04 privacy

Ethics in Information Technology,
Second Edition

1. What is Right of Privacy?
2. Laws for electronic surveillance
3. Forms of data encryption
4. What is identify theft?
5. Strategies for consumer profiling
6. Treat customer data responsibly
7. Why and how work place monitoring
8. What is spamming?
9. Capabilities & ethical issues of advanced
surveillance technologies
Ethics in Information Technology, Second
Edition 2

 Systems collect and store key data from every
interaction with customers
 Many object to data collection policies of
government and business
 Privacy
◦ Key concern of Internet users
◦ Top reason why nonusers still avoid the Internet
 Reasonable limits must be set
 Historical perspective on the right to privacy
◦ Fourth Amendment - reasonable expectation of
privacy
Edition 3

 Definition
◦ “The right to be left alone—the most
comprehensive of rights, and the right most valued
by a free people”
◦ “The right of individuals to control the collection
and use of information about themselves”
 Legal aspects
◦ Protection from unreasonable intrusion upon one’s
isolation
◦ Protection from appropriation of one’s name or
likeness
Edition 4

 Legal aspects
◦ Protection from unreasonable publicity given to
one’s private life
◦ Protection from publicity that unreasonably places
one in a false light before the public
Edition 5

 Legislative acts passed over the past 40 years
◦ Most address invasion of privacy by the government
 Not corporations
◦ No single, overarching national data privacy policy
◦ Communications Act of 1934
◦ Freedom of Information Act (FOIA)
◦ Fair Credit Reporting Act of 1970
◦ Privacy Act of 1974
◦ Children’s Online Protection Act (COPA)
◦ European Community Directive 95/46/EC of 1998
◦ Gramm-Leach-Bliley Act
Edition 6

 Other initiatives
◦ BBB Online and TRUSTe
 Independent, nonprofit initiatives
 Favor an industry-regulated approach to data privacy
Edition 7

 Opt-out policy
◦ Assumes that consumers approve of companies
collecting and storing their personal information
◦ Requires consumers to actively opt out
◦ Favored by data collectors
 Opt-in policy
◦ Must obtain specific permission from consumers
before collecting any data
◦ Favored by consumers
Edition 8

Edition 9

 Secure Flight airline safety program
◦ Compares the names and information of 1.4 million
daily U.S. airline passengers with data on known or
suspected terrorists
◦ Violation of Privacy Act
Edition 10

 Government electronic surveillance
 Data encryption
 Identity theft
 Customer profiling
 Need to treat customer data responsibly
 Workplace monitoring
 Spamming
 Advanced surveillance techniques
Edition 11

 Federal Wiretap Act
◦ Outlines processes to obtain court authorization for
surveillance of all kinds of electronic
communications
◦ Judge must issue a court order based on probable
cause
 Almost never deny government requests
◦ “Roving tap” authority
 Does not name specific telephone lines or e-mail
accounts
 All accounts are tied to a specific person
Edition 12

Edition 13

 Electronic Communications Privacy Act of
1986 (ECPA)
◦ Sets standards for access to stored e-mail and
other electronic communications and records
◦ Extends Title III’s prohibitions against the
unauthorized interception, disclosure, or use of a
person’s oral or electronic communications
◦ Prosecutor does not have to justify requests
◦ Judges are required to approve every request
Edition 14

 Electronic Communications Privacy Act of
1986 (ECPA)
◦ Highly controversial
 Especially collection of computer data sent over the
Internet
◦ Failed to address emerging technologies
Edition 15

 Foreign Intelligence Surveillance Act of 1978
(FISA)
◦ Allows wiretapping of aliens and citizens in the
United States
◦ Based on finding of probable cause that a target is
 Member of a foreign terrorist group
 Agent of a foreign power
 Executive Order 12333
◦ Legal authority for electronic surveillance outside
the United States
Edition 16

 Communications Assistance for Law
Enforcement Act (CALEA)
◦ Requires the telecommunications industry to build
tools into its products so that federal investigators
can eavesdrop on conversations
 After getting court approval
◦ Contains a provision covering radio-based data
communication
◦ Includes voice over Internet (VoIP) technology
Edition 17

 USA Patriot Act of 2001
◦ Gives sweeping new powers to
 Domestic law enforcement
 International intelligence agencies
◦ Contains several “sunset” provisions
Edition 18

 Cryptography
◦ Science of encoding messages
◦ Only sender and intended receiver can understand
the messages
◦ Key tool for ensuring confidentiality, integrity,
authenticity of electronic messages and online
business transactions
 Encryption
◦ Process of converting electronic messages into a
form understood only by the intended recipients
Edition 19

 Encryption key
◦ Variable value applied using an algorithm to
encrypt or decrypt text
 Public key encryption system uses two keys
◦ Message receiver’s public key - readily available
◦ Message receiver’s private key - kept secret
 RSA - a public key encryption algorithm
 Private key encryption system
◦ Single key to encode and decode messages
Edition 20

Edition 21

 Most people agree encryption eventually must
be built into
◦ Networks
◦ File servers
◦ Tape backup systems
 Seagate Technology hard drive
◦ Automatically encrypts all data
 U.S. Arms Export Control Act controls the
export of encryption technology, hardware,
and software
Edition 22

 Theft of key pieces of personal information to
gain access to a person’s financial accounts
 Information includes:
◦ Name
◦ Address
◦ Date of birth
◦ Social Security number
◦ Passport number
◦ Driver’s license number
◦ Mother’s maiden name
Edition 23

 Fastest growing form of fraud in the United
States
 Lack of initiative in informing people whose
data was stolen
 Phishing
◦ Attempt to steal personal identity data
◦ By tricking users into entering information on a
counterfeit Web site
◦ Spear-phishing - a variation in which employees
are sent phony e-mails that look like they came
from high-level executives within their organization
Edition 24

 Spyware
◦ Keystroke-logging software
◦ Enables the capture of:
 Account usernames
 Passwords
 Credit card numbers
 Other sensitive information
◦ Operates even if an infected computer is not
connected to the Internet
 Identity Theft and Assumption Deterrence Act
of 1998 was passed to fight fraud
Edition 25

Edition 26

 Companies openly collect personal
information about Internet users
 Cookies
◦ Text files that a Web site puts on a user’s hard drive
so that it can remember the information later
 Tracking software
 Similar methods are used outside the Web
environment
 Databases contain a huge amount of
consumer behavioral data
Edition 27

 Affiliated Web sites
◦ Group of Web sites served by a single advertising
network
 Customized service for each consumer
 Types of data collected while surfing the Web
◦ GET data
◦ POST data
◦ Click-stream data
Edition 28

 Four ways to limit or even stop the deposit of
cookies on hard drives
◦ Set the browser to limit or stop cookies
◦ Manually delete them from the hard drive
◦ Download and install a cookie-management
program
◦ Use anonymous browsing programs that don’t
accept cookies
Edition 29

 Personalization software is used by marketers
to optimize the number, frequency, and
mixture of their ad placements
◦ Rules-based
◦ Collaborative filtering
◦ Demographic filtering
◦ Contextual commerce
 Platform for Privacy Preferences (P3P)
◦ Shields users from sites that don’t provide the level
of privacy protection desired
Edition 30

 Strong measures are required to avoid
customer relationship problems
 Code of Fair Information Practices
 1980 OECD privacy guidelines
 Chief privacy officer (CPO)
◦ Executive to oversee data privacy policies and
initiatives
Edition 31

 Employers monitor workers
◦ Ensures that corporate IT usage policy is followed
 Fourth Amendment cannot be used to limit
how a private employer treats its employees
◦ Public-sector employees have far greater privacy
rights than in the private industry
 Privacy advocates want federal legislation
◦ To keeps employers from infringing upon privacy
rights of employees
Edition 32

 Transmission of the same e-mail message to
a large number of people
 Extremely inexpensive method of marketing
 Used by many legitimate organizations
 Can contain unwanted and objectionable
materials
Edition 33

 Controlling the Assault of Non-Solicited
Pornography and Marketing (CANSPAM)
◦ Says it is legal to spam but
 Spammers cannot disguise their identity
 There must be a label in the message specifying that
the e-mail is an ad or solicitation
 They must include a way for recipients to indicate they
do not want future mass mailings
Edition 34

 Camera surveillance
◦ U.S. cities plan to expand surveillance systems
◦ “Smart surveillance system”
 Facial recognition software
◦ Identifies criminal suspects and other undesirable
characters
◦ Yields mixed results
 Global Positioning System (GPS) chips
◦ Placed in many devices
◦ Precisely locate users
Edition 35

Chapter 4 Page 134
Edition 36

FROM TEXTBOOK
Edition 37

 What is the right of privacy, and what is the
basis for protecting personal privacy under
the law?
 What are some of the laws that authorize
electronic surveillance by the government,
and what are the associated ethical issues?
 What are the two fundamental forms of data
encryption, and how does each work?
Edition 38

 What is identity theft, and what techniques do
identity thieves use?
 What are the various strategies for consumer
profiling and the associated ethical issues?
 What must organizations do to treat
consumer data responsibly?
Edition 39

 Why and how are employers increasingly
using workplace monitoring?
 What is spamming, and what ethical issues
are associated with its use?
 What are the capabilities of advanced
surveillance technologies, and what ethical
issues do they raise?
Edition 40

Edition 41

Edition 42

Edition 43

 The legal concept of the right to privacy has
four aspects
 A number of laws have been enacted over the
past 40 years that affect a person’s privacy
 Laws authorize electronic surveillance by the
government
 Data encryption
◦ Public key encryption system
◦ Private key encryption system
 Identity theft
Edition 44

 Consumer behavior data is collected both
online and offline
 Code of Fair Information Practices and 1980
OECD privacy guidelines
 Employers record and review employee
communications and activities on the job
 Advances in information technology
◦ Surveillance cameras
◦ Facial recognition software
◦ GPS systems
Edition 45

04 privacy

More Related Content

Viewers also liked (20)

Similar to 04 privacy (20)

Recently uploaded (20)

04 privacy