chapter 2 -lec 2 .pdf

Full Transcript

Computer Ethics : A Gift of Fire
5th edition

Sara Baase
Lecture 2
Privacy and cybersecurity
Part 1
Modified and presented by
Marwa Al-Hadi
Plan during semester
L1 Chapter 1: Unwrapping the Gift
L2,3 Chapter 2: Privacy
L4,5 Chapter 3: Freedom of Speech
L6 Mid term exam
L7,8 Chapter 4: Intellectual Property
L9,10 Chapter 5: Crimes
L11,12 Chapter 9: Professional Ethics and Responsibilities

2
 What We Will Cover

▪ Privacy and Computer Technology

▪ The Fourth Amendment-change-,

▪ Expectation of Privacy, and Surveillance Technologies

▪ The Business and Social Sectors

3
 What We Will Cover

▪ Government Systems
▪ Protecting Privacy:
▪ Technology, Markets, Rights, and Laws

▪ Communications

4
Privacy and Computer Technology
Key Aspects of Privacy:
▪ Freedom from intrusion (being left alone)
▪ Control of information about oneself
▪ Freedom from surveillance
▪ (being tracked,
▪ followed,
▪ watched)

5
 Privacy Risks & Principles
Privacy threats come in several categories:
1. Intentional, institutional uses of personal
information
2. Unauthorized use or release by “insiders”
3. Theft of information
4. Inadvertent leakage of information
5. Our own actions

6
Technology creates Risk
New Technology, New Risks:
1. Government and private databases
2. Sophisticated tools for surveillance and data analysis
3. Vulnerability- weakness - of data

7
Invisible Information Gathering
▪ collection of personal information about someone
without the person’s knowledge
▪ Google tracking searches

8
Secondary Use of Info
▪ use of personal information for a purpose
other than the one it was provided for
▪ Consider a site that might sell your info

9
Sensor Device Capture
▪ Tracking Location
▪ Gathering sensor data –video, audio, more

10
 Video Surveillance & Face recognition
Security cameras
1. Increased security
2. Decreased privacy

Police in Tampa, Florida, scanned the faces of all 100,000 fans and employees who
entered the 2001 Super Bowl (causing some reporters to dub it Snooper Bowl) to
search for criminals. People were not told that their faces were scanned.

11
Video Surveillance & Face recognition
Some cities have increased their camera surveillance

programs, while others gave up their systems because

they did not significantly reduce crime. (Some favor

better lighting and more police patrols – low tech and

less invasive of privacy.)

12
Video Surveillance & Face recognition
England was the first country to set up a large
number (millions) of cameras in public places to deter
crime. A study by a British university found a number of
abuses by operators of surveillance cameras, including
collecting salacious footage and showing it to
colleagues.

13
In Canada

14
Video from mobile?

15
Data Mining
▪ searching and analyzing masses of data to find
patterns and develop new information or
knowledge

▪ Computer matching - combining and
comparing information from different databases
(using social security number, for example, to
match records)

16
The results of always being connected
▪ Anything we do in cyberspace is recorded.
▪ Huge amounts of data are stored.
▪ People are not aware of collection of data.
▪ Software is complex.

17
▪Does it
really
matter a
little info
is
collected?

18
 Does it really matter a little info is collected?
▪ A collection of small
items can provide a
detailed picture.
▪ Re-identification has
become much easier
due to the quantity of
information and power
of data search and
analysis tools.
▪ If information is on a
public Web site, it is
available to everyone.

19
Information around a LONG time…implications

▪ Government can request sensitive personal data
held by businesses or organizations.

▪ We cannot directly protect information about
ourselves. We depend upon businesses and
organizations to protect it.

20
Computer Matching & Profiling
▪ Computer profiling –
Analyzing data to determine
characteristics of people most
likely to engage in a certain
behavior.

21
Crime & Privacy : Stolen data
▪ Hackers

▪ Physical theft (laptops, thumb-drives, etc.)

▪ Requesting information under false pretenses

▪ Bribery of employees who have access

▪ Identity theft - this is a “kind” of privacy attack that has
serious impacts.

22
Data and Viewpoints

23
Types of Data
Do we treat privacy
differently
for different types of
data?

24
Free Market View
▪ Freedom of consumers to make voluntary agreements
▪ Diversity of individual tastes and values
▪ Response of the market to consumer preferences
▪ Usefulness of contracts

25
Consumer Protection Viewpoint
▪ Consumer Protection View
– Uses of personal information
– Costly and disruptive results of errors in databases
– Ease with which personal information leaks out
– Consumers need protection from their own lack of
knowledge, judgment, or interest

26
Law and Privacy

27
US 4th Amendment
The right of the people to be secure in their person, houses, papers,
and effects, against unreasonable searches and seizures, shall not be
violated, and no Warrants shall issue, but upon probable cause,
supported by Oath or affirmation, and particularly describing the
place to be searched, and the persons or things to be seized.

—4th Amendment, U.S. Constitution

28
4th amendment ---What it means
▪ Sets limits on government’s rights to search our
homes and businesses and seize documents and
other personal effects. Requires government
provide probable cause.

29
4th amendment ---What it means
▪ Two key problems arise from new technologies:
– Much of our personal information is no longer safe in our
homes; it resides in huge databases outside our control.
– New technologies allow the government to search our
homes without entering them and search our persons
from a distance without our knowledge.

30
Supreme Court Decisions & Expectation of Privacy

▪ Olmstead v. United States (1928)
– Supreme Court allowed the use of monitors telephone
lines without a court order.
– Interpreted the Fourth Amendment to apply only to
physical intrusion and only to the search or seizure of
material things, not conversations.

31
Wiretapping & Email Protection

▪ Telephone

▪ 1934 Communications Act illegal interception of messages

▪ 1968 Omnibus Crime Control and Safe Streets Act

allowed wiretapping and electronic surveillance by law-

enforcement (with court order)

32
Wiretapping & Email Protection
▪ Email and other new communications

▪ Electronic Communications Privacy Act of 1986
(ECPA) extended the 1968 wiretapping laws to
include electronic communications, restricts
government access to email

33
CALEA= Communications Assistance
for Law Enforcement Act

– Passed in 1994
– Requires telecommunications equipment be designed to
ensure that the government can intercept telephone calls
(with a court order or other authorization).
– Rules and requirements written by Federal
Communications Commission (FCC)

34
FISA = Foreign Intelligence Surveillance Act
▪ The National Security Agency (NSA)
(FISA) established oversight rules for the NSA
– Secret access to communications records

35
Regulations on Industry –an example HIPPA
▪ The Medical Field is regulated by the government
passed “Health Insurance Portability and Accountability
Act (HIPAA)”
▪ Regulates who has access to medical records/info.

36
 National ID Systems
▪ Social Security Numbers
– Too widely used
– Easy to falsify

▪ new proposals require citizenship, employment,
health, tax, financial, or other data
▪ In many proposals, the cards would also access a
variety of databases for additional information.

37
 Government banning exportation of encryption technology

▪ Government ban on
export of strong
encryption software in
the 1990s
(removed in 2000)

38
Right to be forgotten
▪ Electronic Frontier Foundation
– leading nonprofit defending digital privacy, free
speech, and innovation.

▪ The right to have material removed.
– negative right (a liberty)
– positive right (a claim right)

39
Theories of Rights
Judith Jarvis Thomson, "The Right to Privacy," Philosophy &

Public Affairs, 4.4 (1975): 295. Discusses problems with Warren and

Brandeis publication.

▪ First, it appears to be too broad. This means that it counts as violations of

privacy things that intuitively are not. As Judith Thomson observes:

▪ If I hit Jones on the head with a brick I have not let him alone. Yet, while

hitting Jones on the head with a brick is surely violating some right of

Jones's, doing it should surely not turn out to violate his right to privacy.

Else, where is this to end? Is every violation of a right a violation of the right

to privacy?
40
41

41