Ethics and Privacy in Cyberspace Lesson 20

Privacy and Other Personal Rights Thomas J. Watson, Chairman of the Board for IBM, once stated: Today the Internal Revenue Service has our tax returns. The Social Security Administration keeps a running record on our jobs and our families. The Veterans Administration has medical records on many of us, and the Pentagon our records of military service. So, in this scatteration lies our protection. But put everything in one place, computerize it, and add to it without limit, and a thieving electronic blackmailer would have just one electronic safe to crack to get a victim’s complete dossier, tough as that job may be. And a malevolent Big Brother would not even have to do that: he could sit in his office, punch a few keys, and arm himself with all he needed to know to crush any citizen who threatened his power. Therefore, along with the bugged olive in the martini, the psychological tests, and the spiked microphone, the critics have seen “data surveillance” as an ultimate destroyer of the individual American citizen’s right to privacy – his right to call his soul his own.

Privacy and Other Personal Rights  “Security has sometimes been defined as protecting the computer against people, and privacy as protecting people against the computer.”  From our perspective, we must be concerned with protecting information we may have on clients/customers from unauthorized access or inappropriate use.

Privacy and Other Personal Rights  The Federal Privacy Act There is a basic rule that government files are open to the public, unless there is a specific reason, enacted by the legislature, saying that certain files are not available. –Freedom of Information Act Agencies can maintain information about individuals only when it is relevant and necessary to accomplish the agency’s purpose. Prohibits the disclosure of any record except within the agency maintaining it unless the individual makes a written request for the data.

Privacy and Other Personal Rights Employee rights –With respect to , the company should have a clearly stated policy as to the use of the system for personal communications. –It should explicitly state that supervisory personnel have the right to read all communications if the company intends to monitor.

Motivation -- Individual Rights  Rights to Privacy & Free speech Where do these rights come from? Are they universal?  Privacy, who “owns” the info about you? Check a company’s privacy statement

Privacy – Toysmart

Privacy

Laws  Electronic Communications Privacy Act (ECPA) (1986) was adopted to address the legal privacy issues that were evolving with the growing use of computers and other new innovations in electronic communications. The ECPA updated legislation passed in extended privacy protection outlined in the earlier legislation to apply to radio paging devices, electronic mail, cellular telephones, private communication carriers, and computer transmissions.

GLB  Requires clear disclosure by all financial institutions of their privacy policy regarding the sharing of non-public personal information with both affiliates and third parties.  Requires a notice to consumers and an opportunity to "opt-out" of sharing of non-public personal information with nonaffiliated third parties subject to certain limited exceptions.  Clarifies that the disclosure of a financial institution's privacy policy is required to take place at the time of establishing a customer relationship with a consumer and not less than annually during the continuation of such relationship.

HIPAA  Organizations involved in the maintenance or transmissions of health information pertaining to individuals must: Assess risks to and vulnerabilities in their systems Develop, implement, and maintain appropriate security measures to safeguard the records Measures taken should be documented and kept current  Addressed four categories of requirements Administrative procedures Physical safeguards Technical security services Technical mechanisms

Criminal Acts  Interception of Communication  Intrusion and Trespass  Destruction of Property (web defacement)  Denial of Service  Fraud  Extortion

Motivation -- Individual Rights  Rights to Privacy & Free speech Where do these rights come from? Are they universal?  Privacy, who “owns” the info about you? Check a company’s privacy statement  Conflicts between free speech and harmful or disturbing speech flaming -vs- defamation  Conflicts over censorship some countries restrict satellite and Internet access for national interests or religious reasons some restrict to protect groups such as children  Conflicts over government surveillance Carnivore

Ethical Behavior  An example from the Unix world A person has a file in their home directory with protection bits set to “777”. Have they –Granted you Permission to view the file (i.e. they are permission bits). –Granted you the Capability to view the file (in which case what mechanism is used to grant permission)?

Societal norms, expectations, perceptions  Do they affect our view? Think Perception Management!  How are “hackers” portrayed in the press?  How are they portrayed in things such as editorials or cartoons?

Summary  What is the Importance and Significance of this material?  How does this topic fit into the subject of “Voice and Data Security”?