Unauthorized Access: The Crisis in Online Privacy and Security, 1st Edition (Paperback) book cover

Unauthorized Access

The Crisis in Online Privacy and Security, 1st Edition

By Robert H. Sloan, Richard Warner

CRC Press

398 pages | 29 B/W Illus.

Purchasing Options:$ = USD
Paperback: 9781439830130
pub: 2013-07-15
SAVE ~$14.19
Hardback: 9781138436923
pub: 2017-07-27
SAVE ~$41.00
eBook (VitalSource) : 9780429093791
pub: 2016-04-19
from $33.98

FREE Standard Shipping!


Going beyond current books on privacy and security, Unauthorized Access: The Crisis in Online Privacy and Security proposes specific solutions to public policy issues pertaining to online privacy and security. Requiring no technical or legal expertise, the book explains complicated concepts in clear, straightforward language.

The authors—two renowned experts on computer security and law—explore the well-established connection between social norms, privacy, security, and technological structure. This approach is the key to understanding information security and informational privacy, providing a practical framework to address ethical and legal issues. The authors also discuss how rapid technological developments have created novel situations that lack relevant norms and present ways to develop these norms for protecting informational privacy and ensuring sufficient information security.

Bridging the gap among computer scientists, economists, lawyers, and public policy makers, this book provides technically and legally sound public policy guidance about online privacy and security. It emphasizes the need to make trade-offs among the complex concerns that arise in the context of online privacy and security.


"… a guide though the thicket of contradictions and trade-offs in this area. … The well-written collection of 12 chapters starts with the basics of computing, networking, and data mining, and proceeds through systems vulnerabilities, attacks, and defenses, all within the perspectives of costs (economy), law, social engineering, and public policy. … Highly recommended."

—J Beidler, University of Scranton, in CHOICE Magazine, April 2014

"Sloan and Warner’s new book comprehensively analyzes consumer privacy and security from a game theoretic viewpoint. Their approach crisply explains both consumer and firm behavior and offers useful predictions for where market or regulatory approaches are needed for consumer protection."

—Chris Jay Hoofnagle, Lecturer in Residence, UC Berkeley Law

"The success of this book is in making non-technical readers think about the situation we are in and the hard choices that we are left with."

—Sithu D. Sudarsan, in Computing Reviews

" … the writing style increases the accessibility of the content and enhances its appeal to a broader readership, including graduate students, postgraduate students, and informed lay readers. … Fortunately, this book was written by experts with a deep knowledge and understanding of the field, who present complex issues in a refreshingly straightforward manner. … will stimulate the thinking of students at all levels, especially those in computer science and engineering courses focusing on ethical and professional issues."

—Barry Blundell, in Computing Reviews

Table of Contents



The Good, the Bad, and the In Between

Making Trade-offs



Today and Tomorrow: Web 1.0, 2.0, 3.0

A Look Ahead

An Explanation of the Internet, Computers, and Data Mining


Primer on the Internet

Primer on Computers

Primer on Data, Databases, and Data Mining

Norms and Markets


Norms Defined

Coordination Norms

Value Optimal Norms

Norms and Markets

Norms and Game Theory

Informational Privacy: The General Theory


Personally Identifiable: A Distinction without (Much of) a Difference

The Requirement of Free and Informed Consent

Problems with Notice and Choice

Informational Norms

Ensuring Free and Informed Consent

The Ideal of Norm Completeness

Informational Privacy: Norms and Value Optimality


Direct Marketing: Retailers as Information Brokers

Information Aggregators

The Health Insurance Industry

More Examples

Collaborate or Resist?

Software Vulnerabilities and the Low-Priced Software Norm


What Buyers Demand

Strict Liability


Product Liability for Defective Design

The Statutory Alternative

We Are Trapped and Only Legal Regulation Will Release Us

Three Examples of Value Optimal Product-Risk Norms

The Low-Priced Software Norm

We Need to Create a Value Optimal Norm—but What Should It Be?

Software Vulnerabilities: Creating Best Practices


Best Practices Defined

Best Practices for Software Development

Creating the Best Practices Software Norm

Norm Creation in Real Markets

Unauthorized Access: Beyond Software Vulnerabilities

Computers and Networks: Attack and Defense


Types of Doors

Attacks on Availability

Attacking Confidentiality: Hanging Out in the Neighborhood

Attacks on Authentication

Attacks on Integrity

Multiplying, Eliminating, and Locking Doors

Posting Guards

Loc king and Guarding Doors Is Hard and We Do a Poor Job

Should ISPs Lock Doors and Check Credentials?

Malware, Norms, and ISPs


A Malware Definition

The Malware Zoo

Why End-User Defenses Are So Weak

The "End-User-Located Antivirus" Norm

Fire Prevention and Public Health

Compare Malware

Is Better Protection Worth Violating Network Neutrality?

The Value Optimal Norm Solution

Malware: Creating a Best Practices Norm


Current Best Practices for ISP Malware Defense

An Additional Wrinkle: The Definition of Malware Is Not Fully Settled

Defining Comprehensive Best Practices

Creating the Norm

Norm Creation in Real Markets

The End-to-End and Network Neutrality Principles

Has Our Focus Been Too Narrow?

Was Our Focus Too Narrow in Another Way?

Tracking, Contracting, and Behavioral Advertising


Behavioral Advertising and the Online Advertising Ecosystem

How Websites Gain Information about You: Straightforward Methods

Other Ways of Getting Your Online Information

What Is Wrong with Behavioral Advertising?

The Second-Order Contractual Norm

How the Norm Arises in Ideal Markets

Real Markets: How the Coordination Norm Arises

The Lack of Consent to Pay-with-Data Exchanges

From One-Sided Chicken to Value Optimal Norms


Chicken with Cars

The Pay-with-Data Game of One-Sided Chicken

Norm Creation in Perfectly Competitive Markets

Norm Creation in the Real Market

Does Facebook Play One-Sided Chicken?

Do-Not -Track Initiatives

More "Buyer Power" Approaches to Norm Generation

Two Versions of the Best Practices Statute Approach

Prisoner’s Dilemma

The Need for Trust

If We Fail to Create Norms

The Big Data Future


Notes, References, and Further Reading appear at the end of each chapter.

About the Authors

Robert H. Sloan is a professor and head of the Department of Computer Science of the University of Illinois at Chicago. He has published extensively in the areas of computer security, theoretical computer science, and artificial intelligence. He received a PhD in computer science from the Massachusetts Institute of Technology.

Richard Warner is a professor and Norman and Edna Freehling scholar at the Illinois Institute of Technology Chicago-Kent College of Law, where he is the faculty director of the Center for Law and Computers. He is the director of the School of American Law, which has branches in Poland, Ukraine, and Georgia; editor-in-chief of Emerging Markets: A Review of Business and Legal Issues;and a member of the US Secret Service’s Electronic and Financial Crimes Taskforce. He received a PhD in philosophy from the University of California, Berkeley, and a JD from the University of Southern California. His research interests include privacy, security, contracts, and the nature of values and their relation to action.

Subject Categories

BISAC Subject Codes/Headings:
COMPUTERS / Programming / Games
COMPUTERS / Database Management / Data Mining
COMPUTERS / Security / General
COMPUTERS / Security / Cryptography