8. Issues and Challenges
The Internet has many issues and challenges, among which are
security, privacy, property rights, copyrights and freedom of speech.
Security issues involve both the security of your data, as well as
your image. Viruses can be transmitted easily over the net, and
precautions should always be taken. If you choose to keep your own
information available on the net it can be the subject of vandalism
and theft. You may also find yourself being persecuted for the
information you provide as more and more people join the Internet
community and feel the need to impose their morality upon it.
This is no different from any society. We must draw our own lines,
and our own conclusions. This section is terribly brief, and
entirely summary in nature, and is in no way intended to be
comprehensive. It is intended to warn you and advise you. If you
have real concerns about your property rights, copyrights, and/or
personal rights, please do your own research. Internet laws are in
such a state of flux that they are changing as I write this, and they
will be changing as you read it.
At last check, however, freedom of speech was prevailing in the
United States, and so far the government has not upheld any laws
prohibiting the exhibition of anything on the Internet. Support your
local constitutional rights.
8.1 Security Issues
There are three major security areas of which the Internet user
should be aware; Security of content, Site security, and Security of
Security of Content, ensures that that which you put on the Internet
is not altered, or vandalized. Some Web Servers are inadequately
secured, allowing vandals to modify your pages on your web sites,
without your knowledge or permission. If your pages are your
business, you can imagine the problems this might cause. Your words,
art, and other work could be changed, your image tarnished. If you
cannot ensure that the content of your site cannot be corrupted, at
least check it frequently to ensure that it has not been. Keep
frequent back-ups and periodically verify that you can retrieve data
Site security, will protect your data from viruses, worms, and sneak
piracy. Some software pirates, on the Internet, use unsuspecting
sites to run their schemes. Anonymous FTP servers which have write
permission are most vulnerable. Pirates can upload software onto
your machine using cryptic filenames you may not even see in standard
directory listings, and then publish the softwares whereabouts for
others to download. Not only will this compromise your reputation on
the Internet for responsible system administration, it may make you
liable for damages. Learn what you need to learn to secure your
system, or hire some security muscle to tighten down your site for
you. Section 11 provides some good information to get you started.
Security of Ownership, involves copyrights and intellectual property
laws. If your work is your livelihood, having your rights
compromised could be disastrous. Section 8.4 provides an
introduction to copyrights.
This document only intends to bring the issues to your attention, and
does not aspire to thoroughly cover these subjects.
Please read another project of the IETF, the Site Security Handbook
(FYI 8, RFC 2196), ftp://ds.internic.net/rfc/rfc2196.
The Handbook is a guide to developing computer security policies and
procedures for sites that have systems on the Internet. The purpose
of this handbook is to provide practical guidance to administrators
trying to secure their information and services. The subjects
covered include policy content and formation, a broad range of
technical system and network security topics, and security incident
Section 11 provides more information on site security.
A "virus" is a program that modifies other programs by placing a copy
of itself inside them. It cannot run independently. It requires
that its host program be run to activate it.
The damage caused by a virus may consist of the deletion of data or
programs, maybe even reformatting of the hard disk, but more subtle
damage is also possible. Some viruses may modify data or introduce
typing errors into text. Other viruses may have no intentional
effects other than replicating itself.
Viruses can be transmitted over the Internet inside other programs,
but usually they are transmitted by floppy disk. Your best bet is to
purchase a really versatile and up-to-date virus checking program
from your local software retailer, and run it over every floppy you
plan to read, and every program you plan to run, as well as
periodically over the entire machine.
Computer viruses are enough like organic viruses that many of the
same precautions apply. Early detection is key. Diligence will
mitigate potential damage, but frequent incremental backups are your
best strategy for recovery.
8.3 The Standard Disclaimer
As you have observed throughout the document, it is not common for
you to get Internet access without having a provider of that access.
Some Providers, such as universities and business, often require that
you provide a disclaimer on every page stating that your opinions are
your own, and not necessarily those of your affiliation. What
follows is a sample Standard Disclaimer:
This information is provided as-is. No warranty as to the accuracy
is guaranteed. Opinions expressed are entirely those of myself
and/or my colleagues and cannot be taken to represent views of our
employer. If you notice something incorrect or have any comments,
feel free to mail me.
Other examples of disclaimers can be found via the search links
listed in Appendix B.
8.4 Copyrights and Intellectual Property Issues
The arrival of the Information Age has emphasized many questions that
human society must answer. One of the most important of these is the
question of "Intellectual Property", which asks: "when and where is
it appropriate to allow people to own information?"
Copyright, Trademark, and Patent law are some of society's responses
to earlier versions of this question. They support the idea of
ownership of ideas, or information, which can be used to assist the
creators of the information in making a living from its creation.
This is good for society.
It is also good for society for information to flow freely. Our
technology, and even our society are built on a growing pool of
shared information. If we restrict the flow of information into that
pool, then we restrict the rate at which society grows and becomes
These two opposing drives have been highlighted by our newfound
ability to distill many different things down to information that can
be stored on a computer. One of the computers greatest virtues is
that once you network them together, the information they hold
becomes more fluid, more easily moved, changed or copied. This is
great for society, but may not be so great if you spent your life
creating that "information", and would like compensation.
Because Copyright, Trademark, and Patent law were never designed for
an economy built out of information, understanding how they apply to
your information can be a tricky thing. Since these laws vary from
place to place, it is also difficult to know how to apply them to the
Internet which has no definite location. Worse yet, most of these
laws are in the process of being rewritten today, a state that will
continue for a long time because no one seems to know what to do
With that in mind though, here is how things stand today...
A Copyright is first established when a work is "set in media", which
extends from paper to the Internet. A work, once published in a web
page, for example, is said to be "owned" by its owner. However,
applying for, and being granted, a copyright on your work by The
Copyright Office of the Library of Congress will give your rights
more legal weight. Whether you plan to put your own works on the
Internet, or simply download the works of others, you may want to
familiarize yourself with the rights granted by "Copyright" as well
as The Berne Convention for the Protection of Literary and Artistic
Sample Copyright Notice
Permission is granted to transfer this document electronically
only for the purposes of viewing it on the world wide web. Subject
to fair use provisions, the right to print this document or to
make electronic copies of this document available to others is
expressly retained although direct requests will be considered.
A Trademark is a word, phrase, symbol or design, or the combination
of words, phrases, symbols or designs, used to identify and
distinguish the goods or services of one party from those of others.
Trademark issues include both Trademarks which you own, and
Trademarks which are owned by others. If you own your own Trademark,
you may want to familiarize yourself with legal ways of protecting
it. Some of the pointers in Appendix B provide that information, but
we recommend retaining your own legal council.
Trademark Infringement occurs when there is a "likelihood that
consumers will be mislead or confused as to the source or origin of
the goods or services. This is the basic test used under both common
law, and U.S. Federal Law.
One issue regarding Trademarks on the Internet, is that of Domain
Names which resemble, or infringe upon registered Trademarks. Each
case is being handled individually, and the text of cases can be
found on many Internet sites. The short version is that if a Domain
Name is registered in good faith, "innocent registrations", the
register can often keep the name, however, if the domain name is
being used by a competitor, or to "force the trademark owner to pay a
sum of money to acquire the name", the courts will generally not
allow the register to keep the name, or profit from it.
Trademark Dilution occurs when unauthorized use of a mark on
dissimilar products or for dissimilar services causes the mark to
cease functioning as a unique identifier, or becomes consciously or
unconsciously linked with poor quality goods or services. The
Federal Trademark Dilution Act covers these issues. If you may put
trademarks on your web page, be sure you do not infringe upon the
rights of the owner of the trademark.
A good rule of thumb, offered by one company with concerns for their
trademark, is that, if you mean a tissue, you should say "tissue", if
you use the Kleenex(R) name, use its Registration mark "(R)".
The concept of trademarks extends to personal names or likenesses, in
that you can infringe on their rights, including their right to
privacy. This issue has both legal and ethical implications.
U.S law currently recognizes four types of invasions of privacy:
intrusion, appropriation of name or likeness, unreasonable publicity
and false light. In most states people have a "Right of Publicity"
which gives individuals the exclusive right to license the use of his
identity. You will want familiarize yourself with privacy law if you
want to make other peoples likeness, name, address, or others
personal information available on the Internet.
Rights vary from state to state and country to country and many
international, and U.S. sites are provided in the Law section of
8.4.4 Seek Professional Advice
A number of organizations exist which can be of assistance in
ascertaining the appropriate legal status, law, statute, or standing,
of your particular issue and helping you understand your rights and
One of these is The Citizens Internet Empowerment Coalition, CIEC.
CIEC is a large and diverse group of Internet users, businesses,
non-profit groups, and civil liberties advocates, who share the
common goal of protecting the First Amendment and the viability of
the Internet as a means of free expression, education, and commerce.
The CIEC homepage URL is listed and a number of sites in the U.S. and
other countries are represented in Appendix B, under the heading
8.5 Conducting Business over the Internet
Since people are doing business over the Internet, they want to
ensure that their personal information, credit card number, etc. is
not used or compromised in any way. Since the Internet is a public
place, the only way to get information across it without anyone being
able to retrieve it, is to encrypt it. Encryption, is a process for
scrambling access codes to prevent illicit entry into a system. The
study and work for people creating these system is called
Secure HTTP (S-HTTP) provides secure communication mechanisms between
an HTTP client-server pair in order to enable spontaneous commercial
transactions for a wide range of applications. SHTTP and SHTML are
Internet-Drafts, which are "works in progress" of the Internet
Engineering Task Force WTS working group. The Resources section
provides information on retrieving Internet-Drafts.
You should be aware that encrypted communications are illegal in some
parts of the world. You should check your local laws regarding legal
uses of encryption.
Before you begin installing any encryption software, back up your
files and make sure your computer is not needed for any deadline
tasks in the next few minutes or hours. If you mess up the
installation or forget some password along the way, your files will
be protected from everyone, including you.
Like any community, the Internet has a code of conduct, for which the
users have created the term "Netiquette". Much of it will probably
seem like common sense, but since the Internet spans many cultures'
ideas of "common sense", its worth paying attention. Remember, when
you put something onto the Internet, you're publishing it in front of
a very large audience.
What follows is a few short ideas to start out with. If you wish to
behave well on the Internet, you really should read:
FYI 28 "Netiquette Guidelines", (Also RFC 1855), October 1995.
available at ftp://ds.internic.net/rfc/rfc1855.txt
First of all, most forums have their own guidelines posted near the
door for new arrivals. For Usenet News, for example, read
news.announce.newusers. It never hurts to keep silent until you know
your audience better. Once you join a forum, see how others behave
before making too much of an impression. Also, try not to jump to
conclusions about others. Internet media conveys attitudes and
emotions differently than face-to-face, or even telephone
communication. You are also dealing with more cultural diversity on
the Internet than you are likely familiar with. Realize that many
things have very different meanings in other cultures than they might
in yours. Try not to take things too personally. Avoid attributing
to malice what might be adequately explained by ignorance. And hope
others will do the same.
This glossary contains a few of the words used in this document,
which were least likely to appear in any common dictionary. If there
are other words in the document which are not in your dictionary,
some other glossaries are referenced in the Resources section which
Boolean: adj. Of or relating to an algebraic combinatorial
system treating variables, as propositions and
computer logic elements through the operators AND, OR,
NOT, IF, THEN, and EXCEPT.
access: n. 1. A means of approaching, passage; 2. The right to
enter or use. v. To gain access. e.g., computer
bandwidth: Technically, the difference, in Hertz (Hz), between
the highest and lowest frequencies of a transmission
channel. However, as typically used, the amount of
data that can be sent through a given communications
bit: n. (From "Binary digIT") 1. A single character of a
language having just two characters, as either of the
binary digits 0 or 1. 2. a unit of information
storage capacity, as of computer memory.
bitmap: A graphic image format which consists of a list of
pixel colors, or shades of gray, and header
information describing how to map this list of pixels
back into the image. Bitmap formats are .bmp in
Windows, .pict on a Macintosh, and .anm and .btm on
broadcast: A special type of multicast packet which all nodes on
the network are always willing to receive. See also:
btw: By The Way
byte: 8 bits
encryption: The manipulation of a packet's data in order to
prevent any but the intended recipient from reading
that data. There are many types of data encryption,
and they are the basis of network security.
fyi: For Your Information
html: HyperText Markup Language:
The language used to create hypertext documents. It
is a subset of SGML and includes the mechanisms to
establish hyperlinks to other documents.
http: HyperText Transfer Protocol:
The protocol used by WWW to transfer HTML files. A
formal standard is still under development in the
hyperlink: A pointer within a hypertext document which points
(links) to another document, which may or may not also
be a hypertext document
hypertext: A document format which contains "hyperlinks" to
imho: In My Humble/Honest Opinion
interactive: Capable of acting on, or influencing each other.
lag: The failing behind or retardation of one phenomenon
with respect to another to which it is closely
related; time delay.
multicast: A packet with a special destination address which
multiple nodes on the network may be willing to
receive. See also: broadcast, unicast.
multimedia: Transmission that combine media of communication (text
an graphics and sound etc.)
netlag: time delay over the Internet. See also: lag.
packet: The unit of data sent across a network.
proprietary:Manufactured articles which some person or persons
have exclusive right to make and sell. [from
protocol: A formal description of message formats and the rules
two computers must follow to exchange those messages.
Protocols can describe low-level details of machine-
to-machine interfaces (e.g., the order in which bits
and bytes are sent across a wire) or high-level
exchanges between allocation programs (e.g., the way
in which two programs transfer a file across the
realtime: occuring at and in the present time
reflector: A file server whose purpose is to receive packets from
a source site and forward it to other sites.
ttfn: ta ta for now - a colloquialism for goodbye.
unicast: An address which only one host will recognize. See
also: broadcast, multicast.
url: Uniform Resource Locator:
A URL is a compact string representation for a
resource available on the Internet. The syntax and
semantics for URLs are defined in RFC 1738.
virtual: Not real, but similar in relevant ways.
10. Resources, References, etc.
The information in this document has been gleaned from the minds of
its authors and contributors, and from some of the following sources.
More information on the topics discussed can be found in these
sources, and in the information referenced in Appendix B.
10.1 RFCs and Internet-Drafts
One of the most important collections of informational documents
about the Internet are written as Requests for Comment by the
Internet Engineering Task Force, IETF. The name Request for Comment
is historical, as these documents are submitted by their authors' for
the approval of the Internet community as Internet Standards, and
valid Informational RFCs called FYIs, of which this document is one.
Basically, if the IETF collective uses a tool or resource, they
document its use in an RFC so that there is no mystery to its
functionality, uses, designations, specifications, or purposes.
More information on RFCs, FYIs, the IETF, and its organizations,
documents, policies and purposes can be found in the RFCs themselves,
or at http://www.ietf.org/ and http://www.isi.edu/rfc-editor/
National Initiative for a Networked Cultural Heritage (NINCH)
21 Dupont Circle NW, Washington, DC 20036
Tel: 202/296-5346 http://www-ninch.cni.org Fax: 202/872-0886
10.4 Freely Available Web Browser Software
The University of Illinois at Urbana-Champaign, National Center for
Supercomputing Applications, NCSA, developed the first Mosaic
Browser, and continues to maintain and update it, as well as making
it freely available over the Internet at http://www.ncsa.uiuc.edu/.
Hardcopy manuals and software disks and tapes can be ordered through
the NCSA Technical Resources Catalog for postage and handling charges
only. Postage and handling on all orders must be prepaid. For a
copy of the catalog, contact NCSA Orders by email at
firstname.lastname@example.org, by phone at 217-244-4130, or by U.S. mail at:
NCSA Orders, 152 Computing Applications Building, 605 E. Springfield
Avenue, Champaign, IL 61820-5518
10.5 The Internet Assigned Numbers Authority
The IANA coordinates the assignment and use of various Internet
protocol parameters, manages the Internet address space, and manages
domain names. See: http://www.iana.org/iana/
You should get your IP address (a 32bit number) from your
network service provider.
Your network service provider works with a regional registry
to manage these addresses. The regional registry for the US
is the Internic, for Europe is RIPE, for the Asia and Pacific
region is the AP-NIC, and parts of the world not otherwise
covered are managed by the Internic.
If for some reason your network service provider does not
provide you with an IP address, you can contact the your
regional registry at one of the following addresses:
Please do contact your network service provider first, though. The
regional registry will want to know all the gory details about why
that didn't work out before they allocate you an address directly.
11. Security Considerations
There are a wide variety of ways in which systems can be violated,
some intentional, some accidental. Of the intentional attacks, a
portion may be exploratory, others simply abusive of your resources
(using up your CPU time) but many are actively malicious. No system
is 100% safe, but there are steps you can take to protect against
misconfigured devices spraying packets, casual intruders, and a
variety of focused assaults.
Your best defense is to educate yourself on the subject of security.
There are places on the net devoted to teaching users about security
- most prominently, the CERT Coordination Center located at the
Software Engineering Institute at Carnegie Mellon university. You
can point your web browser (or direct your ftp connection) to
ftp://info.cert.org/pub/cert_faq to start. This is a frequently
asked questions guide and general overview on CERT. It includes a
bibliography of suggested reading and a variety of sources to find
Next, you should probably read
which contains a (primarily based on the UNIX operating system)
checklist to help you determine whether your site has suffered a
security breach. You can use it to guide you through handling a
specific incident if you think your system has been compromised or
you can use it as a list of common vulnerabilities. CERT also
maintains a wide variety of bulletins, software patches, and tools to
help you keep up to date and secure.
Before you are even online, you should consider some basic steps:
11.1 Formulate a security policy.
It should include policies regarding physical access procedures,
security incident response, online privileges and back-up media. Put
a message at the login to establish your policy clearly.
"This system is for the use of authorized users only. It may be
monitored in the course of routine operation to detect unauthorized
use. Evidence of unauthorized use or criminal activity may result in
11.1.1. Talk to your Internet Service Provider.
Depending upon your provider and router management situation, there
are a number of things your ISP should be able to do for you to make
your site more secure. Foremost, packet filtering on the router that
connects you to the Internet. You will want to consider IP filters
to allow specific types of traffic (web, ftp, mail, etc.) to certain
machines (the mailhost, the web server, etc.) and no others. Other
filters can block certain types of IP spoofing where the intruder
masks his or her identity using an IP address from inside your
network to defeat your filters. Discuss your concerns and questions
with your provider - the company may have standards or tools they can
11.1.2. Make sure your systems are up to date.
A significant number of incidents happen because older versions of
software have well-known weaknesses that can be exploited from almost
anywhere on the Internet. CERT provides a depository for software
patches designed by concerned net.citizens, CERT's engineers, and by
the vendors themselves.
11.1.3. Use the tools available.
Consider recording MD5 checksums on read-only media (the MD5-digest
algorithm determines an electronic "fingerprint" for files to
indicate their uniqueness -comparing more recent checksums to older
ones can alert you to changes in important system files), installing
tripwire on your systems (notes size and MD5 checksum changes, among
other sanity checks), and periodically testing the integrity of your
machines with programs an intruder might use, like SATAN and crack.
[Details on MD5 are contained in RFC 1321.]
Most files and fixes go through the basics before leaving you to
figure things out on your own, but security can be a complicated
issue, both technically and morally. When good security is
implemented, no one really notices. Unfortunately, no one notices
when it's not taken care of either. That is until the system
crashes, your data gets corrupted, or you get a phone call from an
irate company whose site was cracked from your machines. It doesn't
matter if you carry only public information. It doesn't matter if
you think you're too small or unimportant to be noticed. No one is
too small or too big, no site is immune. Take precautions and be
The following people are being acknowledged for their contributions
to this document.
Thank you all for your help.
13. Authors' Addresses
Appendix A. Internet Projects of Interest to the Arts and Humanities
The commonplace insight about the web as a new distribution channel
for cultural products is that it effaces the traditional border
between producer and consumer. Publishers exploit two-way
interactivity by re-designing the editorial mix to include reader
response. What follows are some examples of the way creative artists
attempt to design structures flexible enough for significant viewer
RENGA (http://renga.ntticc.or.jp) - An inspired transposition of a
traditional collaborative writing practice into the realm of
digital media supported by the NTT InterCommunication Centre in
Tokyo. Renga means linked-image or linked-poem, and draws on the
Japanese tradition of collaboration which effaces the unique
notion of original author.
PING (http://www.artcom.de/ping/mapper) - by Art+Com, a Berlin
based media centre and thinktank. Art+Com is a leader in
producing high-end net visualization projects. Ping lets the
browser add a link, which then becomes a part of the ongoing
visual structure. It is similar, in this sense, to the Toronto
Centre for Landscape Architecture's OASIS site.
Art+Com's T-Vision project (http://www.artcom.de/projects/terra)
which uses satellites and networked VR computers to permit an
astonishing fly-in to earth from space: acclaimed as one of the
most imaginative realizations of the potential of networked
OASIS(Image)INTERNET-DRAFT Toronto Centre for Landscape
Architecture's OASIS site requires a specialized browser, but from
a standard Netscape connection, you can view stills that give a
sense of the beautiful images produced by the collaborative
"design process". It is introduced by its designers as follows:
Oasis is a shared 3-Dimensional navigational environment for the
world wide web. This virtual landscape allows one to bury their
own information links throughout the terrain or to discover and
connect to new information left by others.
Is TechnoSphere a Game?
Yes and no. It's an experiment on a global scale, a chance to
develop complex artificial life on digital networks. TechnoSphere
is interactive like a game, but transgresses the linear boundaries
of branching and hierarchical games narrative to enable freer
movement. TechnoSphere is designed to encourage a non-linear
Body Missing (http://yorku.ca/BodyMissing/index.html)
Toronto artist Vera Frenkel created this richly evocative site on
the disappearance of art and memory as an extension of her Transit
Bar installation. It is conceived as a site open to new
'reconstructions' of the artworks confiscated during the Third
Reich. First opened to the public as part of the ISEA95
exhibition in Montreal, it has since earned widespread critical
comment and praise.
Molecular Clinic 1.0
Molecular Clinic 1.0 ' is an art project realized through a
collaboration between ARTLAB and Seiko Mikami, and is one of the
most elaborate custom designed art projects yet created for the
Web. During their initial visit users should download the
MOLECULAR ENGINE VIEWER, which is a type of molecular laboratory
for their computer. What they will see on the web site after this
initial download is a virtual space containing a three dimensional
computer generated Spider and Monolith object. The user will be
able to navigate through and into this virtual space and can zoom
into the spider all the way to the molecular level.
File Room (http://fileroom.aaup.uic.edu/FILEROOM.html) -
Cumulative database info on Censorship, hosted in Chicago but
conceived by Spanish artist Antoni Muntadas.
Idea Futures (http://if.arc.ab.ca/~jamesm/IF/IF.html) -
Winner of the grand prize at the 1995 Ars Electronica competition
for Web Sites, Idea Futures is a stock market of ideas, based on
the theories of mathematical economist Robin Hanson. The 'truth'
of any claim is assigned a weight calculated by the amount of
virtual cash which members of the exchange are willing to bet.
The scheme leads might lead toward a radical democratization of
academic discourse, but just as easily, toward the trivialization
of thought. See the following for a philosophical critique of the
Firefly (http://www.agents-inc.com/) also a prize winner at Ars
Electronica in 1995, Firefly is an prototypical example of what
enthusiasts call a "personal music recommendation agent", which
makes suggestions for what you might like to listen to, based on a
stored profile of your own likes and dislikes, and the evolving
ratings submitted to the system by other members. Worth visiting,
if only to understand what all the fashionable hype about
'intelligent agents' is all about; skeptics should know that even