u10a1 - ethical and legal dilemma in it - turner
Post on 02-Oct-2014
49 Views
Preview:
TRANSCRIPT
Ethical and Legal Dilemmas 1
Ethical and Legal Dilemmas in Home Monitoring and Management Services
Assignment u10a1
Robert "Bob" Turner
TS5336 – Ethical and Legal Considerations in Information Technology
Capella University
December 16, 2011
E-mail: bob_turner@cox.net
Instructor: Mr. Stuart Gold, PhD
Ethical and Legal Dilemmas 2
Ethical and Legal Dilemmas in Home Monitoring and Management Services
The industry that has developed over the last 25 years around the concept of protecting the home
through use of information technology and ensuring privacy by applying information assurance controls is
today a multi-million dollar market force. Unfortunately, there does not appear to be a targeted legal or
ethical framework that serves to regulate this field; which forces practitioners to rely on sorting through
the mass of industry technical standards, building codes and generalized information technology related
laws in order to deliver effective services. This paper presents arguments, for the benefit of students and
professionals in the home security and information technology fields, that highlight the issues and
complexities of law and ethics involved when maintaining privacy comes in conflict with the need for
sharing information necessary to effect proper management of management services and protection of
private homes or offices using information technology based tools and techniques.
Legal and Ethical Use of Information and Technology
From a casual review of articles in the local newspaper, Internet news sites and community specific
weblogs, it is easy to determine that we live in challenging times for the global and national economy.
Daily are the stories of economic suffering within various industries, threats and news of layoffs, legal
conundrums and ethical missteps by leaders in industry, and stories of fraud, waste and privilege abuse.
These conditions impact today’s home technology market as it continues to deliver advanced systems
and software applications for establishing or improving security along with personal productivity and home
management. Included are those applications which serve to better the life of average citizens by
delivering improved physical security, monitoring services, home health care delivery, and management
of food inventory and delivery of entertainment services. Of course, with every Internet based avenue
inward to the home to deliver services there is a corresponding outlet for personal and private information
and activities to be shared with members of the Internet community. The adversary’s work is made much
easier since information leakage is commonplace among supervisory control and data acquisition, or
SCADA, systems which are at the core of home security and management architectures (Nash, 2005).
Loathe as we are for Government intervention, there are situations where the law can assist in shaping
the direction of the industry and drive service and technological innovations we demand as consumers.
Yet for nearly every law written, there is a corresponding and complimentary ethical framework for
Ethical and Legal Dilemmas 3
applying common sense, industry best practices and professional ethics to ensure effective and high
quality services at the best price.
Legal Frameworks
According to the United States Government Accountability Office (2008), Federal policy identifies
eighteen infrastructure sectors that are critical to the nation’s security, economy, public health, and safety,
to include public and private functions such as banking and finance, energy, public health and healthcare,
and telecommunications. Our nation’s reliance on computerized information systems and electronic data
make it essential that the security of these systems and data is maintained (p. 1). Many critical
infrastructure components are owned by the private sector. Effective government protection and
provision of security services carries the imperative that public and private entities work together to
protect these assets. The same partnerships among private industry and government agencies directly
support effective provision of private home security and monitoring services through a framework of
federal laws, regulations, and standards considered essential to the security of privately owned
information technology systems and data. There are over 30 federal laws, regulations, and mandatory
standards that pertain to securing privately owned IT systems and data in our nation’s critical
infrastructure sectors (GAO, 2010, p.2). Among these laws are specific statutes concerning privacy
practices, security service provisions and contractual implications which are useful in constructing state
and local laws to regulate the home monitoring and management services industry.
Privacy considerations. Among the many laws relating to privacy is the Electronic
Communications Privacy Act of 1986, known by the acronym ECPA and discussed in a later section of
this paper. Stemming from the ECPA, our Government has enacted rules governing how agencies are
allowed to handle personal and private information. One specific regulation provides for protection of
information considered as Sensitive Security Information, or SSI, which is codified in 49 U.S.C. 114. SSI
is information obtained or developed in the conduct of security activities; which if disclosed, could
constitute an unwarranted invasion of privacy, or could reveal information which contains trade secrets or
privileged information. The Government imposed specific duties on agents and private citizens such as
taking reasonable steps to safeguard SSI in that person's possession or control from unauthorized
disclosure. The Act also imposes the duty to avoid disclosure to people unless they have a need to
Ethical and Legal Dilemmas 4
know, which can be defined as the requirement to understand pieces of information in the normal
performance of their duties ("Protection of sensitive," 2004). Private concerns have adopted similar
standards in order to have an approach which keeps their corporate interests in mind and serves to shield
them from litigation.
Security considerations. The government’s role and responsibility in computer security relates
primarily to securing federally owned, leased, or operated systems. Federal agencies generally do not
mandate controls for the security of non-government computer systems. However, the federal
government does require certain information held on non-government systems to be protected against
unauthorized access and disclosure (Motef, 2004). As many home computing systems and those held by
private home monitoring and management service providers can potentially contain sensitive Government
information either created by a private entity or that which is inadvertently or deliberately downloaded,
there is a duty imposed to protect the information once discovered.
Contract compliance. Contracts are agreements that are legally enforceable which may involve a
duty to do, or refrain from doing a specific act or obligation. Non-performance of this duty is considered a
breach of contract. The law provides remedies if a promise is breached with the goal to make the
breached party return to their prior position, as if the contract had not been breached, rather than punish
the breaching party (USLegal.com, n.d.). Numerous facets of IT related management within home
security and monitoring are simply the result of contract performance, the parties must rely on specific
language and clauses being standard across the industry.
Ethical Value Systems
The effect of principled behavior strengthens cyber security. By employing Kohlberg’s Theory of
Moral Development and Education and the axioms expressed by Professor Kenneth Laudon, the
information technology professional can develop ethically driven business rules for operating within the
home monitoring and management services industry which set their business apart from those who set
ethics behind profit.
For review, Lawrence Kohlberg (1984) believes moral action flows from a three step process
involving a deontic judgment of what is right, discerning responsibility and then carrying out the decision
(p. 258). Kohlberg (as cited in Wahlberg and Haertel, 1997) understood that moral judgments may be
Ethical and Legal Dilemmas 5
defined as judgments of value, as social judgments, and as judgments that oblige an individual to take
action (p. 57). Thus, a strong moral drive to produce ethically based judgments are divided according to
ones intention to pursue the acts, in some cases, simply deemed as the right thing to do by those
individuals (Chong and Opara, 2009).
Professor Kenneth Laudon (1995) believed that from his study of 2,000 years of writings there
emerged three critical arguments. Phenomenology versus positivism which asks what is good in the
given situation derived from the logic and language of the moment or by observing the real world and
inductively deriving the ethical principles. Rules versus consequences which positions those who believe
good actions result from following the correct and generally accepted rules of behavior based on religion,
intuition and aesthetics; contrasted against those who would rather take action that tend to produce the
best outcome whether results or consequences. The final distinction being a contrast between individuals
and collectivities which focuses on belief systems the locus of moral authority and stresses that belief in
an individual’s power of self-analysis versus community or society consensus could result in moral
relativism based on whatever the group believes is the best rule (p. 34).
Practical Application of Ethical Considerations in Information Technology
The home monitoring and management industry is increasingly dependence on internet connected
services and wireless interconnections to process tremendous volumes of data and to provide real time
monitoring and control of home services which integrate into operations and call centers. Of particular
interest to the ethicist are those systems which provide direct control of safety and security systems, plus
those applications which directly impact life affirming medical services such as real time heart monitors
which report to clinics or emergency responders or fire control systems which sense temperature or
flames and respond with activation of fire suppression and warning systems.
Privacy and Security Practices
In practical application within the information technology industry, these ethical foundations
motivate one employee to report suspicious activity such as the existence of peer-to-peer software, like
BitTorrent or Morpheus, to a supervisor immediately while another employee with similar technical
training would investigate and correct the cause of the suspicious activity without a report.
Ethical and Legal Dilemmas 6
Within the home security monitoring and management services industry, the application of Kohlberg
and Laudon’s theories are found in the amount of personal information coincident to providing the service
that can be gathered on celebrities and public figures; and subsequently revealed to cause damage or
erosion of the image is but one aspect that provides incentives to protect on near equal measure to
incentives to publish. Kohlberg suggests that the individuals continue to change their decision priorities
over time, through education, peer or environmental influences, growing confidence or willingness to take
risks based on experiences along with changes in values of ethical behavior (Chong and Opara, p. 52).
The Right Product at the Right Time for the Right Cost
The ethical dilemma in applying technology to solve problems is that despite what a designer is
comfortable with, or desires to be challenged to achieve, is that the purpose of designing technology is
most often to make it serve a certain function (Albrechtslund, 2007). Within an industry with sales
exceeding $2.1 billion in 2010 with potential to reach more than $3.8 billion by 2016, lighting, home
entertainment, and security systems accounted for nearly 58% of the U.S. home automation market in
2010 (BCC Research, 2011). Those who specialize in technology applied within a private home should
guard against designing a fit for their favorite or most abundantly stocked tool or application; instead they
should apply the available technology or engage in design of new technologies to meet a need or desire
of the customer. Designing solutions to fit a validated requirement provides the opportunity to solve a
problem instead of the opposing search for a problem to fit a tool.
The Effects of Law on the Information Technology Profession
The effects of local and state legal actions, whether through case law or legislation, are far
reaching. In an article by technology columnist Gerald Kohl (2010), the Electronic Security Association’s
Director of Government relations, John Chwat, lamented that state bills in California and New York have a
tendency to be copied by other states in rapid order (p.1). Within the home security and monitoring
industry, the liability of manufacturers, designers, consultants and installation firms could be significant
should an accident or incident result in death or harm to an individual or significant loss of property.
While many contracts include clauses that indemnify manufacturers from installation defects, or exempt
designers and installers from liability associated with manufacturer defects, the seemingly limitless effects
of tort law and crusades by individual legislators often result in greater losses within the industry.
Ethical and Legal Dilemmas 7
Legislation
Experts argue between the ethical basis for establishing laws even when, intuitively, the
responsibility for managing, monitoring and security concerns seem to fall outside the normal arguments
of morality, religion and philosophical systems of ethics (Tavani, 2001, p. 40-43). Other experts assert
that digital environments can be regulated by their technological capabilities and the design choices made
by computer systems engineers. For example, privacy features can be built into computer systems to
guarantee personal data will be processed using fair information practices. These features and policy
rules built within the architectures and designs of information systems can carry the effect of law and are
every bit as important as the rules promulgated by traditional government institutions (Richards, 2006).
State laws, such as New York’s laws relating to home monitoring services, are slowly evolving but
tend to focus the areas of liability, privacy and safety. According to the summary of NY Senate Bill 2074,
terms used in a contract to indemnify or exempt manufacturers, sellers and/or monitors of burglary
protection systems from liability for negligence should not be enforceable and existing contracts with the
indemnification should be voided. The proposed language states that such terms must provide for
recovery of costs associated with the installation, service and maintenance provided by the manufacturer,
seller; including the monitor service (Kohl, 2010). Consumers who do not read the contract carefully are
often victims of not only the incident or accident, but they become victims of the contract as well.
At the Federal level, the lengthy debate leading to passage of the Patient Protection and Affordable
Care Act included discussions by the Senate Committee on Aging. The committee examined the use of
broadband technologies in healthcare, with emphasis on mobile and wireless devices. Committee
members applauded the technologies available for home medical care highlighting an automatic insulin
dispenser that wirelessly communicates adjustments to dosage as the patient's condition changes. The
device then uploads readings to the patient's electronic medical record EMR. Underlying the utility of
such devices is the need for widespread availability of broadband Internet service; with a return on
investment in more robust communications networks reflected in lower Medicare costs (Versel, 2010).
Continued Federal legislation and support for improving broadband Internet technology and infrastructure
for non-standard home management services such as home medical monitoring with heart monitors,
Ethical and Legal Dilemmas 8
insulin delivery systems and other portable medical technologies can significantly influence the direction
of home management systems.
Countries outside of the United States also regulate the services related to home monitoring and
management. Australia’s Private Security Act (2004) requires that country’s Chief Commissioner to
register those in the business of acting as security equipment installers or security consultants
(Australasian Legal Information Institute, 2004, Section 71). South Africa’s government regulates wages
for private security firms engaged in monitoring and responding to alarms at premises which are guarded
by persons or by electronic means (Badenhorst, 2010). Such specificity in legislation is a trend expected
to continue as citizens react to advances in technology which increase access to the home and more
services are offered, further breaching the boundary of privacy within homes and private offices.
Local Law Enforcement and Monitoring Industry Partnerships
Local governments incur costs in responding to false alarms generated by security monitoring
systems with the mechanical controls industry reporting similar cost incurred responding to abnormal
conditions reported to operations centers. Municipalities such as San Rafael, California report costs of
$250,000 per year to respond to false alarms while smaller localities like Hercules, California, Astubula,
Ohio and Kingman, Arizona have instituted fines of between $75 and $200 to offset costs incurred when
police are required to respond to a false alarm (Anonymous, 2006). In George Demarco’s (2004) article
concerning the cost of local government response to false alarms, improvements in the relationship
between law enforcement and the alarm industry has brought a measurable effect on the community
through accurate reporting and adjudication of service calls when home monitoring technology delivers a
false alarm. Noting that properly managed alarm systems provided opportunity cost savings of more than
80 percent in Los Angeles, California and 90 percent in Salt Lake City, Utah (p. 17). As technology
improves and services response stabilizes, monitoring management proves its value in greater measure
than legislation or the effect of case law outcomes.
The Impact of Legislation
The Electronic Communications Privacy Act of 1986, or ECPA, was enacted to extend federal
wiretap laws to new forms of communication and has direct applicability to the home security monitoring
field. The ECPA is based on the privacy rights derived from the protection against unreasonable
Ethical and Legal Dilemmas 9
searches and seizures found in the Fourth Amendment and Congress's power to regulate interstate
commerce granted in Article I of the U.S. Constitution.
Surveillance using wiretaps, pen registers and traps. One facet of the ECPA is the legislation
regulating the practice of conducting surveillance using wiretaps or the less intrusive pen registers and so
called trap and trace devices. As many home security systems communicate with monitoring operations
centers over standard telephone lines, practitioners need to be concerned with the technologies used for
conducting electronic surveillance. Pen registers are electronic devices that record the phone numbers
that you call, while trap & trace devices record the numbers that call you. The Supreme Court decided in
the 1979 case of Smith v. Maryland that because telephone users knowingly exposes phone numbers to
the phone company when they dial them, the Fourth Amendment doesn't protect the privacy of those
numbers against pen trap or trace surveillance by the government. The contents of a telephone
conversation are protected, but not the dialing information (Electronic Frontier Foundation. n.d.).
Likewise, wiretapping is any interception of a telephone transmission via the telephone signal while
electronic eavesdropping is the use of an electronic transmitting or recording device to monitor
conversations without the consent of the parties. It is important to note here that federal law does not
currently regulate silent video communications, such as webcams or other video monitoring without an
audio component (Privacy Rights Clearing House, 2010).
Other aspects of legislation including the Patriot Act. There is little accessible Federal law
speaking directly to the home monitoring and management industry beyond that which is common to all
businesses. Local building codes and regulations vary and generally speak to building construction,
wiring, lighting and sound isolation. Signals traversing the home’s physical and logical
telecommunications boundary can be subject to monitoring under the Providing Appropriate Tools
Required to Intercept and Obstruct Terrorism Act, known as the USA-PATRIOT Act, and the Homeland
Security Act with the legislation providing for government surveillance of private telephone or internet
based communications and to encourage private entities to share information with the government by
alleviating legal liability. The lack of specific legislative intervention could be due to the long-standing
principles of constitutional law and to more recent principles of civil privacy legislation, only with proper
showing on the part of law enforcement should breaches of privacy rules be allowed (Mitrano, 2003).
Ethical and Legal Dilemmas 10
How Case Law Impacts Home Monitoring and Management Services
While specific applications in case law related to private home monitoring services is rare, the
application of wiretap laws were highlighted in a recent case when Pennsylvania's Lower Merion school
district installed remote control anti-theft software on student laptops which enabled the school district to
access the video camera of a stolen laptop and recover an image of the user. The images were used to
determine the identity of the user and take disciplinary action (Andersen, 2010). The United States
Senate’s Judiciary Committee conducted a field hearing in March of 2010 and among the witnesses was
Former Justice Department prosecutor Marc Zwillinger who urged caution with any law change that would
make all silent video communications subject to Wiretap Act rules stating that in an age of webcams,
wireless CCTV cameras, and cell phones that can take video, the law is badly out of date (Zwillinger,
2010, March 29).
Title 18, Part I, Chapter 19 and Section 2510 of the United States Code was codified as the Wiretap
Act. The act bans oral, wire, and electronic communications gathered without consent unless under a
court order. Further defining electronic communications, the Wiretap Act covers any transfer of signs,
signals, writing, images, sounds, data, or intelligence of any nature transmitted in whole or in part by a
wire, radio, electromagnetic, photo electronic or photo optical system (The Wiretap Act, Section
2510(12)). The law also requires that communications have an aural component; so it does not currently
regulate silent video communication. The Senate Judiciary Committee determined at the hearing that
since Lower Merion's actions to include the use of a laptop microphone and therefore were ruled as not
covered by the Wiretap Act. Zwillinger’s (2010) testimony urged caution with any law change that would
make all silent video communications subject to Wiretap Act rules. Zwillinger pointed to other cases
where the public is are comforted by the notion that video surveillance helps keep our children safe. As
stated by Zwillinger, changes in the Wiretap Act could have two chilling effects. First, it would likely make
illegal the array of public and private remote surveillance and security cameras found today at most
ATMs, gas stations, casinos, doorsteps, and light poles and used for a multitude of legitimate purposes
including security, crime fighting, traffic analysis, and scientific observation. Second, it could turn well-
intentioned journalists, security professionals, parents, and scientists into serious criminals (p. 4-5)
Ethical and Legal Dilemmas 11
The extent of coverage for the Wiretap Act is sufficient to provide law enforcement latitude
in conducting legitimate investigations. Additional remedies under the USA-PATRIOT Act provide
the means for conducting legitimate and court authorized and duly warranted surveillance over
suspected criminals. While the conduct of legitimate purchased surveillance and monitoring
service is not currently impacted, the relevant legislative action bears watching.
Routine Outcomes of Civil Proceedings Shapes Case Law
Probably due to the home monitoring and management services industry’s relative youth, most of
the legal evolution in the home monitoring industry has been through establishment of local ordinance
and building codes shaped by subsequent actions involving industry associations and legislatures. Such
actions served to challenge the business aspects instead of setting any overwhelming precedent which
forced specific changes. A majority of case law in the home monitoring industry involves breach of
contract cases such as Peter Arroyo v. Safe Home Security where the plaintiff alleged Safe Home
Security breached of contract arising from an agreement to provide security monitoring services when a
burglary occurred and the installed the security system failed to properly operate with the result that his
business sustained monetary losses. The Trial Judge deemed it a routine case and awarded Arroyo
approximately $8,000 in loss and damage (Weiss, 2002). There continues to be no specific changes in
how home monitoring and management services are delivered having been ordered by the courts.
Organizing Information Technology to Ensure Regulatory Compliance
In general, regulatory compliance is more challenging and complex for corporations because of the
multitude of regulations such as Purchase Card Industry Data Security Standards, known as PCI-DSS,
which offer robust and comprehensive standards and supporting materials for enhancing payment card
data security to include a framework of specifications, tools, measurements and support resources to help
organizations ensure the safe handling of cardholder information at every step (Security Standards
Council, n.d.). The Sarbanes Oxley Act of 2002, amended in 2010 and known as SOX, imposed on
corporate leadership a framework for responsibility and auditor oversight, including prior approval for non-
audit services by the auditor and the disclosure of all non-audit services of the auditor approved by the
committee. Corporate Chief Executives and Financial Officers are now required to certify that their
companies’ annual and quarterly reports as accurate and not misleading, and that they have met their
Ethical and Legal Dilemmas 12
responsibility for evaluating internal controls. Additionally, there has been a ban on new personal loans
by companies to their directors or executives (Lander, 2003). The activities of the Federal Trade
Commission, which has been intensely involved in the Internet privacy debate and has worked with
various parties to examine and learn about privacy issues and has made recommendations to Congress
about new legislation (Swindle, 2002). International Standard 27001-2 provides a model for establishing,
implementing, operating, monitoring, reviewing, maintaining, and improving an Information Security
Management System which can be guided by an organization’s needs and objectives, security
requirements, the processes employed based the size and structure of the organization (The ISO 27001
Directory, 2007).
PCI-DSS, SOX & ISO 27001-2 are prominent among numerous acts and laws imposed according
to a company's location, industry, and countries with which it conducts business. In order to fully
comprehend the complicated demands of some regulations, companies and organizations employ
specialists and consultants and produce special documentation to assist with documenting proper
regulation deployment procedures.
The inefficiencies and complexities of networks and endpoint management are well known, but IT
departments often lack the manpower, budget or resources to address every potential threat on every
endpoint in the network. Despite concerted efforts to establish a sound security policy, IT teams are still
hit hard with security incidents due to a lack of visibility and control. Most organizations understand the
impact of maintaining compliance and some have even developed and deployed unique solutions to
address compliance issues since most commercial solutions fail to provide sufficient protection and
management guarantees needed to tackle threats caused by a the continuing growth of Internet usage
and rapid advancements in consumer technologies. Organizations such as the National Institute of
Standards & Technology and the Center for Internet Security develop and maintain compliance guidelines
to manage and protect valuable information assets (Promisec USA, 2009). The right technology, properly
employed, promotes compliance while serving the customer and ultimately increasing profitability.
Corporate policy compliance may be seen as somewhat easier to define than regulatory compliance
because it is dictated inside a company and not by external bodies. Each organization decides for itself
what employees can and cannot do based on the security risks involved.
Ethical and Legal Dilemmas 13
Conclusions
The principle ethical dilemmas of adhering to a sense of personal privacy and protection of
information used to manage services must be recognized by those companies and agencies involved with
establishing home management and monitoring services. Providers must respect boundaries within a
homeowner’s personal space whether monitoring fire and intrusion detection sensors or providing
surveillance of intruders and for illegal activity. When not in conflict with social contracts found in the law;
the needs of the customer must continue to drive what industry invents, develops and offers in the way of
systems, processes and services. Industry must focus on ethical survival and be prepared to continue
delivering the right service at the right cost with mutually acceptable quality.
Personal and Professional Accountability
It is natural and intuitive that those who own, operate or manage services, systems and technology
within the industry must bring the most reliable and effective products to bear. Since home monitoring
and management systems penetrate the perimeters established by the home’s physical and internet
boundaries, the need to maintain privacy and keep personal information in close hold with security
considerations creates a natural sense of shared responsibility while placing a burden of highly ethical
conduct on the service provider. Data security within the home is the responsibility of the owner or
occupant while the owner’s information under control of the vendors becomes a shared responsibility with
significant liability on the part of the vendor. Using the established law and ethical frameworks discussed
in this paper, home owners and vendors can work to establish the parameters and controls necessary to
shield both parties and to preserve the privacy of the customer in concert with integrity of IT networks,
security appliances, information systems and professional practices of service providers.
Other Elements Promoting Compliance
While not presented as a panacea or the ultimate solution; the future of home monitoring and
management services relies on a business sector willing to work continually improve standards and
practices. Keeping pace means establishing professional practices groups or private organizations which
codify an industry wide code of ethics would provide for better service delivery, training of practitioners,
and finally, professional interest groups can serve as a legislative lobbying and advising body to foster
more reasonable and useful development of law within Federal, State and Local governments.
Ethical and Legal Dilemmas 14
References Albrechtslund, A. (2007). Ethics and technology design. Ethics and Information Technology, 9(1), 63-63.
doi:10.1007/s10676-006-9129-8
Andersen, N. (2010). School laptop spy case prompts wiretap act rethink. Retrieved December 3, 2011
from http://arstechnica.com/tech-policy/news/2010/03/school-laptop-spy-case-prompts-wiretap-act-
rethink.ars
Anonymous, (2006). Alarm ordinance watch. Security Systems News, 9(9), 12-12. Retrieved November
25, 2011 from http://search.proquest.com/docview/225519723?accountid=27965
Australasian Legal Information Institute. (2004). Grant of private security business registration. Retrieved
November 24, 2011 from University of Technology, Sydney website:
http://www.austlii.edu.au/au/legis/vic/consol_act/psa2004217/s71.html
Badenhorst, S. (2010). Amendment of sectoral determination 6: Private security. Retrieved November 24,
2011 from Private Security Industry Regulatory Authority website:
http://www.psira.co.za/joomla/index.php?option=com_content&task=view&id=82&Itemid=37
BCC Research. (2011). Home automation and security technologies, products, and markets. (Report ID
WA6566717). Norwalk, CT: Business Communications Company, Inc
Chong, G., & Opara, E. (2009). Ethical framework for the IT and business professions. Communications
of the IIMA, 9(3), 51-51-62. Retrieved October 29, 2011 from
http://search.proquest.com/docview/858947065?accountid=27965
Electronic Frontier Foundation. (n.d.). Pen registers and trap and trace devices: Less powerful than a wiretap but with much weaker privacy safeguards. Retrieved December 1, 2011 from https://ssd.eff.org/wire/govt/pen-registers
Kohl, G. (2010, April 15). Contract legislation in ny would affect dealers, monitoring firms. Retrieved
November 25, 2011 from http://www.securityinfowatch.com/Dealers/1315733?pageNum=1
Kohlberg, L. (ed.) (1984). Essays on moral development 2: The psychology of moral development. San Francisco, CA: Harper and Row.
Lander, G. (2003). What is sarbanes-oxley? Blacklick, OH: McGraw-Hill Trade. Retrieved December 9,
2011 from http://site.ebrary.com/lib/capella/Doc?id=10065195
Laudon, K. C. (1995). Ethical Concepts and Information Technology. (cover story). Communications Of
The ACM, 38(12), 33-39. Retrieved October 29, 2011 from EBSCO host.
Mitrano, T. (2003). Civil privacy and national security legislation: A three-dimensional view. Retrieved
November 3, 2011 from http://www.educause.edu/EDUCAUSE
Review/EDUCAUSEReviewMagazineVolume38/CivilPrivacyandNationalSecurit/157868
Motef, J. (2004). Computer security: a summary of selected federal laws, executive orders, and presidential directives. Washington, DC, Congressional Research Service, Library of Congress. Retrieved December 10, 2011 from http://www.fas.org/irp/crs/RL32357.pdf
Ethical and Legal Dilemmas 15
Nash, T. (2005). Backdoors and holes in network perimeters: A case study for improving your control system security. Washington, DC; U.S. Dept. of Homeland Security Control System Security Center. Retrieved December 12, 2011 from http://www.us-cert.gov/control_systems/pdf/backdoor0503.pdf
National Archives and Record Administration, (2004). Protection of sensitive security information.
Retrieved December 10, 2011 from Government Printing Office website: http://ecfr.gpoaccess.gov/cgi/t/text/text-idx?c=ecfr&rgn=div5&view=text&node=49:9.1.3.4.8&idno=49
Promisec USA, (2009). How to ensure compliance within an organization. New York, NY: Promisec. Richards, N. (2006). The information privacy law project. Washington, DC; Georgetown University; 94
Geo. L.J. 1087. Security Standards Council. (n.d.). Pci ssc data security standards overview. Retrieved December 9,
2011 from https://www.pcisecuritystandards.org/security_standards/index.php Swindle, O. (2002, June). In O Swindle (Chair). Perspectives on privacy law and enforcement activity in
the united states. Paper presented at Working Party on Information Security and Privacy Paris, OECD, 25-26 June 2002. Paris, France. Retrieved December 10, 2011 from http://www.ftc.gov/speeches/swindle/perspectivesonprivacy.shtm
The ISO 27001 Directory. (n.d.). An introduction to iso 27001 . Retrieved December 9, 2011 from
http://www.27000.org/iso-27001.htm Tavani, H. (2011). Ethics and technology; controversies, questions and strategies for ethical computing.
Hoboken, NJ; John Wiley and Sons, Inc.
USLegal.com. (n.d.). Contract law & legal definition. Retrieved December 10, 2011 from http://definitions.uslegal.com/c/contract-law/
Versel, N. (2010, April 27). Senate panel explores home health monitoring technologies. Retrieved
November 23, 2011 from http://www.fiercemobilehealthcare.com/story/senate-panel-explores-home-health-monitoring-technologies/2010-04-27
Walberg, H. J., & Haertel, G. D. (1997). Psychology and educational practice. McCutchan Publishing
Corporation. Retrieved December 1, 2011 from EBSCO host. Weiss, P. (2002). Peter arroyo v. safe home security (CV000499980S ). Retrieved November 25, 2011
from Superior Court of Connecticut, website: http://www.lexisone.com/lx1/caselaw/freecaselaw?action=OCLGetCaseDetail&format=FULL&sourceID=bdiedc&searchTerm=efXi.Qcda.aadj.ecOG&searchFlag=y&l1loc=FCLOW
Zwillinger, M. (2010, March 29). Statement of Marc J. Zwillinger before the U.S. Senate Committee on
the Judiciary Subcommittee on Crime and Drugs for the hearing on Video Laptop Surveillance: Does Title III Need to Be Updated? Washington, DC: Zwillinger Genetski LLP. Retrieved December 3, 2011 from http://www.judiciary.senate.gov/hearings/testimony.cfm?id=e655f9e2809e5476862f735da15a7ed6&wit_id=e655f9e2809e5476862f735da15a7ed6-1-4
top related