Add to collection(s) Add to saved
  1. Arts & Humanities
  2. Communications
  3. Marketing

Ethics for the Information Age - Chapter 5

advertisement 
Ethics for the
Information Age
Chapter 5 – Privacy II
William H. Bowers – whb108@psu.edu
Topics






US Legislation Authorizing Wiretapping
Electronic Communications Privacy Act
Communications Assistance for Law
Enforcement Act
USA PATRIOT ACT
Responses to PATRIOT ACT
Follow-On Legislation
William H. Bowers – whb108@psu.edu
Topics (cont)






Data Mining
Marketplace: Households
IRS Audits
Syndromic Surveillance System
Total Information Awareness
Who Owns Transaction Information?
William H. Bowers – whb108@psu.edu
Topics (cont)





Identity Theft
History and Role of SSAN
Debate over a National ID Card
Encryption
Digital Cash
William H. Bowers – whb108@psu.edu
US Legislation Authorizing
Wiretapping




Title III Omnibus Crime Control and
Safe Streets Act of 1968
Enacted during height of Vietnam war
Concern over violent anti-war
demonstrations
Allows phone tap for up to 30 days
with a court order
William H. Bowers – whb108@psu.edu
Electronic Communications
Privacy Act





http://www.usiia.org/legis/ecpa.html
Enacted in 1986
Pen register – displays number for
each outgoing call
Trap and trace – displays phone
number of each incoming call
Requires court order
William H. Bowers – whb108@psu.edu
Electronic Communications
Privacy Act



Does not require probable cause
Court approval is virtually automatic
Allows roving wiretaps
William H. Bowers – whb108@psu.edu
Communications Assistance for
Law Enforcement Act




http://assembler.law.cornell.edu/uscode/htm
l/uscode18/usc_sup_01_18_10_I_20_119.ht
ml
1994 – also known as Digital Telephony Act
Addresses digital phone networks
Requires phone company equipment to
allow tracing, listening to phone calls
William H. Bowers – whb108@psu.edu
Communications Assistance for
Law Enforcement Act



Provides for email interception
Leaves details about type of
information undefined
FBI requested ability to intercept digits
entered after connection was made
– Credit card, bank numbers
– ID numbers
– PIN codes
William H. Bowers – whb108@psu.edu
Communications Assistance for
Law Enforcement Act



1999 FCC issues guidelines
(http://www.askcalea.net/docs/fcc992
30.pdf)
http://www.askcalea.net
Requires carriers to provide:
– Content of subject initiated call
William H. Bowers – whb108@psu.edu
Communications Assistance for
Law Enforcement Act

Requires carriers to provide:
– Content of subject initiated call
– Party hold, drop or join on conference
calls
– Subject initiated dialing and signaling
information
– In-band and out of band signaling
– Timing information
William H. Bowers – whb108@psu.edu
USA PATRIOT ACT




Uniting and Strengthening America by
Providing Appropriate Tools Required to
Intercept and Obstruct Terrorism Act of
2001
http://thomas.loc.gov/cgibin/query/D?c107:4:./temp/~c107fEmBJW::
Enacted in response to 11 September 2001
attacks
Amended more than 15 existing laws
William H. Bowers – whb108@psu.edu
USA PATRIOT ACT

Four principal categories
– Greater communication monitoring
authority for federal LEO and intelligence
– Increased authority for Secretary of the
Treasury to regulate banks to prevent
money laundering
William H. Bowers – whb108@psu.edu
USA PATRIOT ACT

Four principal categories
– Making it more difficult for terrorists to
enter the US
– Defining new crimes and penalties for
terrorist activity
William H. Bowers – whb108@psu.edu
Increased Monitoring





Allows for using internet to track email
addresses and URLs
Does not require probable cause
Requires warrant
Extends jurisdiction of court approval
Allows for national search warrants
William H. Bowers – whb108@psu.edu
Increased Monitoring




Broadens roving surveillance
Previously required law enforcement
purpose and demonstration that the
subject used the device to be
monitored
Now allowed for intelligence
Does not require reporting back to the
court
William H. Bowers – whb108@psu.edu
Increased Monitoring

Allows for intercepting computer based
communication without warrant if
– Access to computer was illegal
– Computer owner gives permission

Allows search without warrant if there is
“reasonable” belief that providing notice of
warrant may have an “adverse affect”
William H. Bowers – whb108@psu.edu
Increased Monitoring




Allows seizure of property if it “constitutes
evidence of a criminal offense” even if not
terror related
Makes it easier for FBI to obtain warrant for
medical, educational, library, religious
organization records
No need to show probable cause
Only requires statement of support of
ongoing investigation
William H. Bowers – whb108@psu.edu
Increased Monitoring

Illegal for record provider to
– Reveal existence of warrant
– Tell anyone that they provided
information

Prohibits FBI from investigating
citizens solely on basis of First
Amendment activities
William H. Bowers – whb108@psu.edu
Responses to PATRIOT ACT




Concern over unrestricted power
Concerns over circumvention of First
and Fourth Amendments
FBI and NSA previously used illegal
wiretaps to investigate unpopular
political organizations
May inhibit exercise of First
Amendment rights
William H. Bowers – whb108@psu.edu
Responses to PATRIOT ACT



LEO’s can monitor internet surfing
without warrant
Roving surveillance warrants do not
require description of place to be
searched
Allows for limited search and seizure
without warrants
William H. Bowers – whb108@psu.edu
Follow-On Legislation

Domestic Security Enhancement Act of
2003
– http://www.publicintegrity.org/dtaweb/do
wnloads/Story_01_020703_Doc_1.pdf
– Allows expatriation of citizens convicted
of giving material support to terrorist
organization
– Require names on suspected terrorist lists
to be kept secret
William H. Bowers – whb108@psu.edu
Follow-On Legislation

Domestic Security Enhancement Act of
2003
– Allow wide use of administrative
subpoenas
– Makes it easier for police to access credit
records
– Allows collection of DNA samples from
suspected terrorists
William H. Bowers – whb108@psu.edu
Follow-On Legislation

Domestic Security Enhancement Act of
2003
– Creation of national DNA database
– Wiretaps and email interception allowed
for 15 days without warrant
William H. Bowers – whb108@psu.edu
Data Mining



Searching one or more databases for
patterns or relationships
Can combine facts from multiple
transactions
Secondary use of primary data
– Primary use of Amazon customer
information is process an order
– Secondary use is to promote relationship
William H. Bowers – whb108@psu.edu
Data Mining




Information about customers is
becoming a product in itself
Allows more narrow focusing of
marketing efforts
Suppose EZPass sells individual
records without ID information
Records can be purchased by credit
card company
William H. Bowers – whb108@psu.edu
Data Mining



Transactions can be matched between
toll record and credit card charge
based on time, date, location and
amount
Credit card company can now identify
card holders who drive many miles
Now that list can be sold to car dealers
William H. Bowers – whb108@psu.edu
Marketplace: Households






Developed by Lotus
Produced on CD
Cost of $8 million
Information on 120 million people
Contained personal information such as
household income
Dropped after over 30,000 consumer
complaints
William H. Bowers – whb108@psu.edu
IRS Audits


Matches individual reported income
with employer provided information
Generates discriminant function (DIF)
score based on number of
irregularities on tax return
William H. Bowers – whb108@psu.edu
Syndromic Surveillance System


New York City
Analyzes more than 50,000 pieces of
information per day
– 911 calls, ER visits, prescription drug
purchases

Purpose is to identify onset of
epidemics
William H. Bowers – whb108@psu.edu
Total Information Awareness


Proposed by DARPA Information Awareness
Office
Would capture individual’s “information
signature”
–
–
–
–
–
Financial
Medical
Communication
Travel
Video images
William H. Bowers – whb108@psu.edu
Criticism of the TIA Program



ACM protested that it will generate
more harm than benefits
Huge privacy and security risks of
maintaining such a database
Database would become target of
criminals and terrorists
William H. Bowers – whb108@psu.edu
Criticism of the TIA Program




Access by tens of thousands of
administrators, LEO, intelligence
personnel poses great security risk
Increased risk of identity theft
Citizens could not challenge or correct
secret databases
May hurt US corporate
competitiveness
William H. Bowers – whb108@psu.edu
Criticism of the TIA Program


Potential for false positive ID
May alter innocent individual behavior
William H. Bowers – whb108@psu.edu
Who Owns Transaction
Information?





Purchaser
Seller
Opt-In (preferred by privacy advocates)
Opt-Out (preferred by direct marketing
organizations)
World Wide Web Consortium Platform for
Privacy Preferences http://www.w3.org/P3P
William H. Bowers – whb108@psu.edu
Identity Theft




Misuse of another person’s identifying
information
Largest problem in US is credit card
theft
Exacerbated by ease of opening new
accounts
About 86,000 US victims in 2001
William H. Bowers – whb108@psu.edu
Identity Theft




Individual loss limited to $50 if
reported promptly
Real cost is in time to clean up records
Defined as crime in relatively few
states
ID theft usually leads to other criminal
activities
William H. Bowers – whb108@psu.edu
Identity Theft




Dumpster diving
Shoulder surfing
Skimmers
Online phishing
William H. Bowers – whb108@psu.edu
History and Role of SSAN





Social Security Act of 1935
Prohibited use of SSAN outside of the Social
Security Administration
Prohibited for use as national ID number
1943 FDR ordered use of SSAN in federal
databases
1961 began use by IRS
William H. Bowers – whb108@psu.edu
History and Role of SSAN



Collected by banks and credit card
companies for interest payment
reporting
Approved for use by state agencies in
1976
Required to list children 1 year and
older as dependent on tax return
William H. Bowers – whb108@psu.edu
Problems with SSANs


Rarely checked by organizations
No error detecting capabilities such as
CRC
William H. Bowers – whb108@psu.edu
Debate over a National ID Card

Proponents
– More controllable than multiple state
driver’s licenses, employee / student ID,
etc
– Make it more difficult for illegal entry to
US
– Makes it easier for police to positively
identify people
– Used by many other countries
William H. Bowers – whb108@psu.edu
Debate over a National ID Card

Opponents
– Does not guarantee accuracy
– Biometric systems not infallible
– No evidence it would reduce crime
– Makes government tracking of individuals
easier
– Inaccurate national records harder to
correct
William H. Bowers – whb108@psu.edu
Encryption


Protects communications even if
intercepted
Symmetric encryption
– Sender and user use the same key
– Requires secure key transmission
– Requires too many keys to be useful
William H. Bowers – whb108@psu.edu
Encryption

Asymmetric encryption
– Developed by Diffie and Hellman in 1976
– Public / Private Key
– Security is directly related to key length
– Keys are mathematically related
– Not able to compute one from the other
in a useful period of time
William H. Bowers – whb108@psu.edu
Encryption

Pretty Good Privacy
– 1991 – Senate Bill 266 required back door
for government decryption of personal
communications
– Illegal to export encryption programs
– PGP originally distributed as source code
William H. Bowers – whb108@psu.edu
Encryption

Clipper Chip
– 1992 AT&T wanted to market telephone
encryption device
– FBI and NSA suggested NSA’s technology
instead
– US government would maintain Clipper
keys
– March 1993 – Approved by President
Clinton
William H. Bowers – whb108@psu.edu
Encryption

Clipper Chip
– Two federal agencies would maintain keys


Law enforcement
Intelligence
– No penalty for improper key release
– 80% of public disapproved
– Administration changed course in February 1994
and suggested use rather than mandating it
William H. Bowers – whb108@psu.edu
Encryption Export Restrictions





Forced software vendors to have two
versions, internal and export
Or just have one with weak encryption
Reduced international competitiveness
1999, 2000 two federal appeals courts
ruled ban was violation of free speech
Export restrictions dropped
William H. Bowers – whb108@psu.edu
Digital Cash





Relies on public/private keys
Signed by bank’s public key on
issuance
Done without identifying purchaser
Must prevent copying
Can be used as easily as MAC cards
without privacy concerns
William H. Bowers – whb108@psu.edu
Questions & Discussion
William H. Bowers – whb108@psu.edu
Related documents
Menus: The Pedagogic Vector
Menus: The Pedagogic Vector
Innovating Organization, Husbanding Knowledge
Innovating Organization, Husbanding Knowledge
Reflections_of_Nursing_Informatics
Reflections_of_Nursing_Informatics
Swipe Card Access
Swipe Card Access
The Social Life of Information - Chapter 7
The Social Life of Information - Chapter 7
32” darfon psu ( 1200057003 / 1200057004 / 1200054938)
32” darfon psu ( 1200057003 / 1200057004 / 1200054938)
Download
advertisement