Ethics For The Information Age: Chapter 5 - Privacy II

William H. Bowers whb108@psu.
edu
Ethics for the
Information Age
Chapter 5 Privacy II
William H. Bowers whb108@psu.edu
Topics
US Legislation Authorizing Wiretapping
Electronic Communications Privacy Act
Communications Assistance for Law
Enforcement Act
USA PATRIOT ACT
Responses to PATRIOT ACT
Follow-On Legislation
Topics (cont)
Data Mining
Marketplace: Households
IRS Audits
Syndromic Surveillance System
Total Information Awareness
Who Owns Transaction Information?
Topics (cont)
Identity Theft
History and Role of SSAN
Debate over a National ID Card
Encryption
Digital Cash
US Legislation Authorizing
Wiretapping
Title III Omnibus Crime Control and
Safe Streets Act of 1968
Enacted during height of Vietnam war
Concern over violent anti-war
demonstrations
Allows phone tap for up to 30 days
with a court order
Electronic Communications
Privacy Act
http://www.usiia.org/legis/ecpa.html
Enacted in 1986
Pen register displays number for
each outgoing call
Trap and trace displays phone
number of each incoming call
Requires court order
Electronic Communications
Privacy Act
Does not require probable cause
Court approval is virtually automatic
Allows roving wiretaps
Communications Assistance for
Law Enforcement Act
http://assembler.law.cornell.edu/uscode/ht
ml/uscode18/usc_sup_01_18_10_I_20_119.
html
1994 also known as Digital Telephony Act
Addresses digital phone networks
Requires phone company equipment to
allow tracing, listening to phone calls
Law Enforcement Act
Provides for email interception
Leaves details about type of
information undefined
FBI requested ability to intercept digits
entered after connection was made
Credit card, bank numbers
ID numbers
PIN codes
Law Enforcement Act
1999 FCC issues guidelines
(http://www.askcalea.net/docs/fcc992
30.pdf)
http://www.askcalea.net
Requires carriers to provide:
Content of subject initiated call
Law Enforcement Act
Requires carriers to provide:
Content of subject initiated call
Party hold, drop or join on conference
calls
Subject initiated dialing and signaling
information
In-band and out of band signaling
Timing information
USA PATRIOT ACT
Uniting and Strengthening America by
Providing Appropriate Tools Required to
Intercept and Obstruct Terrorism Act of
2001
http://thomas.loc.gov/cgi-
bin/query/D?c107:4:./temp/~c107fEmBJW::
Enacted in response to 11 September 2001
attacks
Amended more than 15 existing laws
USA PATRIOT ACT
Four principal categories
Greater communication monitoring
authority for federal LEO and intelligence
Increased authority for Secretary of the
Treasury to regulate banks to prevent
money laundering
USA PATRIOT ACT
Four principal categories
Making it more difficult for terrorists to
enter the US
Defining new crimes and penalties for
terrorist activity
Increased Monitoring
Allows for using internet to track email
addresses and URLs
Does not require probable cause
Requires warrant
Extends jurisdiction of court approval
Allows for national search warrants
Broadens roving surveillance
Previously required law enforcement
purpose and demonstration that the
subject used the device to be
monitored
Now allowed for intelligence
Does not require reporting back to the
court
Allows for intercepting computer based
communication without warrant if
Access to computer was illegal
Computer owner gives permission
Allows search without warrant if there is
reasonable belief that providing notice of
warrant may have an adverse affect
Allows seizure of property if it constitutes
evidence of a criminal offense even if not
terror related
Makes it easier for FBI to obtain warrant for
medical, educational, library, religious
organization records
No need to show probable cause
Only requires statement of support of
ongoing investigation
Illegal for record provider to
Reveal existence of warrant
Tell anyone that they provided
information
Prohibits FBI from investigating
citizens solely on basis of First
Amendment activities
Concern over unrestricted power
Concerns over circumvention of First
and Fourth Amendments
FBI and NSA previously used illegal
wiretaps to investigate unpopular
political organizations
May inhibit exercise of First
Amendment rights
LEOs can monitor internet surfing
without warrant
Roving surveillance warrants do not
require description of place to be
searched
Allows for limited search and seizure
without warrants
Domestic Security Enhancement Act of
2003
http://www.publicintegrity.org/dtaweb/do
wnloads/Story_01_020703_Doc_1.pdf
Allows expatriation of citizens convicted
of giving material support to terrorist
organization
Require names on suspected terrorist lists
to be kept secret
2003
Allow wide use of administrative
subpoenas
Makes it easier for police to access credit
records
Allows collection of DNA samples from
suspected terrorists
2003
Creation of national DNA database
Wiretaps and email interception allowed
for 15 days without warrant
Data Mining
Searching one or more databases for
patterns or relationships
Can combine facts from multiple
transactions
Secondary use of primary data
Primary use of Amazon customer
information is process an order
Secondary use is to promote relationship
Data Mining
Information about customers is
becoming a product in itself
Allows more narrow focusing of
marketing efforts
Suppose EZPass sells individual
records without ID information
Records can be purchased by credit
card company
Data Mining
Transactions can be matched between
toll record and credit card charge
based on time, date, location and
amount
Credit card company can now identify
card holders who drive many miles
Now that list can be sold to car dealers
Marketplace: Households
Developed by Lotus
Produced on CD
Cost of $8 million
Information on 120 million people
Contained personal information such as
household income
Dropped after over 30,000 consumer
complaints
IRS Audits
Matches individual reported income
with employer provided information
Generates discriminant function (DIF)
score based on number of
irregularities on tax return
Syndromic Surveillance System
New York City
Analyzes more than 50,000 pieces of
information per day
911 calls, ER visits, prescription drug
purchases
Purpose is to identify onset of
epidemics
Total Information Awareness
Proposed by DARPA Information Awareness
Office
Would capture individuals information
signature
Financial
Medical
Communication
Travel
Video images
Criticism of the TIA Program
ACM protested that it will generate
more harm than benefits
Huge privacy and security risks of
maintaining such a database
Database would become target of
criminals and terrorists
Access by tens of thousands of
administrators, LEO, intelligence
personnel poses great security risk
Increased risk of identity theft
Citizens could not challenge or correct
secret databases
May hurt US corporate
competitiveness
Potential for false positive ID
May alter innocent individual behavior
Who Owns Transaction
Information?
Purchaser
Seller
Opt-In (preferred by privacy advocates)
Opt-Out (preferred by direct marketing
organizations)
World Wide Web Consortium Platform for
Privacy Preferences http://www.w3.org/P3P
Identity Theft
Misuse of another persons identifying
information
Largest problem in US is credit card
theft
Exacerbated by ease of opening new
accounts
About 86,000 US victims in 2001
Identity Theft
Individual loss limited to $50 if
reported promptly
Real cost is in time to clean up records
Defined as crime in relatively few
states
ID theft usually leads to other criminal
activities
Identity Theft
Dumpster diving
Shoulder surfing
Skimmers
Online phishing
Social Security Act of 1935
Prohibited use of SSAN outside of the Social
Security Administration
Prohibited for use as national ID number
1943 FDR ordered use of SSAN in federal
databases
1961 began use by IRS
Collected by banks and credit card
companies for interest payment
reporting
Approved for use by state agencies in
1976
Required to list children 1 year and
older as dependent on tax return
Problems with SSANs
Rarely checked by organizations
No error detecting capabilities such as
CRC
Proponents
More controllable than multiple state
drivers licenses, employee / student ID,
etc
Make it more difficult for illegal entry to
US
Makes it easier for police to positively
identify people
Used by many other countries
Opponents
Does not guarantee accuracy
Biometric systems not infallible
No evidence it would reduce crime
Makes government tracking of individuals
easier
Inaccurate national records harder to
correct
Encryption
Protects communications even if
intercepted
Symmetric encryption
Sender and user use the same key
Requires secure key transmission
Requires too many keys to be useful
Encryption
Asymmetric encryption
Developed by Diffie and Hellman in 1976
Public / Private Key
Security is directly related to key length
Keys are mathematically related
Not able to compute one from the other
in a useful period of time
Encryption
Pretty Good Privacy
1991 Senate Bill 266 required back door
for government decryption of personal
communications
Illegal to export encryption programs
PGP originally distributed as source code
Encryption
Clipper Chip
1992 AT&T wanted to market telephone
encryption device
FBI and NSA suggested NSAs technology
instead
US government would maintain Clipper
keys
March 1993 Approved by President
Clinton
Encryption
Clipper Chip
Two federal agencies would maintain keys
Law enforcement
Intelligence
No penalty for improper key release
80% of public disapproved
Administration changed course in February 1994
and suggested use rather than mandating it
Encryption Export Restrictions
Forced software vendors to have two
versions, internal and export
Or just have one with weak encryption
Reduced international competitiveness
1999, 2000 two federal appeals courts
ruled ban was violation of free speech
Export restrictions dropped
Digital Cash
Relies on public/private keys
Signed by banks public key on
issuance
Done without identifying purchaser
Must prevent copying
Can be used as easily as MAC cards
without privacy concerns
Questions & Discussion

Ethics For The Information Age: Chapter 5 - Privacy II

Încărcat de

Informații document

Descriere originală:

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Ethics For The Information Age: Chapter 5 - Privacy II

Încărcat de

Drepturi de autor:

Formate disponibile

William H. Bowers whb108@psu.

S-ar putea să vă placă și