cs101 lecture 4 privacy
TRANSCRIPT
Objectives
What is the right of privacy? What are the two fundamental forms of data encryption,
and how does each work? What is identity theft, and what techniques do identity
thieves use? What are the various strategies for consumer profiling
and the associated ethical issues? What must organizations do to treat consumer data
responsibly? What is spamming, and what ethical issues are
associated with its use? What are the capabilities of advanced surveillance
technologies, and what ethical issues do they raise?
The Right of Privacy
Definition “The right to be left alone” “The right of individuals to control the
collection and use of information about themselves”
The Right of Privacy (continued)
Legal aspects Protection from unreasonable intrusion upon one’s
isolation – person’s web surfing habits Protection from appropriation of one’s name or
likeness – stealing credit card info Protection from unreasonable publicity given to one’s
private life – revealing medical condition Protection from publicity that unreasonably places
one in a false light before the public – false info published about a person
Privacy Protection
Information about people is gathered, stored, analyzed, and reported because it helps the organizations: Make better decision – hire a candidates, approve a
loan Target marketing efforts Serve them better
The use of information technology requires balancing: Rights and desires of the people whose information may
be used, and The needs of those who use the information
Data Encryption
Cryptography Science of encoding messages Only sender and intended receiver can understand
the messages Key tool for ensuring confidentiality, integrity,
authenticity of electronic messages and online business transactions
Encryption Process of converting electronic messages into a
form understood only by the intended recipients
Data Encryption (continued)
Encryption key Variable value applied using an algorithm to
encrypt or decrypt text Two forms:
Public key encryption system uses two keysMessage receiver’s public key - readily availableMessage receiver’s private key - kept secret
Private key encryption systemSingle key to encode and decode messages
Identity Theft
Steals key pieces of personal information to gain access to a person’s financial accounts
Information includes: Name Address Date of birth Social Security number Passport number Driver’s license number Mother’s maiden name
Identity Theft (continued)Using this information, an identity thief
may apply for: new credit or financial accounts rent an apartment set up phone service register for college courses
All in someone else’s name.
Approaches Use by Identity Thieves
Hacking databases Phishing Spyware
Phishing Attempt to steal personal identity data By tricking users into entering information on a
counterfeit Web site Spear-phishing - a variation in which employees are
sent phony e-mails that look like they came from high-level executives within their organization
Identity Theft (continued)
Spyware Keystroke-logging software Enables the capture of:
Account usernames Passwords Credit card numbers Other sensitive information
Operates even if an infected computer is not connected to the Internet
Consumer Profiling
Companies openly collect personal information about Internet users
Cookies Text files that a Web site puts on a user’s hard drive
so that it can remember the information later
Tracking software Analyzes browsing habits, interests, preferences
Similar methods are used outside the Web environment
Treating Consumer Data Responsibly
When dealing with consumer data, strong measures are required to avoid customer relationship problems.
Workplace Monitoring
Employers monitor workers Ensures that corporate IT usage policy is
followed Maximizes employee’s productivity
Spamming
Transmission of the same e-mail message to a large number of people
Extremely inexpensive method of marketing Used by many legitimate organizations Content can be:
Ordinary commercial advertising Political advertising (for candidates or issues) Solicitations for funds from nonprofit organizations Pornography “Get rich quick” schemes
Why is Spam a Problem?
One form of violation of privacy, unwanted intrusion
Annoyance of receiving itWasting time reading enough to determine
what it is, and deleting itIn my cellphone systems, the owner of the
phone pays for incoming messages
Solutions to Spamming Filters Services that list spammers (MAPS – Mail Abuse
Prevention System) Charged a microfee Proposed laws
Unsolicited commercial e-mail must be labeled so that it can easily be filtered out
ISPs must provide filters for members to block spam Spam must identify the sender and include instructions for opting
out Senders must honor opt-out requests from recipients and send
them no additional mail Spam must include a valid e-mail reply address False or misleading subject lines are prohibited
Source: The Gift of Fire, Baase
Other Surveillance Technology
Advances in IT helps pinpoint a person’s position, however, this diminish individual privacy Camera surveillance Facial recognition software
Identifies criminal suspects and other undesirable characters
Yields mixed results Global Positioning System (GPS) chips
Placed in many devices Precisely locate users
Airport Scanning
What Would You Do?
1. Your friend is considering using an online service to identify people with compatible personalities and attractive physical features who would be interesting to date. First, your friend must submit some basic personal information, then complete a five-page personality survey, and finally provide a recent photo. Would you advise your friend to do this? Why or why not?
What Would You Do?
2. As the information systems manager for a small manufacturing plant, you are responsible for all aspects of the use of information technology.
A new inventory control system is being implemented to track the quantity and movement of all finished products stored in a local warehouse. Each time forklift operators move a case of product, they must first scan the UPC code on the case.
The product information is captured, as well as the day, time, and forklift operator identification, This data is transmitted over a LAN to the inventory control computer, which then displays information about the case and where it should be placed in the warehouse.
What Would You Do?
The warehouse manager is excited about using case movement data to monitor worker productivity. He will be able to tell how many cases per shift each operator moves, and he plans to use this data to provide performance feedback that could result in pay increases or termination.
He has asked you if there are any potential problems with using the data in this manner, and, if so, what should be done to avoid them. How would you respond?
What Would You Do?
3. You are a new brand manager for Coach purses. You are considering the use of spam to promote the latest line of purses, which are targeted to young, wealthy adults. List the advantages and disadvantages of such a marketing strategy. Would you recorWmend this means of promotion in this instance? Why or why not?
What Would You Do?
4. You are the CPO of a midsized manufacturing company, with sales of more than $250 million per year and almost $50 million from Internet-based sales.
You have been challenged by the vice president of sales to change the company’s Web site data privacy policy from an opt-in policy to an opt-out policy and to allow the sale of customer data to other companies. The vice president has estimated that this change would bring in at least $5 million per year in added revenue with little additional expense. How would you respond to this request?