Question # 32

Privacy Laws, Regulations, and more

Listed below are various provisions of relevant

federal privacy protection laws, regulations,
directives, policies, instructional letters and more
for reference. This page is intended to inform the
public of GSA's privacy policies and practices as
they apply to GSA employees, contractors, and
clients.
Office of Management and Budget (OMB) Guidance on the
implementation of the Privacy Act and on information
security:
•OMB Circular No. A-130, Appendix I, Federal Agency
Responsibilities for Maintaining Records About Individuals,
which establishes Privacy Act requirements and procedures;
•OMB Circular No. A-130, Appendix III, Management of
Federal Information Resources, which establishes guidelines
for Federal agencies on complying with the fair information
practices and security requirements for operating automated
information systems; and
• (M-03-22) Memorandum for Heads of Executive Departments
and Agencies, OMB Guidance for Implementing the Privacy
Provisions of E-Government Act of 2002.

• Contacts
• GSA Privacy Act Officer View Contact Details
1. Delete or deactivate your shopping, social network, and
Web service accounts
Think about which social networks you have profiles on. Aside
from the big ones, such as Facebook, Twitter, LinkedIn and
Instagram, do you still have public accounts on sites like
Tumblr, Google+ or even MySpace? What about your Reddit
account? Which shopping sites have you registered on?
Common ones might include information stored on Amazon,
Gap.com, Macys.com and others.
To get rid of these accounts, go to your account settings and
just look for an option to either deactivate, remove or close
your account. Depending on the account, you may find it
under Security or Privacy, or something similar.
If you're having trouble with a particular account, try searching
online for "How to delete," followed by the name of the
account you wish to delete. You should be able to find some
instruction on how to delete that particular account.
If for some reason you can't delete an account, change the info in
the account to something other than your actual info. Something
fake or completely random.
2. Remove yourself from data collection sites
There are companies out there that collect your
information. They're called data brokers and they have
names like Spokeo, Whitepages.com, PeopleFinder, as
well as plenty of others. They collect data from
everything you do online and then sell that data to
interested parties, mostly in order more specifically
advertise to you and sell you more stuff.
3. Remove your info directly from websites
First, check with your phone company or cell provider to
make sure you aren't listed online and have them remove
your name if you are.

4. Remove personal info from websites

If someone's posted sensitive information of yours such as a
Social Security number or a bank account number and the
webmaster of the site where it was posted won't remove it,
you can send a legal request to Google to have it removed.
5. Remove outdated search results
 [REPUBLIC ACT NO. 10173]
AN ACT PROTECTING INDIVIDUAL
PERSONAL INFORMATION IN INFORMATION
AND COMMUNICATIONS SYSTEMS IN THE
GOVERNMENT AND THE PRIVATE SECTOR,
CREATING FOR THIS PURPOSE A NATIONAL
PRIVACY COMMISSION, AND FOR OTHER
PURPOSES
Question #35
International security, also called global security, refers
to the amalgamation of measures taken by states and
international organizations, such as the United Nations,
European Union, and others, to ensure mutual survival
and safety. These measures include military action and
diplomatic agreements such as treaties and conventions.
International and national security are invariably linked.
International security is national security or state security
in the global arena.
With the end of World War II, a new subject of
academic study focusing on international security
emerged. It began as an independent field of study, but
was absorbed as a sub-field of international relations.[1]
Since it took hold in the 1950s, the study of
international security has been at the heart of
international relations studies.[2] It covers labels like
"security studies", "strategic studies", "peace studies", and
others.
Question # 32
 Electronic Data Collection Options for
Practice-Based Research Networks
Abstract
PURPOSE We wanted to describe the potential benefits and
problems associated with selected electronic methods of
collecting data within practice-based research networks
(PBRNs).
METHODS We considered a literature review, discussions
with PBRN researchers, industry information, and personal
experience. This article presents examples of selected PBRNs’
use of electronic data collection
RESULTS
Collecting research data in the geographically dispersed PBRN environment
requires considerable coordination to ensure completeness, accuracy, and timely
transmission of the data, as well as a limited burden on the participants. Electronic
data collection, particularly at the point of care, offers some potential solutions.
Electronic systems allow use of transparent decision algorithms and improved data
entry and data integrity. These systems may improve data transfer to the central office
as well as tracking systems for monitoring study progress. PBRNs have available to
them a wide variety of electronic data collection options, including notebook
computers, tablet PCs, personal digital assistants (PDAs), and browser-based systems
that operate independent of or over the Internet. Tablet PCs appear particularly
advantageous for direct patient data collection in an office environment. PDAs work
well for collecting defined data elements at the point of care. Internet-based systems
work well for data collection that can be completed after the patient visit, as most
primary care offices do not support Internet connectivity in examination rooms.
CONCLUSIONS
When planning to collect data electronically, it is important to
match the electronic data collection method to the study design.
Focusing an inappropriate electronic data collection method onto
users can interfere with accurate data gathering and may also anger
PBRN members.

Keywords: Practice-based research network, computer

communication networks, data collection, computers, handheld,
database management systems, research design, Health Insurance
Portability and Accountability Act, informed consent, health services
research.
What Are Cookies? What is a Cookie?

Cookies are small files which are stored on a user's

computer. They are designed to hold a modest amount of
data specific to a particular client and website, and can be
accessed either by the web server or the client computer.
This allows the server to deliver a page tailored to a
particular user, or the page itself can contain some script
which is aware of the data in the cookie and so is able to
carry information from one visit to the website (or related
site) to the next.
Are Cookies Enabled in my Browser?

To check whether your browser is configured to

allow cookies, visit the Cookie checker. This page will
attempt to create a cookie and report on whether or
not it succeeded.
For information on how to enable or disable cookies,
see 'Enabling cookies'.
For information on how to delete and clear cookies,
see 'Deleting cookies'.
Can I see/view the cookies I have on my computer?

Most browsers have a configuration screen which

allows the user to see what cookies have been stored on
the computer, and optionally to delete them. For more
information, see the viewing cookies page.
Note that it is not possible for a webpage to view
cookies set by other sites, as this would represent a
privacy and security problem.
What's in a Cookie?

Each cookie is effectively a small lookup table

containing pairs of (key, data) values - for example
(firstname, John) (lastname, Smith). Once the
cookie has been read by the code on the server or
client computer, the data can be retrieved and
used to customise the web page appropriately.
When are Cookies Created?

Writing data to a cookie is usually done when a new

webpage is loaded - for example after a 'submit' button is
pressed the data handling page would be responsible for
storing the values in a cookie. If the user has elected to
disable cookies then the write operation will fail, and
subsequent sites which rely on the cookie will either have to
take a default action, or prompt the user to re-enter the
information that would have been stored in the cookie
Why are Cookies Used?
Cookies are a convenient way to carry
information from one session on a website to
another, or between sessions on related websites,
without having to burden a server machine with
massive amounts of data storage. Storing the data on
the server without using cookies would also be
problematic because it would be difficult to retrieve a
particular user's information without requiring a login
on each visit to the website.
If there is a large amount of information to store, then a
cookie can simply be used as a means to identify a given user
so that further related information can be looked up on a
server-side database. For example the first time a user visits a
site they may choose a username which is stored in the
cookie, and then provide data such as password, name,
address, preferred font size, page layout, etc. - this
information would all be stored on the database using the
username as a key. Subsequently when the site is revisited
the server will read the cookie to find the username, and
then retrieve all the user's information from the database
without it having to be re-entered.
How Long Does a Cookie Last?

The time of expiry of a cookie can be set when the cookie is created. By default the
cookie is destroyed when the current browser window is closed, but it can be made to persist
for an arbitrary length of time after that.

Who Can Access Cookies?

When a cookie is created it is possible to control its visibility by setting its 'root domain'.
It will then be accessible to any URL belonging to that root. For example the root could be set
to "whatarecookies.com" and the cookie would then be available to sites in
"www.whatarecookies.com" or "xyz.whatarecookies.com" or "whatarecookies.com". This might
be used to allow related pages to 'communicate' with each other. It is not possible to set the
root domain to 'top level' domains such as '.com' or '.co.uk' since this would allow widespread
access to the cookie.
By default cookies are visible to all paths in their domains, but at the time of creation they can
be retricted to a given subpath - for example "www.whatarecookies.com/images".
How Secure are Cookies?

There is a lot of concern about privacy and security on the

internet. Cookies do not in themselves present a threat to privacy,
since they can only be used to store information that the user has
volunteered or that the web server already has. Whilst it is possible
that this information could be made available to specific third party
websites, this is no worse than storing it in a central database. If you are
concerned that the information you provide to a webserver will not be
treated as confidential then you should question whether you actually
need to provide that information at all.
What are Tracking Cookies?

Some commercial websites include embedded advertising material

which is served from a third-party site, and it is possible for such adverts to
store a cookie for that third-party site, containing information fed to it from
the containing site - such information might include the name of the site,
particular products being viewed, pages visited, etc. When the user later visits
another site containing a similar embedded advert from the same third-party
site, the advertiser will be able to read the cookie and use it to determine some
information about the user's browsing history. This enables publishers to serve
adverts targetted at a user's interests, so in theory having a greater chance of
being relevant to the user. However, many people see such 'tracking cookies'
as an invasion of privacy since they allow an advertiser to build up profiles of
users without their consent or knowledge.
Phishing Site Takedown & Countermeasures

Once a bank has been alerted to the fact that it is the subject of a
phishing attack, the race is on to close the target phishing site as
quickly as possible. However, professional fraudsters will take steps to
ensure that the process is as difficult and time consuming as possible:
your time is their money.
Fraudsters will often host their sites in developing countries with
limited law enforcement resources and incentivise the hosting
company to keep the site running as long as it possibly can. Indeed,
some unscrupulous hosting companies actually promote fraud hosting
as a service.
Netcraft’s countermeasures service helps banks and
other financial organisations to combat these
techniques. Once a phishing site has been detected,
Netcraft immediately responds with a set of actions
which will significantly limit access to the site, and will
ultimately cause the fraudulent content to be
eliminated.
Netcraft’s approach is distinguished from other providers of takedown
services through its ability to immediately block access to the site for
users of a wide range of technologies, and to provide information back to
the bank that will identify compromised accounts.
Countermeasures
Netcraft Toolbar Community and Phishing Feed
Netcraft’s phishing site feed is consistently recognised in third
party reviews as the most effective blocking mechanism for protecting
customers against phishing, and is licensed by leading browsers, anti-
virus and content filtering products, firewall and network appliance
vendors, mail providers, registrars, hosting companies and ISPs.
Consequently, once the phishing site has been accepted into the feed,
access to the site will be blocked for hundreds of millions of people
shortly afterwards, significantly reducing the effectiveness of the phishing
site even before it has been removed.
Additionally, Netcraft will receive notification of
some phishing attacks through its Netcraft
Toolbar community in advance of reports
received by the bank directly, and thereby can
reduce the lifetime of the phishing site.
Extensive Automation and Preparation
Netcraft’s countermeasures are extensively automated, with local
language translations available for every country that has hosted more
than five phishing sites in the last six months [September 2008] and
an extensive database of contacts at hosting companies, DNS
providers, registrars and ISPs set up such that effective
countermeasures can be started within seconds of a report being
verified.
Additionally, Netcraft continues to monitor a phishing URL after it
becomes unavailable, and if it reappears, perhaps because the host is
compromised and the fraudster is able to replace the phishing
content after the site owner removes it, then the countermeasures are
restarted.
Hosting Company and Registrar Interaction

Netcraft will identify, contact and liaise with the company

responsible for hosting the fraudulent content. Netcraft enjoys
excellent relations with the hosting community, and many of the
world’s largest hosting companies and domain registrars are Netcraft
customers.
Netcraft can exercise its existing relationships with these
companies to provide a swift and smooth response to the detection of
the site. If the hosting company is reputable, this may be sufficient to
ensure a prompt end to the fraudulent activity.
Upstream Bandwidth Providers
Netcraft’s geographically-distributed performance
collectors can trace multiple routes to the server hosting the
fraudulent content. This allows the upstream bandwidth
providers to be identified and notified. If the upstream
connectivity providers perceive that their business may be
damaged through being identified as providing connectivity for
a fraud site or larger fraud hosting operation, they may black
hole the individual site, or withdraw their services from the
hosting location.
Local Law Enforcement Agency
Netcraft will identify, contact and liaise
with the law enforcement agency in the
hosting company’s local jurisdiction.
Fraudster’s Infrastructure
Netcraft can also report back IP addresses which are under the
control of the fraudster. This can be used to lock accounts
accessed from those IP addresses, and to block further access
from the fraudster’s machines once identified.
Netcraft also engages with hosting companies to preserve &
retrieve any data files, logs or other information left by the
fraudster. Information identifying affected customers is very
useful in mitigating the impact of the attack, and minimising
monetary loss.
Clickjacking (also known as user-
interface or UI redressing and
IFRAME overlay) is an exploit in
which malicious coding is hidden
beneath apparently legitimate
buttons or other clickable content
on a website.
Here's one example, among many possible scenarios: A
visitor to a site thinks he is clicking on a button to close
a window; instead, the action of clicking the “X” button
prompts the computer to download a Trojan horse,
transfer money from a bank account or turn on the
computer’s built-in microphone or webcam. The host
website may be a legitimate site that's been hacked or a
spoofed version of some well-known site. The attacker
tricks users into visiting the site through links online or
in email messages.
What is Spyware and What does it do?
Spyware is a type of malware that is installed on a computer without
the knowledge of the owner in order to collect the owner’s private
information. Spyware is often hidden from the user in order to gather
information about internet interaction, keystrokes (also known as
keylogging), passwords, and other valuable data. Spyware can also
negatively affect a computer’s performance by installing additional
software, redirecting web browser searches, changing computer
settings, reducing connection speeds, changing the homepage or even
completely disrupting network connection ability. Spyware can also
be used as a type of adware, where the software delivers unsolicited
pop-up ads in addition to tracking user behavior.
Typically, spyware is installed when a user installs a piece of
free software that they actually wanted. When the desired
software is installed, the spyware will piggyback on the
installation and start collecting data from the user’s activities.
The user can also be tricked into installing the spyware
through a Trojan horse as well as it pretending to be a free
piece of security software. Spyware authors have been known
to pay shareware developers to bundle their spyware with the
legitimate software as well as simply repackaging freeware and
bundling it with their own spyware. Drive-by downloading is
another method used to install spyware on an unsuspecting
user’s computer.
 All the Answers written above are well & truly what adware really does
with your information . If you havent understood still , i will try to answer in
much simpler terms -
Adware collects Information about your Browsing habits ( what you actually do
on the Internet is being noted down by it ) then it makes a picture of your
preferences , neglection attributes through this information. Now it sells this
information to the Companies which match your preferences & then these
companise pay Adware handsomely in order to display their advertisements
the next time you happen to be on the Internet .This happens with every
Individual using Internet , (cause most of us really dont care about somebody
making money from our attributes) . For Example You will notice this change
with the changing patterns in the advertisements in top right corner of Google
Search Results whenever you use Google Search .
Thnks for A2A ! & Sorry for being late in answering your Question .
Madware is a type of aggressive advertising
that affects smartphones and tablets. The
name, which is a portmanteau combining the
words mobile and adware, was coined by the
security vendor Symantec to describe a type
of intrusive advertising that currently affects
Android smarphones and tablets.