Home

College Board TPT Notes

Create Task Project

Data Structures Project

College Board Preparations Proctored MCQ Test Scores and Corrections

College Board TPT Notes

Week 0 TPT Notes

Week 1 TPT Notes

Week 2 TPT Notes

---

---

Week 2 TPT Notes

College Board Topic 5.5 Legal and Ethical Concerns:

Video #1:

Learning Objective:

• IOC-1.F – Explain how the use of computing can raise legal and ethical concerns.

Essential Knowledge:

• IOC-1.F.1 – Material created on a computer is the intellectual property of the creator or an organization.
• IOC-1.F.2 – Ease of access and distribution of digitized information raises intellectual property concerns regarding ownership, value, and use.
• IOC-1.F.3 – Measures should be taken to safeguard intellectual property.
• IOC-1.F.4 – The use of material created by someone else without permission and presented as one's own is plagiarism and may have legal consequences.
• IOC-1.F.5 – Some examples of legal ways to use materials created by someone else include:
  • Creative Commons: A public copyright license that enables the free distribution of an otherwise copyrighted work. This is used when the content creator wants to give others the right to share, use, and build upon the work they have created.
  • Open Source: Programs are made freely available and may be redistributed and modified.
  • Open Access: Online research output free of any and all restrictions on access and free of many restrictions on use, such as copyright or license restrictions. Legal and Ethical Concerns:
• IOC-1.F.6 – The use of material created by someone other than you should always be cited.
• IOC-1.F.7 – Creative Commons, Open Source, and Open Access have enabled broad access to digital information.
• IOC-1.F.8 – As with any technology or medium, using computing to harm individuals or groups of people raises legal and ethical concerns.
• IOC-1.F.9 – Computing can play a role in social and political issues, which in turn often raises legal and ethical concerns.
• IOC-1.F.10 – The digital divide raises ethical concerns around computing.
• IOC-1.F.11 – Computing innovations can raise legal and ethical concerns. Some examples of these include:
  • The development of software that allows access to digital media downloads and streaming.
  • The development of algorithms that include bias.
  • The existence of computing devices that collect and analyze data by continuously monitoring activities.

Legal and Ethical Concerns:

• Intellectual Property (IP): A work or invention that is the result of creativity to which one has rights.
• Copyright protects your IP and keeps anyone from using it, unless you give your permission.
• Plagiarism: Presenting material as your own.
• Legal ways to use material created by someone else:
  • Creative Commons.
  • Open Source.
  • Open Access.
• Creative Commons provides free licenses that you can use to tell others how you want them to use your creations.
  • It clearly tells others what they can and can not do with your IP.
• Open Source: Programs made freely available for anyone to use and may be redistributed and modified.
• Open Access: Online research output free of any and all restrictions on access and free of many restrictions on use, such as copyright or license restrictions.
• Digital Divide: Unequal distribution of access to technology.
• Always give credit!

GitHub Pages Actions:

1. When you create a GitHub repository it requests a license type. Review the license types in relationship to this Tech Talk and make some notes in your GitHub pages.
   • GitHub offers many licenses when you create a GitHub repository. Some examples include: Academic Free License, Apache License, Creative Commons License Family, MIT License, ETC. All of these licenses have to do with computing and all fall under the topic of Legal and Ethical Concerns.
2. Make a license for your personal and Team project. Document the license you picked and why.
   • I chose to use the MIT license for my personal project, and my team decided to also use the MIT license for our Team project. I chose the MIT license because I am interested in MIT university. I know that MIT is a prestigious university that focuses primarily on modern science and technology, and so their computing license should be updated, modern, and effective.
   • Personal GitHub MIT License
   • Team GitHub MIT License

College Board Topic 5.6 Safe Computing:

Video #1:

Learning Objective:

• IOC-2.A – Describe the risks to privacy from collecting and storing personal data on a computer system.

Essential Knowledge:

• IOC-2.A.1 – Personally Identifiable Information (PII) is information about an individual that identifies, links, relates, or describes them. Examples of PII include:
  • Social Security Number, age, race, phone number(s), medical information, financial information, logistics, biometric data, etcetera.
• IOC-2.A.2 – Search engines can record and maintain a history of searches made by users.
• IOC-2.A.3 – Websites can record and maintain a history of individuals who have viewed their pages.
• IOC-2.A.4 – Devices, websites, and networks can collect information about a user's location.
• IOC-2.A.5 – Technology enables the collection, use, and exploitation of information about, by, and for individuals, groups, and institutions.
• IOC-2.A.6 – Search engines can use search history to suggest websites or for targeted marketing.
• IOC-2.A.7 – Disparate personal data, such as geolocation, cookies, and browsing history, can be aggregated to create knowledge about an individual.
• IOC-2.A.8 – PII and other information placed online can be used to enhance a user's online experiences.
• IOC-2.A.9 – PII stored online can be used to simplify making online purchases.
• IOC-2.A.10 – Commercial and government curation of information may be exploited if privacy and other protections are ignored.
• IOC-2.A.11 – Information placed online can be used in ways that were not intended and that may have a harmful impact. For example, an email message may be forwarded, tweets can be retweeted, and social media posts can be viewed by potential employers.
• IOC-2.A.12 – PII can be used to view or steal the identity of a person or to aid in the planning of other criminal operations.
• IOC-2.A.13 – Once information is placed online, it is difficult to delete.
• IOC-2.A.14 – Programs can collect your location and record where you have been, how you get there, and how long you were at a given location.
• IOC-2.A.15 – Information posted to social media services can be used by others. Combining information posted on social media and other sources can be used to conclude private information about you.

Safe Computing:

• Personally Identifiable Information (PII): Information specific to an individual.
  • Examples: Social Security Number, age, race, phone number(s), date of birth, email address, mailing address, medical information, financial information, credit card information, logistics, biometric data, etc.
  • Example PIIs: yyy-yy-yyyy, NewPerson@Email.Net, etc.
• Personally Identifiable Information (PII) can be used by people to steal someone's identity, bank funds, or to impersonate someone in order to gain access to an organization.
  • Example: NewPerson@Email.Com.
• Search engines maintain a history of what you search.
• Your search history is used to suggest other websites you may like or for targeted marketing.
  • Your location can even be collected.
• Personally Identifiable Information (PII): The Good and The Bad.
  • Pros:
    • PII can be used to enhance users' online experiences.
  • Cons:
    • PII can be exploited if privacy and other protections are ignored.
      • Information placed online can be used in ways that were not intended and that may have a harmful impact.
• Risks to Privacy:
  • Google knows your email and your IP Address.
  • Your ISP has the same information as Google, and it also has information about your full name and street address.
  • The federal government learns when and where you are traveling.
  • Travel sites and dozens of advertising and marketing firms have also begun tracking your online behavior with cookies.
  • Google, Facebook, and Twitter gather more information about your behavior with their share, retweet, and like buttons they have embedded on the site.
  • Google knows where you are headed if you use Google Maps.
  • Your phone's WiFi signal might be tracked while shopping.
  • Stores with cameras may take your picture and store it.
  • The information of you created by all of this activity is very detailed, and you have very little control over who sees the information.
  • The information placed online is difficult to delete!
  • Information posted to social media can be used by others and combined with other sources to conclude private information about you.
    • This information can then be used in ways that were not intended and may have either a harmful or beneficial impact.

Video #2:

Learning Objective:

• IOC-2.B – Explain how computing resources can be protected and can be misused.

Essential Knowledge:

• IOC-2.B.1 – Authentication measures protect devices and information from unauthorized access. Examples of authentication measures include strong passwords and multifactor authentication.
• IOC-2.B.2 – A strong password is something that is easy for a user to remember, but would be difficult for someone else to guess based on the knowledge about that user.
• IOC-2.B.3 – Multifactor authentication is a method of computer access control in which a user is only granted access after successfully presenting several separate pieces of evidence to an authentication mechanism, typically in at least two of the following categories: knowledge (something they know), possession (something they have), and inherence (something they are).
• IOC-2.B.4 – Multifactor authentication requires at least two steps to unlock protected information; each step adds a new layer of security that must be broken to gain unauthorized access.
• IOC-2.B.5 – Encryption is the process of encoding data in order to prevent unauthorized access. Decryption is the process of decoding the data. Two common encryption approaches are:
  • Symmetric Key Encryption involves one key for both encryption and decryption.
  • Public Key Encryption pairs a public key for encryption and a private key for decryption. The sender does not need the receiver's private key to encrypt a message, but the receiver's private key is required to decrypt the message.
• IOC-2.B.6 – Certificate authorities issue digital certificates that validate the ownership of encryption keys used in secure communications and are based on a trust model.
• IOC-2.B.7 – Computer virus monitoring programs and malware scanning software can help protect a computing system against infection.
• IOC-2.B.8 – A computer virus is a malicious program that can copy itself and gain access to a computer in an unauthorized way. Computer viruses often attach themselves to legitimate programs and start to run independently on a computer.
• IOC-2.B.9 – Malware is software intended to damage a computing system or to take partial control over its operation.
• IOC-2.B.10 – All real world systems have errors or design flaws that can be exploited to compromise them. Regular software updates can help fix errors that could compromise a computing system.
• IOC-2.B.11 – Users can control the permissions of the programs they have for gathering user information. Users should definitely review the permissions settings on the programs they install so that they can protect their own privacy.

Safe Computing:

• Authentication:
  • Authentication measures protect devices and information from unauthorized access.
  • Authentication measures:
    • Strong Passwords.
    • Multi-factor Authentication.
  • Creating Strong Passwords:
    • 10 or more characters, must contain a symbol, must contain a number, and must contain both lowercase and uppercase letters.
• Virus and Malware:
  • Viruses are malicious programs that can copy themselves and gain access to systems that they are not supposed to be allowed in.
  • Malware are usually intended to damage a computing system or to take partial control over its operation.
    • Can infiltrate a system by posing as legitimate programs or by attaching itself to legitimate programs, like email attachments.
  • Virus scans can help in preventing malicious code from getting into and affecting your system.
• Encryption and Decryption:
  • Once legitimate access to a system is gained, it is important to ensure data sent to and from the system remains uncompromised.
  • Encryption: The process of encoding data to prevent unauthorized access.
    • Example: Secret Message --> Stejtt Bgkhavg.
  • Decryption: The process of decoding data.
    • Example: Stejtt Bgkhavg --> Secret Message.
  • Biometrics is something that is used in secure systems, fingerprints, or facial recognition.
  • Secure Sockets Layer (SSL) uses both Asymmetric and Symmetric Encryption.
  • Two types of encryption:
    • Symmetric encryption and Asymmetric encryption.
  • Symmetric Encryption: One key is used to both encrypt and decrypt data.
    • Example: Caesar Cipher.
  • Asymmetric Encryption: Also known as Public Key Encryption. It uses two keys.
    • A public key for encrypting.
    • A private key for decrypting.
    • The sender does not need the receiver's private key to encrypt a message.
    • The receiver's private key IS required to descrypt the message.
• Digital Certificates:
  • Certificate authorities issue digital certificates that validate the ownership of the encryption keys used in secure communications and are based on a trust model.

Video #3:

Learning Objective:

• IOC-2.C – Explain how unauthorized access to computing resources is gained.

Essential Knowledge:

• IOC-2.C.1 – Phishing is a technique that attempts to trick a user into providing personal information. The personal information can then be used to access sensitive online resources, such as bank accounts and emails.
• IOC-2.C.2 – Keylogging is the use of a program to record every keystroke made by a computer user in order to gain fraudulent access to passwords and other confidential information.
• IOC-2.C.3 – Data sent over public networks can be intercepted, analyzed, and modified. One way that this can happen is through a rogue access point.
• IOC-2.C.4 – A rogue access point is a wireless access point that gives unauthorized access to secure networks.
• IOC-2.C.5 – A malicious link can be disguised on a web page or in an email message.
• IOC-2.C.6 – Unsolicited emails, attachments, links, and forms in emails can be used to compromise the security of a computing system. These can come from unknown senders or from known senders whose security has been compromised.
• IOC-2.C.7 – Untrustworthy (Often free) downloads from freeware or shareware sites can contain malware.

Safe Computing:

• The Importance of the Internet is that the Internet is an integral part of our lives.
• Risks to Personal Safety:
  • Phishing: An attempt to trick a user into providing personal information, like usernames and passwords, account numbers, or social security numbers.
  • Phishing emails often look like they are from a company you know and trust:
    • Examples: Your social networking site, your bank, your credit card company, your video streaming service, your online store, ETC.
  • Phishing emails trick you into clicking a link or opening an attachment.
  • Clicking a link or opening an attachment in a phishing email will likely cause unexpected harm:
    • Examples: Virus installed on your computer, spoofed banking website, keylogger installed, ETC.
  • Keylogger: Records every keystroke made by a user in order to gain fraudulent access to passwords or other confidential information.
  • Rogue Access Point: A wireless network that can give unauthorized access to secure networks.

GitHub Pages Actions:

1. Describe PII you have seen on a project in CompSci Principles.
   • In Trimester 2, my team worked on the CRUD Project. In the project, we used CRUD and databases to store Personally Identifiable Information (PII) such as names, ages, usernames, emails, phone numbers, passwords, ETC.
2. What are your feelings about PII and your exposure?
   • I feel like Personally Identifiable Information (PII) has both harmful and beneficial effects, as there are some types of information that should remain private, but there are also some types of information that can enhance users' online experiences. For example, my PII allow the Internet to know what types of advertisements and what types of products appeal to me.
3. Describe good and bad passwords? What is another step that is used to assist in authentication?
   • Good passwords contain 10 or more characters, a symbol, a number, and both lowercase and uppercase letters. Bad passwords lack these aspects and are usually not complex.
     • Bad Password Example: Dylanistall.
     • Good Password Example: Dyl@n1sTAll.
   • Another step to aid in authentication is Multifactor Authentication. Multifactor Authentication is a type of computer access control where a user is only granted access after successfully presenting several separate pieces of evidence to an authentication mechanism, usually in at least two of the following categories: knowledge (something they know), possession (something they have), and inherence (something they are).
4. Try to describe Symmetric and Asymmetric encryption.
   • Symmetric Encryption involves one key for both encryption and decryption, while Asymmetric Encryption, also known as Public Key Encryption, pairs a public key for encryption and a private key for decryption. For this type of encryption, the sender does not need the receiver's private key to encrypt a message, but the receiver's private key is required to decrypt the message.
5. Provide an example of encryption we used in deployment.
   • During deployment, we used SSL encryption.
6. Describe a phishing scheme you have learned about the hard way. Describe some other phishing techniques.
   • I have personally not fallen for a phishing scheme. An example of a phishing technique: A user receives an email from a seemingly trustworthy online shopping website. The email asks the user to click on the link within it, which will allow them to receive a giveaway of luxurious goods. The link, however, is malicious, and upon clicking on the link, a secret keylogger is installed on the user's computer. This malicious keylogger then collects the user's Personally Identifiable Information (PII).