48
Ethics in Information Technology, Second Edition Chapter 4 Privacy

Privacy

Tags:

Embed Size (px)

DESCRIPTION

presentation in computer ethics

Citation preview

  • Ethics in Information Technology, Second Edition Chapter 4Privacy

    Ethics in Information Technology, Second Edition

  • Ethics in Information Technology, Second Edition*ObjectivesWhat is the right of privacy, and what is the basis for protecting personal privacy under the law?

    What are some of the laws that authorize electronic surveillance by the government, and what are the associated ethical issues?

    What are the two fundamental forms of data encryption, and how does each work?

    Ethics in Information Technology, Second Edition

  • Ethics in Information Technology, Second Edition*Objectives (continued)What is identity theft, and what techniques do identity thieves use?

    What are the various strategies for consumer profiling and the associated ethical issues?

    What must organizations do to treat consumer data responsibly?

    Ethics in Information Technology, Second Edition

  • Ethics in Information Technology, Second Edition*Objectives (continued)Why and how are employers increasingly using workplace monitoring?

    What is spamming, and what ethical issues are associated with its use?

    What are the capabilities of advanced surveillance technologies, and what ethical issues do they raise?

    Ethics in Information Technology, Second Edition

  • What does privacy mean to you?

    Ethics in Information Technology, Second Edition

  • Ethics in Information Technology, Second Edition*What is privacy?Being alone.Al-Bara Al-Ohli (age 4)

    Ethics in Information Technology, Second Edition

  • Ethics in Information Technology, Second Edition*Westin Privacy and Freedom 1967Privacy is the claim of individuals, groups or institutions to determine for themselves when, how, and to what extent information about them is communicated to othersPrivacy is not an absolute

    Ethics in Information Technology, Second Edition

  • Ethics in Information Technology, Second Edition*Privacy as processEach individual is continually engaged in a personal adjustment process in which he balances the desire for privacy with the desire for disclosure and communication. - Alan Westin, 1967

    Ethics in Information Technology, Second Edition

  • Ethics in Information Technology, Second Edition*Westins four states of privacySolitude individual separated from the group and freed from the observation of other personsIntimacy individual is part of a small unitAnonymity individual in public but still seeks and finds freedom from identification and surveillanceReservethe creation of a psychological barrier against unwanted intrusion - holding back communication

    Ethics in Information Technology, Second Edition

  • Ethics in Information Technology, Second Edition*Privacy Protection and the LawSystems collect and store key data from every interaction with customersMany object to data collection policies of government and businessPrivacy is aKey concern of Internet users Top reason why nonusers still avoid the InternetReasonable limits must be setHistorical perspective on the right to privacyFourth Amendment - reasonable expectation of privacy

    Ethics in Information Technology, Second Edition

  • Ethics in Information Technology, Second Edition*The Right of PrivacyDefinitionThe right to be left alonethe most comprehensive of rights, and the right most valued by a free peopleThe right of individuals to control the collection and use of information about themselves

    Ethics in Information Technology, Second Edition

  • Ethics in Information Technology, Second Edition*The Right of Privacy (continued)Legal aspectsProtection from unreasonable intrusion upon ones isolationProtection from appropriation of ones name or likenessProtection from unreasonable publicity given to ones private lifeProtection from publicity that unreasonably places one in a false light before the public

    Ethics in Information Technology, Second Edition

  • Ethics in Information Technology, Second Edition*Recent History of Privacy ProtectionLegislative acts passed over the past 40 yearsMost address invasion of privacy by the governmentNot corporationsNo single, overarching national data privacy policy Communications Act of 1934Freedom of Information Act (FOIA)Fair Credit Reporting Act of 1970Privacy Act of 1974Childrens Online Protection Act (COPA)European Community Directive 95/46/EC of 1998Gramm-Leach-Bliley Act

    Ethics in Information Technology, Second Edition

  • Ethics in Information Technology, Second Edition*

    Ethics in Information Technology, Second Edition

  • Ethics in Information Technology, Second Edition*Chief privacy officersCompanies are increasingly appointing CPOs to have a central point of contact for privacy concernsRole of CPO varies in each companyDraft privacy policyRespond to customer concernsEducate employees about company privacy policyReview new products and services for compliance with privacy policyDevelop new initiatives to keep company out front on privacy issueMonitor pending privacy legislation

    Ethics in Information Technology, Second Edition

  • Ethics in Information Technology, Second Edition*Other initiatives (Seal programs)TRUSTe http://www.truste.orgBBBOnline http://www.bbbonline.orgCPA WebTrust http://www.cpawebtrust.org/ Japanese Privacy Mark http://privacymark.org/

    Independent, nonprofit initiatives Favor an industry-regulated approach to data privacy

    Ethics in Information Technology, Second Edition

  • Ethics in Information Technology, Second Edition*Opt-out policy Assumes that consumers approve of companies collecting and storing their personal informationRequires consumers to actively opt outFavored by data collectorsOpt-in policyMust obtain specific permission from consumers before collecting any dataFavored by consumers

    Ethics in Information Technology, Second Edition

  • Ethics in Information Technology, Second Edition*Summary of the 1980 OECD Privacy Guidelines

    Ethics in Information Technology, Second Edition

  • Ethics in Information Technology, Second Edition*Legal Overview: The Privacy ActSecure Flight airline safety programCompares the names and information of 1.4 million daily U.S. airline passengers with data on known or suspected terroristsViolation of Privacy Act

    Ethics in Information Technology, Second Edition

  • Ethics in Information Technology, Second Edition*Key Privacy and Anonymity IssuesGovernment electronic surveillanceData encryptionIdentity theftCustomer profilingNeed to treat customer data responsiblyWorkplace monitoringSpammingAdvanced surveillance techniques

    Ethics in Information Technology, Second Edition

  • Ethics in Information Technology, Second Edition*Governmental Electronic SurveillanceFederal Wiretap ActOutlines processes to obtain court authorization for surveillance of all kinds of electronic communicationsJudge must issue a court order based on probable causeAlmost never deny government requestsRoving tap authorityDoes not name specific telephone lines or e-mail accountsAll accounts are tied to a specific person

    Ethics in Information Technology, Second Edition

  • Ethics in Information Technology, Second Edition*Governmental Electronic Surveillance (continued)Electronic Communications Privacy Act of 1986 (ECPA)Sets standards for access to stored e-mail and other electronic communications and recordsExtends Title IIIs prohibitions against the unauthorized interception, disclosure, or use of a persons oral or electronic communicationsProsecutor does not have to justify requestsJudges are required to approve every request

    Ethics in Information Technology, Second Edition

  • Ethics in Information Technology, Second Edition*Governmental Electronic Surveillance (continued)Electronic Communications Privacy Act of 1986 (ECPA)Highly controversialEspecially collection of computer data sent over the InternetFailed to address emerging technologies

    Ethics in Information Technology, Second Edition

  • Ethics in Information Technology, Second Edition*Governmental Electronic Surveillance (continued)Foreign Intelligence Surveillance Act of 1978 (FISA)Allows wiretapping of aliens and citizens in the United StatesBased on finding of probable cause that a target isMember of a foreign terrorist group Agent of a foreign powerExecutive Order 12333Legal authority for electronic surveillance outside the United States

    Ethics in Information Technology, Second Edition

  • Ethics in Information Technology, Second Edition*Governmental Electronic Surveillance (continued)Communications Assistance for Law Enforcement Act (CALEA)Requires the telecommunications industry to build tools into its products so that federal investigators can eavesdrop on conversationsAfter getting court approvalContains a provision covering radio-based data communicationIncludes voice over Internet (VoIP) technology

    Ethics in Information Technology, Second Edition

  • Ethics in Information Technology, Second Edition*Governmental Electronic Surveillance (continued)USA Patriot Act of 2001Gives sweeping new powers toDomestic law enforcement International intelligence agenciesContains several sunset provisions

    Ethics in Information Technology, Second Edition

  • Ethics in Information Technology, Second Edition*Key Provisions of the USA Patriot Act Subject to Sunset

    Ethics in Information Technology, Second Edition

  • Ethics in Information Technology, Second Edition*Key Provisions of the USA Patriot Act Subject to Sunset (continued)

    Ethics in Information Technology, Second Edition

  • Ethics in Information Technology, Second Edition*Data EncryptionCryptography Science of encoding messages Only sender and intended receiver can understand the messagesKey tool for ensuring confidentiality, integrity, authenticity of electronic messages and online business transactionsEncryption Process of converting electronic messages into a form understood only by the intended recipients

    Ethics in Information Technology, Second Edition

  • Ethics in Information Technology, Second Edition*Data Encryption (continued)Encryption key Variable value applied using an algorithm to encrypt or decrypt textPublic key encryption system uses two keysMessage receivers public key - readily availableMessage receivers private key - kept secretRSA - a public key encryption algorithmPrivate key encryption systemSingle key to encode and decode messages

    Ethics in Information Technology, Second Edition

  • Ethics in Information Technology, Second Edition*Public Key Encryption

    Ethics in Information Technology, Second Edition

  • Ethics in Information Technology, Second Edition*Data Encryption (continued)Most people agree encryption eventually must be built into NetworksFile serversTape backup systemsSeagate Technology hard drive Automatically encrypts all dataU.S. Arms Export Control Act controls the export of encryption technology, hardware, and software

    Ethics in Information Technology, Second Edition

  • Ethics in Information Technology, Second Edition*Identity TheftTheft of key pieces of personal information to gain access to a persons financial accountsInformation includes: NameAddressDate of birthSocial Security numberPassport numberDrivers license numberMothers maiden name

    Ethics in Information Technology, Second Edition

  • Ethics in Information Technology, Second Edition*Identity Theft (continued)Fastest growing form of fraud in the United StatesLack of initiative in informing people whose data was stolenPhishingAttempt to steal personal identity data By tricking users into entering information on a counterfeit Web siteSpear-phishing - a variation in which employees are sent phony e-mails that look like they came from high-level executives within their organization

    Ethics in Information Technology, Second Edition

  • Ethics in Information Technology, Second Edition*Identity Theft (continued)SpywareKeystroke-logging softwareEnables the capture of: Account usernamesPasswordsCredit card numbersOther sensitive informationOperates even if an infected computer is not connected to the InternetIdentity Theft and Assumption Deterrence Act of 1998 was passed to fight fraud

    Ethics in Information Technology, Second Edition

  • Ethics in Information Technology, Second Edition*E-mail Used by Phishers

    Ethics in Information Technology, Second Edition

  • Ethics in Information Technology, Second Edition*Consumer ProfilingCompanies openly collect personal information about Internet usersCookiesText files that a Web site puts on a users hard drive so that it can remember the information laterTracking softwareSimilar methods are used outside the Web environmentDatabases contain a huge amount of consumer behavioral data

    Ethics in Information Technology, Second Edition

  • Ethics in Information Technology, Second Edition*Consumer Profiling (continued)Affiliated Web sitesGroup of Web sites served by a single advertising networkCustomized service for each consumerTypes of data collected while surfing the WebGET dataPOST dataClick-stream data

    Ethics in Information Technology, Second Edition

  • Ethics in Information Technology, Second Edition*Consumer Profiling (continued)Four ways to limit or even stop the deposit of cookies on hard drivesSet the browser to limit or stop cookiesManually delete them from the hard driveDownload and install a cookie-management program Use anonymous browsing programs that dont accept cookies

    Ethics in Information Technology, Second Edition

  • Ethics in Information Technology, Second Edition*Consumer Profiling (continued)Personalization software is used by marketers to optimize the number, frequency, and mixture of their ad placementsRules-basedCollaborative filteringDemographic filteringContextual commercePlatform for Privacy Preferences (P3P)Shields users from sites that dont provide the level of privacy protection desired

    Ethics in Information Technology, Second Edition

  • Ethics in Information Technology, Second Edition*Treating Consumer Data ResponsiblyStrong measures are required to avoid customer relationship problemsCode of Fair Information Practices 1980 OECD privacy guidelinesChief privacy officer (CPO)Executive to oversee data privacy policies and initiatives

    Ethics in Information Technology, Second Edition

  • Ethics in Information Technology, Second Edition*Managers Checklist for Treating Consumer Data Responsibly

    Ethics in Information Technology, Second Edition

  • Ethics in Information Technology, Second Edition*Workplace MonitoringEmployers monitor workers Ensures that corporate IT usage policy is followedFourth Amendment cannot be used to limit how a private employer treats its employeesPublic-sector employees have far greater privacy rights than in the private industryPrivacy advocates want federal legislation To keeps employers from infringing upon privacy rights of employees

    Ethics in Information Technology, Second Edition

  • Ethics in Information Technology, Second Edition*SpammingTransmission of the same e-mail message to a large number of peopleExtremely inexpensive method of marketing Used by many legitimate organizationsCan contain unwanted and objectionable materials

    Ethics in Information Technology, Second Edition

  • Ethics in Information Technology, Second Edition*Spamming (continued)Controlling the Assault of Non-Solicited Pornography and Marketing (CANSPAM)Says it is legal to spam butSpammers cannot disguise their identityThere must be a label in the message specifying that the e-mail is an ad or solicitationThey must include a way for recipients to indicate they do not want future mass mailings

    Ethics in Information Technology, Second Edition

  • Ethics in Information Technology, Second Edition*Advanced Surveillance TechnologyCamera surveillanceU.S. cities plan to expand surveillance systemsSmart surveillance systemFacial recognition softwareIdentifies criminal suspects and other undesirable charactersYields mixed resultsGlobal Positioning System (GPS) chipsPlaced in many devicesPrecisely locate users

    Ethics in Information Technology, Second Edition

  • Ethics in Information Technology, Second Edition*SummaryThe legal concept of the right to privacy has four aspectsA number of laws have been enacted over the past 40 years that affect a persons privacyLaws authorize electronic surveillance by the governmentData encryptionPublic key encryption systemPrivate key encryption systemIdentity theft

    Ethics in Information Technology, Second Edition

  • Ethics in Information Technology, Second Edition*Summary (continued)Consumer behavior data is collected both online and offlineCode of Fair Information Practices and 1980 OECD privacy guidelinesEmployers record and review employee communications and activities on the jobAdvances in information technologySurveillance camerasFacial recognition softwareGPS systems

    Ethics in Information Technology, Second Edition

    ********Westins definition envisions an individual actively involved in a decision making process.It assumes a certain level of individual awareness of the consequences of both disclosing and not disclosing personal information, and the ability to effectively control whether information is disclosed.

    ****************************************


Social Privacy Protector - Protecting Users’ Privacy in

Social Privacy Protector - Protecting Users’ Privacy in

Documents
PRIVACY COMPLIANCE An Introduction to Privacy Privacy Training

PRIVACY COMPLIANCE An Introduction to Privacy Privacy Training

Documents
Privacy Implications of Privacy Settings and Tagging in ...zannone/publication/... · Privacy Implications of Privacy Settings and Tagging in Facebook 1 Privacy Implications of Privacy

Privacy Implications of Privacy Settings and Tagging in ...zannone/publication/... · Privacy Implications of Privacy Settings and Tagging in Facebook 1 Privacy Implications of Privacy

Documents
Privacy issues and internet privacy

Privacy issues and internet privacy

Technology
NIST Privacy Framework: A Tool for Improving …...3 – Privacy privacy

NIST Privacy Framework: A Tool for Improving …...3 – Privacy privacy

Documents
Privacy by Design: The Future of Privacy… · PRIVACY BY DESIGN (PbD) A proactive approach to privacy that supplements privacy principles in a manner that promotes innovation, privacy,

Privacy by Design: The Future of Privacy… · PRIVACY BY DESIGN (PbD) A proactive approach to privacy that supplements privacy principles in a manner that promotes innovation, privacy,

Documents
A Random Matrix Approach to Differential Privacy and ... · privacy preserving models, Di erential privacy provides the strongest privacy guarantees. In this paper we propose a privacy

A Random Matrix Approach to Differential Privacy and ... · privacy preserving models, Di erential privacy provides the strongest privacy guarantees. In this paper we propose a privacy

Documents
15-744: Computer Networking L-25 Privacy. 2 Overview Routing privacy Web Privacy Wireless Privacy

15-744: Computer Networking L-25 Privacy. 2 Overview Routing privacy Web Privacy Wireless Privacy

Documents
PRIVACY CRITERIA. Roadmap Privacy in Data mining Mobile privacy (k-e) – anonymity (c-k) – safety Privacy skyline

PRIVACY CRITERIA. Roadmap Privacy in Data mining Mobile privacy (k-e) – anonymity (c-k) – safety Privacy skyline

Documents
The Privacy Symposium/HIPAA Summit Healthcare Privacy: The Perspective of a Privacy Advocate

The Privacy Symposium/HIPAA Summit Healthcare Privacy: The Perspective of a Privacy Advocate

Documents
privacy issues and internet privacy-.pptx

privacy issues and internet privacy-.pptx

Documents
Privacy - Introductie Beware of privacy – security fallacies ! Privacy

Privacy - Introductie Beware of privacy – security fallacies ! Privacy

Documents
PRIVACY + SECURITY FORUM DIGITAL HEALTH PRIVACY: THE …

PRIVACY + SECURITY FORUM DIGITAL HEALTH PRIVACY: THE …

Documents
EPIC - Electronic Privacy Information Centerepic.org/privacy/body_scanners/Mobile_Body_Scanner...EPIC - Electronic Privacy Information Center

EPIC - Electronic Privacy Information Centerepic.org/privacy/body_scanners/Mobile_Body_Scanner...EPIC - Electronic Privacy Information Center

Documents
IAPP Privacy Certification Web Privacy & Security Ruth Nelson Director and Co-leader, Privacy Practice Certified Information Privacy Professional

IAPP Privacy Certification Web Privacy & Security Ruth Nelson Director and Co-leader, Privacy Practice Certified Information Privacy Professional

Documents
Privacy and Privacy Rights

Privacy and Privacy Rights

Documents
Privacy engineering, CyLab privacy by design, privacy

Privacy engineering, CyLab privacy by design, privacy

Documents
PRIVACY AND RELATED ISSUES IN IT. Main points What is privacy? Privacy harms and benefits Privacy right Protecting privacy: Technology, markets,

PRIVACY AND RELATED ISSUES IN IT. Main points What is privacy? Privacy harms and benefits Privacy right Protecting privacy: Technology, markets,

Documents
Towards privacy preserving social recommendation under ...jundongl/paper/Towards privacy preserving social recommendation under personalized privacy settings ... privacy-preserving

Towards privacy preserving social recommendation under ...jundongl/paper/Towards privacy preserving social recommendation under personalized privacy settings ... privacy-preserving

Documents
Introduction to Privacy and Privacy Engineering

Introduction to Privacy and Privacy Engineering

Technology
DEFENSE PRIVACY & CIVIL LIBERTIES OFFICE Privacy Foundations Samuel P. Jenkins Director for Privacy Defense Privacy and Civil Liberties Office Identity

DEFENSE PRIVACY & CIVIL LIBERTIES OFFICE Privacy Foundations Samuel P. Jenkins Director for Privacy Defense Privacy and Civil Liberties Office Identity

Documents
Privacy Policy, Law and Technology Privacy Law

Privacy Policy, Law and Technology Privacy Law

Documents
Future of Privacy Forum€¦ · PRIVACY 2020 10 Privacy Risk$?ncl 10 Privacy Enhåpcing Technologies o-Watc int e Nex Decad FUTURE PRIVACY FORUM DATA PRIVACY DAY 2020 Jules Polonetsky

Future of Privacy Forum€¦ · PRIVACY 2020 10 Privacy Risk$?ncl 10 Privacy Enhåpcing Technologies o-Watc int e Nex Decad FUTURE PRIVACY FORUM DATA PRIVACY DAY 2020 Jules Polonetsky

Documents
How Privacy Relates to Security Privacy Symposium Privacy Certificate Program Training August 2008

How Privacy Relates to Security Privacy Symposium Privacy Certificate Program Training August 2008

Documents
Privacy attitudes and privacy behaviour: A review of …fws.commacafe.org › resources › Kokolakis_privacy_paradox.pdfnetwork.This inconsistency of privacy attitudes and privacy

Privacy attitudes and privacy behaviour: A review of …fws.commacafe.org › resources › Kokolakis_privacy_paradox.pdfnetwork.This inconsistency of privacy attitudes and privacy

Documents
Privacy Amendment (Enhancing Privacy Protection) Act 2012

Privacy Amendment (Enhancing Privacy Protection) Act 2012

Documents
Privacy Regulation: Culturally Universal or Culturally ...courses.cs.vt.edu/cs6204/Privacy-Security/Papers/Privacy/Privacy... · PRIVACY REGULATION 67 A THEORETICAL APPROACH TO PRIVACY

Privacy Regulation: Culturally Universal or Culturally ...courses.cs.vt.edu/cs6204/Privacy-Security/Papers/Privacy/Privacy... · PRIVACY REGULATION 67 A THEORETICAL APPROACH TO PRIVACY

Documents
1 IAPP Privacy Certification Workplace Privacy Certified Information Privacy Professional (CIPP) James Koenig Practice Co-leader, Privacy Strategy and

1 IAPP Privacy Certification Workplace Privacy Certified Information Privacy Professional (CIPP) James Koenig Practice Co-leader, Privacy Strategy and

Documents
Australian Privacy Principles - Privacy Week May 2015

Australian Privacy Principles - Privacy Week May 2015

Marketing
Privacy Legislation Amendment (Enhancing Online Privacy

Privacy Legislation Amendment (Enhancing Online Privacy

Documents