Chapter 10: Privacy, Security, and Ethics Modified by S.S. BuHamra
Introduction How would you feel if The use of computers and technology everywhere raise some very important questions about the use of our personal data and our right to privacy. How would you feel if information you posted about yourself on the Web kept you from getting a job? Someone obtains a driver’s license and credit cards in your name? people anywhere in the world could view detailed images of you, your home or your car? if your employer uses your medical records to make decision about your promotion? This chapter covers these issues & more.
People Effective implementation of computer technology involves maximizing its positive effects while minimizing its negative effects on people. The most significant concerns are: Privacy – What are the threats to personal privacy and how can we protect ourselves? Security – How can access to sensitive information be controlled and how can we secure hardware and software? Ethics – How do the actions of individual users and companies affect society? Information systems consists of people, procedures, software, hardware and data. This chapter focuses on people and how to maximize the positive implementation of computer technology and minimize the negative impact as well.
Information Privacy can be defined as a person's right to control access to his or her personal information. It may also be defined as the right to be free from secret surveillance and to determine whether, when, how, and to whom, one's personal or organizational information is to be revealed. Information security is the protection of information assets through the use of technology, processes, and training. Information ethics is a term used to describe the study and evaluation of the various ethical issues that arise in a world that is driven by the sharing of electronic data. It is concerned with the morality involved in making use of the information or data. Information ethics is important to anyone who makes use of data electronically, ranging from casual users who utilize password protected email accounts to large businesses that store and share proprietary data in some type of virtual environment.
Privacy Privacy – concerns with the collection and use of data about individuals There are three primary privacy issues: Accuracy: The responsibility of those who collect data to ensure that the data is correct and secure. Property: Who owns data and rights to software. Access: The responsibility of those who have control of the data and use of data. Every computer user should be aware of ethical matters, including how databases and networks are used and the major privacy laws Privacy – collection and use of data about individuals Accuracy – responsibility of those who collect data Secure Correct Property – who owns data and who has rights to software Access – responsibility of those who control data and use of data Technology moving faster than law can adapt PublicRecordFinder.com An Information reseller’s Web site
Large Databases Data on people are collected and stored every day Collectors are: Government agencies – USA Federal government alone has over 2,000 databases; Businesses compile information and store it in large databases Telephone companies - compile lists of the calls we make; Reverse directory list telephone numbers sequentially and can be used to gather data about the persons we call Others like banks; credit card companies; supermarkets, mail-order catalogues have our names, Addresses , phones and what we order. Data collected and stored on citizens every day Collectors include Government agencies – Federal government has 2,000 databases; businesses Telephone companies – compile lists of the calls we make; reverse directory (key term) is a special telephone directory that list telephone numbers sequentially and can be used to gather data about the persons we call Data information has value – hence the rise of the information reseller: information resellers provide this gathered data to others for a fee
Large Databases Data information has value – hence the rise of a huge industry of data gatherers known as information resellers or information brokers that collects and sells our personal data. Information resellers create electronic profiles or highly detailed and personalized description of individuals that include names, addresses, telephone numbers, ID numbers, driver’s licenses, bank accounts, credit cards numbers, shopping patterns … etc.
Large Databases - Issues Your personal information is a marketable product, which raises many issues: Collecting public, but personally identifying information (e.g., Google’s Street View) Spreading information without personal consent for example, collecting your shopping habits and sharing; or medical records, or driver’s license number, leading to identity theft Spreading inaccurate information leads to Mistaken identity – an electronic profile of one person is switched with another Under the Freedom of Information Act you are entitled to look at your records held by government agencies. Concerns include: Spreading information without consent – example: collecting your shopping habits and sharing; or medical records, or driver’s license number Last year over 10 million people were victimized by identity theft (key term) (illegal assumption of someone’s identity for economic gain) Spreading inaccurate information – Mistakes happen, but when those mistakes are recorded and your financial position is affected it becomes a problem Mistaken Identity – an electronic profile of one person is switched with another Under the Freedom of Information Act you are entitled to look at your records held by government agencies.
Private Networks Employers can monitor e-mail legally About 75 % of all businesses search employees’ electronic mail and computer files using snoopware. Snoopware records virtually everything you do on your computer A proposed law could prohibit this type of electronic monitoring or at least require the employer to notify the employee first Currently legal for employers to monitor electronic mail; survey reported 75% do so using snoopware Snoopware records virtually everything you do on your computer
The Internet and the Web Illusion of anonymity is that if you are on the Internet and selective about disclosing names or other personal information that no one knows who you are or how to “find” you – false! History file () in Web browsers: when you visit a Web site your browser stores a history file includes the locations of sites visited by your computer system Traditional cookies from Web surfing monitor your activities at a single site Spyware are wide range of programs that are designed to secretly record and report an individual’s activities on the Internet Illusion of anonymity is that if you are on the Internet and selective about disclosing names or other personal information that no one knows who you are or how to “find” you - false Recent cases of people tracing other people through Internet activity When you browse the Web your activity is monitored; when you visit a Web site your browser stores critical information onto your hard disk – usually without your permission or knowledge; a history file includes the locations of sites visited by your computer system Traditional cookies (key term) – monitor your activities at a single site Ad network cookies – monitors your activities across all sites visited; once deposited onto a hard drive, they continue to actively collect information on Web activities; form of spyware Most browsers can control many types of cookies called cookie-cutter programs – which allow users to selectively filter or block the most intrusive cookies while allowing selective traditional cookies to operate Spyware – wide range of programs that are designed to secretly record and report an individual’s activities on the Internet; in addition to Internet Ad cookies, there are also Web bugs – small programs typically hidden within the HTML code for a Web page or e-mail message and can be used to secretly read e-mail message or work with cookies to collect and report information back to a predefined server on the Web Computer monitoring software (key term)– invasive and dangerous type of spyware; programs record every activity and keystroke made on a computer system including credit card numbers, bank account numbers, and e-mail messages Sniffer programs and keystroke loggers (key term)– can be deposited on a hard drive without detection from the Web or by someone installing programs directly onto a computer New category of programs known as spry removal programs – designed to detect Web bugs and monitoring software – also called anti-spyware (key term) The Gramm-Leach Bliley Act – protects personal financial information Tools menu Explorer Bars History
Viewing and Blocking Cookies Viewing cookies Tools menu Internet Option Setting (Browsing History ) View files Blocking cookies Two basic types of cookies: traditional and ad network- Traditional cookies monitor activities at a single site Ad network or adware cookies monitor activities across all sites Tools menu Internet Option Privacy tab select desire level Apply Two basic types of cookies: -Traditional cookies monitor activities at a single site Ad network or adware cookies monitor activities across all sites Most browsers can control many types of cookies called cookie-cutter programs – which allow users to selectively filter or block the most intrusive cookies while allowing selective traditional cookies to operate
Spyware Spyware – wide range of programs that are designed to secretly record and report an individual’s activities on the Internet Types: Internet Ad cookies Web bugs – small programs typically hidden within the HTML code for a Web page or e-mail message and can be used to secretly read e-mail message or work with cookies to collect and report information back to a predefined server on the Web Computer monitoring software– invasive and dangerous type of spyware; programs record every activity and keystroke made on a computer system including credit card numbers, bank account numbers, and e-mail Sniffer programs and keystroke loggers– can be deposited on a hard drive without detection from the Web or by someone installing programs directly onto a computer Computer monitoring software is the most invasive and dangerous type of spyware It is more difficult to remove Web bugs and computer monitoring software than ad network cookies because they are more difficult to detect Use Ad-aware software to scan computer for spyware
Spyware Removal (Anti-Spyware) Anti-Spyware programs Designed to detect and remove cookies, web bugs, and monitoring software, such as key loggers Ad-Aware is Anti-spyware program Computer monitoring software is the most invasive and dangerous type of spyware It is more difficult to remove Web bugs and computer monitoring software than ad network cookies because they are more difficult to detect Use Ad-aware software to scan computer for spyware
Major Laws on Privacy USA Federal laws governing privacy matters have been created Gramm-Leach-Bliley Act – protects personal financial information Health Insurance Portability and Accountability Act (HIPAA) – protects medical records Family Educational Rights and Privacy Act (FERPA) – restricts disclosure of educational results and records