1 / 51

Ethics for the Information Age

Ethics for the Information Age. Chapter 5 – Privacy II. Topics. US Legislation Authorizing Wiretapping Electronic Communications Privacy Act Communications Assistance for Law Enforcement Act USA PATRIOT ACT Responses to PATRIOT ACT Follow-On Legislation. Topics (cont). Data Mining

cara-hayes
Download Presentation

Ethics for the Information Age

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Ethics for theInformation Age Chapter 5 – Privacy II William H. Bowers – whb108@psu.edu

  2. Topics • US Legislation Authorizing Wiretapping • Electronic Communications Privacy Act • Communications Assistance for Law Enforcement Act • USA PATRIOT ACT • Responses to PATRIOT ACT • Follow-On Legislation William H. Bowers – whb108@psu.edu

  3. Topics (cont) • Data Mining • Marketplace: Households • IRS Audits • Syndromic Surveillance System • Total Information Awareness • Who Owns Transaction Information? William H. Bowers – whb108@psu.edu

  4. Topics (cont) • Identity Theft • History and Role of SSAN • Debate over a National ID Card • Encryption • Digital Cash William H. Bowers – whb108@psu.edu

  5. US Legislation Authorizing Wiretapping • Title III Omnibus Crime Control and Safe Streets Act of 1968 • Enacted during height of Vietnam war • Concern over violent anti-war demonstrations • Allows phone tap for up to 30 days with a court order William H. Bowers – whb108@psu.edu

  6. Electronic Communications Privacy Act • http://www.usiia.org/legis/ecpa.html • Enacted in 1986 • Pen register – displays number for each outgoing call • Trap and trace – displays phone number of each incoming call • Requires court order William H. Bowers – whb108@psu.edu

  7. Electronic Communications Privacy Act • Does not require probable cause • Court approval is virtually automatic • Allows roving wiretaps William H. Bowers – whb108@psu.edu

  8. Communications Assistance for Law Enforcement Act • http://assembler.law.cornell.edu/uscode/html/uscode18/usc_sup_01_18_10_I_20_119.html • 1994 – also known as Digital Telephony Act • Addresses digital phone networks • Requires phone company equipment to allow tracing, listening to phone calls William H. Bowers – whb108@psu.edu

  9. Communications Assistance for Law Enforcement Act • Provides for email interception • Leaves details about type of information undefined • FBI requested ability to intercept digits entered after connection was made • Credit card, bank numbers • ID numbers • PIN codes William H. Bowers – whb108@psu.edu

  10. Communications Assistance for Law Enforcement Act • 1999 FCC issues guidelines (http://www.askcalea.net/docs/fcc99230.pdf) • http://www.askcalea.net • Requires carriers to provide: • Content of subject initiated call William H. Bowers – whb108@psu.edu

  11. Communications Assistance for Law Enforcement Act • Requires carriers to provide: • Content of subject initiated call • Party hold, drop or join on conference calls • Subject initiated dialing and signaling information • In-band and out of band signaling • Timing information William H. Bowers – whb108@psu.edu

  12. USA PATRIOT ACT • Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 • http://thomas.loc.gov/cgi-bin/query/D?c107:4:./temp/~c107fEmBJW:: • Enacted in response to 11 September 2001 attacks • Amended more than 15 existing laws William H. Bowers – whb108@psu.edu

  13. USA PATRIOT ACT • Four principal categories • Greater communication monitoring authority for federal LEO and intelligence • Increased authority for Secretary of the Treasury to regulate banks to prevent money laundering William H. Bowers – whb108@psu.edu

  14. USA PATRIOT ACT • Four principal categories • Making it more difficult for terrorists to enter the US • Defining new crimes and penalties for terrorist activity William H. Bowers – whb108@psu.edu

  15. Increased Monitoring • Allows for using internet to track email addresses and URLs • Does not require probable cause • Requires warrant • Extends jurisdiction of court approval • Allows for national search warrants William H. Bowers – whb108@psu.edu

  16. Increased Monitoring • Broadens roving surveillance • Previously required law enforcement purpose and demonstration that the subject used the device to be monitored • Now allowed for intelligence • Does not require reporting back to the court William H. Bowers – whb108@psu.edu

  17. Increased Monitoring • Allows for intercepting computer based communication without warrant if • Access to computer was illegal • Computer owner gives permission • Allows search without warrant if there is “reasonable” belief that providing notice of warrant may have an “adverse affect” William H. Bowers – whb108@psu.edu

  18. Increased Monitoring • Allows seizure of property if it “constitutes evidence of a criminal offense” even if not terror related • Makes it easier for FBI to obtain warrant for medical, educational, library, religious organization records • No need to show probable cause • Only requires statement of support of ongoing investigation William H. Bowers – whb108@psu.edu

  19. Increased Monitoring • Illegal for record provider to • Reveal existence of warrant • Tell anyone that they provided information • Prohibits FBI from investigating citizens solely on basis of First Amendment activities William H. Bowers – whb108@psu.edu

  20. Responses to PATRIOT ACT • Concern over unrestricted power • Concerns over circumvention of First and Fourth Amendments • FBI and NSA previously used illegal wiretaps to investigate unpopular political organizations • May inhibit exercise of First Amendment rights William H. Bowers – whb108@psu.edu

  21. Responses to PATRIOT ACT • LEO’s can monitor internet surfing without warrant • Roving surveillance warrants do not require description of place to be searched • Allows for limited search and seizure without warrants William H. Bowers – whb108@psu.edu

  22. Follow-On Legislation • Domestic Security Enhancement Act of 2003 • http://www.publicintegrity.org/dtaweb/downloads/Story_01_020703_Doc_1.pdf • Allows expatriation of citizens convicted of giving material support to terrorist organization • Require names on suspected terrorist lists to be kept secret William H. Bowers – whb108@psu.edu

  23. Follow-On Legislation • Domestic Security Enhancement Act of 2003 • Allow wide use of administrative subpoenas • Makes it easier for police to access credit records • Allows collection of DNA samples from suspected terrorists William H. Bowers – whb108@psu.edu

  24. Follow-On Legislation • Domestic Security Enhancement Act of 2003 • Creation of national DNA database • Wiretaps and email interception allowed for 15 days without warrant William H. Bowers – whb108@psu.edu

  25. Data Mining • Searching one or more databases for patterns or relationships • Can combine facts from multiple transactions • Secondary use of primary data • Primary use of Amazon customer information is process an order • Secondary use is to promote relationship William H. Bowers – whb108@psu.edu

  26. Data Mining • Information about customers is becoming a product in itself • Allows more narrow focusing of marketing efforts • Suppose EZPass sells individual records without ID information • Records can be purchased by credit card company William H. Bowers – whb108@psu.edu

  27. Data Mining • Transactions can be matched between toll record and credit card charge based on time, date, location and amount • Credit card company can now identify card holders who drive many miles • Now that list can be sold to car dealers William H. Bowers – whb108@psu.edu

  28. Marketplace: Households • Developed by Lotus • Produced on CD • Cost of $8 million • Information on 120 million people • Contained personal information such as household income • Dropped after over 30,000 consumer complaints William H. Bowers – whb108@psu.edu

  29. IRS Audits • Matches individual reported income with employer provided information • Generates discriminant function (DIF) score based on number of irregularities on tax return William H. Bowers – whb108@psu.edu

  30. Syndromic Surveillance System • New York City • Analyzes more than 50,000 pieces of information per day • 911 calls, ER visits, prescription drug purchases • Purpose is to identify onset of epidemics William H. Bowers – whb108@psu.edu

  31. Total Information Awareness • Proposed by DARPA Information Awareness Office • Would capture individual’s “information signature” • Financial • Medical • Communication • Travel • Video images William H. Bowers – whb108@psu.edu

  32. Criticism of the TIA Program • ACM protested that it will generate more harm than benefits • Huge privacy and security risks of maintaining such a database • Database would become target of criminals and terrorists William H. Bowers – whb108@psu.edu

  33. Criticism of the TIA Program • Access by tens of thousands of administrators, LEO, intelligence personnel poses great security risk • Increased risk of identity theft • Citizens could not challenge or correct secret databases • May hurt US corporate competitiveness William H. Bowers – whb108@psu.edu

  34. Criticism of the TIA Program • Potential for false positive ID • May alter innocent individual behavior William H. Bowers – whb108@psu.edu

  35. Who Owns Transaction Information? • Purchaser • Seller • Opt-In (preferred by privacy advocates) • Opt-Out (preferred by direct marketing organizations) • World Wide Web Consortium Platform for Privacy Preferences http://www.w3.org/P3P William H. Bowers – whb108@psu.edu

  36. Identity Theft • Misuse of another person’s identifying information • Largest problem in US is credit card theft • Exacerbated by ease of opening new accounts • About 86,000 US victims in 2001 William H. Bowers – whb108@psu.edu

  37. Identity Theft • Individual loss limited to $50 if reported promptly • Real cost is in time to clean up records • Defined as crime in relatively few states • ID theft usually leads to other criminal activities William H. Bowers – whb108@psu.edu

  38. Identity Theft • Dumpster diving • Shoulder surfing • Skimmers • Online phishing William H. Bowers – whb108@psu.edu

  39. History and Role of SSAN • Social Security Act of 1935 • Prohibited use of SSAN outside of the Social Security Administration • Prohibited for use as national ID number • 1943 FDR ordered use of SSAN in federal databases • 1961 began use by IRS William H. Bowers – whb108@psu.edu

  40. History and Role of SSAN • Collected by banks and credit card companies for interest payment reporting • Approved for use by state agencies in 1976 • Required to list children 1 year and older as dependent on tax return William H. Bowers – whb108@psu.edu

  41. Problems with SSANs • Rarely checked by organizations • No error detecting capabilities such as CRC William H. Bowers – whb108@psu.edu

  42. Debate over a National ID Card • Proponents • More controllable than multiple state driver’s licenses, employee / student ID, etc • Make it more difficult for illegal entry to US • Makes it easier for police to positively identify people • Used by many other countries William H. Bowers – whb108@psu.edu

  43. Debate over a National ID Card • Opponents • Does not guarantee accuracy • Biometric systems not infallible • No evidence it would reduce crime • Makes government tracking of individuals easier • Inaccurate national records harder to correct William H. Bowers – whb108@psu.edu

  44. Encryption • Protects communications even if intercepted • Symmetric encryption • Sender and user use the same key • Requires secure key transmission • Requires too many keys to be useful William H. Bowers – whb108@psu.edu

  45. Encryption • Asymmetric encryption • Developed by Diffie and Hellman in 1976 • Public / Private Key • Security is directly related to key length • Keys are mathematically related • Not able to compute one from the other in a useful period of time William H. Bowers – whb108@psu.edu

  46. Encryption • Pretty Good Privacy • 1991 – Senate Bill 266 required back door for government decryption of personal communications • Illegal to export encryption programs • PGP originally distributed as source code William H. Bowers – whb108@psu.edu

  47. Encryption • Clipper Chip • 1992 AT&T wanted to market telephone encryption device • FBI and NSA suggested NSA’s technology instead • US government would maintain Clipper keys • March 1993 – Approved by President Clinton William H. Bowers – whb108@psu.edu

  48. Encryption • Clipper Chip • Two federal agencies would maintain keys • Law enforcement • Intelligence • No penalty for improper key release • 80% of public disapproved • Administration changed course in February 1994 and suggested use rather than mandating it William H. Bowers – whb108@psu.edu

  49. Encryption Export Restrictions • Forced software vendors to have two versions, internal and export • Or just have one with weak encryption • Reduced international competitiveness • 1999, 2000 two federal appeals courts ruled ban was violation of free speech • Export restrictions dropped William H. Bowers – whb108@psu.edu

  50. Digital Cash • Relies on public/private keys • Signed by bank’s public key on issuance • Done without identifying purchaser • Must prevent copying • Can be used as easily as MAC cards without privacy concerns William H. Bowers – whb108@psu.edu

More Related