Ethics and Privacy in Cyberspace Lesson 20
Dec 31, 2015
Privacy and Other Personal RightsPrivacy and Other Personal Rights
Thomas J. Watson, Chairman of the Board for IBM, once stated:
Today the Internal Revenue Service has our tax returns. The Social Security Administration keeps a running record on our jobs and our families. The Veterans Administration has medical records on many of us, and the Pentagon our records of military service. So, in this scatteration lies our protection. But put everything in one place, computerize it, and add to it without limit, and a thieving electronic blackmailer would have just one electronic safe to crack to get a victim’s complete dossier, tough as that job may be. And a malevolent Big Brother would not even have to do that: he could sit in his office, punch a few keys, and arm himself with all he needed to know to crush any citizen who threatened his power. Therefore, along with the bugged olive in the martini, the psychological tests, and the spiked microphone, the critics have seen “data surveillance” as an ultimate destroyer of the individual American citizen’s right to privacy – his right to call his soul his own.
Privacy and Other Personal RightsPrivacy and Other Personal Rights
“Security has sometimes been defined as protecting the computer against people, and privacy as protecting people against the computer.”
From our perspective, we must be concerned with protecting information we may have on clients/customers from unauthorized access or inappropriate use.
Privacy and Other Personal RightsPrivacy and Other Personal Rights The Federal Privacy Act
There is a basic rule that government files are open to the public, unless there is a specific reason, enacted by the legislature, saying that certain files are not available.– Freedom of Information Act
Agencies can maintain information about individuals only when it is relevant and necessary to accomplish the agency’s purpose.Prohibits the disclosure of any record except within the agency maintaining it unless the individual makes a written request for the data.
Privacy and Other Personal RightsPrivacy and Other Personal Rights
Employee rights– With respect to e-mail, the company should have a clearly
stated policy as to the use of the system for personal communications.
– It should explicitly state that supervisory personnel have the right to read all e-mail communications if the company intends to monitor.
Motivation -- Individual RightsMotivation -- Individual Rights
Rights to Privacy & Free speechWhere do these rights come from?Are they universal?
Privacy, who “owns” the info about you?Check a company’s privacy statement
LawsLaws Electronic Communications Privacy Act (ECPA)
(1986) was adopted to address the legal privacy issues that were evolving with the growing use of computers and other new innovations in electronic communications. The ECPA updated legislation passed in 1968.extended privacy protection outlined in the earlier legislation to apply to radio paging devices, electronic mail, cellular telephones, private communication carriers, and computer transmissions.
GLBGLB Requires clear disclosure by all financial institutions of their
privacy policy regarding the sharing of non-public personal information with both affiliates and third parties.
Requires a notice to consumers and an opportunity to "opt-out" of sharing of non-public personal information with nonaffiliated third parties subject to certain limited exceptions.
Clarifies that the disclosure of a financial institution's privacy policy is required to take place at the time of establishing a customer relationship with a consumer and not less than annually during the continuation of such relationship.
HIPAAHIPAA Organizations involved in the maintenance or
transmissions of health information pertaining to individuals must:
Assess risks to and vulnerabilities in their systemsDevelop, implement, and maintain appropriate security measures to safeguard the recordsMeasures taken should be documented and kept current
Addressed four categories of requirementsAdministrative proceduresPhysical safeguardsTechnical security servicesTechnical mechanisms
Criminal ActsCriminal Acts
Interception of Communication Intrusion and Trespass Destruction of Property (web defacement) Denial of Service Fraud Extortion
Motivation -- Individual Rights
Rights to Privacy & Free speechWhere do these rights come from?Are they universal?
Privacy, who “owns” the info about you?Check a company’s privacy statement
Conflicts between free speech and harmful or disturbing speechflaming -vs- defamation
Conflicts over censorshipsome countries restrict satellite and Internet access for national interests or religious reasonssome restrict to protect groups such as children
Conflicts over government surveillanceCarnivore
Ethical BehaviorEthical Behavior
An example from the Unix worldA person has a file in their home directory with protection bits set to “777”. Have they– Granted you Permission to view the file (i.e. they are
permission bits).– Granted you the Capability to view the file (in which case
what mechanism is used to grant permission)?
Societal norms, expectations, perceptionsSocietal norms, expectations, perceptions
Do they affect our view?Think Perception Management!
How are “hackers” portrayed in the press?
How are they portrayed in things such as editorials or cartoons?
Be Aware!
Stay Informed!
YOU DO MAKE A DIFFERENCE!
© 2003 Center for Infrastructure Assurance and Security (CIAS)