PRIVACY AND SECURITY
Download
Report
Transcript PRIVACY AND SECURITY
PRIVACY AND SECURITY
MORAL IMPERATIVE OF
PROFESSIONAL ETHICS
MANAGEMENT ISSUES
Security is a matter that has to be decided upon and
dealt with by managers. The management of an
organization must take an active role in setting policies
and creating standards and procedures to be followed by
the users and the administrators of the systems.
The managers must divide the tasks of maintaining the
system among several people in order to prevent one
person from having too much power and control over
the system.
In developing ‘in house’ systems the management must
take steps to create security standards to which all
software developed internally must comply.
INSIDE ORGANIZATIONS
An organization must assess how sensitive and
valuable their information is, and how much
security and assurance they are willing to pay
for.
The systems that are going to be purchased
must meet these security standards. It is often
possible to install systems with different security
features activated or not. The management
must decide on activating or not activating these
security features.
TROJAN HORSES
Getting under the skin -- implants code that
secretly reads or alters files in an unauthorized
way.
actions range from disastrous “rm *” to
annoying "I want a cookie"
One good way is to write a popular utility
program that everyone will want to use
Prime targets are utilities that have ultimate
privilege (login, passwd, ps, lquota ...)
Viruses may lurk in compilers: viruses may be
planted to detect what program is being
compiled and then add code to the object code
at the suitable time.
VIRUSES
Spreading infection like an epidemic
They work by sitting with executable (or
macro) files so that the virus part acts
before the original purpose of the
program.
Difficult to detect because cause and
effect are impossible to fathom when
faced with randomness and long time
delays.
EXORCISING A VIRUS
: How do you get rid of it once you found it?
Recompile all programs that might have been
infected, making sure NOT to execute any of
them
Lots of anti-virus programs availiable
EVIL IS SEDUCTIVE… (Best place to put a virus
is in an anti-virus program...)
Ha! Ha! (we’re cool, no?)
RECALL THE INNER IMPERATIVES OF WHICH
THE CODE OF PROFESSIONAL ETHICS REMIND
WORMS
Consist of several segments, each is a program
running on a separate workstation on the
network which is idle.
If a workstation is shut down, the other
segments reproduce it on another.
Every workstation must be rebooted
simultaneously to eradicate the worm.
HOW TO DEFEND AGAINST SUCH EVIL?
Technical mechanisms cannot limit the
damage done by infiltrators.
DEFENSES
(back to the ethical values…)
Mutual trust between users of a system,
coupled with physical security
Educate Users (install updated virus-check…)
Secrecy -- do not make information available
(doesn’t go well with trust…) RESISTANCE
BRINGS RESISTANCE (The best defense is
not to act defensively…)
BE AWARE OF YOUR POWER and ACT
RESPONSIBLE!
Cultivate a supportive trusting atmosphere!
YOU HAVE THE POWER TO MAKE OR
BREAK OUR WORLD!
PRIVACY
"The right to be left alone"
"One should have control over his/her own
information"
MAIN THREATS OF PRIVACY TODAY
The rapid growth of electronic transactions
The accelerated collection of personal
information
The dramatic increase in the number of
communications carriers and service providers.
The growing use of technically unsecured channel,
such as mobile communication.
LACK OF DIRECTION – LACK OF MORAL
AND ETHICAL VALUES! (AWARENESS)
CATHEGORIES
Confidentiality: The existence of the
communication should be known only by
the parties involved, without disclosure to
a third party.
Anonymity: The individual's right to
disclose his/her identity in a network.
Data protection: The collection and use
of personal data.
EXCEPTIONS
(When it is ‘OK’ to trespass privacy)
Consent
is given by the owner of
the information
Criminal Investigation (?would
this fit in the Code of Ethics…)
For the maintenance of the
network (SHOULD CONSENT BE
ASKED FOR IN THIS CASE?...)
PRINCIPLES
OF PERSONAL RECORD KEEPING
There must be no personal data record-keeping systems
whose very existence is secret
There must be a way for an individual to find out what
information about him/her is in a record and how it is
used
There must be a way for an individual to prevent
information about him/her that was obtained for one
purpose from being used or made available for other
purposes without his/her consent
There must be a way for an individual to correct or
amend record of identifiable information about him/her
Any organization creating, maintaining, using, or
disseminating records of identifiable personal data must
assure the reliability of the data for their intended use
and must take precautions to prevent misuse of the
data.
DATAVEILLANCE
Systematic use of personal data systems in the
investigation or monitoring of the actions or
communications of one or more persons
SURVEILLANCE
Systematic investigation or monitoring of the
actions or communications of one or more
persons. Its primary purpose is generally to
collect information about them, their activities,
or their associates.
SURVEILLANCE…
Personal surveillance is the surveillance of an
identified person.
In general, a specific reason exists for the
investigation or monitoring.
Mass surveillance is the surveillance of groups
of people, usually large groups.
In general, the reason for investigation or
monitoring is to identify individuals who belong
to some particular class of interest to the
surveillance organization.
THE ETHICS OF SURVEILLANCE…
Concern about freedom from tyranny is a
trademark of democracy. Surveillance is one
of the elements of tyranny.
Nevertheless, some classes of people, at least
when they undertake some classes of activity,
are deemed by society to warrant surveillance.
The computer has been accused of harboring a
potential for increased surveillance of the citizen
by the state, and the consumer by the
corporation
? HOW DOES THIS LOOK IN THE CONTEXT
OF THE SHIFT OUR WORLD TOOK AFTER
SEPT. 11
MAIN THREATS …
Dangers of personal dataveillance
Wrong identification
Low data quality
Acontextual use of data
Low quality decisions
Lack of subject knowledge of data flows
Lack of subject consent to data flows
Blacklisting
Denial of redemption
DANGERS OF MASS DATAVEILLANCE
To the individual
Acontextual data merger
Complexity and incomprehensibility of data
Witch hunts
Selective advertising
Unknown accusations and accusers
DANGERS OF DATAVEILLANCE…
To society
Prevailing climate of suspicion (threatens TRUST)
Adversarial relationships
Focus of law enforcement on easily detectable offenses
Inequitable application of the law
Decreased respect for the law (DAMAGES FAITH IN
ETHICS)
Reduction in meaningfulness of individual actions
Reduction in self-reliance, self-determination
Stultification of originality
Tendency to opt out of the official level of society
Weakening of society's moral fiber and cohesion
Destabilization potential for a totalitarian government