Joshua Shapiro - Binghamton



Joshua Shapiro

CS 495 – Assignment 1

Ethical and Legal Basis for Privacy Protection

Table Of Contents:

1. Abstract (pg 3.)

2. Paper (pg. 4 – 7)

3. Bibliography (pg. 8)

4. Biography (pg. 9)

Abstract:

As the world becomes increasingly reliant on computer communication to conduct business, the issue of morality and ethics in relation to privacy protection is brought to the forefront of our consciousness. The arrival of the computer and the Internet ushered in a world unbounded by traditional codified law. This paper examines various privacy issues and concerns that arose with the birth of the computer, as well as their ethical and legal implications.

The Fourth amendment to the Constitution guarantees that no person may be searched without probable cause to believe that the person committed a criminal act. The existence of this amendment serves to show the importance that Americans place on personal privacy. When performing an arrest, police officers are required by law to inform the suspect of their rights. When visiting a web site, the Webmaster is not required to inform the user what will be done with their personal information. In effect, web sites are not required by law to read their users their “online” rights. Realizing this, more and more web sites have opted to include official privacy statements within their pages. Seemingly innocuous practices such as web site logging can be used to extract a large amount of information from any individual who happens to visit the web site. An equally innocuous but even greater threat to privacy is a web server standard called ‘cookies’. Cookies allow a web server to store information about the user’s session inside the web browser, which has the potential of being used in undesirable ways.

The above two technologies, logging and cookies, were not intended to cause a breach in user privacy. They are quite useful if used in the way they were intended. However, some technologies such as the affectionately termed “spyware”, have no benevolent intent. Spyware, or clandestinely installed software that captures information about the victims browsing habits, exemplifies Internet privacy gone awry. The information is gathered from the user without their express permission, and is supposed to deliver targeted advertising based on the user’s web site visitations. It is surprising that up until this year laws did not exist forbidding this privacy intrusion. Nor did laws exist against unsolicited email, also known as “spam”. Computer legislation does exist in laws such as the Electronic Communications Privacy Act and The Computer Fraud and Abuse Act, but they are largely ineffective at dealing with the privacy problems of today.

Norbert Wiener, a mathematician/philosopher who taught at the Massachusetts Institute of Technology, was the first person to understand the necessity of a field of ethics that would define what was acceptable in computing. In 1950, Wiener published a seminal book entitled “Human Use of Human Beings”, which established a complete framework for the interpretation and analysis of ethics in computing (Bynum 2). The framework first defines the purpose of life and justice, and then slowly becomes more focused on the fundamentals of computer ethics, culminating in examples of key topics and issues in computer ethics (Bynum 2). In his writing, Wiener predicts that computer technology will lead the human race into a “second industrial revolution”, which would bring about massive changes in society (Bynum 2). His description below of the “message-transmission of communications”, taken from his book “Human Use of Human Beings”, sounds remarkably similar to the Internet of today:

To see the greater importance of the transportation of information as compared with mere physical transportation, let us suppose that we have an architect in Europe supervising the construction of a building in the United States... Even at the present, there is no reason why the working copies of these plans and specifications must be transmitted to the construction site on the same paper on which they have been drawn up in the architect's drafting-room... Ultrafax gives a means by which a facsimile of all the documents concerned may be transmitted in a fraction of a second, and the received copies are quite as good working plans as the originals... In short, the bodily transmission of the architect and his documents may be replaced very effectively by the message-transmission of communications which do not entail the moving of a particle of matter from one end of the line to the other. (53)

Wiener thought the arrival of this new mode of communication would bring about a shift in the way society interacted (Bynum 2). And it would be necessary to alter the current framework of ethical thought to accommodate this new medium. Thus was the study of Computer Ethics born.

In philosophical study it is often necessary to begin from simple constructs and gradually build up to more complex ones. The purpose of this is to build up a solid foundation for the more advanced constructs that will arise in later situations. Wiener’s foundation makes the assumption that humans are processors of information and are most content when they can apply information towards tasks that interest them (Bynum 2). Building from that assumption, Wiener proceeds to define four different laws regarding human purpose, justice, clarity of rule and precedent. Ethical judgments and practices should be grounded in terms that will maximize a human’s purpose and contribute to the overall utility of the individual. Weiner’s idea of justice includes three fundamental concepts: freedom, equality and benevolence (Bynum 3). Clarity, or one’s ability to have a unique, common understanding of a rule or law, is central to Wiener’s ethical system. If ambiguity arises, one must attempt to clarify the situation as best as possible. New ethical questions are likely able to be defined through pre-existing questions, so precedent also plays a large part in Wiener’s system (Bynum 3).

From these set of rules, Wiener formed a methodology to make an ethically sound decision. The first step in his method of ethical analysis is to identify the question at hand. If the question is not stated clearly, it will be difficult to arrive at a conclusion because of uncertainty (Bynum 4). If the current question can be related to an existing precedent or tradition, examine that older, established question for insight into the problem (Bynum 4). If no precedent is found, establish a new rule based on Wiener’s idea of justice (Bynum 4). In subsequent decisions, this new rule may be used as a precedent.

The true beauty of Wiener’s system resides in its simplicity. From a set of assumptions about human nature Wiener was able to describe a framework in which all questions and concerns that arise in the field of computer ethics can be addressed. Unfortunately, Wiener’s book was largely ignored when it was published. Only in later decades did it attain any significant recognition within the ethics community.

The standard ethics code of today was codified by the Association for Computing Machinery and originally adopted in 1973 (ACM Council 1). The code defines the moral and ethical responsibilities that software professionals should follow. The stance taken by both Wiener and the ACM on ethical issues are quite similar. Both posit that the individual’s contribution to society and happiness is something fundamental (ACM Council 1). The last paragraph of the Preamble of the ACM’s code of ethics states:

“It is understood that some words and phrases in a code of ethics are subject to varying interpretations, and that any ethical principle may conflict with other ethical principles in specific situations. Questions related to ethical conflicts can best be answered by thoughtful consideration of fundamental principles, rather than reliance on detailed regulations.”

This quote highlights the similarity with Wiener’s view that uncertainty can be resolved by referring to previously defined rules (ACM Council 1). The ACM’s code of ethics is in many ways the modern version of Wiener’s moral and ethical vision.

If Wiener were alive today and was shown the Internet, I he would be both amazed and shocked at the state of the Internet. Amazed because his vision became a reality, but also shocked because his ethical vision did not. One such ethical issue that Wiener would have qualms with is the lack of anonymity people have on the Internet. Specifically, with cases of identity theft that have been rising tremendously. In a September 2003 study, 27.3 million cases of identity theft in America had occurred over a span of five years. Of this 27.3 million, there occurred 9.91 million cases of identity theft in 2002 alone (Beebe 2). A great many of these cases were most likely committed by the aid of computers and the Internet, which makes getting information about an individual uncomplicated, as everywhere a user goes a log entry is sure to be written.

When a computer enters the Internet, it must have something called an Internet protocol (IP) address, which is a unique identifying number that other computers use to deliver information to your machine. Most sites, upon visitation, write an entry into the site’s “log file”, which contains information such as the page that was accessed, the date and time of the access, the page which the user came from (also called the http referrer) and the Internet protocol address of the connecting machine. Although the site’s log is not often available to the public, the site still has a private copy of the log. This log can then be sold to organizations involved in e-mail harvesting (or the collection of e-mail addresses for use in mass unsolicited e-mailings).

From the users point of view, receiving unsolicited email is a nuisance. Although it leaves people angry, their well being is not harmed. However, the possession of an individual’s IP address can lead to even greater hardship, such as fraud and identity theft. Let’s pose a hypothetical situation. Jim Jones works for Foo Incorporated manufacturing widgets. Through no fault of his own, he visits , run by identity thief extraordinaire, Malbert. The instant that Jim (who assigned his computer the name “jimjonespc” because he thought it suited him) visits the site, an entry is recorded in the log file presiding on the remote machine . If is using the Apache web server, which is what the majority web servers run, the entry will appear similar to the following:

jimjonespc.foo- - - [19/Aug/2000:14:47:37 -0400] "GET / HTTP/1.0" 200 654

From this entry Malbert can, with a degree of certainty, say that a user named Jim Jones from the company foo-tech accessed his website at a certain time. From there, Malbert can call Foo Incorporated or visit their website to try and glean more information about Jim Jones through a corporate directory. This document is not a treatise on identity theft, so I won’t proceed with this example. It just serves to illustrate the ease in which one can gather information about people on the Internet.

Cookies are a technology that is beneficial to both users and web developers, but cause much consternation in the privacy community. The function of cookies is to store state information (such as the number of times you’ve visited a site or a username/password combination) in the web browser of the client machine. The aim is to move the responsibility of storing information from the web server to the web client. The problem encountered in this approach is that the information contained in the cookies, such as browsing history, can be sold to other parties (Junkbusters 1). If, for example, you were visiting a gardening website and you click on an advertising banner pertaining to lawn care products frequently, that information (stored in the cookie) could potentially be sold to a marketer without your consent. Since cookies have the ability to store sensitive information it is of the utmost importance that they be kept unavailable to websites other than the site that issued the cookie. However, security holes were found in the cookie protocol that allow web sites to view cookies that they haven’t been expressly issued (Greymagic 1). With a bit of work, any site may retrieve information stored in the user’s private cookie cache, a textbook example of privacy intrusion.

One technology that could be used to enhance the privacy of cookies is encryption. Encryption has been traced as far back as Ancient Greece, and has wide reaching implications. Encryption is a great benefit to private information, from something as simple as an online transaction to something of much significance such as a military transmission. Even though encryption can be a boon for a user’s personal privacy, it can also be used by organizations such as terrorists groups in order to keep their transmissions away from the watchful eye of the governmental security agencies. The question of whether the United States government has the moral right to monitor the Internet traffic of its citizens is a question that has wide reaching effects. The issue of encryption and privacy protection became most apparent in the summer of 2000, when the Federal Bureau of Investigation first began reporting about a machine they dubbed “Carnivore” (Carnivore 1).

The aim of Carnivore was to have a system that could passively monitor traffic and have it screened for subversive content (Carnivore 1). Any traffic deemed interesting is logged to an internal drive and sent to the FBI for later analysis (Carnivore 1). Supposedly, the FBI may only install Carnivore when a court order is placed (Carnivore 1). However, when confronted by members of law enforcement, many Internet Service Providers have gladly acquiesced to the FBI’s request for their member’s records. Since the carnivore machine implements passive listening, all information passing over the data lines has the potential to be analyzed. This includes e-mail, web sites and password information. In the case of Carnivore, data encryption is the only way to protect your information from being eavesdropped upon (Carnivore 3). However, there are more insidious data spying networks in place...ones whose jurisdiction passes beyond the US and into other countries; capturing more than just Internet traffic.

“Echelon”, the worldwide spy system created by the National Security Agency (NSA), is such a system. Echelon reportedly has the ability to monitor any and all kinds of electronic transmissions, including but not limited to phone, fax and satellite (Edwards 1). Echelon was largely a product of the Cold War, a time when people were willing to have a portion of their rights suspended if it meant preventing nuclear war (Edwards 1). However, there are reports of it still being used today.

As an organization, the NSA is largely shrouded in secrecy. We as citizens are unaware of the level of technological know-how that they possess. Current encryption methods have proven to be quite mathematically difficult to break. The difficulty can be augmented by increasing the size of the “key”, or encoding hash. Even so, many professionals have posited that the government is able to crack, or defeat, current encryption methods. This is highlighted by the fact that the NSA hires more mathematics PhD’s than any other institution in the US. If the NSA does have the ability to defeat current encryption methods and their decryption method fell into the wrong hands, much of the world’s electronic commerce would no longer be safe. This would be a catastrophic occurrence.

These examples of the capacity of the government to spy on its citizens without probable cause are cause for alarm. What can the law-abiding citizen do to ensure that their privacy is protected? In this section of the paper, I will describe existing laws concerning computer privacy, and why they are largely ineffective at dealing with the problem.

Passed in 1986, the Electronic Computer Privacy Act (ECPA) dealt largely with limiting the government’s ability to engage in invasions of privacy; it also extended to the private sector ( 1). Specifically, the act made it illegal to intercept communication without consent or a court appointed warrant ( 1). At first glance, this law seems to outlaw some types of spyware. Keeping a log of people’s browsing habits constitutes communication interception as defined by the ECPA. The caveat is that upon installation most spyware programs offer a User End License Agreement (EULA) that states the program’s intentions. If the user does not accept the EULA, the program will not install. If the user does not accept the EULA but the program is still installed, this is a violation of the ECPA. In many cases, the user neglects to read the EULA and just clicks ‘Yes’ or ‘Install’ and unwittingly becomes the victim of another spyware infestation. The ECPA had the intentions to block this sort of behavior, but the law predated the Internet.

An issue outside the realm of computer ethics was brought to focus when Congress passed, and later repealed, the Communications Decency Act (CDA). The goal of the CDA was to regulate pornography on the Internet (Washington Post 1). One of the main proponents of this legislation was Senator James Exon of Nebraska. The CDA’s aim, Exon said, was to “set down some basic rules of the road to make the information highway safer for families and children to travel” (CNN 1). Then President Clinton was also a staunch supporter of this bill, believing that the law would help block children from viewing objectionable material (CNN 1). Their argument was that the FCC already monitors both television and radio signals for content deemed inappropriate by censors, and the Internet should be regulated in the same manner. The CDA imposed fines or prison sentences for individuals who transmitted ‘indecent’ material across the Internet. Indecency was vaguely defined as ‘depictions sexual or excretory activities or organs” (Washington Post 1).

The CDA passed because the majority of congress members believed that the protection of children from sexually explicit material was important. Not discussed, however, were the methods in which the law would be enforced. When a user visits a website, there is no effective way to tell whether the user is a child or an adult. Most pornography websites place disclaimers before the main site, indicating the legal repercussions that can result if the user is less than eighteen years of age. Other pornographic websites started using age verification services, which charged a monthly fee in order to gain access to sites that subscribed to the service. What the congress members didn’t understand was the global nature of the Internet. If a child accessed pornography that was hosted on a web site somewhere in Europe, the CDA was effectively null and void. Pornography located outside the jurisdiction of the United States was not prosecutable under the CDA. It is not within the power of the United States government to establish moral and ethical policies in places abroad.

In response to the passage of the CDA, there was a tremendous outcry from various privacy and free speech groups across the Internet. Many sites started sporting a small banner similar to the following,

Created by the free speech advocate organization the Electronic Frontier Foundation (EFF):

[pic][1]

Many web pages backgrounds were changed to black in a show of solidarity.

In a decision handed down on June 26th 1997, the CDA was ruled unconstitutional (EPIC-CDA 1). The Supreme Court ruling stated that the act violated the terms of the First Amendment. The American Civil Liberties Union (ACLU) leveled the charge against the CDA the day it went into effect. The decision includes a poignant statement in Section VII:

“We are persuaded that the CDA lacks the precision that the First Amendment requires when a statute regulates the content of speech. In order to deny minors access to potentially harmful speech, the CDA effectively suppresses a large amount of speech that adults have a constitutional right to receive and to address to one another. That burden on adult speech is unacceptable if less restrictive alternatives would be at least as effective in achieving the legitimate purpose that the statute was enacted to serve.” (EPIC-CDA)

As the world becomes ever increasingly connected, there will continue to be more and more ethical and legal obstacles that computer users will face. The amount of privacy will most likely decrease. In the future we will have Internet enabled appliances. These devices have the potential to report status information about their users to the parent company. The US government may pass more laws restricting the amount of speech one may have in the online world. Only time will tell.

Bibliography

Terrell Ward Bynum. “A very short history of Computer Ethics” The Research Center on Computing

Society Summer 2000.

Moor, James. “What is Computer Ethics?” The Research Center on Computing Society 1985.

Terrell Ward Bynum. “Norbert Wiener’s Foundation of Computer Ethics”

ACM Council. “ACM Code of Ethics and Professional Conduct”

Beebe, Jordana and Givens, Beth. “Recent Surveys and Studies from the Identity Theft Resource Center,

Federal Trade Commission, Gartner, and Privacy & American Business” September 3rd, 2003.

Carnivore. “Protect your Online Privacy”. A1 Communications.

Junkbusters. “How Web Servers' Cookies Threaten Your Privacy”. Junkbusters Corporation.

Greymagic. “GreyMagic Security Advisory GM#010-IE”. GreyMagic Software. Israel. September 9th,

2002.

Washington Post. “The CDA: How We got Here”. The Washington Post. September, 1997.

ECPA. “The Electronic Communications Privacy Act”. Privacilla. April 17th, 2002.

Edwards, Mark. “The Echelon Controversy: Is our Privacy Being Invaded?”. Windows NT Magazine.

March 2nd, 2000.

EPIC-CDA. “CDA Court Decision”.

CNN. “The Case for the Communications Decency Act”. 1997.

About The Author:

Joshua Shapiro is a student presently attending Binghamton University. He enjoys pan-Asian cuisine and programming in C. While not indulging in either of those activities, he is likely sleeping.

-----------------------

[1] Free Speech Ribbon banner as popularized by the EFF.

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download