420 likes | 605 Views
Herbert G. Mayer, PSU CS status 7/18/2011 Slides derived from prof. Wu-Chang Feng . CS 305 Social, Ethical, and Legal Implications of Computing Chapter 3 WWW to Wireless Communication. Syllabus. Spam Electronic Mail Why Spam? How Done? Spam and Ethics CAN Spam Class Exercise
E N D
Herbert G. Mayer, PSU CS status 7/18/2011 Slides derived from prof. Wu-Chang Feng CS 305Social, Ethical, and LegalImplications of ComputingChapter 3WWW to Wireless Communication
Syllabus • Spam • Electronic Mail • Why Spam? • How Done? • Spam and Ethics • CAN Spam • Class Exercise • Solutions to Spam • World-Wide Web • Censorship • Freedom of Expression
Spam • SPAM? No: Spam! Spam is not an acronym • Spam is unsolicited bulk information sent indiscriminately • Possibly derived as a second meaning of derided product: Spam from Hormel Corp. known as SPiced hAM • Spam is one of email’s not so desired side-effects • SPIT is Spam over Internet Telephony • In 2000 Spam accounted for 8% of all email • In 2003 Spam accounted for 40% of all email • In 2009 Spam accounted for 90% of all email • In 2011 Spam is estimated to account for ~7 Trillion emails
user agent user agent user agent user agent user agent user agent SMTP SMTP SMTP mail server mail server mail server outgoing message queue user mailbox Electronic Mail • Three major components: user agents mail servers Simple Mail Transfer Protocol: SMTP • User Agent a.k.a. “mail reader” composing, editing, reading mail messages e.g., Eudora, Outlook, elm, Mozilla Thunderbird outgoing, incoming messages stored on server
user agent user agent user agent user agent user agent user agent SMTP SMTP SMTP mail server mail server mail server Electronic Mail: Mail Servers • Mail Servers • mailbox contains incoming messages for user • message queue of outgoing (to be sent) mail messages • e.g. sendmail, postfix, Exchange • SMTP protocol • Between mail servers to send email messages • Mail servers are both clients and servers
Electronic Mail: SMTP [RFC 821] • Uses Transmission Control Protocol (TCP) to reliably transfer message from client to server, port 25 • User agent to sending server (sometimes) • Sending server to receiving server (always) • Command-Response interaction • commands: composing, reading, sending, sending with acknowledgment, replying, replying to all … • response: status code and phrase
1) Alice uses UA to compose message, “to” bob@someschool.edu 2) Alice’s UA sends message to her mail server; message placed in message queue 3) Client side of SMTP opens TCP connection with Bob’s mail server 4) SMTP client sends Alice’s message over the TCP connection 5) Bob’s mail server places the message in Bob’s mailbox 6) Bob invokes his user agent to read message 7) More complex scenarios with ACK possible user agent user agent mail server mail server Alice emails Bob 1 2 6 3 4 5
Spam Today • By mid 2011, the majority of all email received is unwanted • Unwanted email can mean • Informative for our just interests, and thus be enjoyed • A bother, since the subject is not of interest • Some topics even can be strongly offensive • First level protection: • Have tools to re-direct Span to junk mail boxes • Error-prone, and place some good mail into junk boxes • Happened to this instructor with this CS class’s homework • How do we achieve real protection? • Through laws? Then they need enforcement • By tools? They need to be strongly refined • Spam-ers will find ways around the tools, and the laws
Why Spam? • Let’s say I want to send an advertisement to 1,000,000 “targeted” people • To send by regular bulk mail, this will cost ~$200-300 k • To send by email, it will cost ~$1 k, i.e. the cost to buy a list of email addresses from an Internet company • email addresses harvested from web sites, mailing lists, chat rooms, and newsgroups, then sold to Spammers • Dictionary attacks • trying lots of plausible address combinations • keeping the ones not bouncing back • Thus putting added strain (bandwidth) to the network
How Done? • Run their own server farms for sending Spam • Typically located off-shore • Use ISPs that do not care about Spam • Less effective now • with proliferation of blacklists • With efforts to shut down rogue ISPs • Locate open mail proxies and bounce Spam through them • Less effective • Use networks of compromised machines (botnets) • Single, most popular use for a botnet • Monetization of botnet to send Spam drives malware effort • Some steps taken to prevent (i.e. ISPs allowing direct port 25 access only to their own mail servers)
How Done? • Definition: Phishing is fraudulent acquisition of sensitive (e.g. confidential) information thru internet • Phishing accounts • Trick legitimate user to give up username/password • Send as the user (reputation hijacking) to avoid blacklisting based on IP addresses • Creating bogus webmail accounts • Rely on good reputation of popular webmail services such as Gmail and Yahoo! Mail, to avoid blacklisting based on IP addresses
Spam and Ethics • Kantian evaluation of Spam • Act guided by moral principles that can at the same time be used as base for a universal code of law • Act so that you always treat both yourself and other people as ends in themselves; never purely as means to an end • Scenario: Suppose I have a great new product that I wish to advertise. I send an unsolicited email to a large group of people knowing that only a tiny fraction is interested • Is that ethical under Kant’s CI? • Students discuss …
Spam and Ethics • Act Utilitarian evaluation of Spam • An action is right (or wrong) to the extent that it increases (or decreases) the total happiness of the affected parties. • Scenario: A product that costs $10 to make, is sold for $25, purchasers value at $30 (i.e. their derived happiness) • 100 million bulk messages sent costing those who receive it and are not interested • As a result each of those has $0.01 of unhappiness (time wasted) • 10,000 customers purchase product and get full happiness • Is that ethical under Act Utilitarianism? • Students discuss … and compute amount of happiness
Spam and Ethics • Rule Utilitarian evaluation of Spam • We should adopt moral rules which, if followed by everyone, will lead to greatest increase in overall happiness • Scenario: Products being advertised, where only a small fraction of targets is known to be interested • What if 0nly 1% of all small businesses in the US email you 1 Spam advertisement per year? • There are 24,000,000 small businesses in America • 1% => 240,000 emails per year • 240,000 / 365 = 657 emails per day for each person • You are one of these persons! Do you feel happy about 657 unwanted emails every day? • Is sending Spam ethical under Rule Utilitarianism? • Students discuss … and compute happiness again!
Spam and Ethics • Social Contract Theory evaluation of Spam • Morality is the set of rules, governing how people are to treat one another, that rational people will agree to accept, for their mutual benefit, on condition that others follow those rules as well • Right to free speech as applied to mass communication • Is sending Spam ethical under Social Contract Theory? • Students discuss … also think of enforcement! And why we have Spam in our current society?
CAN Spam of 2003 Federal Law • Controlling Assault of Non-Solicited Pornography & Marketing • Largely unenforced • Difficult, time-consuming, and resource intensive to track the sources of Spam • Some successes • Greco (2/2004), Goodin (1/2006) • JumpStart (3/2006) $900k judgment • But largely ignored • Spam 75% of all messages in 2006, more AND larger percentage today in 2011 • 0.27% of Spam was compliant • Divides email into 3 categories; Spam should adhere to guidelines of these 3 categories, to be: • Transactional, commercial, unsolicited
CAN Spam • Transactional • Sender and receiver have an established business or personal relationship • Header, sender, and organization must be correct • Can’t disguise identity of the sender from which message was sent • Commercial • Commercial email messages to which user has consented to receive • Same as above and must provide option to remove from list • Mechanism to opt-out must include an Internet based method • i.e. not an 800 number of the kind: “Your call is important to us!” • Must contain the postal address of sender • Unsolicited • Must meet requirements of category 1 and 2 and: • Must include clear and conspicuous evidence that the message is an advertisement
CAN Spam • Critics call this the “You can” Spam Act • You get one free shot at a user’s Inbox • Does not prevent sending of Spam, but forces such messages into complying with defined rules • Unsolicited messages must comply with all 3 types of rules • Unsubscribe compliance • Visible, operable opt-out (unsubscribe) mechanism for all types of messages with requests honored within 10 days • Content compliance • Accurate “From:” lines with relevant “Subject:” lines • Legitimate physical address of publisher/advertiser • If applicable, a label is present for adult content • Sending behavior compliance • No sending through open relays –i.e. server that blindly pass on/through email messages • No sending via harvested email • No deceiving, false headers
CAN Spam • Exemptions • Religious messages • Political messages • Content that complies with lawful marketing mechanisms • National security messages • Transactional or relationship messages from companies to existing customers • Overrides state law • Rushed passage to supercede a tougher California law • Prohibits recipients from suing senders directly!! • Penalties • Misdemeanor to send with falsified header
CAN Spam • Problems with the “opt out” provision in CAN Spam? • For illegal email sender, your opting out means they know you exist; so they can and will send you more email • May unsubscribe you, and send Spam from a different entity! • Time provisions on length of unsubscription • Allowable delay in unsubscription • Create many LLCs to keep user receiving Spam?? • What about a legitimate company? Is there a potential problem with opting out? • Can they then sell your email address to another company? • Is your email address your possession or theirs to use? • What about non-US Spammers?
Class Exercise • How do you suggest to solve the problem of Spam in an ethical manner? • Students propose a practical, legal method of curbing Spam, in a way that the Internet remains usable! • Discuss Pros • Discuss Cons • Enforceable? • Would this be an improvement over current situation?
Solutions to Spam • Require explicit opt-in to email lists • Require labeling of email advertising, e.g. “AAA subscription” in the subject line • Add a cost to every email that is sent • Ban all unsolicited email • 1991 – Telephone consumer protection act, included a provision against junk faxes • Provide fast method of unsubscribing: not 10 days! • Problems?
World-Wide Web • Invented by Timothy Berners-Lee • Proposed 1989 • Co-invented with Robert Cailliau • Ref: http://en.wikipedia.org/wiki/Tim_Berners-Lee • Hypertext system that is • Decentralized • Uniquely addressable (via URLs) • Ubiquitous, internet based • Applications • E-commerce • Social networks • Content creation (wikis, blogs) • News, Advertise • Distance learning • Pay taxes, Gamble, …
WWW & Censorship • Should the Internet be filtered/censored? • In our times, access to the internet is tightly controlled in some countries: e.g. North Korea, Cuba, China, Myanmar • In others the content is tightly controlled, e.g.: • Saudi Arabia (centralized control center in Riyadh blocks pornography, gambling, and sites offensive to Islam, government, royal family) • China’s Great Firewall (human censors who perform similar functions) • Special interesting cases of censorship: • Germany: • Bans neo-Nazi web sites • Bans message denying Holocaust; denial illegal in 16 EU countries • USA: • Controls pornography (Children’s Internet Protection Act)
Censorship During History • Direct censorship • Since the 4th century, the Catholic Church banned the reading and possession of certain books • List of books named “Index Librorum Prohibitorum” • List officially maintained by the Vatican, later by those cardinals who were the official institution of the “Inquisition” • Maintained until the mid 20th century (NOT a typo!!) • http://en.wikipedia.org/wiki/Index_Librorum_Prohibitorum • State execution, Church control, University responsibility for enforcing the “Index” • Catholic church did not have the executive arm to enforce that all the books on “Index” be collected and burnt • Was the duty of catholic states, delegated generally to the universities • Last issue of “Index” was in the 1960s! Seriously, the 20th century! • Today the church has no such official list • Autocratic states like Saudi Arabia, Myanmar, etc. today maintain similar prohibited lists not of books, but of select Internet sites
Censorship • Direct censorship • Government monopolization enables censorship • Government controls all means of communication • e.g. Soviet television stations, radio, etc. • Hard to do with Internet; but being attempted! • Prepublication review • Sensitive classified documents must go through process to become declassified and publishable • Licensing and registration • Controlling who gets access (i.e. television stations being grant ed electromagnetic spectrum in exchange for something) • Note that “selling frequencies” is a huge source of tax/income potential • Self censorship • Suppressing information as a means to an end • CNN suppressed negative government info in Iraq to retain office in Baghdad • Voluntary rating systems so users can avoid certain content • What is “voluntary?”
Practical Censorship Issues • Many-to-many communication • Prevents governments from controlling the content • Gutenberg’s invention of the printing press raised the difficulty of controlling books considerably (printing was known in China before Gutenberg) • Dynamic • New web sites and content continuously published • New site-names created and deleted constantly • Size • Millions of sites, numerous pieces of information, mirror sites • See WikiLeaks Department of State content: ¼ million files for one event • Global • Limited authority for any government to restrict activities around the world • Many countries have server farms; impossible to shut all down! • Identity • Difficult to distinguish children from adults, criminals from bona-fide users
Censorship & Ethics • Where does censorship leave “freedom of expression”? • Kant • Censorship is clearly a backwards step • Prevents people from getting information they need to make their own decisions • John Stuart Mill, 1806 – 1873, British philosopher: • None of us is infallible and knows the whole truth. Censorship may be silencing the voice of truth • Majority opinion is not necessarily/usually/ever/always the whole truth. Must allow others to express their opinions to get a better sense of what is the truth • Majority opinion must be tested and validated. Otherwise it is prejudice • Tested opinions using free and open discourse has a vital effect on character and conduct
Censorship & Ethics • Is censorship of books, films, internet, posters practiced in the USA? • Aside from limiting a) pornography from internet sites and b) offensive language and c0 libel, there seems to be no censorship; see freedom of expression below!
Freedom of Expression • Mill’s Principle of Harm • The only ground on which intervention is justified is to prevent harm to others; the individual’s own good is not a sufficient condition • Students: How does this apply to drug users who destroy themselves? • Or how to people wanting to commit suicide? • What ethical framework does Mill’s principle follow? • Explains positions of most western democratic governments with regard to pornography • Adults viewing hurt mostly themselves by doing so as opposed to others • Note exception for children
Freedom of Expression in US • Not an absolute right in eyes of the US Supreme Court • See Supreme Court Justice Clarence Thomas’ dissentions • Right is balanced against the public good • Abuse of such freedom in order to harm the public may be punishable • Libel, reckless or calculated lies, slander, misrepresentation, perjury, false advertising, obscenity and profanity, solicitation of crime, and personal abuse • Example: Cigarette advertising on television • How many cigarette ads have you seen recently? • Ethical argument for why it should not be allowed: • Opinons?
FCC v. Pacifica Foundation • Radio broadcast of George Carlin performance “Filthy Words” in 1973 • Preceded by warning of sensitive language • A man had heard “filthy words” on car radio while driving with his young son; he complained to FCC • FCC informed Pacifica Foundation: further complaints would lead to sanctions • Pacifica sued FCC, and won: Supreme Court 1978 in a 5 to 4: FCC did not violate the First Amendment!
FCC vs. Pacifica Foundation • Broadcast media is uniquely pervasive • Indecent material broadcast into privacy of homes • People can turn it on-off at any time, making the warning ineffective • Damage is done as soon as it is heard (can not undo its harm by turning it off after the fact) • Uniquely accessible to children • Can restrict access in bookstores and movie theaters • Time of day is an important consideration, however, for broadcast radio/television • Students debate and exercise: Ethical analysis! • Kant’s CI, Act U., Rule U., Social Contract
Censorship and Children • Child Internet Protection Act (CIPA) • Government requirement for installing anti-pornography filters before receiving federal funds for Internet access • Argument for: Libraries do already abstain from offering X-rated magazines or movies • So they should not be obliged to filter Internet pornography • Argument against: Filters are inaccurate and inconvenient. They restrict freedom of speech from some web publishers • Upheld by U.S. Supreme Court in 2003 • It is not the role and function of libraries to provide a public forum for free speech; can be exercised elsewhere
Is CIPA Ethical? • Kantian evaluation of protecting children from harm using filters • Assumption is that some non-pornographic web pages are filtered • Filters treat creators of non-offensive, blocked pages as a means to the end for restricting children’s access to pornographic materials • Act utilitarian evaluation • Up to each of us • Enacting CIPA results in fewer children being exposed • Some legitimate sites will be filtered accidentally • Stigma, discomfort for legitimate users getting sites unfiltered • Social contract theory evaluation • Private viewing of pornography does not make social living impossible • Public libraries offer arguments on both sides (assumption is that filters block some useful sites)
Catch Chat-Room Predators • Police sting operations to lure pedophiles • Ethical? • Kantian analysis • Is the will leading to the action OK? • Yes and no • Overall goal is good; but that is not of prime interest to CI • Deceptiveness to do so is always wrong to a Kantian! • Utilitarian analysis • Result is public benefit (OK to harm one pedophile so society benefits) • Publicity may deter other pedophiles • Impact on chat rooms as an effective medium for communication if one knows one is being “watched”? • Social contract theory analysis • Misrepresentation by pedophile should be punished • Police are also misrepresenting themselves • Not a clear cut argument
Discussions • Suppose 99% of all email from country X is Spam • Discuss the ethics behind blacklisting all email from country X: • Kantian • Act Utilitarianism • Rule Utilitarianism • Social Contract
Discussions • Definition MMORPG: Massively Multiplayer Online Role-Playing Game • Discuss the ethics behind rule in China mandating a time-limit for playing MMORPGs. Is this law moral? What would the judgment depend upon? • Kantian • Act Utilitarianism • Rule Utilitarianism • Social contract theory
Discussions • Discuss the ethics of posting photos on-line without the permission of those who appear in them • Are there situations when it would be unethical? If so, what are they? • Kantian • Act Utilitarianism • Rule Utilitarianism • Social contract theory
References • Spam: http://www.etymonline.com/index.php?search=spam&searchmode=none • SMTP: http://www.smtp2go.com/articles/smtp-protocol.html • Mill’s utilitarianism: http://en.wikipedia.org/wiki/John_Stuart_Mill • Clarence Thomas supreme court dissentions: http://blog.beliefnet.com/watchwomanonthewall/2011/06/court-rules-against-parents-justice-thomas%E2%80%99-dissent-protects-children-by-steve-birn.html • MMORGPG: http://en.wikipedia.org/wiki/Massively_multiplayer_online_role-playing_game • Phishing at Microsoft: http://www.microsoft.com/security/resources/phishing-whatis.aspx • Phishtank: http://www.phishtank.com/what_is_phishing.php • Index of Prohibited books: http://www.aloha.net/~mikesch/ILP-1559.htm • Holocaust denial: http://www.jewishvirtuallibrary.org/jsource/Holocaust/denial.html