private sector-public sector cybersecurity issues – effects of compliance on productivity
TRANSCRIPT
Individual Assignment 1
Private Sector-Public Sector cybersecurity issues – Effects of Compliance on Productivity.
Anyere Ngwa Agha Nwiing
CSEC 620 9021 Human Aspects in Cybersecurity: Ethics, Legal Issues, and Psychology (2155)
Instructor: Dr Loyce Pailen
June 2015
1
Table of contents
1. Introduction……………………………………………………………………..3
2. E-Business………………………………………………………………………4
3. Disadvantage of meta data collection to customers…………………………….5
4. Industry Regulation.………………………………………………………….....7
5. Consequences of industry regulation…………………………………………....8
6. Conclusion………………………………………………………………………9
7. Illustration 1…………………………………………………………………….10
8. References………………………………………………………………………11
2
1. Introduction
E-business (E-commerce) is the buying and selling of products or rendering and receiving of
services over the internet. The introduction of internet which in turn has brought about
globalization has encourage the rate at which an average American participate in E-business. We
barely go a day or two without doing somewhat kind of E-business, checking our account
balances, paying bill, shopping etc. Our reliance on e-business has created lots of online shops.
Just like any traditional trade, every e-business goal is to sell as much product as it can or render
many services to recipients. This has open has open up room for competition amongst e-
business.
In this paper, concentration will be on American base online stores and their activities which
raises a red flag on compliance of privacy laws and its effects on productivity. The two biggest
online retailers in the United States are Amazon and eBay. The number of global costumers that
eBay and amazon has is more than the population of most nations “it is possible to interpret
eBay’s success, as evidenced by its 135 million users worldwide. Indeed, if eBay were a nation,
it would be the ninth most popular nation in the world” (Bazdan, 2011). As mentioned above,
there’s great competition in the e-commerce sector. In order for online businesses to meet up
with competition or stay in business they turn to collect data of their customers. This data
collection in what is known today as Meta data is a huge concern for many online shoppers. E-
businesses often collect a costumer's personally identifiable information (PII) which covers their
3
shopping style. Meta data collected and stored is analyze in order to provide a better shopping
for customers. Meta data collection is made possible through the use of tools such as cookies.
Most people ignorantly and reluctantly refused to read the cookies policy of the websites they
visit. Cookies is comparable to a ticket giving out by a dry cleaner. A dry cleaner employee is
able to locate a dress by using the number on the ticket. Cookies can remember your weather
forecast, enable a shopper's items to be in his/her electronic shopping cart at checkout, follow up
on stocks. E-commerce stores such as eBay and amazon use what is called third party cookies to
remember our shopping habits. (Google, 2011). Data stored on an e-commerce database is a goal
mine for hackers. The focal point of this discussion will be how data collection can affect
consumers, what US policy makers are doing and consequences of industry regulation.
2. E-Business
According to a research article conducted in 2015, 90% of the globe’s data was brought about
in the last 2 years (Luke, Jeffrey, Pete, & Matthew, 2015). However, majority of that data has
been collected by online shops (E-businesses). There are three types of Meta data “descriptive,
structural and administrative Meta data” (National Information Standards Organization, 2004).
What E-businesses use is descriptive Meta data. This data collection in what is known as Meta
data (mega data, big data) is a data in itself which illustrate and gives further details about other
data. A Meta data collected by online shops could be information about a customer’s shopping
habits such as what his/her frequently buy, taste of goods (such as the kind of books an
individual previously bought will show up). See picture bellow which illustrate how a retail
giant like amazon collects Meta data of a costumer who previously bought a book title
“computer security hand book” and later search for that same item. The search will come up this
time with “Customers Who Bought This Item Also Bought and Frequently Bought Together”.
4
Amazon close competitor eBay and other online shops are now involved in what is called a
“wish list”. The wish list help them to tailor a better shopping experience for their shoppers. All
in Meta data enables an E-business to predict and enhance their sales.
Amazon and eBay which were founded about 2 and a half decade ago now pride
themselves as the giants of E-business. Their mission statements are res ipsa loquitur. Their
mission statements demonstrate why they occupy the position they do today in the domain of E-
business. Amazon mission statement states "to be earth’s most customer centric company; to
build a place where people can come to find and discover anything they might want to buy
online.” (Hill, 2012). Amazon had this great mission to provide almost everything to her
customers its inception as a book store while that of eBay is “to provide a global online
marketplace where practically anyone can trade practically anything, enabling economic
opportunity around the world” (eBay, n.d.). Just like any other online shops the two giants of E-
business on the American landscape makes use of the internet. The internet makes it possible
for a business to reach out to most of the people which are amongst those connected to the 8.7
billion devices worldwide. Amazon has about 1.5 billion items it sells and close to 200
distribution hubs. They have the potential to collect 50 million updates a week. This collected
data is analyst and send to it distribution hubs around the globe. Those distribution hubs then
predict the volume of sales they expect and what will be in high demand in their various areas.
(Rijmenam, 2013).Amazon has an upper hand when it comes to data mining that other tech
giants like google which can gives a general information about an online user, while amazon
gives a clear view of what an online user or shopper likes to buy. (Rijmenam, 2013).Data is like
gold to E-businesses and an online user is a gold mine.
3. Disadvantage of Meta data collection to customers
5
The right to privacy is a major concern considering the ubiquity of data about our online
habits, E-businesses ability to collect, store and distribute this information “mandatory data
retention was an "unnecessary and disproportionate invasion of privacy" that could further lead
to personal information being compromised” (Reilly, 2015). A Cybercriminals main target is
data which command a lot of dollars in the black market. A Cybercriminal will do everything
possible to penetrate an E-business database to steal data and sell to others which intend use it
for all sort of criminal activities. “The price of a credit card in the black market range from $ 20 -
$45 -freshly acquired, $10 - $12 - flooded and $0.75 - $7 clearance” (Ablon & Martin, 2015). As
noted the price of data depends on how recent it is and how it was acquired. Hackers stand to lost
nothing if the compromise a system that store terabytes of data of its customers. A data breach
most often lead to privacy issues. The right to privacy is a fundamental human right which is
engraved in the United States constitution of its First, third, fourth, fifth and ninth amendment.
(Sharp, 2013). Our right to privacy is important because “privacy helps individuals maintain their
autonomy and individuality - of its functional benefits” (Privacilla, 2001).There are many ways
at which the right to privacy is protected “Federal Trade Commission (FTC) which sanction the
right to privacy in respect to policies and statements” (Sharp, 2013) , HIPAA, ECPA of 1986,
Right to financial privacy 1978 etc. while hackers are attracted to the data stored in an e-business
data base , e-business themselves are enough in practices which can compromised or land a
costumers data in the wrong hand “ Amazon has definitely moved away from a pure e-commerce
player to a giant online player who offers much more than just products. It focuses massively on
big data and is changing from an online retailer into a big data company” (Rijmenam, 2013).
Organizations nowadays not only collect data to in order to offer a better service but sell it as
well. It’s tempting to think that large operations such as eBay and Amazon will have a robust
6
information security system which can properly safe guard collected data. They too are prone to
cyberattacks from criminals whom are in search of data. (Perlroth, 2012).
4. Industry Regulation
Data is a major resource for most organizations and individuals - cooperation’s make huge
amount of money just for having and selling data. Acxiom is one of many companies that collect
and sell data to companies for marketing purpose. It is reported that Acxiom made $ 1.1 billion
of sales in 2011.Data buying and selling is a big industry which employs close to 3 million in the
US and the industry itself is worth $ 300 billion yearly (Morris & Lavandera, 2012).Amazon is
reportedly turning into a giant data company instead of a giant online shop where customers can
get virtually everything they need as per their mission statement (Rijmenam, 2013). Looking at
Amazon's "Privacy notice" which was last updated on 03/3/2014.It states that they don’t sell
data, however they indicated that they use it for "promotional offers" on behalf of other
organizations and when this happen information such as name and address is release to the
organization (Amazon, 2014). Amazon makes money from selling data in one way or the
other .Some of the free service we get from using sites such as eBay and Amazon are paid with
our data. US policy makers / Government need to step in and regulate what data is collected,
what is being done with such data and above all the person giving out that data should be aware
his/her data is collected and what will be done with should be disclose . Most people are not
aware their personal information are “data brokering” sites for sale. This data is being use to
arrive at critical decisions are about people without their knowledge. Decision such as insurance
rate, employment and credit approval can be based on information from the so called “data
brokerage sites" (Morris & Lavandera, 2012).
7
Aside from passing a regulation which will mandate and limit a cooperation’s use of her
customers data the government should actively educate the public as to why they have to read or
review fine print they sign each time they are requesting a service from an online or physical
business. E-businesses should be encourage to make their end user agreement concise.
An unacceptable quantity of personal data of Americans are readily available for poor usage
by profit driven organizations and financial hungry individuals .In order to curb this trend, “the
National Institute of Standards and Technology (NIST)" in a publication “800-122 “ set a guide
on how organizations should handle "personally identifiable information (PII)" in their
possession. The 2010 document list various steps on how to effectively handle PII. The steps
include identifying PII in their keeping, reduce the quantity of data collected to what is suffice to
render a service, PII should categorized, confidentiality , protection etc. (National Institute of
Standards and Technology, 2010). However, the above publication is just a guide not a law that
comes with sanctions due to non-adherence.
There’s no single law that handle the problems of privacy in the United States. A lead agency in
this domain is the federal trade commission (FTC). Another authoritative law is " The Children’s
Online Privacy Protection Act 1998(COPPA) regulates the collection of data of someone under
the age of 13” (Judy, et al., 2014). S.1995 of a proposed privacy bill of 2014 mandate PII
protection and accountability. By this bill organizations are to comply with the following;
Engage in activities that ensure privacy, security and confidentiality of PII residing on their
systems, have risk assessment and put in place tools which can control the risk and involved in
breach notification.S.2025 of the same bill also compel data brokerage companies to ensure
accountability and transparency. (Jolly, 2014).
5. Consequences of industry regulation
8
Many argue that over regulation of the cyber sector will kill creativity and reduced
productivity. Profit from sales is an incentive for companies to design new products and services.
Hence, if the sector is over regulated it may lead to slow down of new technology, employment
etc. Tech companies will focus more on governmental compliance documents instead of
developing cutting edge technology to better serve the public. Most service we received from
sites such as google, yahoo, Microsoft etc are free. They market collected data in order to cover
their cost of service to the public. (Rijmenam, 2013). Technology experts and companies have
strongly argue that regulating the sector as announced by the Obama administration in 2012
without considerations will kill innovation. Example is tied with the “Children’s Online Privacy
Protection Act (COPPA). This law was enacted in 1998. The type of technology and gadget
people use today differ with that of 1998. Today, there are more connected devices, more
dependency on technology than in 1998 (Sasso, 2012). Children needs to be able to go online
and receive services that is tailored to their needs. If they must receive services online then they
too must release some information in order to be properly serve.
6. Conclusion
As much as companies’ need data in order to better serve their client there has to be some
sanity and clear cuts in the sector. This is better put by President Obama “American consumers
can’t wait any longer for clear rules of the road to ensure their personal information is safe
online” (Lyons, 2012). A lack of clear cut rules is reflected in activities carried out by giant data
companies such as Facebook. Facebook updated her privacy statement which was made up of
few words at her infancy. However, by 2010 Facebook updated that privacy document to what
tech a reporter regard as longer than the U.S. Constitution (Lyons, 2012).
9
Illustration 1
10
ReferencesAblon, L., & Martin, L. (2015). Hackers' Bazaar: The Markets for Cybercrime Tools and Stolen Data.
Defense Counsel Journal, 143-152.
Amazon. (2014, March 3). Amazon.com Privacy Notice. Retrieved from Amazon: http://www.amazon.com/gp/help/customer/display.html?nodeId=468496
Bazdan, Z. (2011). AN INTERNATIONAL ECONOMY AND E-COMMERCE CASE STUDY: EBAY. Our Economy (Nase Gospodarstvo), 44-50.
eBay. (n.d.). VeRO: Helping to Protect Intellectual Property. Retrieved from eBay: http://pages.ebay.com/vero/intro/
Google. (2011, October 13). How Google uses cookies. Retrieved from Google: http://www.google.com/policies/technologies/cookies/
Hill, P. (2012, December 19). Be Visionary. Think Big. Retrieved from Forbes: http://www.forbes.com/sites/patrickhull/2012/12/19/be-visionary-think-big/
Jolly, I. (2014, July 1). Data protection in United States: overview. Retrieved from Practical Law: http://us.practicallaw.com/6-502-0467
Judy, H. L., David, S. L., Hayes, B. S., Ritter, J. B., Rotenberg, M., & Kabay, M. (2014). Privacy in cyberspace: US and European perspectives. In S. Bossworth, M. Kabay, & E. Whyne, Computer Security Handbook (pp. 69.18 -69.19). Hoboken: Wiley.
Luke, S., Jeffrey, M., Pete, B., & Matthew, W. (2015). Who Tweets? Deriving the Demographic Characteristics of Age, Occupation and Social Class from Twitter User Meta-Data. PLoS ONE, 1-20.
Lyons, D. (2012, Febuary 23). Obama Pushes for New Internet-Privacy Law to Protect Consumers. Retrieved from Thedailybest: http://www.thedailybeast.com/articles/2012/02/23/obama-pushes-for-new-internet-privacy-law-to-protect-consumers.html
Morris, J., & Lavandera, E. (2012, August 23). Why big companies buy, sell your data. Retrieved from CNN: http://www.cnn.com/2012/08/23/tech/web/big-data-acxiom/
National Information Standards Organization. (2004). Understanding Meta data. Retrieved from NISO: http://www.niso.org/publications/press/UnderstandingMetadata.pdf
National Institute of Standards and Technology. (2010, April). Guide to Protecting the Confidentiality of Personally. Retrieved from NIST: http://csrc.nist.gov/publications/nistpubs/800-122/sp800-122.pdf
Perlroth, N. (2012, January 17). Even Big Companies Cannot Protect Their Data. Retrieved from nytimes: http://bits.blogs.nytimes.com/2012/01/17/even-big-companies-cannot-protect-their-data/?_r=0
11
Privacilla. (2001, December 2). Why is Privacy Important? Retrieved from Privacilla: http://www.privacilla.org/fundamentals/whyprivacy.html
Reilly, C. (2015, January 29). Concerns metadata retention could create a 'honeypot' for hackers. Retrieved from Cnet: http://www.cnet.com/au/news/mandatory-data-retention-metadata-honeypot-for-hackers/
Rijmenam, M. v. (2013, January 1). How Amazon Is Leveraging Big Data. Retrieved from Datafloq: https://datafloq.com/read/amazon-leveraging-big-data/517
Sasso, B. (2012, September 26). Tech companies warn privacy rules will kill innovation. Retrieved from The Hill: http://thehill.com/policy/technology/258853-tech-companies-warn-privacy-rules-will-kill-innovation
Sharp, T. (2013, June 12). Right to Privacy: Constitutional Rights & Privacy Laws. Retrieved from Live science: http://www.livescience.com/37398-right-to-privacy.html
12