa’s governments have been challenged that they have not fully complied with the minimum standards for the elimination of identity related transnational crimes – human trafficking, money laundering, economic fraud, organized crime/terrorism. • Poor crime reporting and crime mapping. Though prosecutions for identity related crimes are conducted, data on such cases is not compiled at the provincial or national level, and any data compiled is not readily available to the public. • Poor access to legal aid: Poor victim access to knowledge on basic laws, prevention and self-help High cost of professional legal aid Poor forensic and prosecutorial knowledge and skills on the part of law enforcement • Difficulties of jurisdiction and mutual-legal assistance in dealing with transnational crimes ◦
◦
◦
The following scenario extracted from the U.S. State Department Trafficking in Persons Report, June 200 is illustrative of the plight of victims of identityrelated crimes: ‘Police reportedly arrested foreign trafficking victims for being in [the country] without valid identity documents; in most cases, they pled guilty to immigration violations and were quickly deported. The government did not provide legal alternatives to the removal of victims to countries where they would face hardship or retribution.’ The way forward: • First, a baseline study on the incidence, typology and distribution of identity-related crimes will need to be conducted in order to proved both aggregated and disaggregating regional and country-specific information. Such a study will provide the empirical information that will form the basis for understanding and decision making. • There is need for improved tracking and reporting of identity-related crime by law enforcement and other government departments in the chain of justice and the sharing of this information with the public. • Capacity building interventions for law enforcement and civil society groups focusing on forensics, investigative and prosecutorial techniques,
preservation of evidence and the protection of and handling of victims. • Information, education & awareness focusing on potential victims and victims of identity-related crime will need to be developed for both victims and law enforcement agencies. • Legislative reform – The East African member states will need to follow up on their obligations under the EA Cyberlaw Framework to prepare, sponsor and pass legislation incorporating international best legislative standards on data protection and identity-related crime. • Considering the important role of the private sector in the processing of personal and financial information, in the development of technologies for protection of personal information and ensuring the security and confidentiality of computer-based transactions and in its ability to assist law enforcement in the prevention, detection and punishment of identity-related crime and the protection of victims, it is imperative that countries consider a framework of co-operation between the public and private sectors in this regard. • Finally, considering the trans-boundary nature of many identity-related crimes, international legal obligations as well as mutual co-operation between countries in dealing with trans-located victims of identity-related crimes will need to be legislated or institutionalized.
OTHER EXAMPLES OF CYBER LAWS:
The Cyber Law Acts in Malaysia o The Malaysian Government has already passed several Cyber Laws to control and reduce the Internet abuse. o These Cyber Laws include: a. Digital Signature Act 1997 I. The Digital Signature Act 1997 secures electronic communication especially on the Internet. ii. Digital Signature is an identity verification standard that uses encryption techniques to protect against e-mail forgery. The encrypted code consists of the user’s name and a hash of all the parts of the messages. iii. By attaching the digital signature, one can ensure that nobody can eavesdrop, intersect or tamper with transmitted data. b. Computer Crimes Act 1997 i. The computer crimes Act 1997 gives protection against the misuses of computers and computer criminal activities such as criminal activities unauthorized use of program, illegal transmission of data or messages over computers and hacking and cracking of computer systems and networks.
ii. By implementing Computer Crimes Act 1997 users can protect their rights to privacy and build trust in the computer system. At the same time, the government can have control at a certain level over the Cyber Space to reduce Cyber Crime activities. c. Telemedicine Act 1997 i. The Telemedicine Act 1997 ensures that only qualified medical practitioners can practice the telemedicine and that their patients’ rights and interest are protected. ii. These acts provide the environment for the future development and delivery of healthcare in Malaysia. d. Communications and Multimedia Act 1998 i. The implementation of Communication and Telecommunication 1998 ensures that information is secure, the network is reliable and the service is affordable all over Malaysia. ii. This act also ensures high level of user’s confidence in the information and communication technology industry. o Besides these Cyber Laws, there are three other Cyber Laws being drafted i. Private Data Protection Bill ii. Electronic Government Activities Bill iii. Electronic Transactions Bill iv. Security Protection Bill Summary 1. Cyber law refers to any laws relating to protecting the Internet and other online communication technologies.
2. Cyber Law is needed to protect i. the integrity and security of information ii the legal status of online transactions iii the privacy and confidentially of information iv the intellectual property rights v government data 3. Some examples of Cyber Laws in Malaysia i Digital Signature Act 1997 iii Computer Crimes Act 1997 ii Telemedicine Act 1997 iv Communications and Multimedia Act 1998 4. Other Cyber Laws i The security Protection Bill iii The Private Data Protection Bil ii The Electronic Transactions Bill iv The Electronic Government ActivitiesBil
LESSON FIFTEEN: COMPUTER CRIMES
Nowadays, we found that many peoples are selling pirated computer software to customers at a much cheaper price than the original CDs. Do you think this is a criminal act or just a way of doing business? COMPUTER CRIMES 1. A computer crime is defined as any criminal activity that is related to the use of computers. 2. Any illegal act involving a computer is referred as a computer crime. 3. These activities include computer fraud, copyright infringement, and computer theft and computer attack. A. COMPUTER FRAUD 1. Computer fraud is defined as having an intention to take advantage over or causing loss to other people, mainly on monetary basis through the use of computers. 2. There are many forms of computer fraud which include e-mail hoaxes, program fraud, investment schemes, sales promotion, and claims of expertise on certain field, health frauds, scams and hacking. B. COPYRIGHT INFRINGEMENT 1. Copyright infringement is defined as a violation of the right secured by a copyright. 2. Copyright infringement involves illegal copying or reproduction of copyright materials by the black market groups. 3. The open commercial sale of pirated items is also illegal. Copyright infringement involves illegal copying or reproduction of copyright 4. With the current technology, the most perfect copy of the original copyright materials can be downloaded from the Internet. 5. For example, the widespread of illegal downloading activities and sharing of recorded music in MP3 format. Also the unauthorized copying of movies even after the losing down of the Nepster. C. COMPUTER THEFT
1. Computer Theft is defined as the unauthorized use of another person’s property with the intention to deny the owner the rightful possession of that property or its use. 2. Insurance companies and drug companies have access to private medical records. These medical records can be used to determine the ability of employees to get an insurance policy. The drug companies may then sell and share the information with other companies. 3. Examples of computer theft include: a) transfer of payments to the wrong accounts b) tap into data transmission lines on database at no cost c) divert goods to the wrong destination D. COMPUTER ATTACK 1. Computer Attack may be defined as any activities taken to disrupt the equipment of computer systems, change processing control or corrupt stored data. 2. It is very hard to trace the authors of cyber threats. Therefore, the school authority will not know whether a virus entered their system from someone’s e-mail or is generated by school hackers. 3. Computer attack can be in the forms of: a) Physical attack that disrupt the computer facility or its transmission lines b) Electronic attack that uses the power of electromagnet energy to overload computer circuitry. c) A computer network attack uses a malicious code to exploit a weakness in software, or in the computer security practices of a computer user. 4. For example, the presence of technologically savvy young hackers in schools that can produce damage to schools’ server. 5. They are capable of disabling filters and gate way software, or accessing student information systems. SUMMARY
1. Computer crime is any criminal activity that is related to the use of computers such as fraud, copyright infringement, and theft and computer attack. 2. Computer fraud includes health frauds, scams and hackers. 3. Copyright infringement includes the illegal downloading and sharing of recorded music and unauthorized copying of movies online.
4. Computer theft includes the unauthorized use of another person’s property with the intention to deny the owner the rightful possession of that property or its use. 5. Computer attack includes any activities taken to disrupt the equipment of computer system, change processing control or corrupt data stored.
LESSON SIXTEEN: COMPUTER SECURITY
DEFINITION OF COMPUTER SECURITY 1. Computer security means protecting our computer systems and the information they contain against unwanted access, damage, destruction or modification. 2. We need to protect our computer from any intruder such as hackers, crackers and script kiddies. 3. We do not want strangers to read our email, use our computer to attack other systems, send forged e-mail from our computer, or examine personal information stored on our computer such as financial statements. TYPES OF COMPUTER SECURITY Three types of computer security are a. hardware security b. software security/ data security c. network security HARDWARE SECURITY 1. Hardware security refers to security measures used to protect the hardware specifically the computer and its related documents. 2. The examples of security measures used to protect the hardware include PC-locks, keyboard-lock, smart cards and biometric devices. 3. Besides these Cyber Laws, there are three other Cyber Laws being drafted SOFTWARE AND DATA SECURITY 1. Software and data security refers to the security measures used to protect the software and the loss of data files. 2. Examples of security measures used to protect the software are activation code and serial number. 3. An example of security measure used to protect the loss of data files is the disaster recovery plan method.
4. The idea of this plan is to stored data, program and other important documents in a safe place that will not be affected by any major destruction. NETWORK SECURITY 1. The transfer of data through network has become a common practice and the need to implement network security has become significant. 2. Network security refers to security measures used to protect the network system. 3. One example of network security measures is firewall. With firewall, network resources can be protected from the outsiders. PERSONAL COMPUTER SECURITY CHECKLIST In order to make sure our computers are secured, here are the computers security checklists to follow. a) Do not eat, drink or smoke near the computer. b) Do not place the computer near open windows or doors. c) Do not subject the computer to extreme temperatures. d) Clean the equipment regularly. e) Place a cable lock on the computer. f) Use a surge protector. g) Store disks properly in a lock container. h) Maintain backup copies of all files. i) Stores copies of critical files off sites. j) Scan a floppy disk before you open it. k) Do not open any unknown email received. SUMMARY 1. Computer security is a process of preventing and detecting unauthorized use of the computer. 2. There are three types of computer, which are hardware security, software/data security and network security. Qn. Explain briefly the different threats to computer security: Malicious code Hacking Nature/environment Theft • • • •
LESSON SEVENTEEN: INTRODUCTION TO SECURITY THREATS
1. The computer is a great tool to store important information. In certain cases the information is very vital that losing it will harm the computer system.
2. Computer threats can come from many ways either from human or natural disaster. For example, when someone is stealing your account information from a trusted bank, this threat is considered as a human threat. However, when your computer is soaked in heavy rain, then that is a natural disaster threat. 3. Generally, security threats include malicious code, hacking, natural environment and theft. A. MALICIOUS CODE 1. Malicious code is also known as a rouge program. It is a threat to computing assets by causing undesired effects in the programmer’s part. The effect is caused by an agent, with the intention to cause damage. 2. The agent for malicious code is the writer of the code or any person who causes its distributions. 3. There are various kinds of malicious code. They include Virus •
•
• •
•
Virus is a program that can pass on the malicious code to other non-infected programs by modifying them. To infect a computer, the virus needs to attaches itself to the program, usually files with .doc (document), .xls (spreadsheet), .exe (executable file) extensions. It will then destroy or co-exists with the program. Once the infected file is open; the virus will copy itself into that particular system and perform its functions. Eventually, it can overtake the entire computing system and spread to other connected systems.
Trojan horse A program which can perform useful but unexpected actions. Must be installed by users or intruders before it can affect the system’s assets An example of a Trojan horse is the login script that request for users’ login ID and password. The user will then successfully pass the login process, but the Trojan horse will keep a copy of the information to be use for malicious purposes. • •
•
•
Logic bomb Logic bomb is a malicious code that goes off when a specific condition occurs. An example of a logic bomb is the time bomb. It goes off and causes threats at a specified time or date. Trapdoor or backdoor •
•
•
•
A feature in a program that allows someone to access the program and use it with special privileges.
Worm A program that copies and spreads itself through a network. •
Primary differences between worms and viruses •
•
Worm Operates through the network While Virus Spreads through any medium. (Usually copied programs or data files) Worm Spreads copies of itself as a standalone program While Virus Spread copies of itself as a program that attaches to other program.
B. HACKER 1. Hacking is a source of threat to security in computer. It is defined as unauthorized access to the computer system by a hacker. 2. Hackers are persons who learn about the computer systems in detail. They wrote program referred to as hacks. Hackers may use a modem or cable to hack the targeted computers. 3. Kevin Mitnick is the most notorious hacker ever caught. He had stolen millions of dollars worth of software and credit card information on the net. He used new identities and cleverly concealed his locations. He spent 5 years in jail for his hacking activity. C. NATURAL AND ENVIRONMENTAL THREATS 1. Computers are also threatened by natural or environmental disaster. Be it at home, stores, offices and also automobiles. 2. Examples of natural and environmental disasters: a) Flood b) Fire c) Earthquakes, storms and tornados d) Excessive heat e) Inadequate power supply D. THEFT 1. Two types of computer theft: a. Computer is used to steal money, goods, information and resources. b. Actual stealing of computer, especially notebook and PDA. (This type of stealing causes loss of the expensive item and also the valuable information.)
2. Three approaches to prevent theft a) Prevent access by using locks, smart card application and password activation b) Prevent portability of your computer by restricting all hardware from physically being moved to other places. c) Detect and guard all exits and record any hardware (such as disk or CD) before being transported SUMMARY 1. Security threats include malicious code, hacking, natural environment and theft. 2. There are various types of malicious code that include virus, Trojan horse, logic door, trapdoor or backdoor and worm. 3. Virus is a program that can pass malicious code to other non-infected program by modifying them. 4. Computers are also threatened by natural or environmental disaster such as flood, fore, earthquakes, storms and tornados. 5. Computer theft includes stealing money, goods, and information and computer resources. LESSON EIGHTEEN: SECURITY MEASURES
1. Today, people rely on computer to create, store and manage critical information. It is important that the computer and the data they store are accessible and available when needed. It is also important that user take measures to protect their computers and data from lost, damage and misuse. How do we protect our computer from breaches of security and our security risk? 2. Security measures mean the precautionary measures taken to ward off possible danger or damage. There are 6 types of security measures which are data backup cryptography Antivirus, Anti-Spyware Firewall Human aspects. • • • • • •
A.) Data backup 1. Data backup is a program of file duplication. 2. Backups of data applications are necessary so that they can be recovered in case of an emergency.
3. Depending on the importance of the information, daily, weekly or biweekly backups from a hard disk can be performed. B.) Cryptography 1. Cryptography is a process of hiding information by altering the actual information into different representation, for example APA can be written as I?X. 2. Almost all cryptosystem depend on a key such as a password like the numbers or a phase that can be used to encrypt or decrypt a message. 3. The traditional type of cryptosystem used on a computer network is called a symmetric secret key system. 4. With this approach, the sender and the recipient use the same key, and they have to keep the share key a secret from anyone else. C.) Antivirus 1. User should install an Antivirus program and update it frequently. 2. An Antivirus program protects a computer against viruses by identifying and removing any computer viruses found in the computer memory, on storage media or incoming e-mail files 3. Identifying virus: Two techniques are use to identify the virus: a) Virus signature – also called a virus definition. It is a specific pattern of the virus code. •
b) Inoculating a program file – the Antivirus program records information such as the file size and file creation date in a separate inculcation file. The Antivirus program then uses this information to detect if a virus tampers with the data describing the inoculated program file. If an Antivirus program identifies an infected file, it attempts to remove its virus, worm or Trojan horse. If the Antivirus program cannot remove the infection, it often quarantines the infected file. Quarantine is a separate area of a hard disk that holds the infected file until the infection can be removed. This step ensures other files will not become infected. 4. An Antivirus program scans for programs that attempt to modify the boot program, the operating system and other programs that normally are read from but not modified.
5. Many Antivirus programs automatically scan files downloaded from the web, e-mail attachments and all types of removable media inserted into the computer. D.) Anti-Spyware 1. Spyware is a program placed on a computer without the user’s knowledge. It secretly collects information about the user. 2. The Spyware program communicates information to the outside source. 3. An Anti-Spyware application program sometimes called tracking for threat or a Spybot is used to remove Spyware. 4. Among the popular Anti-Spyware programs are: o Spybot Search and destroy o Ad-aware o Spyware Blaster E.) Firewall 1. Firewall is a piece of hardware or software which functions in a networked environment to prevent some communications forbidden by the security policy. 2. The purpose of a firewall is to keep bad thing outside a protected firewall implement a security policy. It might permit limited access from in or outside the network perimeters or from certain users or for certain activity. 3. There are three types of firewall a. Screening routers Simplest Sees only addresses and service protocol type Screen based on connection rules. b. Proxy gateway Complex Sees full text of communication Screen based on behaviour proxies c. Guard Most complex Sees full text of communication Screens based on interpretation of message content. • • •
• • •
• • •
F.) Human Aspects 1. Human aspects refer to the user and also the intruder of a computer system. 2. It is one of the hardest aspects to give protection to. 3. The most common problem is the lack of achieving a good information security procedure. 4. There are three ways to protect computer from human aspect threat: a. Organisation Self Awareness Organisations need to be aware of the people they work with Some threats also come from within the organization and not just from the outside. • •
b. Organisational User Self Awareness Provide employee with adequate training and the importance of security and control. Even a very high-tech protection system could not protect the system against incompetent users. c. Individual User Self Awareness Threat often comes in beautiful offers and packages. Do not download or install software from unreliable sources. Do not expose important information to strangers. •
•
• • •
Summary
1. Data backup is a program of file duplication. 2. Security measures mean the precautionary measures taken to ward off possible danger or damage. 3. Cryptography is a process of hiding information by altering the actual information into different representation. 4. An Antivirus program protects a computer against viruses. 5. Spyware is a program placed on a computer without the user’s knowledge and secretly collects information about the user. 6. Firewall prevents some communications forbidden by the security policy. 7. Human aspects refer to the user and also the intruder of a computer system which is one of the hardest aspects to give protection to.
LESSON NINETEEN: RELATIONSHIP BETWEEN SECURITY THREATS AND SECURITY MEASURES
Security threats may come in many forms. For example, when someone is invading our account information from a trusted bank, this act is considered as a security threat. Security measures can be used to prevent this invaders from getting the getting the account information. For example, the bank can use a firewall to prevent unauthorized access to its database. A.) Security threats 1. Security threats causes data loss, computer damage and the misuse of content. These threats include malicious code, hacking, natural disaster and theft. 2. People need to apply some security measures to overcome these threats. The examples of security measures include data backup, cryptography, Antivirus, Anti-Spyware, firewall and human aspects. B.) Malicious code threats Vs Antivirus and Anti-Spyware 1. Malicious code is a rogue program that threats computer assets by causing undesired effects in the programmer part. These threats include virus, Trojan horse, logic bomb, worm, trapdoor and back door. 2. Antivirus and Anti-Spyware can be used as security measure to protect the computer from those threats. 3. These security measures provide protection to the computer by a) Limiting connectivity b) Allowing only authorized media for loading data and software c) enforcing mandatory access controls d) blocking the virus from the computer program C.) Hacking VS Firewall 1. Hacking is an unauthorized access to the computer system done by a hacker. We can use firewall or cryptography to prevent the hacker from accessing our computers. 2. A firewall permits limited access to unauthorized users or any activities from the network environment. 54 Form 4 Lesson Notes Part 1 ICT & Society
3. Cryptography is a process of hiding information by changing the actual information into different representation, for example, an APA can be written as 7&*.
D.) Natural disaster VS data backup 1. The natural and environmental disaster may include flood, fire, earthquakes, storms and tornados. 2. Natural disaster may threaten a computer’s hardware and software easily. Computers are also sensitive to their operating environment such as excessive heat or the inadequacy of power supply. 3. The backup system is needed to backup all data and applications in the computer. With the backup system, data can be recovered in case of an emergency. E.) Theft VS human aspects 1. Computer theft can be of 2 kinds: a) Can be used to steal money, goods, and information and computer resources. b) The actual stealing of computers, especially notebooks and PDAs. 2. These threats can be handled based on the human aspects. 3. There are 3 approaches that can be taken by individuals or organizations to prevent theft which are: a) Prevent access by using locks, smart card or password b) prevent portability by restricting the hardware from being moved c) detect and guard all exits and record any hardware transported. F.) be suspicious of all results 1. There are many instances where non-programmers develop applications which are not built with proper understanding of software engineering practices. 2. Data produced by such applications may not be correct and may risk corrupting data received from other sources that are not compatible with the application. Summary 1. The relationship between the security threats and the security measures. 2. The appropriate security measures to use to protect the computer from computer threats.
LESSON TWENTY: SECURITY PROCEDURES
Home alarm systems do prevent burglars from breaking in. Similarly computers should have alarm systems to guard them from any attacks such as viruses and data corruption. We can assume that the house is like the computer while the alarm system is the security procedures that we take to ensure its safety. It shows that the alarm system is the tool that prevents the burglar from entering the house. Similarly, by taking extra safety precautions, we can avoid any virus attacks and file corruptions in our computers. A.) Data protection 1. We need to protect the data in the computer as it may somehow get lost or corrupted due to some viruses or mishap like fire, flood, lightning, machine failures and even human errors. 2. There are a few ways to protect the information namely: Make backup files Keeping the duplicated files in external storage such as in the o floppy disk and thumb drive. o Do backup frequently to prevent data from getting lost due to hardware or system failure. Detect the virus and clean the computer o A computer virus is able to infect the way the computer works o With an Anti-Virus program, viruses can be destroyed and eliminated quickly and efficiently. o Viruses can be detected when we run an Anti-Virus program o We can also delete the infected files and documents. o Don‘t forget to do routine Anti-Virus checks, updates and backup files to prevent from future virus attack. Warn others on virus attacks •
•
•
o
We can warn others on virus attacks or new viruses by sending email to them.
B.) Detecting illegal access to system 1. The computer system is able to detect any illegal access to the system by a user who does not have any authorization. 2. Basically, a corporation will simply use tcpwrappers and tripwire to detect any illegal access to their system. a)Tcpwrappers •
Tcpwrappers will control access at the application level, rather than at the application level, rather than at the socket level like iptables and ipchains. The system will run tcpwrappers to log access to fttp, tftp, rch, rlogin, rexe and telnet. o Tcpwrappers stop the attempted connection o examines its configuration files o Will decide whether to accept or reject the request.
b)Tripwire •
Tripwire will detect and report on any changes in the thousands of strategic system files. The system will run tripwire to determine if system files have changed.
3. User’s access will be reviewed periodically by computer operations. On going internal audits will be made to ensure detection of violations of security and unauthorized modifications to software and data. C.) Preventing illegal access to systems 1. There are things that cannot be taken inside the airplane. It is for the purpose of security procedures. It is the same as computer systems. It would not allow any unauthorized users to simply access the systems. 2. Ways to prevent illegal access to systems a) Run anypassword to make password cracking difficult. It’s a password software tool to sort out this problem. And thus you can store all your passwords in one secure place, which is protected with a strong encryption algorithm.
b) Run tcpwrappers to check if the name for an ip address can be provided by DNC c) Use a callback system to prevent unauthorized use of stolen passwords. D.) Preventing illegal root access
1. To prevent any illegal root access, we should have Sudo. So that people can perform on some machines without getting access to the entire root if that is not require. In addition, with Sudo we do not have to give up the root passwords. 2. Sudo stands for (Superuser do) and is a program in UNIX, Linux and similar operating systems such as Mac OS X that allows users to run programs in the form of another user (normally in the form of the system’s superuser). 3. Sudo allows a permitted user to execute a command as the superuser or another user, as specified in the sudoers file. E.) Patch 1. Patch is a name of an UNIX utility. It applies a script generated by the different program to a set of files that allows changes from one file to be directly applied to another file. 2. Patch supplies small updates to software, provided that the source code is available. 3. Resources are not enough to patch all security holes that we can hear about through the bugtraq list. 4. Bugtraq is a full disclosure mailing list dedicated to the issues of computer security. On-topic discussions are new discussions about vulnerabilities, methods of exploitation and how to fix them. It is a high volume mailing list and almost all new vulnerabilities are discussed there. Summary There are a few ways to protect information. They are o Make backup files o Detect the virus and clean the computer o Warn others on virus attack Qn. Describe the impact of ICT on society.
LESSON TWENTY-ONE: COMPUTER APPLICATIONS IN THE SOCIETY
The computer has changed the society today as much as industrial revolution changed society in 18 th and 19th century. People interact directly with computer in education, finance, government, health care, science, publishing, tourism, and industry. Computers help them to do their work faster and more efficient by using the software application that consists of special program for specific task.
SOFTWARE APPLICATIONS
Software applications are used for many reasons. Such as to: o
enhance the learning process
o
to help in business activities,
o
to assist the graphics and multimedia project
o
To facilitate communication.
Area
Home and Education
Examples of software applications
Integrated software, Personal finance, Legal, Tax Preparation, Clip Art/Image Gallery, Home Design/Landscaping and Reference
Business
Word Processing, Spreadsheet, Database, Presentation Graphics, Personal Information Manager, Software Suite, Project Management and Accounting
Graphics
Computer-aided design (CAD), Desktop Publishing,
and
Paint/Image Editing, Video and Audio Editing, Multimedia
Multimedia
Authoring and Web Page Authoring
Communicat ion
E-mail, Web Browsers, Chat Rooms, Newsgroups, Instant Messaging, Groupware and Video Conferencing
These software applications come in packages. SOFTWARE APPLICATIONS PACKAGES Software Application
Examples of Popular Packages
Word Processing
Microsoft Word and Lotus Word Pro
Spreadsheet
Microsoft Excel and Lotus 1-2-3
Database
Microsoft Access and Microsoft Visual FoxPro
Presentation Graphics
Microsoft Power Point and Lotus Freelance Graphics
Personal Information Manager
Microsoft Outlook and Palm Desktop
Software Suite
Microsoft Office and Lotus SmartSuite
Project Management
Microsoft Project and Corel CATALYST
Accounting
MYOB and Peachtree Complete Accounting
A) HOME & EDUCATION 1. Today, computers are used in schools, colleges & universities in order to promote better education by using computers. 2. Some of the software applications that usually used in schools & universities include Microsoft Office, Adobe Photoshop, Macromedia Flash, AutoCAD, and Macromedia Dreamweaver & Macromedia Director. 3. Computer for Higher Education o Open Distance Learning (ODL) or On-line learning can be implemented as computers are the main medium in delivering the knowledge from one location to the other locations.
o This type of learning consists of online forum, discussion, quizzes, test questions & many more. The example of the Open Distance Learning institution is the Open University of Malaysia. (www.oum.edu.my) B) BUSINESS 1 People use finance or accounting software to balance check books, pay bills, track personal income & expenses, manage investments & evaluate their financial plans. 2. Accounting software helps companies to record & report their financial transactions. One example of these software applications includes MYOB, Intuit Quick Books & Peachtree Complete Accounting. 3 Computers in Banking o In the banking sector. Many financial institutions offer online banking. People can access their financial records from anywhere in world. Example of online banking is Maybank2u. (www.maybank2u.com) 4 Industry o By using the CAM system, computers record actual labour, material, machine & computer time used to manufacture a particular product. o Computer process this data & automatically update inventory, production, payroll & accounting records on the company’s networks. o Examples of companies using this system are Proton (www.proton.com.my) & Perodua (www.perodua.com.my). C) GRAPHIC & MULTIMEDIA 1. Computers are crucial in publishing especially in the process of making work available to the public 2. Special software applications are used to assist graphic designers to develop graphics, texts, photographs & composing songs 3. Computer- Aided Design, Desktop Publishing, Paint/ Image Editing, Video & audio editing & Multimedia Authoring are among the popular applications software. D) COMMUNICATION 1. A government provides society with direction by making & administering policies. Most government offices or agencies have website in order to provide citizen with up-to-date or latest information.
2. Examples of software applications used for communication include email, web browser, newsgroups, instant messaging & video conferencing. 3. People can access government websites to: Check information on taxes (www.hasil.org.my) Apply for permit & licenses (www.jpj.gov.my) Check for MyKad (www.jpn.gov.my) Pay parking tickets & check summons (www.jpj.gov.my) Renew vehicle registration (www.jpj.gov.my) Register online for IPTA/IPTS application (www.moe.gov.my) • • • • • •
4. Computers in Tourism •
Today, people will go online to get all related information about traveling. They can visit websites to get information on destinations, prices, hotels, flights & car rentals.
5. Computers in the Healthcare •
In the medical field, computers are very important in running the operations. Medical staffs use computers for various purposes, namely:
i. Maintaining patient records ii. Monitoring patients’ vital sign iii. Assisting doctors, nurses & technicians with medical tests by using computer & computerized devices. iv. Using medical software to help with researching & diagnosing health conditions.
6. Science o In the scientific world, computers are used in all fields of science from biology to astronomy to meteorology and others. These are thing that can be done by computer, namely; i. Collecting, analyzing & modeling data ii. Serving as medium of communication with colleagues around the world iii. Contributing to new inventions or breakthrough in surgery, medicine & treatment. iv. Imitating functions of the central nervous system, retina of the eye & others by tiny computers. v. Allowing a deaf person to listen through cochlear implant SUMMARY
1. Computers help people to do their work faster & more efficient by using the software applications that consist of special programs for specific tasks. 2. Software applications are used for many reasons such as to enhance the learning process, to help in business activities, to assist the graphic & multimedia projects & to facilitate communication. 3. Examples of software applications include integrated software, personal finance, legal, word processing, spreadsheet, computer-aided design (CAD), desktop publishing, email, web browser & chat rooms LESSON TWENTY-TWO: COMPUTER USER
At the end of the lesson, student should be able to: • describe the various types of computer users in society. COMPUTER USERS IN SOCIETY The 5 categories of computer users are: • Home users • Small office/ house office (SOHO) users • Mobile users • Power users • Large business users HOME USERS The computer is a basic necessity. Each home user spends time on computer for different reasons: • Business • Entertainment • Communication • Education
SMALL OFFICE/HOME OFFICE (SOHO) These SOHO users: • Use desktop or notebook computers as well as telephone, handphone and PDAs in completing their tasks and communicating • Work as a small company or works as an individual at home MOBILE USER Mobile users:
• include real estate agents, insurance agents, metre readers and journalists • use notebook computers, internet-enabled PDAs or smart phones • Work with basic business software such as word processing and spreadsheet business software • use presentation graphics software to create and deliver presentations to a large audience by connecting a mobile computer or device to a video projector POWER USER Power user: • include engineers, scientists, architects and virtual reality animators • use computers with extremely fast processor, bigger storage and customized software • Work with mini computers that uses design to meet the organizational needs • use software such as CAD, CAM and MATLAB LARGE BUSINESS USER Large business users: • Bank, insurance company, hypermarket • use computers for basic business activities • have e-commerce that allows customers and vendors to interact and do business transaction online therefore customers, vendors and other interested parties can access information on the web • have e-mail and web browsers to enable communications among employees, vendors and customers • provide kiosks in public locations
CURRENT AND FUTURE DEVELOPMENT LESSON TWENTY-THREE: HOW TO CONDUCT A STUDY
At the end of this lesson, students should be able to: • Outline the basic steps of doing study There are five basic steps to follow when we do study: Step 1- Get an overview of the topic: a) Familiarity: We need to familiarize ourselves with the topic before we start doing study. This will allow us to spend more time developing a topic rather than using more time learning about the topic. b) Reference: Refer to a dictionary, encyclopaedia, handbook, textbook, guide or bibliography which can provide an overview of the topic.
c) Brainstorming: Spend some time brainstorming about the topic and write down everything that we can think of about the topic. Step 2 - Narrow down the topic: a) Narrow down the topic by reading the sources and form some specific questions related to the topic. By doing this, we may have awareness of the various aspects that we may want to study. Step 3 - Find study materials:
a) Study materials are available offline and online. We can search for the information that we want in books, journals, articles or other resource materials found in the library and the internet. Step 4 - Evaluate study materials: All selected materials need to be evaluated in 4 aspects: a) Relevance: • Does this publication help to answer the research question? If it does not find something else which does?
b) Perspective: • Is this a primary source (presenting the author’s own research and ideas) or a secondary source (summarizing and discussing the research and ideas of others)? • Is the evident biased? Does the author attempt to sway the reader’s opinion? c) Reliability/ Credibility • Is the information accurate? • Has the information been peer reviewed? • Are the authors and publishers reputable? • Do they cite their credentials? • Are there footnotes and a bibliography? d) Update • How recent is the information published? • How recent has it been updated? • Have there been new developments on the topic? • Could the information you are using be misleading because of the publication date? Step 5 - Writing out the study paper: a) When all resources are gathered, start writing the paper and cite all the sources of information used. These may include books, journals, articles and magazines.
LESSON TWENTY-FOUR: PRESENTING RESULTS
A presentation should contain three well-defined sections, they are: 1. Introduction is at the beginning of the research includes the objectives of the research provides a clear statement on why the study was undertaken includes the limitations/assumptions and analytical techniques 2. Content consists of facts or arguments related to subject matter can be presented in an argument format or just as an overview 3. Conclusion is a review of content (not repetition of content) relates to the statement of objectives in the introduction should not introduce new issues should contain judgment or decision that has been reached
BASIC NEEDS OF A GOOD STUDY PAPER There are varieties of ways to write out your research. However, there is a set of basic requirements that must be followed when it comes to submitting or presenting written presentation. BASIC NEEDS OF A GOOD STUDY PAPER
There are a variety of ways to write out your research. However, there is a set of basic requirements that must be followed when it comes to submitting or presenting written presentation.
1. General Points number all pages use one side of A4 paper secure all pages with a staple (top left-hand corner) don’t use paper clips/pins or folders must be typed/word processed clear and easy to read print-out spell check your paper supply an estimated word count on the cover sheet include your name, course name and teacher’s name 2. Style double-spaced 12 point minimum and 14 point maximum (with the exception of headings and footnotes)
2 spaces after a full stop and 1 space following a comma, semicolon or colon no abbreviation such as ‘e.g.’, ‘&’ or ‘etc.’ unless it is included in a bracket. Write everything in full: ‘for example’, ‘that is’, ‘and so on’. numerals are used when the number is more than two words; for tabulation; statistical discussion; sums of money; addresses; dates; time; and page, chapter, volume numbers (for example, 2 June, 2000) consistency in style for example in writing out headings 3. Quote a direct quote must be placed in quotation Block quotes are used if a direct quote is more than three lines long. if possible, paraphrase information in preference to using direct quotes. use quotes and paraphrasing to support argument 4. Clarity helps your readers understand your paper by organizing your paper well and don’t forget to insert the page numbers Edit your work means reading through the paper several times before submission and don’t just rely on the rough spelling and grammar checks offered by your software. 5. Indicating your intentions In a complex study, the introduction of every section should inform the reader what to expect in that section should contain judgment or decision that has been reached. The final paragraph in each section should tie the contents of that section together with a short conclusion. do not use too many words to say what you are going to do and what you have done, keep to the necessary minimum
PREPARING THE PRESENTATION 1. 2. 3. 4.
The style and presentation of assignments are essential Presentation should be presented clearly. It should not be read out Literature cited in text should be accurately documented References used for presented should be clearly mentioned LESSON TWENTY-FIVE: DELEGATION OF WORK
A WHAT IS DELEGATION? Delegation is the ability to assign tasks to others with the authority, responsibility and accountability to finish the tasks. B WHY DELEGATE TASKS? Reason why should I delegate tasks: • Will be able to save time • Help others to learn new skills, for example, how to negotiate and cooperate • Utilize individual’s additional strengths and expertise • Will be able to achieve large goals by dividing them into smaller tasks • Promotes creativity and diversity because others may have better way doing things • Cut down on tasks that can be done just as well by others C WHAT TO DELEGATE In order to complete a team project, you will be asked to use your skills in research, presentation and task delegation. When working on a large project you must know what task to delegate and how to assign them.
1. QUESTIONING • Discover a problem • Form a question to answer the problem 2. PLANNING • Set out steps to find answer • Select sources for possible answer • Plan a basic draft for reporting • Assign tasks to team members • Agree on contingency plans 3. GATHERING • Go to agreed sources of information • Collect information 4. SORTING • Put similar information together • Highlight valuable credible information 5. SYNTHESISING • Discuss information with others • Combine different information 6. EVALUATING • Discuss if information gathered supports the answer • Test out solution and decision that supports the answer EXAMPLES OF TASK DELEGATION
Scenarios
“The head librarian wants us to finish the work
Good Techniques
Set clear task deadline.
by the end of the day, which is about 5 pm.” “We have to sort out these books according to their subjects. Remember to stick the correct book codes onto the books.”
Describe in detail the task objective.
“I will teach you the coding system.”
Help team member to perform task if needed.
“Chong, you take the science books and Indra, you take the art books.”
Delegate task to those qualified to do the job.
“I don’t know the coding system.”
Inform limitation of abilities or resource to other team members.
“So, is everybody clear on what needs to be done and when we should meet again later?”
Monitor task progress.
LESSON TWENTY-SIX: TOPICS FOR STUDY STEPS TO DO A STUDY PORTFOLIO
In order to you need to steps.
do the research, follow this 5
STUDY TOPICS
Form into groups. Discuss with the team members and choose ONE (1) of the study topics below:
1. Copyright and piracy from a moral and legal standpoint. 2. Credit card fraud on the Internet and its implications on the industry/ economy/government. 3. Malaysian Cyber Law, Electronic Government Law.
The portfolio will contain: 1. Team journal study project introduction page minutes of team meetings initial project plan/calendar conflict resolution report 2. Initial framework for presentation 3. Final presentation The purpose of team journal is to keep track the progress of the project.
The team’s initial framework is where the team should do some basic study on the topic and decide what should be included in the presentation. The print out of the final presentation will be given to the teacher for final grading. SOURCE CITATION CARD
Source citation card is a note card in which you write the name of the article, author, book name, page numbers, where you found it, why it is good information and a short summary of the important points. CREATING YOUR PRESENTATION
A presentation should:
have at least 15 slides (not including the Title slide) have a Title slide - introduce presentation - include names of each member of the team
use any design templates use at least 5 graphics (e.g.: clip art, photographs, word art and drawings) have some multimedia - use animation on slides (be careful of very noisy ones!) - use slide transitions
use less text on the slides - try presenting the information through pictures, graphs, mind maps or any other form of visual (as oppose to textual) presentation have a citation slide the last slide must list all of your citations and other related resources (where you got the content) Remember to give credit to others! -
-
THE FINAL PRESENTATION