Enduring Understanding

The use of computing innovations may involve risks to personal safety and identity

Learning Objective

Describe the risks to privacy from collecting and storing personal data on a computer system.

Essential Knowledge

Personally identifiable information (PII) is information about an individual that identifies, links, relates, or describes them. Examples of PII include:

• Social Security number

• age

• race

• phone number(s)

• medical information

• financial information

• biometric data

Search engines can record and maintain a history of searches made by users.

Websites can record and maintain a history of individuals who have viewed their pages.

Devices, websites, and networks can collect information about a user’s location.

Technology enables the collection, use, and exploitation of information about, by, and for individuals, groups, and institutions.

Search engines can use search history to suggest websites or for targeted marketing.

Disparate personal data, such as geolocation, cookies, and browsing history, can be aggregated to create knowledge about an individual.

PII and other information placed online can be used to enhance a user’s online experiences.

PII stored online can be used to simplify making online purchases.

Commercial and governmental curation of information may be exploited if privacy and other protections are ignored.

Information placed online can be used in ways that were not intended and that may have a harmful impact. For example, an email message may be forwarded, tweets can be retweeted, and social media posts can be viewed by potential employers.

PII can be used to stalk or steal the identity of a person or to aid in the planning of other criminal acts.

Once information is placed online, it is difficult to delete.

Programs can collect your location and record where you have been, how you got there, and how long you were at a given location.

Information posted to social media services can be used by others. Combining information posted on social media and other sources can be used to deduce private information about you.

Learning Objective

Explain how computing resources can be protected and can be misused.

Essential Knowledge

Authentication measures protect devices and information from unauthorized access. Examples of authentication measures include strong passwords and multifactor authentication.

A strong password is something that is easy for a user to remember but would be difficult for someone else to guess based on knowledge of that user.

Multifactor authentication is a method of computer access control in which a user is only granted access after successfully presenting several separate pieces of evidence to an authentication mechanism, typically in at least two of the following categories: knowledge (something they know), possession (something they have), and inherence (something they are)

Multifactor authentication requires at least two steps to unlock protected information; each step adds a new layer of security that must be broken to gain unauthorized access.

Encryption is the process of encoding data to prevent unauthorized access. Decryption is the process of decoding the data. Two common encryption approaches are:

• Symmetric key encryption involves one key for both encryption and decryption.

• Public key encryption pairs a public key for encryption and a private key for decryption. The sender does not need the receiver’s private key to encrypt a message, but the receiver’s private key is required to decrypt the message.

Certificate authorities issue digital certificates that validate the ownership of encryption keys used in secure communications and are based on a trust model.

Computer virus and malware scanning software can help protect a computing system against infection.

A computer virus is a malicious program that can copy itself and gain access to a computer in an unauthorized way. Computer viruses often attach themselves to legitimate programs and start running independently on a computer.

Malware is software intended to damage a computing system or to take partial control over its operation.

All real-world systems have errors or design flaws that can be exploited to compromise them. Regular software updates help fix errors that could compromise a computing system.

Users can control the permissions programs have for collecting user information. Users should review the permission settings of programs to protect their privacy

Learning Objective

Explain how unauthorized access to computing resources is gained.

Essential Knowledge

Phishing is a technique that attempts to trick a user into providing personal information. That personal information can then be used to access sensitive online resources, such as bank accounts and emails.

Keylogging is the use of a program to record every keystroke made by a computer user in order to gain fraudulent access to passwords and other confidential information.

Data sent over public networks can be intercepted, analyzed, and modified. One way that this can happen is through a rogue access point.

A rogue access point is a wireless access point that gives unauthorized access to secure networks.

A malicious link can be disguised on a web page or in an email message.

Unsolicited emails, attachments, links, and forms in emails can be used to compromise the security of a computing system. These can come from unknown senders or from known senders whose security has been compromised.

Untrustworthy (often free) downloads from freeware or shareware sites can contain malware.