TTS1133 : INTERNET TTS1133 : INTERNET ETHICS AND CYBER LAWETHICS AND CYBER LAWCHAPTER THREE:Privacy

CONTENTSCONTENTS IT privacy protection and the law The right of privacy History of privacy protection – a case example Key privacy and anonymity issues

◦ Data encryption◦ Consumer profiling◦ Consumer data treatment – database and marketing◦ Workplace monitoring◦ Spamming◦ Advanced surveillance technology

Protecting privacy◦ Awareness

The cyber law and regulations

IntroductionIntroduction

The use of information technology in business requires the balancing of the needs of those who use information about individuals against the right and desires.

Handling information responsibly means understanding the following issues◦ Ethics◦ Personal privacy◦ Threats to information◦ Protection of information

PrivacyPrivacyPrivacy – the right to left alone

when you want to be, to have control over your own personal possessions, and not to be observed without your consent

Dimensions of privacy◦Psychological: to have a sense of control◦Legal: to be able to protect yourself

What is Information Privacy?What is Information Privacy?

Information privacy is the ability of an individual or group to stop information about themselves from becoming known to people other than those they choose to give the information to.

Privacy is sometimes related to anonymity although it is often most highly valued by people who are publicly known.

Privacy can also be seen as an aspect of security—one in which there are trade-offs between the interests of one group and another can become particularly clear

Privacy and EmployeesPrivacy and Employees

Companies need information about their employees to run their business effectively

As of March 2005, 60% of employers monitored employee e-mails

70% of Web traffic occurs during work hours

78% of employers reported abuse60% employees admitted abuse

Privacy and Government Privacy and Government AgenciesAgencies

About 2,000 government agencies have databases with information on people

Government agencies need information to operate effectively

Whenever you are in contact with government agency, you leave behind information about yourself

Issues on PrivacyIssues on Privacy

A Canadian funeral home obtained the names and addresses of people diagnosed with cancer, and contacted a Montreal woman on the list about buying a burial plot and pre-paid funeral services. 

A candy company got hold of the names of people in a weight watchers program, and sent them chocolate bars in the mail. 

Part of a Toronto woman's medical record was printed on the back of real estate flyers which were delivered to hundreds of mailboxes. 

Participants in a medical research study on sickle cell anemia reported an increase in difficulties getting employment and insurance after they gave genetic samples to the researchers.

Phone Busters National Call Centre reports that over 7,600 Canadians had their identities stolen in 2002, with total losses of more than $8.5 million.

Laws on PrivacyLaws on Privacy

Health Insurance Portability and Accountability Act (HIPAA) protects personal health information

Financial Services Modernization Act requires that financial institutions protect personal customer information

Security And EmployeesSecurity And Employees

Attacks on information and computer resources come from inside and outside the company

Computer sabotage costs about $10 billion per year

In general, employee misconduct is more costly than assaults from outside

Security and EmployeesSecurity and Employees

IT Privacy & ProtectionIT Privacy & Protection

In Malaysia, we have:Akta Komunikasi dan Multimedia 1998 merupakan satu Akta berkenaan

undang-undang siber dan dibentuk sebagai satu rangkakerja bagi

campurtangan kerajaan Malaysia dalam memantau industri komunikasi

dan multimedia.Communications and Multimedia Act

1998 is an Act of cyber laws and established as a framework for the intervention of the government in monitoring communications and

multimedia industry

Communications and Communications and Multimedia Act 1998Multimedia Act 1998

The activities and services controlled under this Act, ◦ Traditional broadcasting◦ Telecommunications◦ Online services, - including facilities and

networks However, there is no provision in the Act that

allow Internet censorship. Under the MSC Malaysia Bill Guarantees (MSC

Malaysia Bill of Guarantees), the government pledged not to censor the Internet.

ACT - RelatedACT - Related

This Act is the cyber laws of the longest among the six cyber laws enacted in Malaysia so far.

Apart from this Act, there are another five related:◦Computer Crimes Act 1997.◦Digital Signature Act 1997.◦Telemedicine Act 1997.◦Copyright Amendment Act 1997.◦Malaysian Communications Council and

Multimedia Act 1998.

Computer Crime Act 1997Computer Crime Act 1997

Computer Crimes Act 1997 was associated with offenses related to misuse of computers for the purpose of committing crimes.

Under this act, unauthorized access or modify any program or data contained in a computer is wrong and punishable.

This Act is effective to any crime committed outside of Malaysia even though the offense is committed by a person or from any place outside Malaysia as long as the computer, program or data is located in Malaysia or accessible, connected or used with a computer in Malaysia .

Digital Signature Act 1997Digital Signature Act 1997

Digital Signature Act 1997 is a deed made to give confidence and encourage the public to conduct secure electronic transactions both locally and internationally.

This Act into force on October 1, 1998. Under this act, providing a digital signature verification system to confirm the identity of the sender and verify that the message is sent.

To enable the digital signature is certified, a certificate of authority must be obtained.

Certificates will be sent with a message to confirm the message was correct as sent and received.

Telemedicine Act 1997Telemedicine Act 1997

Telemedicine Act 1997 is an Act of Malaysia for the regulation and control of the practice of telemedicine, and for matters connected therewith.

This Act is one of six cyber laws enacted in Malaysia so far. This Act is not enforceable, and subject to the discretion of the Minister of Health.

Data EncryptionData Encryption

Encryption is the process of converting data (plaintext) into something that appears to be random and meaningless (ciphertext), which is difficult to decode without a secret key.

Encryption is used to provide message confidentiality.

Decryption is the reverse process which is transforming an encrypted message back into normal.

Encipher, decipher, encode, decode is the same word for encryption and decryption.

19

TYPES OF ENCRYPTIONTYPES OF ENCRYPTION

Two main types of encryption: ◦Asymmetric encryption (public-key

encryption)◦Symmetric encryption (secret-key

encryption).Encryption is the method to make sure

that the message didn’t access by illegal person.

20

Figure Encryption with KeysFigure Encryption with Keys

21

Figure: Symmetric Figure: Symmetric EncryptionEncryption

22

Table: Comparing Secret Key and Table: Comparing Secret Key and Public Key EncryptionPublic Key Encryption

Consumer ProfilingConsumer ProfilingCompanies openly collect personal

information about people who surf the Internet.

Many companies also obtain information about Web surfers without their manual input, through the use of cookies.

Cookies are small files that are written to the hard disk by many of the web site that have been visited.

A message given to a Web browser by a Web server and it stores the message in a text file.

COOKIESCOOKIESThe main purpose of cookies is to identify users and

possibly prepare customized Web pages for them. These are tokens that are attached to a user or

program and change depending on the areas entered by the user or program.

For example, online retail sites use cookies to implement shopping charts, which enable you to make selections on shopping activities.

Several Internet and networks, such as DoubleClick, use cookies to track user’s browsing actions across thousands of the most popular Internet sites.

Prepared By: Razif Razali 24

Prepared By: Razif Razali 25

SPAMMINGSPAMMING Spam is the use of electronic messaging systems

(including most broadcast media, digital delivery systems) to send unsolicited bulk messages indiscriminately.

Some people define spam even more generally as any unsolicited e-mail.

However, if a long-lost brother finds your e-mail address and sends you a message, this could hardly be called spam, even though it's unsolicited.

Real spam is generally e-mail advertising for some product sent to a mailing list or newsgroup.

People who create electronic spam are called spammers.

Protecting PrivacyProtecting Privacy

Steps in protecting privacy from the risks of computer technology is awareness of how:◦ Technology works◦ How it’s being used◦ What the risks are?◦ What tools are available?◦ Unwanted uses of personal data.

Advanced Surveillance Advanced Surveillance TechnologyTechnologyAdvance technology:

◦ Thermal imaging devices◦ Surveillance cameras◦ Face recognition

Example:◦ Police can use thermal imaging devices from

outside a house to detect patterns of heat being generated from inside to find a marijuana in the house.

◦ The police department of Tampa, Florida placed 36 security cameras in the town and connected them to a powerful computer loaded with face recognition software.