Transcript Legal and Ethical Issues

Legal and Ethical Issues
Major Topics
 Protecting Programs and Data
 Information and the Law
 Rights of Employees and
Employers
 Software Failures
 Computer Crime
 Privacy
 Ethical Issues in Computer Security
Relationship to Security
 Relationship of topics discussed to
computer security is not always
clear
 Legal and ethical issues involving
computers are often, not always,
security issues
 Example: Ownership of program
code
Legal Issues
 Laws provide a framework in which
security issues can/must be
addressed
 Constraints
 Things you can’t do
 Requirements
 Things you must do
 Frameworks
 Things you can use
Ethical Issues
 Ethics involves generally accepted
standards of proper behavior
 Ethical principle – “an objectively
defined standard of right and wrong”
 Ethical system – “a set of ethical
principles”
 The United States is an ethically
pluralistic society
Ethical Principles
 Consequence-based: teleology
 Egoism
 Utilitarianism
 Rule-based: deontology
 Rule-deontology
 Personal
 Professional codes of ethics
Law and Ethics
 It is possible for an action to be
legal but not ethical
 It is possible for an action to be
ethical but not legal
 What these actions are depends
upon the ethical and legal systems
used
Law and Security
 Law may specify information that must
be kept confidential
 Medical information: HIPAA
 Student information: FERPA
 Law may specify information that must
be released
 FOIA – Freedom of Information Act –
applies to many government records
Privacy Issues
 Combine legal requirements and
social expectations
 Privacy refers to protection/release
of personal information
 Confidentiality refers to
protection/release of information in
general
Personal Story 1: Medical Privacy
 I went for a medical test for osteoporosis.
 The results were shown to me on a
computer screen also containing results
from other patients.
 Clear violation of HIPAA/other privacy rules
 Not a major problem since I did not
recognize/remember any of the names
seen.
Personal Story 2: Password Disclosure
 I was setting up a computer display in a
database course
 When I signed on to the DB system, my
password was displayed.
 So I changed my password.
 Whose fault?
Mine – I should have checked display.
 DB – It should not have displayed password in
clear.

Personal Story 3: Credit Card Theft
 I received a call from local police that my
credit card had been found in possession of
an apparent credit card thief. (He had lots of
stolen cards.)
 I got a new credit card/number.
 No improper charges were made.
 Whose fault:
Thief – He stole it!
 Mine – I could have kept better track of the card.

Personal Story 4: Another Credit
Card Theft
 I received a notification that I was to be sent a
new AMEX card and did not get it even
though my husband got his.
 AMEX notified me that my card was showing
unusual usage patterns.
 Multiple charges were posted that I had not
made.
 Card apparently stolen from mailbox.
Personal Story 4 (continued)
 AMEX removed improper charges.
 I received a new card.
 I did not receive any information about
eventual outcome of situation.
 Note redundancy in system:
 Mail notification of card issuance.
 Tracking of usage patterns.
Some Privacy Issues
 Identity theft
 Data mining
 Carnivore
 Passport
 Anonymity
 Computer voting
 E.U. Data Protection Act (personal data)
 Gramm-Leach-Bliley (financial information)
 HIPAA (health information)
Some Privacy Laws
 US Privacy Act
 US Electronic Communications Privacy Act
 US Patriot Act
Software Ownership
Protecting information about
software
Possible protection mechanisms:
 Trade
secret
 Copyright (DMCA)
 Patent
Trade Secret
 Confidential business information
 Must be kept secret
 Coke formula
 Diebold code for DREs
 Trade secrets may be lost
 Independent discovery
 Reverse engineering
Copyright
 Protect expressions of ideas
 But
not the ideas themselves
 Limited time period
 Programs may be copyrighted
 DMCA – Digital Millennium Copyright Act
 Copy protection mechanisms
 Sony-BMG XCP
Patents
 Patents protect inventions
 Novel
 Nonobvious
 Computer programs
 Patents allowed since 1981
 Controversial
 Almost 40 years of prior art
Who Owns Software?
 The developer
 Company?
 Individual?
 Considerations
 Employment contract
 Work for hire
 Relationship to employment
 License
Criminal vs. Civil Law
 Criminal law – actions against the
state
 Statutes
 Civil law – actions against
individuals/other private entities
 Precedents
 Contract law – actions in violation of a
contract
How are Computer Crimes
Different from Other Crimes?
Unfamiliarity of criminal justice
system with computers and
computer terminology
Need to deal with intangible and
easily copied property
International Issues
 Laws are different in different
countries.
 Computer networks are international.
 Who has “jurisdiction” over a
computer crime?
 Can software/data be effectively
excluded?
 Privacy
concerns
 Cryptography