Transcript PRIVACY AND SECURITY

PRIVACY AND SECURITY
MORAL IMPERATIVE OF
PROFESSIONAL ETHICS
MANAGEMENT ISSUES



Security is a matter that has to be decided upon and
dealt with by managers. The management of an
organization must take an active role in setting policies
and creating standards and procedures to be followed by
the users and the administrators of the systems.
The managers must divide the tasks of maintaining the
system among several people in order to prevent one
person from having too much power and control over
the system.
In developing ‘in house’ systems the management must
take steps to create security standards to which all
software developed internally must comply.
INSIDE ORGANIZATIONS
An organization must assess how sensitive and
valuable their information is, and how much
security and assurance they are willing to pay
for.
 The systems that are going to be purchased
must meet these security standards. It is often
possible to install systems with different security
features activated or not. The management
must decide on activating or not activating these
security features.

TROJAN HORSES





Getting under the skin -- implants code that
secretly reads or alters files in an unauthorized
way.
actions range from disastrous “rm *” to
annoying "I want a cookie"
One good way is to write a popular utility
program that everyone will want to use
Prime targets are utilities that have ultimate
privilege (login, passwd, ps, lquota ...)
Viruses may lurk in compilers: viruses may be
planted to detect what program is being
compiled and then add code to the object code
at the suitable time.
VIRUSES
Spreading infection like an epidemic
 They work by sitting with executable (or
macro) files so that the virus part acts
before the original purpose of the
program.
 Difficult to detect because cause and
effect are impossible to fathom when
faced with randomness and long time
delays.

EXORCISING A VIRUS






: How do you get rid of it once you found it?
Recompile all programs that might have been
infected, making sure NOT to execute any of
them
Lots of anti-virus programs availiable
EVIL IS SEDUCTIVE… (Best place to put a virus
is in an anti-virus program...)
Ha! Ha! (we’re cool, no?)
RECALL THE INNER IMPERATIVES OF WHICH
THE CODE OF PROFESSIONAL ETHICS REMIND
WORMS





Consist of several segments, each is a program
running on a separate workstation on the
network which is idle.
If a workstation is shut down, the other
segments reproduce it on another.
Every workstation must be rebooted
simultaneously to eradicate the worm.
HOW TO DEFEND AGAINST SUCH EVIL?
Technical mechanisms cannot limit the
damage done by infiltrators.
DEFENSES
(back to the ethical values…)





Mutual trust between users of a system,
coupled with physical security
Educate Users (install updated virus-check…)
Secrecy -- do not make information available
(doesn’t go well with trust…) RESISTANCE
BRINGS RESISTANCE (The best defense is
not to act defensively…)
BE AWARE OF YOUR POWER and ACT
RESPONSIBLE!
Cultivate a supportive trusting atmosphere!
YOU HAVE THE POWER TO MAKE OR
BREAK OUR WORLD!
PRIVACY








"The right to be left alone"
"One should have control over his/her own
information"
MAIN THREATS OF PRIVACY TODAY
The rapid growth of electronic transactions
The accelerated collection of personal
information
The dramatic increase in the number of
communications carriers and service providers.
The growing use of technically unsecured channel,
such as mobile communication.
LACK OF DIRECTION – LACK OF MORAL
AND ETHICAL VALUES! (AWARENESS)
CATHEGORIES
Confidentiality: The existence of the
communication should be known only by
the parties involved, without disclosure to
a third party.
 Anonymity: The individual's right to
disclose his/her identity in a network.
 Data protection: The collection and use
of personal data.

EXCEPTIONS
(When it is ‘OK’ to trespass privacy)
 Consent
is given by the owner of
the information
 Criminal Investigation (?would
this fit in the Code of Ethics…)
 For the maintenance of the
network (SHOULD CONSENT BE
ASKED FOR IN THIS CASE?...)
PRINCIPLES
OF PERSONAL RECORD KEEPING
There must be no personal data record-keeping systems
whose very existence is secret
 There must be a way for an individual to find out what
information about him/her is in a record and how it is
used
 There must be a way for an individual to prevent
information about him/her that was obtained for one
purpose from being used or made available for other
purposes without his/her consent
 There must be a way for an individual to correct or
amend record of identifiable information about him/her
 Any organization creating, maintaining, using, or
disseminating records of identifiable personal data must
assure the reliability of the data for their intended use
and must take precautions to prevent misuse of the
data.

DATAVEILLANCE
Systematic use of personal data systems in the
investigation or monitoring of the actions or
communications of one or more persons
 SURVEILLANCE
 Systematic investigation or monitoring of the
actions or communications of one or more
persons. Its primary purpose is generally to
collect information about them, their activities,
or their associates.

SURVEILLANCE…
Personal surveillance is the surveillance of an
identified person.
 In general, a specific reason exists for the
investigation or monitoring.
 Mass surveillance is the surveillance of groups
of people, usually large groups.
 In general, the reason for investigation or
monitoring is to identify individuals who belong
to some particular class of interest to the
surveillance organization.

THE ETHICS OF SURVEILLANCE…
Concern about freedom from tyranny is a
trademark of democracy. Surveillance is one
of the elements of tyranny.
 Nevertheless, some classes of people, at least
when they undertake some classes of activity,
are deemed by society to warrant surveillance.
 The computer has been accused of harboring a
potential for increased surveillance of the citizen
by the state, and the consumer by the
corporation
 ? HOW DOES THIS LOOK IN THE CONTEXT
OF THE SHIFT OUR WORLD TOOK AFTER
SEPT. 11

MAIN THREATS …
Dangers of personal dataveillance
 Wrong identification
 Low data quality
 Acontextual use of data
 Low quality decisions
 Lack of subject knowledge of data flows
 Lack of subject consent to data flows
 Blacklisting
 Denial of redemption

DANGERS OF MASS DATAVEILLANCE

To the individual

Acontextual data merger
Complexity and incomprehensibility of data
Witch hunts
Selective advertising
Unknown accusations and accusers




DANGERS OF DATAVEILLANCE…


To society
Prevailing climate of suspicion (threatens TRUST)
 Adversarial relationships
 Focus of law enforcement on easily detectable offenses
 Inequitable application of the law
 Decreased respect for the law (DAMAGES FAITH IN
ETHICS)
 Reduction in meaningfulness of individual actions
 Reduction in self-reliance, self-determination
 Stultification of originality
 Tendency to opt out of the official level of society
 Weakening of society's moral fiber and cohesion
 Destabilization potential for a totalitarian government