EthicsEthicsPresentationPresentation

CIS4328 Sr. Project IICIS4328 Sr. Project II

Team 2Team 2

6-3-20026-3-2002

Team Members:Team Members:

David RitcheyDavid Ritchey

David StonerDavid Stoner

Sheldon SnyderSheldon Snyder

Jill BauerJill Bauer

Mary CookMary Cook

Internet PrivacyInternet PrivacyWithWith

Special Concern ForSpecial Concern For

ChildrenChildren

In a December 2001 Harris PollIn a December 2001 Harris Poll

Loss of Privacy at 29% was the thing Loss of Privacy at 29% was the thing most feared by Americansmost feared by Americans

Terrorism was 2Terrorism was 2ndnd at 23% at 23%

OutlineOutline

Invasions of Privacy Invasions of Privacy Constitutional Basis of PrivacyConstitutional Basis of Privacy Current Legislation on PrivacyCurrent Legislation on Privacy Have we been here beforeHave we been here before History of COPPAHistory of COPPA COPPACOPPA FilteringFiltering RatingsRatings

Invasions of PrivacyInvasions of Privacy

INVASION OF PRIVACYINVASION OF PRIVACY

Search and seizureSearch and seizure Unsolicited e-mailUnsolicited e-mail DefamationDefamation SecrecySecrecy Creation of databases consisting of Creation of databases consisting of

personal information. personal information.

Search and seizureSearch and seizure

Without a reasonable expectation of privacy, Without a reasonable expectation of privacy, there is no privacy right to protect. Files stored there is no privacy right to protect. Files stored on disk or tape in the home are protected, but the on disk or tape in the home are protected, but the rule becomes less clear when applied to files rule becomes less clear when applied to files stored on an Internet access provider's server. stored on an Internet access provider's server. Web servers, on the other hand, may be Web servers, on the other hand, may be protected by federal law. Some argue that protected by federal law. Some argue that consent of the access provider, however, is all consent of the access provider, however, is all that is required for law enforcement authorities to that is required for law enforcement authorities to search and seize any files in the possession of search and seize any files in the possession of that access provider. Internet service providers that access provider. Internet service providers may have a lot of information about the users may have a lot of information about the users because servers routinely record information because servers routinely record information about users' e-mail and web browsing habits. about users' e-mail and web browsing habits.

Unsolicited e-mailUnsolicited e-mail

Unsolicited email is not regulated by federal Unsolicited email is not regulated by federal law at present. Various states have outlawed law at present. Various states have outlawed unsolicited commercial email.  A federal judge unsolicited commercial email.  A federal judge in Philadelphia has ruled that companies have in Philadelphia has ruled that companies have no no First AmendmentFirst Amendment right to send unsolicited right to send unsolicited messages to online service subscribers. messages to online service subscribers.

Minnesota 5-21-02, Jesse ventura, signed the Minnesota 5-21-02, Jesse ventura, signed the firstfirst

Law that sets up punitive damage guidelines for Law that sets up punitive damage guidelines for those that have been “spammed”those that have been “spammed”

DefamationDefamation

Individual states specifically prohibit Individual states specifically prohibit defamation, no matter what form it defamation, no matter what form it takes. Defamation consists of false and takes. Defamation consists of false and unprivileged publication which results unprivileged publication which results in economic damages. Financial loss is in economic damages. Financial loss is not necessary where the statement not necessary where the statement implies that a person is a criminal or implies that a person is a criminal or has an unpleasant disease, or which has an unpleasant disease, or which injures a person in respect to his other injures a person in respect to his other office, profession, or business. office, profession, or business. 

SecrecySecrecy Trade secrets and other confidential information can also Trade secrets and other confidential information can also

pose legal problems. Unauthorized entry into a computer pose legal problems. Unauthorized entry into a computer system is illegal, whether the target machine is connected system is illegal, whether the target machine is connected to the Internet or not. Nevertheless, hackers still manage to the Internet or not. Nevertheless, hackers still manage to get past the most difficult of firewalls. Compromise of to get past the most difficult of firewalls. Compromise of company secrets can lead to millions of dollars in damages. company secrets can lead to millions of dollars in damages. Hacking is not the only danger to sensitive information, Hacking is not the only danger to sensitive information, however. however.

Some software can tell webmasters which visitors came Some software can tell webmasters which visitors came from which links. In addition, all e-mail has an address from which links. In addition, all e-mail has an address attached. Even if the message content is encrypted, system attached. Even if the message content is encrypted, system administrators have access to the fact of communication administrators have access to the fact of communication between two parties. The existence of communication can between two parties. The existence of communication can itself often be secret, and the Internet cannot provide itself often be secret, and the Internet cannot provide absolute security. In many ways, the Internet abhors absolute security. In many ways, the Internet abhors secrecy. Many netizens believe in an absolute free-flow of secrecy. Many netizens believe in an absolute free-flow of all information. all information.

Creation of databases consisting of Creation of databases consisting of personal information.personal information.

A few companies are creating huge databases full of private A few companies are creating huge databases full of private information. Websites may even collect email addresses information. Websites may even collect email addresses inadvertently. In many cases, there is no prohibition on the inadvertently. In many cases, there is no prohibition on the dissemination of personal information. The federal dissemination of personal information. The federal government regulates only its own databases, leaving government regulates only its own databases, leaving private database owners to decide how and when to private database owners to decide how and when to distribute collected information. distribute collected information.

Webmasters use "cookies" as a means of accumulating Webmasters use "cookies" as a means of accumulating information about web surfers without having to ask for it. information about web surfers without having to ask for it. Cookies attempt to keep track of visitors to a Web site. Cookies attempt to keep track of visitors to a Web site. Criticism of cookies has included fear of the loss of privacy. Criticism of cookies has included fear of the loss of privacy. The information that cookies collect from users may be The information that cookies collect from users may be profitable both in the aggregate and by the individual. profitable both in the aggregate and by the individual. Whether the convenience that cookies provide outweighs Whether the convenience that cookies provide outweighs the loss of privacy is a question each Internet user must the loss of privacy is a question each Internet user must decide for him or herself. decide for him or herself.

Constitutional Basis of Constitutional Basis of PrivacyPrivacy

While the U.S. Constitution does not While the U.S. Constitution does not explicitly use the word "privacy," explicitly use the word "privacy," several of its provisions protect several of its provisions protect different aspects of this fundamental different aspects of this fundamental right.right.

Privacy is considered a “Penumbra Privacy is considered a “Penumbra Right”Right”

Penumbra InterpretationPenumbra Interpretation The Fourth Amendment limits government intrusion into people's The Fourth Amendment limits government intrusion into people's

private lives. The Supreme Court's interpretations of the Fourth private lives. The Supreme Court's interpretations of the Fourth Amendment, however, contain weaknesses that are particularly Amendment, however, contain weaknesses that are particularly troubling in the network environment of the Internet. troubling in the network environment of the Internet.

The First Amendment's freedom of expression and association The First Amendment's freedom of expression and association clause, which protects information about those with whom we clause, which protects information about those with whom we associate (e.g., political groups and social organizations), and associate (e.g., political groups and social organizations), and offers protections for the materials that we create, read, view, offers protections for the materials that we create, read, view, etc., in the privacy of our homesetc., in the privacy of our homes

The Fifth Amendment's privilege against self-incrimination, which The Fifth Amendment's privilege against self-incrimination, which protects the autonomy of our protects the autonomy of our bodies, thoughts and beliefs , thoughts and beliefs

The Ninth Amendment, in which the Supreme Court has found The Ninth Amendment, in which the Supreme Court has found protections for the privacy of our family and reproductive life protections for the privacy of our family and reproductive life

The Fourteenth Amendment, which the Supreme Court has also The Fourteenth Amendment, which the Supreme Court has also cited as the source of some limits on state government intrusions cited as the source of some limits on state government intrusions in the freedom and privacy of intimate decisions that affect our in the freedom and privacy of intimate decisions that affect our sexual, family and reproductive lives.sexual, family and reproductive lives.

Current Legislation on Current Legislation on PrivacyPrivacy

Legislative ProtectionsLegislative Protections Fair Credit Reporting Act (1970)Fair Credit Reporting Act (1970)

Privacy Act of 1974 Privacy Act of 1974

Family Education Rights and Privacy Act (1974) Family Education Rights and Privacy Act (1974)

Right to Financial Privacy Act (1978) Right to Financial Privacy Act (1978)

Privacy Protection Act of 1980 Privacy Protection Act of 1980

Cable Communications Policy Act of 1984Cable Communications Policy Act of 1984

The Electronic Communications Privacy Act (1986) The Electronic Communications Privacy Act (1986)

Video Privacy Protection Act of 1988 Video Privacy Protection Act of 1988

Telephone Consumer Protection Act of 1991 Telephone Consumer Protection Act of 1991

Driver's Privacy Protection Act of 1994 Driver's Privacy Protection Act of 1994

Customer Proprietary Network Information (CPNI) Customer Proprietary Network Information (CPNI) (part of the Telecommunications Reform Act of 1996) (part of the Telecommunications Reform Act of 1996)

Health Insurance Portability and Accountability Act of 1996 (HIPAA) Health Insurance Portability and Accountability Act of 1996 (HIPAA)

Children's Online Privacy Protection Act (COPPA) of 1998 Children's Online Privacy Protection Act (COPPA) of 1998

Legislative ProtectionsLegislative Protections

All legislation has passed not to All legislation has passed not to ensure protection of privacy itself but ensure protection of privacy itself but to calm down constituent fears in to calm down constituent fears in specific problem areas as they arise.specific problem areas as they arise.

This trend needs to stopThis trend needs to stop

Have We Been Here Have We Been Here Before?Before?

Have We Been Here Before?Have We Been Here Before?

In 1946, there were 6,000 black and white In 1946, there were 6,000 black and white TVs in the entire country, mostly in well-to-TVs in the entire country, mostly in well-to-do homes do homes

Three years later, in 1949, there were Three years later, in 1949, there were three million TVs, and, in 1951, there were three million TVs, and, in 1951, there were 12 million. 12 million.

Today, more Americans have TVs than Today, more Americans have TVs than have telephones have telephones

Have We Been Here Before?Have We Been Here Before?

People argued about whether TV was a People argued about whether TV was a tool or a toytool or a toy

Would it just provide mindless Would it just provide mindless entertainment, or teach our children and entertainment, or teach our children and bring the world closer together? bring the world closer together?

People had asked similar questions about People had asked similar questions about the radio, movies, the telephone, and even the radio, movies, the telephone, and even the telegraph in the 1840s! the telegraph in the 1840s!

Have We Been Here Before?Have We Been Here Before?

Today, they’re asking the same Today, they’re asking the same kinds of questions about computers kinds of questions about computers and the information superhighway. and the information superhighway.

But the answer is always the same: it But the answer is always the same: it isn’t the technology. It is the way isn’t the technology. It is the way people use the technology that people use the technology that makes the difference. makes the difference.

Industry Self-RegulationIndustry Self-RegulationIsIs

Not EnoughNot EnoughThe Internet The Internet NeedsNeeds Rules Rules

No Better Demographic to beginNo Better Demographic to beginTo ProtectTo Protect

ThanThan

Our ChildrenOur Children

History of COPPAHistory of COPPA

History OfHistory OfChildren's Online Privacy Protection Act Children's Online Privacy Protection Act

(COPPA).(COPPA).

In June 1998, the FTC issued its "Report to Congress In June 1998, the FTC issued its "Report to Congress on Privacy Online" in which it announced the on Privacy Online" in which it announced the findings of its survey of 1,400 web sites. The FTC findings of its survey of 1,400 web sites. The FTC found that 89% of the 212 child-oriented web sites found that 89% of the 212 child-oriented web sites it visited collect personally identifiable information it visited collect personally identifiable information directly from children, and only half of them directly from children, and only half of them disclose their information collection practices. disclose their information collection practices. Fewer than 10% of these sites provide for some Fewer than 10% of these sites provide for some form of parental control over the collection of form of parental control over the collection of information from their children. The FTC information from their children. The FTC recommends that legislation be enacted which recommends that legislation be enacted which places "parents in control of the online collection places "parents in control of the online collection and use of personal identifying information from and use of personal identifying information from their children." their children."

Children's Online Privacy Children's Online Privacy Protection Act Protection Act

(COPPA).(COPPA).

Children's Online Privacy Protection Act Children's Online Privacy Protection Act (COPPA).(COPPA).

Only for Children 13 years and youngerOnly for Children 13 years and younger

Why are Children 14-18 not protected?Why are Children 14-18 not protected?

No other Demographic currently No other Demographic currently protectedprotected

Children's Online Privacy Protection Act Children's Online Privacy Protection Act

(COPPA).(COPPA). (1) (1) Collection limitation.Collection limitation. Data collectors may not Data collectors may not

collect personal information from children, unless collect personal information from children, unless it is relevant, necessary and socially acceptable.it is relevant, necessary and socially acceptable.

(2) (2) Disclosure.Disclosure. Each data collector must Each data collector must prominently display a privacy statement which prominently display a privacy statement which discloses what information is being collected or discloses what information is being collected or tracked, how it is collected, how it will be used, tracked, how it is collected, how it will be used, who is collecting it, and who will use it.who is collecting it, and who will use it.

(3) (3) Parental consent.Parental consent. The child must understand The child must understand that he/she must get parental permission before that he/she must get parental permission before visiting areas where personal information is visiting areas where personal information is collected. The burden is on the collector/tracker to collected. The burden is on the collector/tracker to obtain valid parental consent.obtain valid parental consent.

Children's Online Privacy Protection Act Children's Online Privacy Protection Act (COPPA).(COPPA).

(4) (4) Use specification/use limitation.Use specification/use limitation. Personal Personal data should not be disclosed, made available or data should not be disclosed, made available or otherwise used for purposes other than those otherwise used for purposes other than those specified in the disclosure statement.specified in the disclosure statement.

(5) (5) Data quality and security.Data quality and security. Personal data Personal data should be protected against loss, unauthorized should be protected against loss, unauthorized access, destruction, use, modification, or access, destruction, use, modification, or disclosure.disclosure.

(6) (6) Parental participation: access, correction Parental participation: access, correction and prevention of future use.and prevention of future use. The data The data collector must provide access to the information collector must provide access to the information it has collected about the child. It must also allow it has collected about the child. It must also allow the parent the ability to correct erroneous data, the parent the ability to correct erroneous data, have data deleted, and/or prevent further use.have data deleted, and/or prevent further use.

FilteringFiltering

FilteringFilteringA number of products are available A number of products are available

which, when installed in the personal which, when installed in the personal computer, block access to web sites computer, block access to web sites containing objectionable material. containing objectionable material.

Some products also prevent access to Some products also prevent access to the computer during specified hours of the computer during specified hours of the day. Others provide parents a log the day. Others provide parents a log

of the web sites visited by their of the web sites visited by their children. And some prevent access to children. And some prevent access to such web services as Internet Relay such web services as Internet Relay

Chat.Chat.

FilteringFiltering

Cyber Patrol: Cyber Patrol: www.cyberpatrol.comwww.cyberpatrol.com Cyber Sitter: Cyber Sitter: www.solidoak.comwww.solidoak.com Net Nanny: Net Nanny: www.netnanny.comwww.netnanny.com Safesearch: Safesearch: www.safesearch.comwww.safesearch.com SurfWatch: SurfWatch: www.surfwatch.comwww.surfwatch.com Web Chaperone: Web Chaperone:

www.webchaperone.comwww.webchaperone.com X-Stop: X-Stop: www.xstop.comwww.xstop.com

Features to look for in filtering softwareFeatures to look for in filtering software blocks "outgoing" transmission of personal information such as blocks "outgoing" transmission of personal information such as

name, address, phone number name, address, phone number limits access by time of day and total amount of connect time limits access by time of day and total amount of connect time clearly states its criteria for blocking sites, and allows parents to clearly states its criteria for blocking sites, and allows parents to

read a list of blocked sites read a list of blocked sites has user-definable options, allowing customization of blocked sites has user-definable options, allowing customization of blocked sites allows user to turn software on and off with password control allows user to turn software on and off with password control is updated frequently is updated frequently blocks image files (JPEG/GIF) and binary downloads, likely to blocks image files (JPEG/GIF) and binary downloads, likely to

contain photos and graphic images contain photos and graphic images blocks transfer of compressed files likely to contain adult content blocks transfer of compressed files likely to contain adult content

(ZIP and SIT) (ZIP and SIT) filters offensive language filters offensive language blocks gopher and FTP (File Transfer Protocol) downloads blocks gopher and FTP (File Transfer Protocol) downloads blocks Internet Relay Chats (IRCs) and Usenet Newsgroups blocks Internet Relay Chats (IRCs) and Usenet Newsgroups works with online service providers like AOL, Prodigy, and MSN works with online service providers like AOL, Prodigy, and MSN works with rating systems like PICS and RSACi works with rating systems like PICS and RSACi

Filtering Software ProblemsFiltering Software Problems None of these software programs has been proven entirely

effective when put through a set of controlled tests.

Product testers have found that filtering programs often block access to sites with legitimate non-obscene speech, for example the word "breast," which can be found on the American Cancer Society's web site pages concerning breast cancer.

In addition, reviewers are critical of software products which do not disclose the list of keywords used to block web sites.

A further criticism of filtering software is that it can be difficult to install and can cause the computer to operate more slowly.

RatingsRatings

RatingsRatings One such system has been developed by One such system has been developed by

the Recreational Software Advisory the Recreational Software Advisory Council, called RSACiCouncil, called RSACi

Originally created as a rating system for Originally created as a rating system for computer games, it is the most widely computer games, it is the most widely used PICS rating system to date. used PICS rating system to date.

RSACi allows Internet web site publishers RSACi allows Internet web site publishers to describe the levels of sex, nudity, to describe the levels of sex, nudity, violence and harsh language, with five violence and harsh language, with five levels within each category. levels within each category.

RatingsRatings

SafeSurf, SafeSurf, www.safesurf.comwww.safesurf.com NetShepherd NetShepherd www.netshepherd.comwww.netshepherd.com. .

RSACi and SafeSurf rely on web RSACi and SafeSurf rely on web publishers to self-rate their web sites. publishers to self-rate their web sites. NetShepherd conducts third-party NetShepherd conducts third-party rating of sites.rating of sites.

Problems with RatingsProblems with Ratings

Self-RegulatedSelf-Regulated

No way to keep a Universal Standard No way to keep a Universal Standard that every website can agree on.that every website can agree on.

Thank You for Your TimeThank You for Your Time

The EndThe End