EIT - Ethics for IT Professionals

8/12/2019 EIT - Ethics for IT Professionals

1/45

Chapter 4 Privacy

Ethics in Information Technology,Second Edition

Updates by Carlotta Eaton, NRCC


2/45

1. What is Right of Privacy?2. La s for electronic s!rveillance". #orms of data encry$tion

%. What is identify theft?&. Strategies for cons!mer $rofiling'. Treat c!stomer data res$onsi(ly). Why and ho or* $lace monitoring+. What is s$amming?

. -a$a(ilities ethical iss!es of advanceds!rveillance technologies

Chapter 4 Privacy Objectives


3/45

Systems collect and store *ey data from everyinteraction ith c!stomers/any o(0ect to data collection $olicies ofgovernment and (!sinessPrivacy ey concern of Internet !sers To$ reason hy non!sers still avoid the InternetReasona(le limits m!st (e set

istorical $ers$ective on the right to $rivacy #o!rth 3mendment 4 reasona(le e5$ectation of $rivacy

Privacy Protection and the Law


4/45

6efinition 7The right to (e left alone8the most com$rehensive of

rights, and the right most val!ed (y a free $eo$le9 7The right of individ!als to control the collection and !se

of information a(o!t themselves9Legal as$ects Protection from !nreasona(le intr!sion !$on one:s

isolation Protection from a$$ro$riation of one:s name or li*eness

The Right of Privacy


5/45

Legal as$ects Protection from !nreasona(le $!(licity given to one:s

$rivate life Protection from $!(licity that !nreasona(ly $laces one in

a false light (efore the $!(lic

The Right of Privacy (continued)


6/45

Legislative acts $assed over the $ast %; years /ost address invasion of $rivacy (y the government


7/45

>ther initiatives BBB >nline and TRCSTe Inde$endent, non$rofit initiatives #avor an ind!stry4reg!lated a$$roach to data $rivacy

Recent History of Privacy Protection(continued)


8/45


9/45

u!!ary of the "#$% O&C' Privacyuide ines


10/45

Sec!re #light airline safety $rogram -om$ares the names and information of 1.% million daily

C.S. airline $assengers ith data on *no n or s!s$ectedterrorists

iolation of Privacy 3ct

Lega Overview* The Privacy +ct


11/45

Aovernment electronic s!rveillance6ata encry$tionIdentity theft

-!stomer $rofiling


12/45

#ederal Wireta$ 3ct >!tlines $rocesses to o(tain co!rt a!thoriFation for

s!rveillance of all *inds of electronic comm!nications G!dge m!st iss!e a co!rt order (ased on $ro(a(le ca!se

3lmost never deny government reD!ests 7Roving ta$9 a!thority 6oes not name s$ecific tele$hone lines or e4mail acco!nts 3ll acco!nts are tied to a s$ecific $erson

overn!enta & ectronic urvei ance.


13/45

/u!ber of Tit e --- 0iretaps ranted


14/45

Electronic -omm!nications Privacy 3ct of 1 +'=E-P3 Sets standards for access to stored e4mail and other

electronic comm!nications and records E5tends Title III:s $rohi(itions against the !na!thoriFed

interce$tion, disclos!re, or !se of a $erson:s oral orelectronic comm!nications

Prosec!tor does not have to 0!stify reD!ests G!dges are reD!ired to a$$rove every reD!est



15/45

Electronic -omm!nications Privacy 3ct of 1 +'=E-P3 ighly controversial Es$ecially collection of com$!ter data sent over the Internet #ailed to address emerging technologies



16/45

#oreign Intelligence S!rveillance 3ct of 1 )+=#IS3 3llo s ireta$$ing of aliens and citiFens in the Cnited

States Based on finding of $ro(a(le ca!se that a target is /em(er of a foreign terrorist gro!$ 3gent of a foreign $o er

E5ec!tive >rder 12""" Legal a!thority for electronic s!rveillance o!tside the

Cnited States



17/45

-omm!nications 3ssistance for La Enforcement 3ct =-3LE3

ReD!ires the telecomm!nications ind!stry to (!ild toolsinto its $rod!cts so that federal investigators caneavesdro$ on conversations

3fter getting co!rt a$$roval -ontains a $rovision covering radio4(ased data

comm!nication Incl!des voice over Internet = oIP technology



18/45

CS3 Patriot 3ct of 2;;1 Aives s ee$ing ne $o ers to 6omestic la enforcement International intelligence agencies -ontains several 7s!nset9 $rovisions

overn!enta & ectronic urvei ance


19/45

-ry$togra$hy Science of encoding messages >nly sender and intended receiver can !nderstand the

messages ey tool for ens!ring confidentiality, integrity, a!thenticity

of electronic messages and online (!siness transactions

Encry$tion Process of converting electronic messages into a form

!nderstood only (y the intended reci$ients

'ata &ncryption .


20/45

Encry$tion *ey aria(le val!e a$$lied !sing an algorithm to encry$t or

decry$t te5t

P!(lic *ey encry$tion system !ses t o *eys /essage receiver:s $!(lic *ey 4 readily availa(le /essage receiver:s $rivate *ey 4 *e$t secret

RS3 4 a $!(lic *ey encry$tion algorithmPrivate *ey encry$tion system Single *ey to encode and decode messages

'ata &ncryption .


21/45

Pub ic ,ey &ncryption .


22/45

/ost $eo$le agree encry$tion event!ally m!st (e(!ilt into


23/45

Theft of *ey $ieces of $ersonal information to gainaccess to a $erson:s financial acco!ntsInformation incl!desH


24/45

#astest gro ing form of fra!d in the Cnited StatesLac* of initiative in informing $eo$le hose data

as stolen

Phishing 3ttem$t to steal $ersonal identity data By tric*ing !sers into entering information on a

co!nterfeit We( site S$ear4$hishing 4 a variation in hich em$loyees are sent

$hony e4mails that loo* li*e they came from high4levele5ec!tives ithin their organiFation

-dentity Theft .


25/45

S$y are eystro*e4logging soft are Ena(les the ca$t!re ofH 3cco!nt !sernames

Pass ords -redit card n!m(ers >ther sensitive information >$erates even if an infected com$!ter is not connected to

the InternetIdentity Theft and 3ss!m$tion 6eterrence 3ct of1 + as $assed to fight fra!d

-dentity Theft .


26/45

&1!ai 2sed by Phishers


27/45

-om$anies o$enly collect $ersonal informationa(o!t Internet !sers-oo*ies Te5t files that a We( site $!ts on a !ser:s hard drive so

that it can remem(er the information later

Trac*ing soft areSimilar methods are !sed o!tside the We(

environment6ata(ases contain a h!ge amo!nt of cons!mer(ehavioral data

Consu!er Profi ing .


28/45

3ffiliated We( sites Aro!$ of We( sites served (y a single advertising

net or*

-!stomiFed service for each cons!mer Ty$es of data collected hile s!rfing the We( AET data P>ST data -lic*4stream data



29/45

#o!r ays to limit or even sto$ the de$osit ofcoo*ies on hard drives Set the (ro ser to limit or sto$ coo*ies /an!ally delete them from the hard drive 6o nload and install a coo*ie4management $rogram Cse anonymo!s (ro sing $rograms that don:t acce$t

coo*ies



30/45

PersonaliFation soft are is !sed (y mar*eters too$timiFe the n!m(er, freD!ency, and mi5t!re oftheir ad $lacements R!les4(ased -olla(orative filtering 6emogra$hic filtering -onte5t!al commerce

Platform for Privacy Preferences =P"P Shields !sers from sites that don:t $rovide the level of

$rivacy $rotection desired



31/45

Strong meas!res are reD!ired to avoid c!stomerrelationshi$ $ro(lems-ode of #air Information Practices

1 +; >E-6 $rivacy g!idelines-hief $rivacy officer =-P> E5ec!tive to oversee data $rivacy $olicies and initiatives

Treating Consu!er 'ata Responsib y


32/45

Em$loyers monitor or*ers Ens!res that cor$orate IT !sage $olicy is follo ed

#o!rth 3mendment cannot (e !sed to limit ho a$rivate em$loyer treats its em$loyees P!(lic4sector em$loyees have far greater $rivacy rights

than in the $rivate ind!stry

Privacy advocates ant federal legislation To *ee$s em$loyers from infringing !$on $rivacy rights of

em$loyees

0or3p ace onitoring


33/45

Transmission of the same e4mail message to alarge n!m(er of $eo$leE5tremely ine5$ensive method of mar*eting

Csed (y many legitimate organiFations-an contain !n anted and o(0ectiona(lematerials

pa!!ing .


34/45

-ontrolling the 3ssa!lt of


35/45

-amera s!rveillance C.S. cities $lan to e5$and s!rveillance systems 7Smart s!rveillance system9

#acial recognition soft are Identifies criminal s!s$ects and other !ndesira(le

characters ields mi5ed res!lts

Alo(al Positioning System =APS chi$s Placed in many devices Precisely locate !sers

+dvanced urvei ance Techno ogy


36/45


37/45

2/2 &' L-'R>/ TEJTB>>


38/45

What is the right of $rivacy, and hat is the (asisfor $rotecting $ersonal $rivacy !nder the la ?

What are some of the la s that a!thoriFeelectronic s!rveillance (y the government, and

hat are the associated ethical iss!es?

What are the t o f!ndamental forms of dataencry$tion, and ho does each or*?

Objectives


39/45

What is identity theft, and hat techniD!es doidentity thieves !se?

What are the vario!s strategies for cons!mer$rofiling and the associated ethical iss!es?

What m!st organiFations do to treat cons!merdata res$onsi(ly?

Objectives (continued)


40/45

Why and ho are em$loyers increasingly !singor*$lace monitoring?

What is s$amming, and hat ethical iss!es areassociated ith its !se?

What are the ca$a(ilities of advanced s!rveillancetechnologies, and hat ethical iss!es do theyraise?

Objectives (continued)

P i i f h 2 P i bj


41/45

,ey Provisions of the 2 + Patriot +ct ubjectto unset

P i i f th 2 + P t i t + t bj t


42/45

,ey Provisions of the 2 + Patriot +ct ubjectto unset (continued)


43/45

anager6s Chec3 ist for TreatingConsu!er 'ata Responsib y


44/45

The legal conce$t of the right to $rivacy has fo!ras$ects

3 n!m(er of la s have (een enacted over the$ast %; years that affect a $erson:s $rivacyLa s a!thoriFe electronic s!rveillance (y thegovernment6ata encry$tion

P!(lic *ey encry$tion system Private *ey encry$tion system

Identity theft

u!!ary


45/45

-ons!mer (ehavior data is collected (oth onlineand offline-ode of #air Information Practices and 1 +;>E-6 $rivacy g!idelinesEm$loyers record and revie em$loyeecomm!nications and activities on the 0o(

3dvances in information technology

S!rveillance cameras #acial recognition soft are APS systems

u!!ary (continued)

Documents

EIT - Ethics for IT Professionals