PRIVACY AND SECURITY MORAL IMPERATIVE OF PROFESSIONAL ETHICS
MANAGEMENT ISSUES • Security is a matter that has to be decided upon and dealt with by managers. The management of an organization must take an active role in setting policies and creating standards and procedures to be followed by the users and the administrators of the systems. • The managers must divide the tasks of maintaining the system among several people in order to prevent one person from having too much power and control over the system. • In developing ‘in house’ systems the management must take steps to create security standards to which all software developed internally must comply.
INSIDE ORGANIZATIONS • An organization must assess how sensitive and valuable their information is, and how much security and assurance they are willing to pay for. • The systems that are going to be purchased must meet these security standards. It is often possible to install systems with different security features activated or not. The management must decide on activating or not activating these security features.
TROJAN HORSES • Getting under the skin -- implants code that secretly reads or alters files in an unauthorized way. • actions range from disastrous “rm *” to annoying "I want a cookie" • One good way is to write a popular utility program that everyone will want to use • Prime targets are utilities that have ultimate privilege (login, passwd, ps, lquota ...) • Viruses may lurk in compilers: viruses may be planted to detect what program is being compiled and then add code to the object code at the suitable time.
VIRUSES • Spreading infection like an epidemic • They work by sitting with executable (or macro) files so that the virus part acts before the original purpose of the program. • Difficult to detect because cause and effect are impossible to fathom when faced with randomness and long time delays.
EXORCISING A VIRUS • : How do you get rid of it once you found it? • Recompile all programs that might have been infected, making sure NOT to execute any of them • Lots of anti-virus programs availiable • EVIL IS SEDUCTIVE… (Best place to put a virus is in an anti-virus program...) • Ha! Ha! (we’re cool, no?) • RECALL THE INNER IMPERATIVES OF WHICH THE CODE OF PROFESSIONAL ETHICS REMIND
WORMS • Consist of several segments, each is a program running on a separate workstation on the network which is idle. • If a workstation is shut down, the other segments reproduce it on another. • Every workstation must be rebooted simultaneously to eradicate the worm. • HOW TO DEFEND AGAINST SUCH EVIL? • Technical mechanisms cannot limit the damage done by infiltrators.
DEFENSES(back to the ethical values…) • Mutual trust between users of a system, coupled with physical security • Educate Users (install updated virus-check…) • Secrecy -- do not make information available (doesn’t go well with trust…) RESISTANCE BRINGS RESISTANCE (The best defense is not to act defensively…) • BE AWARE OF YOUR POWER and ACT RESPONSIBLE! • Cultivate a supportive trusting atmosphere! YOU HAVE THE POWER TO MAKE OR BREAK OUR WORLD!
PRIVACY • "The right to be left alone" • "One should have control over his/her own information" • MAIN THREATS OF PRIVACY TODAY • The rapid growth of electronic transactions • The accelerated collection of personal information • The dramatic increase in the number of communications carriers and service providers. • The growing use of technically unsecured channel, such as mobile communication. • LACK OF DIRECTION – LACK OF MORAL AND ETHICAL VALUES! (AWARENESS)
CATHEGORIES • Confidentiality: The existence of the communication should be known only by the parties involved, without disclosure to a third party. • Anonymity: The individual's right to disclose his/her identity in a network. • Data protection: The collection and use of personal data.
EXCEPTIONS(When it is ‘OK’ to trespass privacy) • Consent is given by the owner of the information • Criminal Investigation (?would this fit in the Code of Ethics…) • For the maintenance of the network (SHOULD CONSENT BE ASKED FOR IN THIS CASE?...)
PRINCIPLES OF PERSONAL RECORD KEEPING • There must be no personal data record-keeping systems whose very existence is secret • There must be a way for an individual to find out what information about him/her is in a record and how it is used • There must be a way for an individual to prevent information about him/her that was obtained for one purpose from being used or made available for other purposes without his/her consent • There must be a way for an individual to correct or amend record of identifiable information about him/her • Any organization creating, maintaining, using, or disseminating records of identifiable personal data must assure the reliability of the data for their intended use and must take precautions to prevent misuse of the data.
DATAVEILLANCE • Systematic use of personal data systems in the investigation or monitoring of the actions or communications of one or more persons • SURVEILLANCE • Systematic investigation or monitoring of the actions or communications of one or more persons. Its primary purpose is generally to collect information about them, their activities, or their associates.
SURVEILLANCE… • Personal surveillance is the surveillance of an identified person. • In general, a specific reason exists for the investigation or monitoring. • Mass surveillance is the surveillance of groups of people, usuallylarge groups. • In general, the reason for investigation or monitoring is to identify individuals who belong to some particular class of interest to the surveillance organization.
THE ETHICS OF SURVEILLANCE… • Concern about freedom from tyranny is a trademark of democracy. Surveillance is one of the elements of tyranny. • Nevertheless, some classes of people, at least when they undertake some classes of activity, are deemed by society to warrant surveillance. • The computer has been accused of harboring a potential for increased surveillance of the citizen by the state, and the consumer by the corporation • ? HOW DOES THIS LOOK IN THE CONTEXT OF THE SHIFT OUR WORLD TOOK AFTER SEPT. 11
MAIN THREATS … • Dangers of personal dataveillance • Wrong identification • Low data quality • Acontextual use of data • Low quality decisions • Lack of subject knowledge of data flows • Lack of subject consent to data flows • Blacklisting • Denial of redemption
DANGERS OF MASS DATAVEILLANCE • To the individual • Acontextual data merger • Complexity and incomprehensibility of data • Witch hunts • Selective advertising • Unknown accusations and accusers
DANGERS OF DATAVEILLANCE… • To society • Prevailing climate of suspicion (threatens TRUST) • Adversarial relationships • Focus of law enforcement on easily detectable offenses • Inequitable application of the law • Decreased respect for the law (DAMAGES FAITH IN ETHICS) • Reduction in meaningfulness of individual actions • Reduction in self-reliance, self-determination • Stultification of originality • Tendency to opt out of the official level of society • Weakening of society's moral fiber and cohesion • Destabilization potential for a totalitarian government