Presentation is loading. Please wait.

Presentation is loading. Please wait.

The illusion of privacy and protection … Legal, Privacy, Ethical Issues Barbara Endicott-Popovsky INFO498.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "The illusion of privacy and protection … Legal, Privacy, Ethical Issues Barbara Endicott-Popovsky INFO498."— Presentation transcript:

1 The illusion of privacy and protection … Legal, Privacy, Ethical Issues Barbara Endicott-Popovsky INFO498

2 Agenda  I.The Basic Issues  II. The Law  III. Privacy  IV.Ethical Issues  V. Remedies

3 The Basic Issues Source: Laudon and Laudon. Management Information Systems, 6 th ed. New Jersey, Informatio n Technolog y and Systems Ethical Issues Political Issues Social Issues Information Rights and Obligations Property Rights and Obligations Accountability and Control Systems Quality Quality of Life Individual Society Polity

4 The Law

5 The Legal Structure: Criminal vs. Civil Law Criminal Law Civil Law Defined byStatutesContracts Common law Cases brought by Government Individuals Companies Wronged Party SocietyIndividuals Companies RemedyJail, fine Damages, usually monetary

6 The Legal View of Information  As an object Not depletable Can be replicated Has minimal marginal cost Value is often time dependent Can be transferred intangibly  Legal issues Information commerce Electronic publishing Protecting data in DB e-Commerce Source: Pfleeger & Pfleeger

7 Complexity of the Legal Issues Tap the keyboard Read the screen? Monitor emissions? Scan the hard drive? Trojan program? Tap communications? Is the data stored? Encrypted? Routed? Has the recipient read it? Stored it? Deleted it? Recovery possible? Who owns the system? Who “gives consent”?

8 Protecting Intellectual Property (IP)  Copyrights—works of the mind Intellectual Property Digital Millennium Copyright Act  Patents—tangible objects  Trade Secrets—competitive edge info Source: Pfleeger & Pfleeger

9 Comparing Copyright, Patent and Trade Secret Protection CopyrightPatentTrade Secret Protects Expression of idea, not idea itself Invention—way something works A secret, competitive advantage Protected Object Made Public Yes, intention is to promote pub. Design filed at Patent Office No Requirement to Distribute YesNo Ease of filingVery easy, do-it- yourself Very complicated; specialist lawyer suggested No filing Duration Individual’s life + 70 years 19 yearsIndefinite Legal Protection Sue if unauthorized copy sold Sue if invention copied Sue if secret stolen Source: Pfleeger & Pfleeger

10 IP Rights of Employees/Employers  Ownership of Products  Ownership of a Patent  Ownership of a Copyright  Work for Hire  Licenses  Trade Secret Protection  Employment Contracts Source: Pfleeger & Pfleeger

11 Product Liability  Selling correct software  Reporting software flaws Vendor interests User interests Responsible vulnerability reporting Quality Software Source: Pfleeger & Pfleeger

12 Cryptography Restrictions  Controls on export  Controls on use  Free speech issues  Key escrow issues

13 Computer Crime  Rules of Property  Rules of Evidence  Threats to Integrity and Confidentiality  Value of Data  Acceptance of Computer Terminology  Hard to Define  Hard to Prosecute US Computer Fraud and Abuse Act US Economic Espionage Act US Electronic Funds Transfer Act US Freedom of Information Act US Privacy Act US Electronic Communications Privacy Act USA Patriot Act

14 Computer Crime (cont’d.)  International EU Data Protection Act Restricted Content Cryptography Use  Criminals are hard to catch  Law is not precise

15 Emergence of Computer Forensics  Technology  Law Enforcement  Individual and Societal Rights  Judiciary  …

16 Privacy

17 Threats to Privacy  Identity Theft  Aggregation and Data Mining  Poor System Security  Government Threats  The Internet  Privacy vs. Security Concerns  Corporate Rights and Private Business  Privacy for Sale  Controls Authentication Anonymity Computer Voting Pseudonymity The Law—EU Protection Act, HIPAA, Graham-Leach-Bailey Source: Pfleeger & Pfleeger

18 Examples  Buying and selling confidential information from Social Security files.  Browsing IRS files.  Buying and selling bank account name lists.  : A Princeton University student stole ~1800 credit card numbers, customer names, and user passwords from an e-commerce site. House Ways and Means Committee, 102nd Congress, 1992. 10., Washington Post, S. Barr, 2 Aug. 1993 (4) Freeh, Testimoney 2000

19

20 Skimming – from ABC.com

21 The FTC Suggests…  Contact the 3 major credit agencies –Check credit –Put “stop” on unapproved new cards –Issue “fraud alert”  Close all accounts –Open new ones w/o mother’s maiden name (use password)  File report in the appropriate jurisdiction  Keep copies of those records –… and now there’s an ID Theft Affidavit, too

22

23 Ethics

24 Ethical Issues  Law vs. Ethics  Ethics vs. Religion Universality ?? Pluralism ??  Ethical Approaches Consequence-based—i.e. utilitarianism Rules-based—deontology Source: Pfleeger & Pfleeger

25 Codes of Ethics  IEEE  ACM  Computer Ethics Institute  10 Commandments of Computer Use Brookings Institute Source: Pfleeger & Pfleeger

26 Remedies

27 Current Business Environment  Legislation is beginning to shape corporate and personal liability. –HIPAA –Gramm-Leach-Bliley –Sarbanes-Oxley –21 CFR part 11 –California Senate Bill 1386

28 HIPAA  Health Insurance Portability and Accountability Act  Noncompliance = fines  Deliberate noncompliance = fines and imprisonment  Doctors hate compliance

29 Gramm-Leach-Bliley  “Interagency Guidelines Establishing Standards for Safeguarding Customer Information”  Identify reasonably foreseeable internal and external threats  Assess the likelihood and potential damage of these threats  Assess the sufficiency of policies, procedures, etc…

30 Sarbanes-Oxley  Increases regulatory visibility and accountability for public companies  Holds CEOs and CFOs personally responsible for accuracy  “Management Assessment of Internal Controls”  ISO 17799 – encryption and digital signatures recommended  Why is this a security thing? (hint: lifetime imprisonment)

31 21 CFR part 11  FDA guidelines on encryption and digital signatures  Integrity of audit trails  Non-repudiation for sign-off  Drug performance liability

32 California Senate Bill 1386 “Any business or agency that uses a computer to store confidential personal information about a California resident, must immediately notify that individual, upon discovering any breach to the computer system on which this information is stored. Failure to notify the individual(s) could subject the business/agency to civil damages and lawsuits.” Failure to deal with these risks could trigger violations of Sarbanes-Oxley.

33 Where is all this going?  Government regs never decrease  Universal definitions of “standard of care”  Computer/Electronic security seen as a differentiator  E-risk will be significant for insurance profile  Opportunities !!!

34 Less Ad Hoc, More Discipline  "Security will be approached not from a bottom-up approach, but rather from a top- down, business-driven philosophy based on risk assessment, policy analysis and then, and only then, technical application," Placer says.  "The days of simply doing a vulnerability scan analysis of hardware will be replaced by a comprehensive analysis for procedural security weaknesses with regards to a company's business practices." Cost/Benefit

Download ppt "The illusion of privacy and protection … Legal, Privacy, Ethical Issues Barbara Endicott-Popovsky INFO498."

Similar presentations

IT Security Policy Framework

IT Security Policy Framework
Ethics, Privacy and Information Security

Ethics, Privacy and Information Security
Confidentiality and HIPAA

Confidentiality and HIPAA
Massachusetts privacy law and your business  Jonathan Gossels, President, SystemExperts Corporation  Moderator: Illena Armstrong  Actual Topic: Intersecting.

Massachusetts privacy law and your business  Jonathan Gossels, President, SystemExperts Corporation  Moderator: Illena Armstrong  Actual Topic: Intersecting.
Deter, Detect, Defend: The FTC’s Program on Identity Theft.

Deter, Detect, Defend: The FTC’s Program on Identity Theft.
Presented by: Dan Landsberg August 12, 2011. Agenda  What is Social Media?  Social Media’s Professional Side  Benefits of Social Media  Regulatory.

Presented by: Dan Landsberg August 12, Agenda  What is Social Media?  Social Media’s Professional Side  Benefits of Social Media  Regulatory.
Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Legal, Regulations, Compliance and Investigations.

Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Legal, Regulations, Compliance and Investigations.
Security Controls – What Works

Security Controls – What Works
Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.
CS 5950 Computer Security and Information Assurance Section 7: Legal, Privacy, and Ethical Issues in Computer Security Dr. Leszek Lilien Department of.

CS 5950 Computer Security and Information Assurance Section 7: Legal, Privacy, and Ethical Issues in Computer Security Dr. Leszek Lilien Department of.
1 McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved. Ethical Challenges Ethics Principles of right and wrong that.

1 McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved. Ethical Challenges Ethics Principles of right and wrong that.
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.

Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.
Information Technology for the Health Professions, 2/e By Lillian Burke and Barbara Weill ©2005 Pearson Education, Inc. Pearson Prentice Hall Upper Saddle.

Information Technology for the Health Professions, 2/e By Lillian Burke and Barbara Weill ©2005 Pearson Education, Inc. Pearson Prentice Hall Upper Saddle.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Chapter 9 – Legal, Privacy, and Ethical Issues in Computer Security  Program and data protection by patents, copyrights, and trademarks  Computer Crime.

Chapter 9 – Legal, Privacy, and Ethical Issues in Computer Security  Program and data protection by patents, copyrights, and trademarks  Computer Crime.
ETHICS, POLICY & SECURITY ISSUES 1CIIT---ETHICS,POLICY AND SECURITY ISSUES.

ETHICS, POLICY & SECURITY ISSUES 1CIIT---ETHICS,POLICY AND SECURITY ISSUES.
K. Salah1 Legal, Privacy, & Ethical Issues. K. Salah2 Overview Human Controls Applicable to Computer Security The Basic Issues Computer Crime Privacy.

K. Salah1 Legal, Privacy, & Ethical Issues. K. Salah2 Overview Human Controls Applicable to Computer Security The Basic Issues Computer Crime Privacy.
12.1 © 2007 by Prentice Hall 12 Chapter Ethical and Social Issues in Information Systems.

12.1 © 2007 by Prentice Hall 12 Chapter Ethical and Social Issues in Information Systems.
12.1 © 2007 by Prentice Hall 12 Chapter Ethical and Social Issues in Information Systems.

12.1 © 2007 by Prentice Hall 12 Chapter Ethical and Social Issues in Information Systems.
General Awareness Training

General Awareness Training

Similar presentations

Ads by Google