Comprehensive Study Notes: Security & Privacy, Intellectual Property, Impact of Computing, and Emerging Technologies

11. Security and Privacy

11.1 Defining Security and Privacy

• Security and privacy are related but distinct concepts related to protecting digital information.
• Security definition: the practice of protecting the confidentiality, integrity, and availability of data. These three principles are known as the CIA triad:
  • Confidentiality: protection from unauthorised access.
  • Integrity: protection from unauthorised modification.
  • Availability: the ability to access data in a timely and uninterrupted fashion.
• Privacy definition: the practice of protecting the confidentiality and control of personal data (e.g., name, date of birth, address, email, IP address). Privacy focuses on protecting user identity and personal data and maintaining control over how data is used or shared.
• Overlaps: privacy overlaps with security, particularly confidentiality, but privacy emphasizes personal data and user control over data usage.
• Visual metaphors used in the text:
  • Privacy ≈ curtains on windows (control visibility of personal data).
  • Security ≈ padlock on a door (prevent unauthorized access).
• Data protection requires applying both security measures and privacy controls to safeguard information.
• Practical takeaway: security protects data in general; privacy protects personal data and identity.

11.2 Threats to Security and Privacy

• Human actions can threaten data integrity and privacy (malicious or accidental, physical or non-physical).
  • Examples include data corruption from mishandling storage media, incorrect data entry, or unsanctioned sharing of private data.
• Adware: displays unwanted advertisements and can collect data on user habits without permission; may lead to further malware exposure.
• Spyware: hidden malware that secretly collects and transmits personal information to attackers, threatening confidentiality and privacy.
• Cookies: small browser-stored data used for authentication and user tracking; not inherently malicious but can track movements and preferences across sites, threatening privacy.
• Phishing: deceptive emails, messages, or fake websites that appear legitimate to steal personal data (passwords, credit card numbers).
• Pharming: more advanced phishing where requests to a legitimate site are intercepted and redirected to a fake site to steal data; can involve malware or compromised network devices.
• Phishing vs. pharming: phishing uses deceptive links/emails; pharming redirects users to fake sites using same URL, often through malware or DNS/router manipulation.
• Data protection concerns in everyday life: attackers target confidentiality (unauthorised access), integrity (data tampering), and availability (disrupting access).
• Real-world risks highlighted: scam growth (Singapore data cited) and the need for awareness and vigilance online.

11.3 Defences against Threats

• Defence-in-depth (Swiss cheese model): multiple layers of defence reduce the chance that holes line up for a successful attack.
• Anti-malware:
  • Detects and blocks malware, removes malware, and scans for threats.
  • Relies on signature-based detection which requires regular updates to cover new malware.
• Firewalls:
  • Monitor network data packets and enforce rules to block unauthorised access.
  • Can be hardware or software; misconfiguration can weaken protection.
• Encryption:
  • Encodes data so a secret key is required to decode it; protects data in transit and at rest.
  • By default, websites should use encryption to protect sensitive data during transmission.
• Personal Data Protection Act (PDPA) (11.3.4):
  • A Singaporean law governing collection, protection, and use of personal data.
  • Organisations must:
  • Seek consent from individuals for data collection.
  • Disclose the purpose for collecting data when seeking consent.
  • Retain data only as long as necessary to fulfil the stated purpose.
• Good computing practices (11.3.5):
  • Use strong passwords and unique passwords for each account; avoid easily guessable data (e.g., birth dates).
  • Multi-factor authentication (MFA): combining something the user knows (password) and something the user owns (security token or phone) to strengthen authentication.
  • Biometric authentication: fingerprints, voice, face, iris, etc. generally provide stronger security than passwords.
  • Identify scam attempts and recognise tell-tale signs of phishing/pharming (see 11.3.5.3).
  • Regular software updates (11.3.5.4): keep devices and software patched against known vulnerabilities.
  • Cookie management (11.3.5.5): manage cookies to limit tracking; delete or block cookies as desired.
  • Backups (11.3.5.6): regular backups stored separately to recover data after corruption or loss.
• Additional practical guidance from quick checks:
  • Verify links before clicking; beware generic greetings; expect accurate, properly spelled communications; beware requests for personal data via email.
  • PDPA compliance impacts privacy expectations and how cookies/data can be used by third parties.

11.4 Quick Checks and Review (conceptual summaries)

• Data threats can stem from both technical and human factors; a combination of policy (PDPA) and technical controls is required.
• Adware/spyware can be mitigated with anti-malware software and careful privacy settings.
• Phishing and pharming require user awareness, secure authentication, and network protections (encryption, firewall, etc.).
• Privacy controls include consent, purpose notification, and data retention limits under PDPA.
• Best practices: use strong, unique passwords; enable MFA; keep software up to date; back up data; manage cookies and privacy settings.

12. Intellectual Property (IP)

12.1 Intellectual Property (IP) and Key Concepts

• Intellectual Property consists of creations of the mind that have value and can exist as data.
• IP rights are meant to protect creators and incentivise innovation by granting exclusive rights to creators.
• The ownership of IP requires that works be original and display a degree of creativity; it must be fixed in a tangible medium of expression.
• In Singapore, human authorship is recognised for legal rights under the Copyright Act; AI-generated works require human authorship for copyright protection.
• Important criteria for IP protection (as outlined in the text):
  • Originality and Creativity
  • Fixation in a tangible medium
  • Ownership by a human author
• Quick checks illustrate which items may be IP: sculptures (likely IP), business logos (IP), facts (not IP), source code (IP), titles (often not IP).

12.2 Copyright

• Copyright is the legal right of owners to control the use and distribution of their IP; owners can grant licenses permitting or forbidding use under conditions.
• Licenses are official descriptions of what is authorised or forbidden by the owner under certain conditions.
• Copyright protects software from theft, misuse, and unauthorised copying; however, licensing terms govern use.

12.3 Software Licenses

• Proprietary software: commercial software with most protections retained; typically closed source; licenses (EULA) restrict use.
• Freeware: software available at no cost; source code usually not open; copying may be allowed but restrictions remain.
• Shareware: demonstrations/free versions with an evaluation period; may require payment for continued use.
• Free and Open-Source Software (FOSS): freedom to change, copy, study, and share with source code; licenses require adherence to terms (e.g., attribution, share-alike).
• Examples and distinctions are given for various software packages and licenses.

12.4 Freeware, Shareware, FOSS, and CC Licenses

• FOSS licenses (e.g., GPL, MIT, BSD) grant freedom to use and modify but require acknowledgement and distribution of source code under similar terms.
• Creative Commons (CC) licenses can licence non-software content (e.g., educational content) but are not intended for software.
• Public domain software is not protected by copyright and can be copied/modified freely.

12.5 Copyright Infringement and Plagiarism

• Copyright infringement occurs when copyrighted work is used/distributed without permission.
• Plagiarism is presenting someone else’s work as your own; it’s an ethical violation and can have academic consequences.
• Quick checks and answers (from the material) illustrate typical scenarios in copyright infringement vs. plagiarism.

12.5 Quick Checks and Review

• Knowledge checks cover which items are IP, how licenses function, and scenarios of infringement and plagiarism.

13. Impact of Computing

13.1 Communications Industry Impact

• Digitalisation: communications shifted from analogue to digital, enabling error detection and correction, improving message clarity.
• Real-time multimedia: compression and protocols enable real-time text, images, audio, video across distances; supports video conferencing.
• Mobile computing: devices are smaller and more portable, increasing accessibility and connectivity; around 60% of web views are from mobile devices as of 2024.
• Social media and misinformation risk: algorithms promote content based on engagement, which can spread misinformation; AI can generate fake media; privacy and security risks increase with pervasive data collection.

13.2 Education and Other Industries

• Education: digital tools enable communication/collaboration (email, forums, video conferencing, collaborative documents); information access is broadened; interactive/multimedia tools support personalised learning; AI enables automated grading and adaptive tasks.
• Real-time navigation and AI-enabled translation support global collaboration and accessibility.
• Transportation: GPS-enabled navigation; real-time information; digital maps; autonomous vehicles raise ethical concerns and potential job displacement.
• Retail: inventory management with barcodes and NFC, real-time tracking; cashless payments; self-checkouts; privacy concerns with location and purchase data.

13.2 Proliferation of Falsehoods and POFM A

• Social media algorithms prioritise engagement, potentially increasing exposure to false or harmful content.
• POFM A (Protection from Online Falsehoods and Manipulation Act) is a Singaporean law to deter spread of falsehoods online; it enables corrective directions and site blacklists for repeated falsehoods; non-political opinions are excluded.
• Media literacy skills are important: assess trustworthiness, verify with multiple sources, read beyond headlines.
• The chapter emphasizes the need to balance innovation with safeguards to protect truth, privacy, and accountability.

13.3 Quick Checks and Review

• Evaluative questions cover the impact of mobile computing, internet access for education, autonomous vehicles’ ethical challenges, advantages/disadvantages of self-checkout, and privacy risks in social media.

14. Emerging Technologies

14.1 Artificial Intelligence (AI) and Machine Learning (ML)

• AI: the ability of a computer to perform complex tasks without constant human guidance and improve performance as data is collected. AI is a broad field with many definitions; the textbook adopts a practical view emphasizing autonomy and adaptivity.

• Common AI tasks (Table 14.1): face recognition, voice recognition, image classification, spam filtering, game playing, content generation, etc.

• ML: a technique used in AI that enables computers to learn patterns from data rather than being explicitly programmed; ML builds a model from training data, then makes inferences on new data.

• ML vs. traditional programming (Table 14.2): ML emphasises data-driven pattern discovery and adaptability; traditional programming uses explicit rules and fixed logic.

• Supervised vs. unsupervised learning (Table 14.3): labels in training data vs. discovering structure without labels (e.g., k-means).

• Generative AI: creates new content (text, images, audio, video) based on input prompts; often implemented with large language models and other neural networks.

• Narrow AI vs. AGI: most current systems are narrow/weak AI; AGI would generalise across domains like humans.

• Nearest Neighbour (NN) method: a simple ML algorithm for classification that uses distance in feature space to assign a label based on the closest training data point.

  • Terminology: data point, features, label.

  • Distance measure: Euclidean distance; for two features (x, y):

  • Distance^2 = (x{new} - x{train})^2 + (y{new} - y{train})^2

  • Distance =

    Distance^2 =
    ( ext{length}{new} - ext{length}{train})^2 + ( ext{tempo}{new} - ext{tempo}{train})^2

  • NN steps: measure features, compute distance to all training points, pick nearest neighbour, assign its label.

  • Note on implementation: sometimes distance squared is used to avoid square roots since the argmin is preserved.

• NN example (Song genres): training data includes two features (length, tempo) and a genre label; given a new song, compute distances to all training points and choose the closest genre (Jazz in the example).

• Implementation details: NN can be implemented in Python or via libraries like scikit-learn; hardware acceleration (GPUs) can speed up distance calculations.

• Data representations: features can be two-dimensional in this illustration; normalisation is important when features have different scales.

• NN limitations: sensitivity to feature scaling, the need for labelled training data, and potential for poor generalisation without appropriate preprocessing.

14.1.5 Risks and Unintended Consequences

• Overfitting: model learns noise in training data and fails to generalise; high training accuracy but poor inference performance.
• Underfitting: model is too simple to capture underlying patterns.
• Bias and Discrimination: biased training data can lead to biased AI outputs; e.g., biased hiring, face recognition disparities across demographics.
• Privacy and Surveillance: ML/AI require large datasets; data collection for training can expose personal data; privacy laws (e.g., PDPA) regulate data collection and usage.
• Safety and Accountability: AI systems deployed in critical contexts (autonomous vehicles, drones) raise questions about accountability for errors or harms; trust, transparency, and risk management are essential.
• Changes to the Job Market: automation may displace workers; need for retraining and evolving roles in AI maintenance and supervision.
• Neural networks and deep learning: concept of layers, weights, and training dynamics; interpretability challenges.
• Generative AI risks: misinformation, deepfakes, copyrighted material, and the need for licenses and fair use considerations.

14.2 Other Emerging Technologies

• Blockchain: A distributed, tamper-evident ledger of records across many computers; hash pointers, blocks, and consensus ensure immutability and transparency; main properties include decentralisation, transparency, security, and immutability.
  • Blocks are linked by hashes; each new block contains the hash of the previous block; altering a block breaks the chain unless subsequent hashes are recomputed.
  • Cryptocurrencies are a well-known application; risk and volatility exist; decentralisation and privacy trade-offs are discussed.
• VR and AR:
  • VR immerses users in a computer-generated environment using displays, head tracking, input devices, and processing hardware.
  • AR overlays digital information onto the real world; hardware ranges from smartphone apps to AR glasses and dedicated headsets.
  • Common applications across education, healthcare, gaming, retail, and real estate.
• Quantum Computing:
  • Quantum mechanics basics: superposition, entanglement, wave-particle duality.
  • Qubit: quantum bit that can be in a superposition of 0 and 1; entanglement enables correlated states across qubits.
  • Quantum computing can solve certain problems (e.g., factoring large numbers) more efficiently than classical computers, impacting current encryption methods.
  • As of 2024, quantum computers are mostly experimental with ongoing development of quantum-resistant encryption.

14.2 Quick Checks and Review

• True/false statements covering AI/ML concepts, NN, copyright issues with AI, and bias in AI systems.
• Practical exercises include bias in data leading to biased AI outputs, and the potential societal impacts of AI in areas like hiring and content generation.

14.1.5.6 Safety and Accountability (summary)

• Safety concerns arise when AI operates in critical systems without human oversight; accountability for AI-driven outcomes is a key issue.
• The need for transparency, governance, and clear lines of responsibility for AI systems.

14.1.5.7 Changes to the Job Market (summary)

• AI/automation can create new roles (e.g., AI maintenance, oversight) while displacing others; emphasis on continuous learning and adaptation.

14.2.1–14.2.3 (highlights)

• Blockchain: distributed ledgers; consensus mechanisms; hash linking; immutability; potential uses beyond crypto (education, health records, certification).
• VR/AR: difference between immersion levels and use cases; consumer and enterprise applications.
• Quantum Computing: qubits, superposition, entanglement; potential to break certain cryptographic schemes; need for quantum-resistant cryptography.

15. Quick Reference: Key Formulas, Terms, and Concepts

• Distance in NN (two features):
  • $ext{Distance}^2 = (x<em>{ ext{new}} - x</em>{ ext{train}})^2 + (y<em>{ ext{new}} - y</em>{ ext{train}})^2$
  • Distance (unnormalised) is the square root of the above, but often only distance^2 is used for efficiency.
• CIA Triad: Confidentiality, Integrity, Availability.
• PDPA (Singapore): consent, purpose disclosure, retention period.
• Major threats: Adware, Spyware, Cookies, Phishing, Pharming; Human Actions can cause data corruption or data exposure.
• Major defences: Anti-malware, Firewalls, Encryption, PDPA compliance, Backups, Strong passwords, MFA, Regular updates.
• Common licenses: Proprietary, Freeware, Shareware, FOSS; License terms define allowed use, distribution, and modification.
• AI/ML terms: Data point, Feature, Label, Training data, Model, Inference, Supervised vs. Unsupervised learning, Nearest Neighbour (NN), Bias, Overfitting, Underfitting, Privacy and Surveillance concerns.

End of notes