Download presentation
Presentation is loading. Please wait.
Published byVeronica Henderson Modified over 9 years ago
1
William H. Bowers – whb108@psu.edu Ethics for the Information Age Chapter 5 – Privacy II
2
William H. Bowers – whb108@psu.edu Topics US Legislation Authorizing Wiretapping US Legislation Authorizing Wiretapping US Legislation Authorizing Wiretapping US Legislation Authorizing Wiretapping Electronic Communications Privacy Act Electronic Communications Privacy Act Electronic Communications Privacy Act Electronic Communications Privacy Act Communications Assistance for Law Enforcement Act Communications Assistance for Law Enforcement Act Communications Assistance for Law Enforcement Act Communications Assistance for Law Enforcement Act USA PATRIOT ACT USA PATRIOT ACT USA PATRIOT ACT USA PATRIOT ACT Responses to PATRIOT ACT Responses to PATRIOT ACT Responses to PATRIOT ACT Responses to PATRIOT ACT Follow-On Legislation Follow-On Legislation Follow-On Legislation Follow-On Legislation
3
William H. Bowers – whb108@psu.edu Topics (cont) Data Mining Data Mining Data Mining Data Mining Marketplace: Households Marketplace: Households Marketplace: Households Marketplace: Households IRS Audits IRS Audits IRS Audits IRS Audits Syndromic Surveillance System Syndromic Surveillance System Syndromic Surveillance System Syndromic Surveillance System Total Information Awareness Total Information Awareness Total Information Awareness Total Information Awareness Who Owns Transaction Information? Who Owns Transaction Information? Who Owns Transaction Information? Who Owns Transaction Information?
4
William H. Bowers – whb108@psu.edu Topics (cont) Identity Theft Identity Theft Identity Theft Identity Theft History and Role of SSAN History and Role of SSAN History and Role of SSAN History and Role of SSAN Debate over a National ID Card Debate over a National ID Card Debate over a National ID Card Debate over a National ID Card Encryption Encryption Encryption Digital Cash Digital Cash Digital Cash Digital Cash
5
William H. Bowers – whb108@psu.edu US Legislation Authorizing Wiretapping Title III Omnibus Crime Control and Safe Streets Act of 1968 Title III Omnibus Crime Control and Safe Streets Act of 1968 Enacted during height of Vietnam war Enacted during height of Vietnam war Concern over violent anti-war demonstrations Concern over violent anti-war demonstrations Allows phone tap for up to 30 days with a court order Allows phone tap for up to 30 days with a court order
6
William H. Bowers – whb108@psu.edu Electronic Communications Privacy Act http://www.usiia.org/legis/ecpa.html http://www.usiia.org/legis/ecpa.html http://www.usiia.org/legis/ecpa.html Enacted in 1986 Enacted in 1986 Pen register – displays number for each outgoing call Pen register – displays number for each outgoing call Trap and trace – displays phone number of each incoming call Trap and trace – displays phone number of each incoming call Requires court order Requires court order
7
William H. Bowers – whb108@psu.edu Electronic Communications Privacy Act Does not require probable cause Does not require probable cause Court approval is virtually automatic Court approval is virtually automatic Allows roving wiretaps Allows roving wiretaps
8
William H. Bowers – whb108@psu.edu Communications Assistance for Law Enforcement Act http://assembler.law.cornell.edu/uscode/ht ml/uscode18/usc_sup_01_18_10_I_20_119. html http://assembler.law.cornell.edu/uscode/ht ml/uscode18/usc_sup_01_18_10_I_20_119. html http://assembler.law.cornell.edu/uscode/ht ml/uscode18/usc_sup_01_18_10_I_20_119. html http://assembler.law.cornell.edu/uscode/ht ml/uscode18/usc_sup_01_18_10_I_20_119. html 1994 – also known as Digital Telephony Act 1994 – also known as Digital Telephony Act Addresses digital phone networks Addresses digital phone networks Requires phone company equipment to allow tracing, listening to phone calls Requires phone company equipment to allow tracing, listening to phone calls
9
William H. Bowers – whb108@psu.edu Communications Assistance for Law Enforcement Act Provides for email interception Provides for email interception Leaves details about type of information undefined Leaves details about type of information undefined FBI requested ability to intercept digits entered after connection was made FBI requested ability to intercept digits entered after connection was made –Credit card, bank numbers –ID numbers –PIN codes
10
William H. Bowers – whb108@psu.edu Communications Assistance for Law Enforcement Act 1999 FCC issues guidelines (http://www.askcalea.net/docs/fcc992 30.pdf) 1999 FCC issues guidelines (http://www.askcalea.net/docs/fcc992 30.pdf)http://www.askcalea.net/docs/fcc992 30.pdfhttp://www.askcalea.net/docs/fcc992 30.pdf http://www.askcalea.net http://www.askcalea.net http://www.askcalea.net Requires carriers to provide: Requires carriers to provide: –Content of subject initiated call
11
William H. Bowers – whb108@psu.edu Communications Assistance for Law Enforcement Act Requires carriers to provide: Requires carriers to provide: –Content of subject initiated call –Party hold, drop or join on conference calls –Subject initiated dialing and signaling information –In-band and out of band signaling –Timing information
12
William H. Bowers – whb108@psu.edu USA PATRIOT ACT Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 http://thomas.loc.gov/cgi- bin/query/D?c107:4:./temp/~c107fEmBJW:: http://thomas.loc.gov/cgi- bin/query/D?c107:4:./temp/~c107fEmBJW:: http://thomas.loc.gov/cgi- bin/query/D?c107:4:./temp/~c107fEmBJW:: http://thomas.loc.gov/cgi- bin/query/D?c107:4:./temp/~c107fEmBJW:: Enacted in response to 11 September 2001 attacks Enacted in response to 11 September 2001 attacks Amended more than 15 existing laws Amended more than 15 existing laws
13
William H. Bowers – whb108@psu.edu USA PATRIOT ACT Four principal categories Four principal categories –Greater communication monitoring authority for federal LEO and intelligence –Increased authority for Secretary of the Treasury to regulate banks to prevent money laundering
14
William H. Bowers – whb108@psu.edu USA PATRIOT ACT Four principal categories Four principal categories –Making it more difficult for terrorists to enter the US –Defining new crimes and penalties for terrorist activity
15
William H. Bowers – whb108@psu.edu Increased Monitoring Allows for using internet to track email addresses and URLs Allows for using internet to track email addresses and URLs Does not require probable cause Does not require probable cause Requires warrant Requires warrant Extends jurisdiction of court approval Extends jurisdiction of court approval Allows for national search warrants Allows for national search warrants
16
William H. Bowers – whb108@psu.edu Increased Monitoring Broadens roving surveillance Broadens roving surveillance Previously required law enforcement purpose and demonstration that the subject used the device to be monitored Previously required law enforcement purpose and demonstration that the subject used the device to be monitored Now allowed for intelligence Now allowed for intelligence Does not require reporting back to the court Does not require reporting back to the court
17
William H. Bowers – whb108@psu.edu Increased Monitoring Allows for intercepting computer based communication without warrant if Allows for intercepting computer based communication without warrant if –Access to computer was illegal –Computer owner gives permission Allows search without warrant if there is “reasonable” belief that providing notice of warrant may have an “adverse affect” Allows search without warrant if there is “reasonable” belief that providing notice of warrant may have an “adverse affect”
18
William H. Bowers – whb108@psu.edu Increased Monitoring Allows seizure of property if it “constitutes evidence of a criminal offense” even if not terror related Allows seizure of property if it “constitutes evidence of a criminal offense” even if not terror related Makes it easier for FBI to obtain warrant for medical, educational, library, religious organization records Makes it easier for FBI to obtain warrant for medical, educational, library, religious organization records No need to show probable cause No need to show probable cause Only requires statement of support of ongoing investigation Only requires statement of support of ongoing investigation
19
William H. Bowers – whb108@psu.edu Increased Monitoring Illegal for record provider to Illegal for record provider to –Reveal existence of warrant –Tell anyone that they provided information Prohibits FBI from investigating citizens solely on basis of First Amendment activities Prohibits FBI from investigating citizens solely on basis of First Amendment activities
20
William H. Bowers – whb108@psu.edu Responses to PATRIOT ACT Concern over unrestricted power Concern over unrestricted power Concerns over circumvention of First and Fourth Amendments Concerns over circumvention of First and Fourth Amendments FBI and NSA previously used illegal wiretaps to investigate unpopular political organizations FBI and NSA previously used illegal wiretaps to investigate unpopular political organizations May inhibit exercise of First Amendment rights May inhibit exercise of First Amendment rights
21
William H. Bowers – whb108@psu.edu Responses to PATRIOT ACT LEO’s can monitor internet surfing without warrant LEO’s can monitor internet surfing without warrant Roving surveillance warrants do not require description of place to be searched Roving surveillance warrants do not require description of place to be searched Allows for limited search and seizure without warrants Allows for limited search and seizure without warrants
22
William H. Bowers – whb108@psu.edu Follow-On Legislation Domestic Security Enhancement Act of 2003 Domestic Security Enhancement Act of 2003 –http://www.publicintegrity.org/dtaweb/do wnloads/Story_01_020703_Doc_1.pdf –Allows expatriation of citizens convicted of giving material support to terrorist organization –Require names on suspected terrorist lists to be kept secret
23
William H. Bowers – whb108@psu.edu Follow-On Legislation Domestic Security Enhancement Act of 2003 Domestic Security Enhancement Act of 2003 –Allow wide use of administrative subpoenas –Makes it easier for police to access credit records –Allows collection of DNA samples from suspected terrorists
24
William H. Bowers – whb108@psu.edu Follow-On Legislation Domestic Security Enhancement Act of 2003 Domestic Security Enhancement Act of 2003 –Creation of national DNA database –Wiretaps and email interception allowed for 15 days without warrant
25
William H. Bowers – whb108@psu.edu Data Mining Searching one or more databases for patterns or relationships Searching one or more databases for patterns or relationships Can combine facts from multiple transactions Can combine facts from multiple transactions Secondary use of primary data Secondary use of primary data –Primary use of Amazon customer information is process an order –Secondary use is to promote relationship
26
William H. Bowers – whb108@psu.edu Data Mining Information about customers is becoming a product in itself Information about customers is becoming a product in itself Allows more narrow focusing of marketing efforts Allows more narrow focusing of marketing efforts Suppose EZPass sells individual records without ID information Suppose EZPass sells individual records without ID information Records can be purchased by credit card company Records can be purchased by credit card company
27
William H. Bowers – whb108@psu.edu Data Mining Transactions can be matched between toll record and credit card charge based on time, date, location and amount Transactions can be matched between toll record and credit card charge based on time, date, location and amount Credit card company can now identify card holders who drive many miles Credit card company can now identify card holders who drive many miles Now that list can be sold to car dealers Now that list can be sold to car dealers
28
William H. Bowers – whb108@psu.edu Marketplace: Households Developed by Lotus Developed by Lotus Produced on CD Produced on CD Cost of $8 million Cost of $8 million Information on 120 million people Information on 120 million people Contained personal information such as household income Contained personal information such as household income Dropped after over 30,000 consumer complaints Dropped after over 30,000 consumer complaints
29
William H. Bowers – whb108@psu.edu IRS Audits Matches individual reported income with employer provided information Matches individual reported income with employer provided information Generates discriminant function (DIF) score based on number of irregularities on tax return Generates discriminant function (DIF) score based on number of irregularities on tax return
30
William H. Bowers – whb108@psu.edu Syndromic Surveillance System New York City New York City Analyzes more than 50,000 pieces of information per day Analyzes more than 50,000 pieces of information per day –911 calls, ER visits, prescription drug purchases Purpose is to identify onset of epidemics Purpose is to identify onset of epidemics
31
William H. Bowers – whb108@psu.edu Total Information Awareness Proposed by DARPA Information Awareness Office Proposed by DARPA Information Awareness Office Would capture individual’s “information signature” Would capture individual’s “information signature” –Financial –Medical –Communication –Travel –Video images
32
William H. Bowers – whb108@psu.edu Criticism of the TIA Program ACM protested that it will generate more harm than benefits ACM protested that it will generate more harm than benefits Huge privacy and security risks of maintaining such a database Huge privacy and security risks of maintaining such a database Database would become target of criminals and terrorists Database would become target of criminals and terrorists
33
William H. Bowers – whb108@psu.edu Criticism of the TIA Program Access by tens of thousands of administrators, LEO, intelligence personnel poses great security risk Access by tens of thousands of administrators, LEO, intelligence personnel poses great security risk Increased risk of identity theft Increased risk of identity theft Citizens could not challenge or correct secret databases Citizens could not challenge or correct secret databases May hurt US corporate competitiveness May hurt US corporate competitiveness
34
William H. Bowers – whb108@psu.edu Criticism of the TIA Program Potential for false positive ID Potential for false positive ID May alter innocent individual behavior May alter innocent individual behavior
35
William H. Bowers – whb108@psu.edu Who Owns Transaction Information? Purchaser Purchaser Seller Seller Opt-In (preferred by privacy advocates) Opt-In (preferred by privacy advocates) Opt-Out (preferred by direct marketing organizations) Opt-Out (preferred by direct marketing organizations) World Wide Web Consortium Platform for Privacy Preferences http://www.w3.org/P3P World Wide Web Consortium Platform for Privacy Preferences http://www.w3.org/P3Phttp://www.w3.org/P3P
36
William H. Bowers – whb108@psu.edu Identity Theft Misuse of another person’s identifying information Misuse of another person’s identifying information Largest problem in US is credit card theft Largest problem in US is credit card theft Exacerbated by ease of opening new accounts Exacerbated by ease of opening new accounts About 86,000 US victims in 2001 About 86,000 US victims in 2001
37
William H. Bowers – whb108@psu.edu Identity Theft Individual loss limited to $50 if reported promptly Individual loss limited to $50 if reported promptly Real cost is in time to clean up records Real cost is in time to clean up records Defined as crime in relatively few states Defined as crime in relatively few states ID theft usually leads to other criminal activities ID theft usually leads to other criminal activities
38
William H. Bowers – whb108@psu.edu Identity Theft Dumpster diving Dumpster diving Shoulder surfing Shoulder surfing Skimmers Skimmers Online phishing Online phishing
39
William H. Bowers – whb108@psu.edu History and Role of SSAN Social Security Act of 1935 Social Security Act of 1935 Prohibited use of SSAN outside of the Social Security Administration Prohibited use of SSAN outside of the Social Security Administration Prohibited for use as national ID number Prohibited for use as national ID number 1943 FDR ordered use of SSAN in federal databases 1943 FDR ordered use of SSAN in federal databases 1961 began use by IRS 1961 began use by IRS
40
William H. Bowers – whb108@psu.edu History and Role of SSAN Collected by banks and credit card companies for interest payment reporting Collected by banks and credit card companies for interest payment reporting Approved for use by state agencies in 1976 Approved for use by state agencies in 1976 Required to list children 1 year and older as dependent on tax return Required to list children 1 year and older as dependent on tax return
41
William H. Bowers – whb108@psu.edu Problems with SSANs Rarely checked by organizations Rarely checked by organizations No error detecting capabilities such as CRC No error detecting capabilities such as CRC
42
William H. Bowers – whb108@psu.edu Debate over a National ID Card Proponents Proponents –More controllable than multiple state driver’s licenses, employee / student ID, etc –Make it more difficult for illegal entry to US –Makes it easier for police to positively identify people –Used by many other countries
43
William H. Bowers – whb108@psu.edu Debate over a National ID Card Opponents Opponents –Does not guarantee accuracy –Biometric systems not infallible –No evidence it would reduce crime –Makes government tracking of individuals easier –Inaccurate national records harder to correct
44
William H. Bowers – whb108@psu.edu Encryption Protects communications even if intercepted Protects communications even if intercepted Symmetric encryption Symmetric encryption –Sender and user use the same key –Requires secure key transmission –Requires too many keys to be useful
45
William H. Bowers – whb108@psu.edu Encryption Asymmetric encryption Asymmetric encryption –Developed by Diffie and Hellman in 1976 –Public / Private Key –Security is directly related to key length –Keys are mathematically related –Not able to compute one from the other in a useful period of time
46
William H. Bowers – whb108@psu.edu Encryption Pretty Good Privacy Pretty Good Privacy –1991 – Senate Bill 266 required back door for government decryption of personal communications –Illegal to export encryption programs –PGP originally distributed as source code
47
William H. Bowers – whb108@psu.edu Encryption Clipper Chip Clipper Chip –1992 AT&T wanted to market telephone encryption device –FBI and NSA suggested NSA’s technology instead –US government would maintain Clipper keys –March 1993 – Approved by President Clinton
48
William H. Bowers – whb108@psu.edu Encryption Clipper Chip Clipper Chip –Two federal agencies would maintain keys Law enforcement Law enforcement Intelligence Intelligence –No penalty for improper key release –80% of public disapproved –Administration changed course in February 1994 and suggested use rather than mandating it
49
William H. Bowers – whb108@psu.edu Encryption Export Restrictions Forced software vendors to have two versions, internal and export Forced software vendors to have two versions, internal and export Or just have one with weak encryption Or just have one with weak encryption Reduced international competitiveness Reduced international competitiveness 1999, 2000 two federal appeals courts ruled ban was violation of free speech 1999, 2000 two federal appeals courts ruled ban was violation of free speech Export restrictions dropped Export restrictions dropped
50
William H. Bowers – whb108@psu.edu Digital Cash Relies on public/private keys Relies on public/private keys Signed by bank’s public key on issuance Signed by bank’s public key on issuance Done without identifying purchaser Done without identifying purchaser Must prevent copying Must prevent copying Can be used as easily as MAC cards without privacy concerns Can be used as easily as MAC cards without privacy concerns
51
William H. Bowers – whb108@psu.edu Questions & Discussion
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.