Lecture 4 - Privacy

CS 101Computers and Society

Objectives

What is the right of privacy? What are the two fundamental forms of data encryption,

and how does each work? What is identity theft, and what techniques do identity

thieves use? What are the various strategies for consumer profiling

and the associated ethical issues? What must organizations do to treat consumer data

responsibly? What is spamming, and what ethical issues are

associated with its use? What are the capabilities of advanced surveillance

technologies, and what ethical issues do they raise?

The Right of Privacy

Definition “The right to be left alone” “The right of individuals to control the

collection and use of information about themselves”

The Right of Privacy (continued)

Legal aspects Protection from unreasonable intrusion upon one’s

isolation – person’s web surfing habits Protection from appropriation of one’s name or

likeness – stealing credit card info Protection from unreasonable publicity given to one’s

private life – revealing medical condition Protection from publicity that unreasonably places

one in a false light before the public – false info published about a person

Privacy Protection

Information about people is gathered, stored, analyzed, and reported because it helps the organizations: Make better decision – hire a candidates, approve a

loan Target marketing efforts Serve them better

The use of information technology requires balancing: Rights and desires of the people whose information may

be used, and The needs of those who use the information

Data Encryption

Cryptography Science of encoding messages Only sender and intended receiver can understand

the messages Key tool for ensuring confidentiality, integrity,

authenticity of electronic messages and online business transactions

Encryption Process of converting electronic messages into a

form understood only by the intended recipients

Data Encryption (continued)

Encryption key Variable value applied using an algorithm to

encrypt or decrypt text Two forms:

Public key encryption system uses two keysMessage receiver’s public key - readily availableMessage receiver’s private key - kept secret

Private key encryption systemSingle key to encode and decode messages

Public Key Encryption

Identity Theft

Steals key pieces of personal information to gain access to a person’s financial accounts

Information includes: Name Address Date of birth Social Security number Passport number Driver’s license number Mother’s maiden name

Identity Theft (continued)Using this information, an identity thief

may apply for: new credit or financial accounts rent an apartment set up phone service register for college courses

All in someone else’s name.

Approaches Use by Identity Thieves

Hacking databases Phishing Spyware

Phishing Attempt to steal personal identity data By tricking users into entering information on a

counterfeit Web site Spear-phishing - a variation in which employees are

sent phony e-mails that look like they came from high-level executives within their organization

E-mail Used by Phishers

Identity Theft (continued)

Spyware Keystroke-logging software Enables the capture of:

Account usernames Passwords Credit card numbers Other sensitive information

Operates even if an infected computer is not connected to the Internet

Consumer Profiling

Companies openly collect personal information about Internet users

Cookies Text files that a Web site puts on a user’s hard drive

so that it can remember the information later

Tracking software Analyzes browsing habits, interests, preferences

Similar methods are used outside the Web environment

Treating Consumer Data Responsibly

When dealing with consumer data, strong measures are required to avoid customer relationship problems.

Manager’s Checklist for Treating Consumer Data Responsibly

Workplace Monitoring

Employers monitor workers Ensures that corporate IT usage policy is

followed Maximizes employee’s productivity

Spamming

Transmission of the same e-mail message to a large number of people

Extremely inexpensive method of marketing Used by many legitimate organizations Content can be:

Ordinary commercial advertising Political advertising (for candidates or issues) Solicitations for funds from nonprofit organizations Pornography “Get rich quick” schemes

Why is Spam a Problem?

One form of violation of privacy, unwanted intrusion

Annoyance of receiving itWasting time reading enough to determine

what it is, and deleting itIn my cellphone systems, the owner of the

phone pays for incoming messages

Solutions to Spamming Filters Services that list spammers (MAPS – Mail Abuse

Prevention System) Charged a microfee Proposed laws

Unsolicited commercial e-mail must be labeled so that it can easily be filtered out

ISPs must provide filters for members to block spam Spam must identify the sender and include instructions for opting

out Senders must honor opt-out requests from recipients and send

them no additional mail Spam must include a valid e-mail reply address False or misleading subject lines are prohibited

Source: The Gift of Fire, Baase

Other Surveillance Technology

Advances in IT helps pinpoint a person’s position, however, this diminish individual privacy Camera surveillance Facial recognition software

Identifies criminal suspects and other undesirable characters

Yields mixed results Global Positioning System (GPS) chips

Placed in many devices Precisely locate users

Airport Scanning

What Would You Do?

1. Your friend is considering using an online service to identify people with compatible personalities and attractive physical features who would be interesting to date. First, your friend must submit some basic personal information, then complete a five-page personality survey, and finally provide a recent photo. Would you advise your friend to do this? Why or why not?

What Would You Do?

2. As the information systems manager for a small manufacturing plant, you are responsible for all aspects of the use of information technology.

A new inventory control system is being implemented to track the quantity and movement of all finished products stored in a local warehouse. Each time forklift operators move a case of product, they must first scan the UPC code on the case.

The product information is captured, as well as the day, time, and forklift operator identification, This data is transmitted over a LAN to the inventory control computer, which then displays information about the case and where it should be placed in the warehouse.

What Would You Do?

The warehouse manager is excited about using case movement data to monitor worker productivity. He will be able to tell how many cases per shift each operator moves, and he plans to use this data to provide performance feedback that could result in pay increases or termination.

He has asked you if there are any potential problems with using the data in this manner, and, if so, what should be done to avoid them. How would you respond?

What Would You Do?

3. You are a new brand manager for Coach purses. You are considering the use of spam to promote the latest line of purses, which are targeted to young, wealthy adults. List the advantages and disadvantages of such a marketing strategy. Would you recorWmend this means of promotion in this instance? Why or why not?

What Would You Do?

4. You are the CPO of a midsized manufacturing company, with sales of more than $250 million per year and almost $50 million from Internet-based sales.

You have been challenged by the vice president of sales to change the company’s Web site data privacy policy from an opt-in policy to an opt-out policy and to allow the sale of customer data to other companies. The vice president has estimated that this change would bring in at least $5 million per year in added revenue with little additional expense. How would you respond to this request?