Post on 20-Nov-2015
description
Ethics in Information Technology
Chapter 4 - PrivacyEthics for IT Professional
1
What is Right of Privacy?Laws for electronic surveillanceForms of data encryptionWhat is identify theft?Strategies for consumer profilingTreat customer data responsiblyWhy and how work place monitoringWhat is spamming?Capabilities & ethical issues of advanced surveillance technologies
Ethics in Information Technology, Second Edition2Chapter 4 Privacy Objectives
Systems collect and store key data from every interaction with customersMany object to data collection policies of government and businessPrivacy Key concern of Internet users Top reason why nonusers still avoid the InternetReasonable limits must be setHistorical perspective on the right to privacyFourth Amendment - reasonable expectation of privacyEthics in Information Technology, Second Edition3Privacy Protection and the Law
3
DefinitionThe right to be left alonethe most comprehensive of rights, and the right most valued by a free peopleThe right of individuals to control the collection and use of information about themselvesLegal aspectsProtection from unreasonable intrusion upon ones isolationProtection from appropriation of ones name or likeness
Ethics in Information Technology, Second Edition4The Right of Privacy
4
Legal aspectsProtection from unreasonable publicity given to ones private lifeProtection from publicity that unreasonably places one in a false light before the public
Ethics in Information Technology, Second Edition5The Right of Privacy (continued)
5
Legislative acts passed over the past 40 yearsMost address invasion of privacy by the governmentNot corporationsNo single, overarching national data privacy policy Communications Act of 1934Freedom of Information Act (FOIA)Fair Credit Reporting Act of 1970Privacy Act of 1974Childrens Online Protection Act (COPA)European Community Directive 95/46/EC of 1998Gramm-Leach-Bliley ActEthics in Information Technology, Second Edition6Recent History of Privacy Protection
6
Other initiativesBBB Online and TRUSTeIndependent, nonprofit initiatives Favor an industry-regulated approach to data privacy
Ethics in Information Technology, Second Edition7Recent History of Privacy Protection (continued)
7
Opt-out policy Assumes that consumers approve of companies collecting and storing their personal informationRequires consumers to actively opt outFavored by data collectorsOpt-in policyMust obtain specific permission from consumers before collecting any dataFavored by consumersEthics in Information Technology, Second Edition8Recent History of Privacy Protection (continued)
8
Ethics in Information Technology, Second Edition9Summary of the 1980 OECD Privacy Guidelines
9
Secure Flight airline safety programCompares the names and information of 1.4 million daily U.S. airline passengers with data on known or suspected terroristsViolation of Privacy Act
Ethics in Information Technology, Second Edition10Legal Overview: The Privacy Act
10
Government electronic surveillanceData encryptionIdentity theftCustomer profilingNeed to treat customer data responsiblyWorkplace monitoringSpammingAdvanced surveillance techniques
Ethics in Information Technology, Second Edition11Key Privacy and Anonymity Issues
11
Federal Wiretap ActOutlines processes to obtain court authorization for surveillance of all kinds of electronic communicationsJudge must issue a court order based on probable causeAlmost never deny government requestsRoving tap authorityDoes not name specific telephone lines or e-mail accountsAll accounts are tied to a specific person
Ethics in Information Technology, Second Edition12Governmental Electronic Surveillance
12
Ethics in Information Technology, Second Edition13Number of Title III Wiretaps Granted
13
Electronic Communications Privacy Act of 1986 (ECPA)Sets standards for access to stored e-mail and other electronic communications and recordsExtends Title IIIs prohibitions against the unauthorized interception, disclosure, or use of a persons oral or electronic communicationsProsecutor does not have to justify requestsJudges are required to approve every requestEthics in Information Technology, Second Edition14Governmental Electronic Surveillance
14
Electronic Communications Privacy Act of 1986 (ECPA)Highly controversialEspecially collection of computer data sent over the InternetFailed to address emerging technologiesEthics in Information Technology, Second Edition15Governmental Electronic Surveillance
15
Foreign Intelligence Surveillance Act of 1978 (FISA)Allows wiretapping of aliens and citizens in the United StatesBased on finding of probable cause that a target isMember of a foreign terrorist group Agent of a foreign powerExecutive Order 12333Legal authority for electronic surveillance outside the United StatesEthics in Information Technology, Second Edition16Governmental Electronic Surveillance
16
Communications Assistance for Law Enforcement Act (CALEA)Requires the telecommunications industry to build tools into its products so that federal investigators can eavesdrop on conversationsAfter getting court approvalContains a provision covering radio-based data communicationIncludes voice over Internet (VoIP) technology
Ethics in Information Technology, Second Edition17Governmental Electronic Surveillance
17
USA Patriot Act of 2001Gives sweeping new powers toDomestic law enforcement International intelligence agenciesContains several sunset provisions
Ethics in Information Technology, Second Edition18Governmental Electronic Surveillance
18
Cryptography Science of encoding messages Only sender and intended receiver can understand the messagesKey tool for ensuring confidentiality, integrity, authenticity of electronic messages and online business transactionsEncryption Process of converting electronic messages into a form understood only by the intended recipientsEthics in Information Technology, Second Edition19Data Encryption
19
Encryption key Variable value applied using an algorithm to encrypt or decrypt textPublic key encryption system uses two keysMessage receivers public key - readily availableMessage receivers private key - kept secretRSA - a public key encryption algorithmPrivate key encryption systemSingle key to encode and decode messagesEthics in Information Technology, Second Edition20Data Encryption
20
Ethics in Information Technology, Second Edition21Public Key Encryption
21
Most people agree encryption eventually must be built into NetworksFile serversTape backup systemsSeagate Technology hard drive Automatically encrypts all dataU.S. Arms Export Control Act controls the export of encryption technology, hardware, and software
Ethics in Information Technology, Second Edition22Data Encryption
22
Theft of key pieces of personal information to gain access to a persons financial accountsInformation includes: NameAddressDate of birthSocial Security numberPassport numberDrivers license numberMothers maiden nameEthics in Information Technology, Second Edition23Identity Theft
23
Fastest growing form of fraud in the United StatesLack of initiative in informing people whose data was stolenPhishingAttempt to steal personal identity data By tricking users into entering information on a counterfeit Web siteSpear-phishing - a variation in which employees are sent phony e-mails that look like they came from high-level executives within their organizationEthics in Information Technology, Second Edition24Identity Theft
24
SpywareKeystroke-logging softwareEnables the capture of: Account usernamesPasswordsCredit card numbersOther sensitive informationOperates even if an infected computer is not connected to the InternetIdentity Theft and Assumption Deterrence Act of 1998 was passed to fight fraudEthics in Information Technology, Second Edition25Identity Theft
25
Ethics in Information Technology, Second Edition26E-mail Used by Phishers
26
Companies openly collect personal information about Internet usersCookiesText files that a Web site puts on a users hard drive so that it can remember the information laterTracking softwareSimilar methods are used outside the Web environmentDatabases contain a huge amount of consumer behavioral dataEthics in Information Technology, Second Edition27Consumer Profiling
27
Affiliated Web sitesGroup of Web sites served by a single advertising networkCustomized service for each consumerTypes of data collected while surfing the WebGET dataPOST dataClick-stream data
Ethics in Information Technology, Second Edition28Consumer Profiling
28
Four ways to limit or even stop the deposit of cookies on hard drivesSet the browser to limit or stop cookiesManually delete them from the hard driveDownload and install a cookie-management program Use anonymous browsing programs that dont accept cookiesEthics in Information Technology, Second Edition29Consumer Profiling
29
Personalization software is used by marketers to optimize the number, frequency, and mixture of their ad placementsRules-basedCollaborative filteringDemographic filteringContextual commercePlatform for Privacy Preferences (P3P)Shields users from sites that dont provide the level of privacy protection desiredEthics in Information Technology, Second Edition30Consumer Profiling
30
Strong measures are required to avoid customer relationship problemsCode of Fair Information Practices 1980 OECD privacy guidelinesChief privacy officer (CPO)Executive to oversee data privacy policies and initiatives
Ethics in Information Technology, Second Edition31Treating Consumer Data Responsibly
31
Employers monitor workers Ensures that corporate IT usage policy is followedFourth Amendment cannot be used to limit how a private employer treats its employeesPublic-sector employees have far greater privacy rights than in the private industryPrivacy advocates want federal legislation To keeps employers from infringing upon privacy rights of employeesEthics in Information Technology, Second Edition32Workplace Monitoring
32
Transmission of the same e-mail message to a large number of peopleExtremely inexpensive method of marketing Used by many legitimate organizationsCan contain unwanted and objectionable materialsEthics in Information Technology, Second Edition33Spamming
33
Controlling the Assault of Non-Solicited Pornography and Marketing (CANSPAM)Says it is legal to spam butSpammers cannot disguise their identityThere must be a label in the message specifying that the e-mail is an ad or solicitationThey must include a way for recipients to indicate they do not want future mass mailings
Ethics in Information Technology, Second Edition34Spamming
34
Camera surveillanceU.S. cities plan to expand surveillance systemsSmart surveillance systemFacial recognition softwareIdentifies criminal suspects and other undesirable charactersYields mixed resultsGlobal Positioning System (GPS) chipsPlaced in many devicesPrecisely locate usersEthics in Information Technology, Second Edition35Advanced Surveillance Technology
35
Chapter 4 Page 134Ethics in Information Technology, Second Edition36Summary Assessment Questions
What is the right of privacy, and what is the basis for protecting personal privacy under the law?
What are some of the laws that authorize electronic surveillance by the government, and what are the associated ethical issues?
What are the two fundamental forms of data encryption, and how does each work?
Ethics in Information Technology, Second Edition37Objectives
37
What is identity theft, and what techniques do identity thieves use?
What are the various strategies for consumer profiling and the associated ethical issues?
What must organizations do to treat consumer data responsibly?
Ethics in Information Technology, Second Edition38Objectives (continued)
38
Why and how are employers increasingly using workplace monitoring?
What is spamming, and what ethical issues are associated with its use?
What are the capabilities of advanced surveillance technologies, and what ethical issues do they raise?
Ethics in Information Technology, Second Edition39Objectives (continued)
39
Ethics in Information Technology, Second Edition40Key Provisions of the USA Patriot Act Subject to Sunset
40
Ethics in Information Technology, Second Edition41Key Provisions of the USA Patriot Act Subject to Sunset (continued)
41
Ethics in Information Technology, Second Edition42Managers Checklist for Treating Consumer Data Responsibly
42
The legal concept of the right to privacy has four aspectsA number of laws have been enacted over the past 40 years that affect a persons privacyLaws authorize electronic surveillance by the governmentData encryptionPublic key encryption systemPrivate key encryption systemIdentity theftEthics in Information Technology, Second Edition43Summary
43
Consumer behavior data is collected both online and offlineCode of Fair Information Practices and 1980 OECD privacy guidelinesEmployers record and review employee communications and activities on the jobAdvances in information technologySurveillance camerasFacial recognition softwareGPS systemsEthics in Information Technology, Second Edition44Summary (continued)
44