u10a1 - Ethical and Legal Dilemma in IT - Turner

Ethical and Legal Dilemmas 1

Ethical and Legal Dilemmas in Home Monitoring and Management Services

Assignment u10a1

Robert "Bob" Turner

TS5336 – Ethical and Legal Considerations in Information Technology

Capella University

December 16, 2011

E-mail: [email protected]

Instructor: Mr. Stuart Gold, PhD


Ethical and Legal Dilemmas in Home Monitoring and Management Services

The industry that has developed over the last 25 years around the concept of protecting the home

through use of information technology and ensuring privacy by applying information assurance controls is

today a multi-million dollar market force. Unfortunately, there does not appear to be a targeted legal or

ethical framework that serves to regulate this field; which forces practitioners to rely on sorting through

the mass of industry technical standards, building codes and generalized information technology related

laws in order to deliver effective services. This paper presents arguments, for the benefit of students and

professionals in the home security and information technology fields, that highlight the issues and

complexities of law and ethics involved when maintaining privacy comes in conflict with the need for

sharing information necessary to effect proper management of management services and protection of

private homes or offices using information technology based tools and techniques.

Legal and Ethical Use of Information and Technology

From a casual review of articles in the local newspaper, Internet news sites and community specific

weblogs, it is easy to determine that we live in challenging times for the global and national economy.

Daily are the stories of economic suffering within various industries, threats and news of layoffs, legal

conundrums and ethical missteps by leaders in industry, and stories of fraud, waste and privilege abuse.

These conditions impact today’s home technology market as it continues to deliver advanced systems

and software applications for establishing or improving security along with personal productivity and home

management. Included are those applications which serve to better the life of average citizens by

delivering improved physical security, monitoring services, home health care delivery, and management

of food inventory and delivery of entertainment services. Of course, with every Internet based avenue

inward to the home to deliver services there is a corresponding outlet for personal and private information

and activities to be shared with members of the Internet community. The adversary’s work is made much

easier since information leakage is commonplace among supervisory control and data acquisition, or

SCADA, systems which are at the core of home security and management architectures (Nash, 2005).

Loathe as we are for Government intervention, there are situations where the law can assist in shaping

the direction of the industry and drive service and technological innovations we demand as consumers.

Yet for nearly every law written, there is a corresponding and complimentary ethical framework for


applying common sense, industry best practices and professional ethics to ensure effective and high

quality services at the best price.

Legal Frameworks

According to the United States Government Accountability Office (2008), Federal policy identifies

eighteen infrastructure sectors that are critical to the nation’s security, economy, public health, and safety,

to include public and private functions such as banking and finance, energy, public health and healthcare,

and telecommunications. Our nation’s reliance on computerized information systems and electronic data

make it essential that the security of these systems and data is maintained (p. 1). Many critical

infrastructure components are owned by the private sector. Effective government protection and

provision of security services carries the imperative that public and private entities work together to

protect these assets. The same partnerships among private industry and government agencies directly

support effective provision of private home security and monitoring services through a framework of

federal laws, regulations, and standards considered essential to the security of privately owned

information technology systems and data. There are over 30 federal laws, regulations, and mandatory

standards that pertain to securing privately owned IT systems and data in our nation’s critical

infrastructure sectors (GAO, 2010, p.2). Among these laws are specific statutes concerning privacy

practices, security service provisions and contractual implications which are useful in constructing state

and local laws to regulate the home monitoring and management services industry.

Privacy considerations. Among the many laws relating to privacy is the Electronic

Communications Privacy Act of 1986, known by the acronym ECPA and discussed in a later section of

this paper. Stemming from the ECPA, our Government has enacted rules governing how agencies are

allowed to handle personal and private information. One specific regulation provides for protection of

information considered as Sensitive Security Information, or SSI, which is codified in 49 U.S.C. 114. SSI

is information obtained or developed in the conduct of security activities; which if disclosed, could

constitute an unwarranted invasion of privacy, or could reveal information which contains trade secrets or

privileged information. The Government imposed specific duties on agents and private citizens such as

taking reasonable steps to safeguard SSI in that person's possession or control from unauthorized

disclosure. The Act also imposes the duty to avoid disclosure to people unless they have a need to


know, which can be defined as the requirement to understand pieces of information in the normal

performance of their duties ("Protection of sensitive," 2004). Private concerns have adopted similar

standards in order to have an approach which keeps their corporate interests in mind and serves to shield

them from litigation.

Security considerations. The government’s role and responsibility in computer security relates

primarily to securing federally owned, leased, or operated systems. Federal agencies generally do not

mandate controls for the security of non-government computer systems. However, the federal

government does require certain information held on non-government systems to be protected against

unauthorized access and disclosure (Motef, 2004). As many home computing systems and those held by

private home monitoring and management service providers can potentially contain sensitive Government

information either created by a private entity or that which is inadvertently or deliberately downloaded,

there is a duty imposed to protect the information once discovered.

Contract compliance. Contracts are agreements that are legally enforceable which may involve a

duty to do, or refrain from doing a specific act or obligation. Non-performance of this duty is considered a

breach of contract. The law provides remedies if a promise is breached with the goal to make the

breached party return to their prior position, as if the contract had not been breached, rather than punish

the breaching party (USLegal.com, n.d.). Numerous facets of IT related management within home

security and monitoring are simply the result of contract performance, the parties must rely on specific

language and clauses being standard across the industry.

Ethical Value Systems

The effect of principled behavior strengthens cyber security. By employing Kohlberg’s Theory of

Moral Development and Education and the axioms expressed by Professor Kenneth Laudon, the

information technology professional can develop ethically driven business rules for operating within the

home monitoring and management services industry which set their business apart from those who set

ethics behind profit.

For review, Lawrence Kohlberg (1984) believes moral action flows from a three step process

involving a deontic judgment of what is right, discerning responsibility and then carrying out the decision

(p. 258). Kohlberg (as cited in Wahlberg and Haertel, 1997) understood that moral judgments may be


defined as judgments of value, as social judgments, and as judgments that oblige an individual to take

action (p. 57). Thus, a strong moral drive to produce ethically based judgments are divided according to

ones intention to pursue the acts, in some cases, simply deemed as the right thing to do by those

individuals (Chong and Opara, 2009).

Professor Kenneth Laudon (1995) believed that from his study of 2,000 years of writings there

emerged three critical arguments. Phenomenology versus positivism which asks what is good in the

given situation derived from the logic and language of the moment or by observing the real world and

inductively deriving the ethical principles. Rules versus consequences which positions those who believe

good actions result from following the correct and generally accepted rules of behavior based on religion,

intuition and aesthetics; contrasted against those who would rather take action that tend to produce the

best outcome whether results or consequences. The final distinction being a contrast between individuals

and collectivities which focuses on belief systems the locus of moral authority and stresses that belief in

an individual’s power of self-analysis versus community or society consensus could result in moral

relativism based on whatever the group believes is the best rule (p. 34).

Practical Application of Ethical Considerations in Information Technology

The home monitoring and management industry is increasingly dependence on internet connected

services and wireless interconnections to process tremendous volumes of data and to provide real time

monitoring and control of home services which integrate into operations and call centers. Of particular

interest to the ethicist are those systems which provide direct control of safety and security systems, plus

those applications which directly impact life affirming medical services such as real time heart monitors

which report to clinics or emergency responders or fire control systems which sense temperature or

flames and respond with activation of fire suppression and warning systems.

Privacy and Security Practices

In practical application within the information technology industry, these ethical foundations

motivate one employee to report suspicious activity such as the existence of peer-to-peer software, like

BitTorrent or Morpheus, to a supervisor immediately while another employee with similar technical

training would investigate and correct the cause of the suspicious activity without a report.


Within the home security monitoring and management services industry, the application of Kohlberg

and Laudon’s theories are found in the amount of personal information coincident to providing the service

that can be gathered on celebrities and public figures; and subsequently revealed to cause damage or

erosion of the image is but one aspect that provides incentives to protect on near equal measure to

incentives to publish. Kohlberg suggests that the individuals continue to change their decision priorities

over time, through education, peer or environmental influences, growing confidence or willingness to take

risks based on experiences along with changes in values of ethical behavior (Chong and Opara, p. 52).

The Right Product at the Right Time for the Right Cost

The ethical dilemma in applying technology to solve problems is that despite what a designer is

comfortable with, or desires to be challenged to achieve, is that the purpose of designing technology is

most often to make it serve a certain function (Albrechtslund, 2007). Within an industry with sales

exceeding $2.1 billion in 2010 with potential to reach more than $3.8 billion by 2016, lighting, home

entertainment, and security systems accounted for nearly 58% of the U.S. home automation market in

2010 (BCC Research, 2011). Those who specialize in technology applied within a private home should

guard against designing a fit for their favorite or most abundantly stocked tool or application; instead they

should apply the available technology or engage in design of new technologies to meet a need or desire

of the customer. Designing solutions to fit a validated requirement provides the opportunity to solve a

problem instead of the opposing search for a problem to fit a tool.

The Effects of Law on the Information Technology Profession

The effects of local and state legal actions, whether through case law or legislation, are far

reaching. In an article by technology columnist Gerald Kohl (2010), the Electronic Security Association’s

Director of Government relations, John Chwat, lamented that state bills in California and New York have a

tendency to be copied by other states in rapid order (p.1). Within the home security and monitoring

industry, the liability of manufacturers, designers, consultants and installation firms could be significant

should an accident or incident result in death or harm to an individual or significant loss of property.

While many contracts include clauses that indemnify manufacturers from installation defects, or exempt

designers and installers from liability associated with manufacturer defects, the seemingly limitless effects

of tort law and crusades by individual legislators often result in greater losses within the industry.


Legislation

Experts argue between the ethical basis for establishing laws even when, intuitively, the

responsibility for managing, monitoring and security concerns seem to fall outside the normal arguments

of morality, religion and philosophical systems of ethics (Tavani, 2001, p. 40-43). Other experts assert

that digital environments can be regulated by their technological capabilities and the design choices made

by computer systems engineers. For example, privacy features can be built into computer systems to

guarantee personal data will be processed using fair information practices. These features and policy

rules built within the architectures and designs of information systems can carry the effect of law and are

every bit as important as the rules promulgated by traditional government institutions (Richards, 2006).

State laws, such as New York’s laws relating to home monitoring services, are slowly evolving but

tend to focus the areas of liability, privacy and safety. According to the summary of NY Senate Bill 2074,

terms used in a contract to indemnify or exempt manufacturers, sellers and/or monitors of burglary

protection systems from liability for negligence should not be enforceable and existing contracts with the

indemnification should be voided. The proposed language states that such terms must provide for

recovery of costs associated with the installation, service and maintenance provided by the manufacturer,

seller; including the monitor service (Kohl, 2010). Consumers who do not read the contract carefully are

often victims of not only the incident or accident, but they become victims of the contract as well.

At the Federal level, the lengthy debate leading to passage of the Patient Protection and Affordable

Care Act included discussions by the Senate Committee on Aging. The committee examined the use of

broadband technologies in healthcare, with emphasis on mobile and wireless devices. Committee

members applauded the technologies available for home medical care highlighting an automatic insulin

dispenser that wirelessly communicates adjustments to dosage as the patient's condition changes. The

device then uploads readings to the patient's electronic medical record EMR. Underlying the utility of

such devices is the need for widespread availability of broadband Internet service; with a return on

investment in more robust communications networks reflected in lower Medicare costs (Versel, 2010).

Continued Federal legislation and support for improving broadband Internet technology and infrastructure

for non-standard home management services such as home medical monitoring with heart monitors,


insulin delivery systems and other portable medical technologies can significantly influence the direction

of home management systems.

Countries outside of the United States also regulate the services related to home monitoring and

management. Australia’s Private Security Act (2004) requires that country’s Chief Commissioner to

register those in the business of acting as security equipment installers or security consultants

(Australasian Legal Information Institute, 2004, Section 71). South Africa’s government regulates wages

for private security firms engaged in monitoring and responding to alarms at premises which are guarded

by persons or by electronic means (Badenhorst, 2010). Such specificity in legislation is a trend expected

to continue as citizens react to advances in technology which increase access to the home and more

services are offered, further breaching the boundary of privacy within homes and private offices.

Local Law Enforcement and Monitoring Industry Partnerships

Local governments incur costs in responding to false alarms generated by security monitoring

systems with the mechanical controls industry reporting similar cost incurred responding to abnormal

conditions reported to operations centers. Municipalities such as San Rafael, California report costs of

$250,000 per year to respond to false alarms while smaller localities like Hercules, California, Astubula,

Ohio and Kingman, Arizona have instituted fines of between $75 and $200 to offset costs incurred when

police are required to respond to a false alarm (Anonymous, 2006). In George Demarco’s (2004) article

concerning the cost of local government response to false alarms, improvements in the relationship

between law enforcement and the alarm industry has brought a measurable effect on the community

through accurate reporting and adjudication of service calls when home monitoring technology delivers a

false alarm. Noting that properly managed alarm systems provided opportunity cost savings of more than

80 percent in Los Angeles, California and 90 percent in Salt Lake City, Utah (p. 17). As technology

improves and services response stabilizes, monitoring management proves its value in greater measure

than legislation or the effect of case law outcomes.

The Impact of Legislation

The Electronic Communications Privacy Act of 1986, or ECPA, was enacted to extend federal

wiretap laws to new forms of communication and has direct applicability to the home security monitoring

field. The ECPA is based on the privacy rights derived from the protection against unreasonable


searches and seizures found in the Fourth Amendment and Congress's power to regulate interstate

commerce granted in Article I of the U.S. Constitution.

Surveillance using wiretaps, pen registers and traps. One facet of the ECPA is the legislation

regulating the practice of conducting surveillance using wiretaps or the less intrusive pen registers and so

called trap and trace devices. As many home security systems communicate with monitoring operations

centers over standard telephone lines, practitioners need to be concerned with the technologies used for

conducting electronic surveillance. Pen registers are electronic devices that record the phone numbers

that you call, while trap & trace devices record the numbers that call you. The Supreme Court decided in

the 1979 case of Smith v. Maryland that because telephone users knowingly exposes phone numbers to

the phone company when they dial them, the Fourth Amendment doesn't protect the privacy of those

numbers against pen trap or trace surveillance by the government. The contents of a telephone

conversation are protected, but not the dialing information (Electronic Frontier Foundation. n.d.).

Likewise, wiretapping is any interception of a telephone transmission via the telephone signal while

electronic eavesdropping is the use of an electronic transmitting or recording device to monitor

conversations without the consent of the parties. It is important to note here that federal law does not

currently regulate silent video communications, such as webcams or other video monitoring without an

audio component (Privacy Rights Clearing House, 2010).

Other aspects of legislation including the Patriot Act. There is little accessible Federal law

speaking directly to the home monitoring and management industry beyond that which is common to all

businesses. Local building codes and regulations vary and generally speak to building construction,

wiring, lighting and sound isolation. Signals traversing the home’s physical and logical

telecommunications boundary can be subject to monitoring under the Providing Appropriate Tools

Required to Intercept and Obstruct Terrorism Act, known as the USA-PATRIOT Act, and the Homeland

Security Act with the legislation providing for government surveillance of private telephone or internet

based communications and to encourage private entities to share information with the government by

alleviating legal liability. The lack of specific legislative intervention could be due to the long-standing

principles of constitutional law and to more recent principles of civil privacy legislation, only with proper

showing on the part of law enforcement should breaches of privacy rules be allowed (Mitrano, 2003).


How Case Law Impacts Home Monitoring and Management Services

While specific applications in case law related to private home monitoring services is rare, the

application of wiretap laws were highlighted in a recent case when Pennsylvania's Lower Merion school

district installed remote control anti-theft software on student laptops which enabled the school district to

access the video camera of a stolen laptop and recover an image of the user. The images were used to

determine the identity of the user and take disciplinary action (Andersen, 2010). The United States

Senate’s Judiciary Committee conducted a field hearing in March of 2010 and among the witnesses was

Former Justice Department prosecutor Marc Zwillinger who urged caution with any law change that would

make all silent video communications subject to Wiretap Act rules stating that in an age of webcams,

wireless CCTV cameras, and cell phones that can take video, the law is badly out of date (Zwillinger,

2010, March 29).

Title 18, Part I, Chapter 19 and Section 2510 of the United States Code was codified as the Wiretap

Act. The act bans oral, wire, and electronic communications gathered without consent unless under a

court order. Further defining electronic communications, the Wiretap Act covers any transfer of signs,

signals, writing, images, sounds, data, or intelligence of any nature transmitted in whole or in part by a

wire, radio, electromagnetic, photo electronic or photo optical system (The Wiretap Act, Section

2510(12)). The law also requires that communications have an aural component; so it does not currently

regulate silent video communication. The Senate Judiciary Committee determined at the hearing that

since Lower Merion's actions to include the use of a laptop microphone and therefore were ruled as not

covered by the Wiretap Act. Zwillinger’s (2010) testimony urged caution with any law change that would

make all silent video communications subject to Wiretap Act rules. Zwillinger pointed to other cases

where the public is are comforted by the notion that video surveillance helps keep our children safe. As

stated by Zwillinger, changes in the Wiretap Act could have two chilling effects. First, it would likely make

illegal the array of public and private remote surveillance and security cameras found today at most

ATMs, gas stations, casinos, doorsteps, and light poles and used for a multitude of legitimate purposes

including security, crime fighting, traffic analysis, and scientific observation. Second, it could turn well-

intentioned journalists, security professionals, parents, and scientists into serious criminals (p. 4-5)


The extent of coverage for the Wiretap Act is sufficient to provide law enforcement latitude

in conducting legitimate investigations. Additional remedies under the USA-PATRIOT Act provide

the means for conducting legitimate and court authorized and duly warranted surveillance over

suspected criminals. While the conduct of legitimate purchased surveillance and monitoring

service is not currently impacted, the relevant legislative action bears watching.

Routine Outcomes of Civil Proceedings Shapes Case Law

Probably due to the home monitoring and management services industry’s relative youth, most of

the legal evolution in the home monitoring industry has been through establishment of local ordinance

and building codes shaped by subsequent actions involving industry associations and legislatures. Such

actions served to challenge the business aspects instead of setting any overwhelming precedent which

forced specific changes. A majority of case law in the home monitoring industry involves breach of

contract cases such as Peter Arroyo v. Safe Home Security where the plaintiff alleged Safe Home

Security breached of contract arising from an agreement to provide security monitoring services when a

burglary occurred and the installed the security system failed to properly operate with the result that his

business sustained monetary losses. The Trial Judge deemed it a routine case and awarded Arroyo

approximately $8,000 in loss and damage (Weiss, 2002). There continues to be no specific changes in

how home monitoring and management services are delivered having been ordered by the courts.

Organizing Information Technology to Ensure Regulatory Compliance

In general, regulatory compliance is more challenging and complex for corporations because of the

multitude of regulations such as Purchase Card Industry Data Security Standards, known as PCI-DSS,

which offer robust and comprehensive standards and supporting materials for enhancing payment card

data security to include a framework of specifications, tools, measurements and support resources to help

organizations ensure the safe handling of cardholder information at every step (Security Standards

Council, n.d.). The Sarbanes Oxley Act of 2002, amended in 2010 and known as SOX, imposed on

corporate leadership a framework for responsibility and auditor oversight, including prior approval for non-

audit services by the auditor and the disclosure of all non-audit services of the auditor approved by the

committee. Corporate Chief Executives and Financial Officers are now required to certify that their

companies’ annual and quarterly reports as accurate and not misleading, and that they have met their


responsibility for evaluating internal controls. Additionally, there has been a ban on new personal loans

by companies to their directors or executives (Lander, 2003). The activities of the Federal Trade

Commission, which has been intensely involved in the Internet privacy debate and has worked with

various parties to examine and learn about privacy issues and has made recommendations to Congress

about new legislation (Swindle, 2002). International Standard 27001-2 provides a model for establishing,

implementing, operating, monitoring, reviewing, maintaining, and improving an Information Security

Management System which can be guided by an organization’s needs and objectives, security

requirements, the processes employed based the size and structure of the organization (The ISO 27001

Directory, 2007).

PCI-DSS, SOX & ISO 27001-2 are prominent among numerous acts and laws imposed according

to a company's location, industry, and countries with which it conducts business. In order to fully

comprehend the complicated demands of some regulations, companies and organizations employ

specialists and consultants and produce special documentation to assist with documenting proper

regulation deployment procedures.

The inefficiencies and complexities of networks and endpoint management are well known, but IT

departments often lack the manpower, budget or resources to address every potential threat on every

endpoint in the network. Despite concerted efforts to establish a sound security policy, IT teams are still

hit hard with security incidents due to a lack of visibility and control. Most organizations understand the

impact of maintaining compliance and some have even developed and deployed unique solutions to

address compliance issues since most commercial solutions fail to provide sufficient protection and

management guarantees needed to tackle threats caused by a the continuing growth of Internet usage

and rapid advancements in consumer technologies. Organizations such as the National Institute of

Standards & Technology and the Center for Internet Security develop and maintain compliance guidelines

to manage and protect valuable information assets (Promisec USA, 2009). The right technology, properly

employed, promotes compliance while serving the customer and ultimately increasing profitability.

Corporate policy compliance may be seen as somewhat easier to define than regulatory compliance

because it is dictated inside a company and not by external bodies. Each organization decides for itself

what employees can and cannot do based on the security risks involved.


Conclusions

The principle ethical dilemmas of adhering to a sense of personal privacy and protection of

information used to manage services must be recognized by those companies and agencies involved with

establishing home management and monitoring services. Providers must respect boundaries within a

homeowner’s personal space whether monitoring fire and intrusion detection sensors or providing

surveillance of intruders and for illegal activity. When not in conflict with social contracts found in the law;

the needs of the customer must continue to drive what industry invents, develops and offers in the way of

systems, processes and services. Industry must focus on ethical survival and be prepared to continue

delivering the right service at the right cost with mutually acceptable quality.

Personal and Professional Accountability

It is natural and intuitive that those who own, operate or manage services, systems and technology

within the industry must bring the most reliable and effective products to bear. Since home monitoring

and management systems penetrate the perimeters established by the home’s physical and internet

boundaries, the need to maintain privacy and keep personal information in close hold with security

considerations creates a natural sense of shared responsibility while placing a burden of highly ethical

conduct on the service provider. Data security within the home is the responsibility of the owner or

occupant while the owner’s information under control of the vendors becomes a shared responsibility with

significant liability on the part of the vendor. Using the established law and ethical frameworks discussed

in this paper, home owners and vendors can work to establish the parameters and controls necessary to

shield both parties and to preserve the privacy of the customer in concert with integrity of IT networks,

security appliances, information systems and professional practices of service providers.

Other Elements Promoting Compliance

While not presented as a panacea or the ultimate solution; the future of home monitoring and

management services relies on a business sector willing to work continually improve standards and

practices. Keeping pace means establishing professional practices groups or private organizations which

codify an industry wide code of ethics would provide for better service delivery, training of practitioners,

and finally, professional interest groups can serve as a legislative lobbying and advising body to foster

more reasonable and useful development of law within Federal, State and Local governments.


References Albrechtslund, A. (2007). Ethics and technology design. Ethics and Information Technology, 9(1), 63-63.

doi:10.1007/s10676-006-9129-8

Andersen, N. (2010). School laptop spy case prompts wiretap act rethink. Retrieved December 3, 2011

from http://arstechnica.com/tech-policy/news/2010/03/school-laptop-spy-case-prompts-wiretap-act-

rethink.ars

Anonymous, (2006). Alarm ordinance watch. Security Systems News, 9(9), 12-12. Retrieved November

25, 2011 from http://search.proquest.com/docview/225519723?accountid=27965

Australasian Legal Information Institute. (2004). Grant of private security business registration. Retrieved

November 24, 2011 from University of Technology, Sydney website:

http://www.austlii.edu.au/au/legis/vic/consol_act/psa2004217/s71.html

Badenhorst, S. (2010). Amendment of sectoral determination 6: Private security. Retrieved November 24,

2011 from Private Security Industry Regulatory Authority website:

http://www.psira.co.za/joomla/index.php?option=com_content&task=view&id=82&Itemid=37

BCC Research. (2011). Home automation and security technologies, products, and markets. (Report ID

WA6566717). Norwalk, CT: Business Communications Company, Inc

Chong, G., & Opara, E. (2009). Ethical framework for the IT and business professions. Communications

of the IIMA, 9(3), 51-51-62. Retrieved October 29, 2011 from

http://search.proquest.com/docview/858947065?accountid=27965

Electronic Frontier Foundation. (n.d.). Pen registers and trap and trace devices: Less powerful than a wiretap but with much weaker privacy safeguards. Retrieved December 1, 2011 from https://ssd.eff.org/wire/govt/pen-registers

Kohl, G. (2010, April 15). Contract legislation in ny would affect dealers, monitoring firms. Retrieved

November 25, 2011 from http://www.securityinfowatch.com/Dealers/1315733?pageNum=1

Kohlberg, L. (ed.) (1984). Essays on moral development 2: The psychology of moral development. San Francisco, CA: Harper and Row.

Lander, G. (2003). What is sarbanes-oxley? Blacklick, OH: McGraw-Hill Trade. Retrieved December 9,

2011 from http://site.ebrary.com/lib/capella/Doc?id=10065195

Laudon, K. C. (1995). Ethical Concepts and Information Technology. (cover story). Communications Of

The ACM, 38(12), 33-39. Retrieved October 29, 2011 from EBSCO host.

Mitrano, T. (2003). Civil privacy and national security legislation: A three-dimensional view. Retrieved

November 3, 2011 from http://www.educause.edu/EDUCAUSE

Review/EDUCAUSEReviewMagazineVolume38/CivilPrivacyandNationalSecurit/157868

Motef, J. (2004). Computer security: a summary of selected federal laws, executive orders, and presidential directives. Washington, DC, Congressional Research Service, Library of Congress. Retrieved December 10, 2011 from http://www.fas.org/irp/crs/RL32357.pdf


Nash, T. (2005). Backdoors and holes in network perimeters: A case study for improving your control system security. Washington, DC; U.S. Dept. of Homeland Security Control System Security Center. Retrieved December 12, 2011 from http://www.us-cert.gov/control_systems/pdf/backdoor0503.pdf

National Archives and Record Administration, (2004). Protection of sensitive security information.

Retrieved December 10, 2011 from Government Printing Office website: http://ecfr.gpoaccess.gov/cgi/t/text/text-idx?c=ecfr&rgn=div5&view=text&node=49:9.1.3.4.8&idno=49

Promisec USA, (2009). How to ensure compliance within an organization. New York, NY: Promisec. Richards, N. (2006). The information privacy law project. Washington, DC; Georgetown University; 94

Geo. L.J. 1087. Security Standards Council. (n.d.). Pci ssc data security standards overview. Retrieved December 9,

2011 from https://www.pcisecuritystandards.org/security_standards/index.php Swindle, O. (2002, June). In O Swindle (Chair). Perspectives on privacy law and enforcement activity in

the united states. Paper presented at Working Party on Information Security and Privacy Paris, OECD, 25-26 June 2002. Paris, France. Retrieved December 10, 2011 from http://www.ftc.gov/speeches/swindle/perspectivesonprivacy.shtm

The ISO 27001 Directory. (n.d.). An introduction to iso 27001 . Retrieved December 9, 2011 from

http://www.27000.org/iso-27001.htm Tavani, H. (2011). Ethics and technology; controversies, questions and strategies for ethical computing.

Hoboken, NJ; John Wiley and Sons, Inc.

USLegal.com. (n.d.). Contract law & legal definition. Retrieved December 10, 2011 from http://definitions.uslegal.com/c/contract-law/

Versel, N. (2010, April 27). Senate panel explores home health monitoring technologies. Retrieved

November 23, 2011 from http://www.fiercemobilehealthcare.com/story/senate-panel-explores-home-health-monitoring-technologies/2010-04-27

Walberg, H. J., & Haertel, G. D. (1997). Psychology and educational practice. McCutchan Publishing

Corporation. Retrieved December 1, 2011 from EBSCO host. Weiss, P. (2002). Peter arroyo v. safe home security (CV000499980S ). Retrieved November 25, 2011

from Superior Court of Connecticut, website: http://www.lexisone.com/lx1/caselaw/freecaselaw?action=OCLGetCaseDetail&format=FULL&sourceID=bdiedc&searchTerm=efXi.Qcda.aadj.ecOG&searchFlag=y&l1loc=FCLOW

Zwillinger, M. (2010, March 29). Statement of Marc J. Zwillinger before the U.S. Senate Committee on

the Judiciary Subcommittee on Crime and Drugs for the hearing on Video Laptop Surveillance: Does Title III Need to Be Updated? Washington, DC: Zwillinger Genetski LLP. Retrieved December 3, 2011 from http://www.judiciary.senate.gov/hearings/testimony.cfm?id=e655f9e2809e5476862f735da15a7ed6&wit_id=e655f9e2809e5476862f735da15a7ed6-1-4

Documents

u10a1 - Ethical and Legal Dilemma in IT - Turner