Lecture notes

We all know this car. It was buzzing around, yet it was taking more information
then it was suppose to. It was harvesting peoples home wifi network
information. Information that included, web histories, emails, passwords and
more.
Outline
0 Importance of Security and Privacy in the modern information age
0 Privacy at work
0 Legal framework in IT
0 Intellectual Property (IP) laws
0
Information age and privacy
If Privacy isnt already the first road kill on the information superhighway, then
its about to be.
- Brock Meeks (Wired Magazine)
What is privacy?
0 An individuals right to be free from intrusion or interference by others
(Gavison, 1980):
0 Secrecy: Control of information about oneself
0 Anonymity: Freedom of the attention of others
0 Solitude: Freedom from surveillance and observation
Benefits of privacy?
0 Individual Freedom
0 Food Habits
0 Work Habits
0 Shopping Habits
0 Autonomy
0 Job opportunity
0 Bank Loans
0 Not an absolute right!
0 For instance, if your break the law you lose certain rights.
Security and Privacy of Information
0 http://docusearch.com
0 We find people and information about them. Now any internet
savvy can locate lost friends, track down debtors and deadbeats, or
discover secrets of the people with whom you associate. Its totally
professional, completely legal and entirely confidential.
0 DigDirt and WeSpy4u:
0 Unlisted telephone numbers for US$69
0 Bank account numbers for US$55
0 Finding out a persons salary US$75
0 Stocks, bonds and mutual funds $200

Importance of privacy

The Limits of Privacy

(Etzioni 1999)
0 Within out society (more so than others) privacy is a privileged value
0 Should parents be provided with knowledge of criminal backgrounds
of child care workers?
0 Should law enforcement be able to determine whether drivers of
school buses, pilots, or police officers are under influence of illegal
drugs?
0 Should security forces be allowed to screen electronic
communications for indications of planned terrorist attacks?

0
0

Under what moral, legal, and social condition should the right to
privacy be limited?
Organisational efficiency
0 Organisation need information to make effective decisions
Public Interest
0 Government agencies need information to protect the public from
threats

Privacy and technology

0 Information gathering
0 Cookies
0 How does Google Display Network use Cookies?
0 Check out http://www.google.com/settings/ads
0 EU Cookie Directive (2002)
0 Web Searches
0 Point of sale (POS) transaction data
0 Mobile Technologies
0 Data matching and data merging
The google display network uses third-party cookies, where a cookie is
monitoring a users movement through the web. Effectively recording your every
move while you move through the internet. Their display network is so large it is
hard to navigate the web without being tail gated by Google. To see how
accurate they are at doing this go to the link.
The EU cookie directive is a policy requiring end users consent for the placement
of cookies or similar technologies when accessing information on a users
system. Has anyone clicked close when a website wants to tell you they are
storing your information?
In Australia do you have a right to privacy?
No*
Legal Protection of Privacy
0 In Australia, there is *no constitutional right to privacy
0 A patchwork of laws exist though to protect privacy
0 Specific privacy protection laws focus on protection of information privacy
0 Privacy protection laws vary across states
0 State and Federal Laws are not identical
0 However, where coverage exists, laws are typically complementary
and their obligations similar
0 Legislation based on principles set down by the Organisation for Economic
Co-operation and Development (OECD)
0 Recent recognition of privacy in common law
How are we protected in Australia?
0 The Federal Privacy Act contains 11 Information Privacy Principles (IPP),
which apply to Commonwealth and ACT government agencies.
0 It also has 10 National Privacy Principles (NPPs) which apply to parts of the
private sector and all health service providers.
0 States such as Victoria have their own versions based on these IPPs.
0 Part IIIA of the Privacy Act regulates credit providers and credit reporting
agencies
0 The Federal Privacy Commissioner also has some regulatory functions
under other enactments, including:

0
0
0
0

Telecommunications Act 1977 (Cth)

National Health Act 1953 (Cth)
Data Matching Program (Assistance and Tax) Act 1990 (Cth)
Crimes Act 1914 (Cth)

National Privacy Principles: (NPP)

0 Collection
0 Only collect personal information that is necessary for performance
of functions.
0 Advise individuals that they can access personal information
0 Use and Disclosure
0 User and disclose personal information only for the primary purpose
for which it was collected or a secondary purpose the person would
reasonable expect
0 Use for other secondary purposes should have the consent of the
person
0 Data Quality
0 Require that personal information is accurate, complete and up to
date
0 Security
0 The information that is collected must be secure from unauthorised
use or access.
0 Openness
0 A policy must be in place on how the personal information is
managed.
0 If asked this policy must be provided and available
0 Access and Correction
0 Access to the information as a general right and also the right to
have that information corrected if it is inaccurate, incomplete or
out-of-date
0 Identifiers
0 Generally prevents an organisation from adopting an Australian
Government identify for an individual (eg Medicare number) as its
own.
0 Anonymity
0 Where possible business organisations must give individuals the
opportunity to do business with them without the individual having
to identify themselves.
0 Transborder data flows
0 It must be outlined how personal information will be transferred
outside of Australia
0 Sensitive information
0 Health, racial or ethnic background, criminal records must be
handle with high standards.
Privacy in Action
0 Do you really have a private life online?
0 https://www.youtube.com/watch?v=-e98hxHZiTg
Workplace Monitoring
0 Employers monitor you. Does it breach you privacy?
0 Employers monitor you. Does it breach you privacy?
0 Yes, although conversations are monitored for legal reasons for both
parties

0
0
0

What
0
0
0
0
0
0

Customers and call centre operators may both be polite to each

other if monitored. (Who has asked not to be recorded?)
Can opt out
Extra reading:
0 http://www.nysscpa.org/cpajournal/2004/704/essentials/p52.h
tm
0 http://www.allbusiness.com/labor-employment/laborregulation-policy-employee-privacy/7869527-1.html

do employers monitor/limit?
Email traffic (stored) why?
Attachments (sent/received) why?
Instant messaging why?
Website access why?
Phone conversations why?
Database access why?

Company Policies
0 Information Privacy Policy
0 Information Security Policy
0 Difference?
0 Information Privacy Policy The Use
0 Information Security Policy The Access
0 Difference?
Computer Security & Ethics
0 Hacking Loves beating the system
0 Hacker (before): loves the computer challenge
0 Hacker (now): accesses unauthorised computers
0 Employer, Employee & Union Rights Aim for:
0 Property, access, privacy, accuracy
0 Policies and regulations
What is Intellectual Property?
0 Property
0 Real Property (land)
0 Personal Property
0 Possession (chattels)
0 Choses in Action
0 Shares, debts
0 Intellectual Property
Forms of IP
0 Intellectual Property
0 Copyright
0 Trademarks
0 Patens
0 Designs
0 https://www.youtube.com/watch?v=t7d0V4l8068
IP: Is it as real as other property?
0 Digital copyright problem: target work suffers no harm from being
infinitely reproduced
0 Owner of target work not deprived of original

Ethical and Practical Problems

0 Copier gets benefit to which she/he is not entitled
0 Theft as deprivation of possession paradigm not applicable to intellectual
property
0 Misappropriation difficult to trace/prove.
0 Moral difference between copying for ones own use and copying for
commercial exploitation
Copyright
0 Contained in Copyright Act 1968
0 Protects expression of idea not idea itself
0 Protected item must be
0 Original
0 Produced in material form
0 By a resident or citizen of Australia or by a member of a Berne
Convention country
0 Part III covers literary, musical, artistic & dramatic works
0 Part IV covers subject matter other than works recordings, films, videos
etc.
0 Literary works include computer programs in source and object code.
Website copyright
0 Websites incorporate different sorts of material graphics, photos, text
0 Each item may be subject to individual copyright as a computer program.
0 Whole website may be copyright as a compilation of programs (literary
works)
Open Source Software
0 Argument: computer programming community should be able to freely
read, modify and redistribute the source code in computer programs
0 Stallman: no natural rights for creators of computer software
0 Programs are tools for achieving computer mediated ends. Source code
component should be freely available to all who use computers and are
interested in promoting technological improvement by modifying
programs/adapting them for special needs.
Trademarks
0 Connect the manufacturer with their goods/services
0 Safeguard reputation in goods/services
0 Are limited to the marketplace for which the mark has been registered or
in which an unregistered mark has acquired a reputation
0 Are unique for specific goods/services with that jurisdiction
0 Defense mechanism. You have to protect it. The laws for trademarks allow
you to protect it. They dont seek justice.