Behind the Machine: Anonymity and Free Speech Bill of Rights protects free speech But – there are still times when we do not want to be identified? Examples? Copyright © 2008 by Helene G. Kershner Behind the Machine: Anonymity and Free Speech The ability to post anonymously is good. Is it? Is it always good? How do we filter truth from fiction? How do we protect ourselves from libel or defamation of character? Copyright © 2008 by Helene G. Kershner Behind the Machine: Anonymity and Free Speech juicycampus.com “JuicyCampus is a college-focused startup aiming to give students the ability to post and comment online anonymously (a perfect environment for gossip).” The site’s main feature is a message board that can be sorted so that students can look at posts only about people on their campus. Posts can be sorted by most discussed, most viewed and “Juiciest”. Posts are often highly inflammatory as they talk about who the sluttiest girl on campus. “Think Jerry Springer + an anonymous version of Facebook and you’ll have some idea of JuicyCampus” http://www.crunchbase.com/company/juicycampus Copyright © 2008 by Helene G. Kershner Behind the Machine: Anonymity and Free Speech JuicyCampus.com is a website focusing on gossip, rumors and rants related to US colleges and universities. The site describes itself as an enabler of "online anonymous free speech on college campuses." Through various services such as IP cloaking and offering of anonymous IP servers, it allows users to post messages and comments without possibility of identification. Readers can vote on which posts they find "juiciest," or most provocative. Timothy Chester, chief information officer of Pepperdine University, described the purpose of JuicyCampus in a letter to Google as to create a "virtual bathroom wall' for abusive, degrading, and hateful speech."[3] http://en.wikipedia.org/wiki/Juicy_Campus More on this topic http://www.msnbc.msn.com/id/23211511/ http://www.newsweek.com/id/74322 Copyright © 2008 by Helene G. Kershner Behind the Machine: Do computers make us more anonymous? Anonymity and Free Speech Protecting the Many from the Few This Can limit Free Speech because the basic rules of our legal system change! To do so – we become Innocent until proven guilty Copyright © 2008 by Helene G. Kershner Behind the Machine: SPAM Does Free Speech extend to SPAM? SPAM: Electronic junk mail or junk newsgroup postings. Some people define spam even more generally as any unsolicited email. … Real spam is generally e-mail advertising for some product sent to a mailing list or newsgroup. http://www.webopedia.com/TERM/s/spam.html SPAM: The Internet version of junk mail. Spamming is sending the same message to a large number of mailing lists or newsgroups usually to advertise something. www.4guys.com/glossary.cfm Copyright © 2008 by Helene G. Kershner Behind the Machine: SPAM A survey shows American business e-mail users consider the difference between spam and desired e-mail to be whether the user has previously transacted business with the sender. http://dc.internet.com/news/article.php/2199981 Copyright © 2008 by Helene G. Kershner Behind the Machine: SPAM First Amendment – Guarantees Free Speech Is SPAM a variant of Free Speech? Copyright © 2008 by Helene G. Kershner Behind the Machine: SPAM and Free Speech Can the use of filters by organizations and companies such as AOL, MSN, Gmail and ISPs to “protect” users from SPAM be viewed as violations of the sender or the receivers free speech? OR Is AOL like a membership organization with “property” where SPAM is an invasion of private property or like the Post Office? Copyright © 2008 by Helene G. Kershner Behind the Machine: SPAM and Free Speech What about anti-SPAM listing services that provide lists of “SPAMers.” Who get included? Who decides? Is a Harris Poll survey SPAM? Copyright © 2008 by Helene G. Kershner Behind the Machine: SPAM and Free Speech and the Legal System Thirty-six states have tried to restrict SPAM by enacting anti-spam laws Only two state prosecutions were ever successfully brought against spammers, and only one was able to enforce its law against an out-ofstate spammer. http://www.jcil.org/journal/articles/380.html Copyright © 2008 by Helene G. Kershner Behind the Machine: SPAM and Free Speech and the Legal System CAN-SPAM Act of 2003 The Controlling the Assault of Non-Solicited Pornography and Marketing Act requires unsolicited commercial e-mail messages to be labeled (though not by a standard method) and to include opt-out instructions and the sender's physical address. It prohibits the use of deceptive subject lines and false headers in such messages. The FTC is authorized (but not required) to establish a "do-notemail" registry. The CAN-SPAM Act took effect on January 1, 2004. http://www.spamlaws.com/federal/summ108.shtml#s877 The act has largely been unenforced. States cannot enact stronger local legislation. Copyright © 2008 by Helene G. Kershner Behind the Machine: Phishing “In computing, phishing (also known as carding and spoofing) is a form of social engineering, characterized by attempts to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an apparently official electronic communication, such as an email or an instant message. The term phishing arises from the use of increasingly sophisticated lures to "fish" for users' financial information and passwords. “ http://en.wikipedia.org/wiki/Phishing Copyright © 2008 by Helene G. Kershner Behind the Machine: Phishing – In the Beginning In the 1990s unethical AOL users created false accounts with “algorithmically generated credit card numbers — these accounts could last weeks or even months until new ones were required. AOL eventually brought in measures in late 1995 to prevent this, so early AOL crackers resorted to phishing for legitimate AOL accounts.” Individuals involved in such measures were often those involved in illegal sale and distribution of boot leg software. http://en.wikipedia.org/wiki/Phishing Copyright © 2008 by Helene G. Kershner Behind the Machine: Phishing – In the Beginning The phisher or cracker would “pose as an AOL staff member and send an instant message to a potential victim, asking the victim to reveal his or her password.” http://en.wikipedia.org/wiki/Phishing#Early_phishing_on_AOL Stutz, Michael: “AOL: A Cracker's Paradise?”, Wired News, January 29, 1998. The phisher would use the now all to common technique of sending some kind of message to the unsuspecting AOL user asking to give “up sensitive information … include text such as "verify your account" or "confirm billing information". Once the victim had submitted his or her password, the attacker could then access the victim's account and use it for various criminal purposes, such as spamming.” Copyright © 2008 by Helene G. Kershner Behind the Machine: Phishing – Moving on from AOL In 1977 AOL adjusted its security policies making it very difficult for such illegal activities to occur. As a result these activities migrated elsewhere on the Internet. Phishing is now unfortunately Everywhere! Estimated losses from phishing from May 2004-May 2005 exceed three billion dollars to individuals and businesses in the US alone. More than 1.2 million US citizens were effected. http://en.wikipedia.org/wiki/Phishing#Early_phishing_on_AOL Copyright © 2008 by Helene G. Kershner Behind the Machine: Phishing http://www.userfriendly.org/static/ Copyright © 2008 by Helene G. Kershner Behind the Machine: Phishing Examples? FAFSA.com “We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity.” “During our regular verification of accounts, we couldn’t verify your information. Please click here to update and verify your information.” Copyright © 2008 by Helene G. Kershner Phishing Copyright © 2008 by Helene G. Kershner Behind the Machine: Phishing What can be done? Educate users Make pages more difficult to “spoof” Anti-phishing software “smart” - spam filters Legislation Industry/government/law enforcement working groups Copyright © 2008 by Helene G. Kershner Behind the Machine: Phishing The FTC suggests If you get an email or pop-up message that asks for personal or financial information, do not reply. And don’t click on the link in the message, either. Area codes can mislead. Some scammers send an email that appears to be from a legitimate business and ask you to call a phone number to update your account or access a “refund.” Because they use Voice Over Internet Protocol technology, the area code you call does not reflect where the scammers really are. Copyright © 2008 by Helene G. Kershner Behind the Machine: Phishing Don’t email personal or financial information if requested by a message to you! Look for indicators that the site is secure, like a lock icon on the browser’s status bar or a URL for a website that begins “https:” (the “s” stands for “secure”). Unfortunately, no indicator is foolproof; some phishers have forged security icons Review credit card and bank account statements as soon as you receive them to check for unauthorized charges. http://www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt127.shtm Copyright © 2008 by Helene G. Kershner