Privacy and Ethics

(Global Problems and Solutions)

Written by

Ferdows Shahryar

25, October, 2013

Introduction .......................................................................................................................... 4

Privacy .................................................................................................................................. 4

Ethics .................................................................................................................................... 4

Cybercrime ............................................................................................................................ 6

Types of Computer Crime ...............................................................................................................6

Theft ...................................................................................................................................................................... 6

Fraud ..................................................................................................................................................................... 6

Copyright infringement ......................................................................................................................................... 6

Attacks on organizations and individuals .............................................................................................................. 7

Approaches used by Identity Thieves ..............................................................................................8

Information Systems and Technology Vulnerabilities ............................................................. 8

Viruses ...........................................................................................................................................8

Worms ...........................................................................................................................................8

Trojan horse ...................................................................................................................................9

Time bomb .....................................................................................................................................9

Logic bomb .................................................................................................................................. 10

Trapdoor ...................................................................................................................................... 10

Solution ............................................................................................................................... 10

Antivirus And Anti spyware Software ............................................................................................ 10

Firewalls ...................................................................................................................................... 10

Cryptography ............................................................................................................................... 11

Cyber Ethics and Laws .................................................................................................................. 11

Conclusion ........................................................................................................................... 11

References........................................................................................................................... 12

ABSTRACT

Privacy of communication is an important ethical topic in today’s society. Computer technology, with

its many aspects, like for example communication passed on computer networks, has raised new ethical problems

concerning privacy, since a large amount of personal information passes computer networks each day. Computer

ethics, which includes privacy, is an impartially new area within applied ethics, raising new types of moral

dilemmas.

To preserve an individual’s privacy when communicating, different privacy-enhancing technologies

have been developed. That includes technologies like cryptography, authentication and digital signatures. These

technologies have various algorithms and protocols, which are used to a large extent in computer networks. A

description of the algorithms and protocols is given in this article.

The privacy-enhancing technologies have caused new anxiety since governments and authorities have

problems with intercepting the encrypted communication passed on computer networks. The interplay between

the security and safety of a group, for example the citizens of a country, which governments want to achieve

with interception, and the privacy of an individual, who prefer to share the information with only a few close

others, is a sensitive balancing. To facilitate the interception, several devices and technologies have been

developed by governments, which is a subject to discussion.

The legislation concerning the right to privacy and the legal definition of the right to privacy differs all

over the world. This article gives a summary of computer ethics and specially the ethical issue of privacy. A

description of the privacy-enhancing technologies and an example of legislation in three parts of the world is

also given.

Introduction

Privacy is one of the more troubling personal and professional issues of our time. But

privacy cannot be adequately addressed without considering a basic foundation of ethics. We cannot

reach a meaningful normative conclusion about privacy rights and obligations without a

fundamental and common understanding of the ethical basis of justice and a thorough understanding

of individual and organizational concerns and motivations.

Privacy The right to be free from secret surveillance and to determine whether, when, how, and to

whom, one's personal or organizational information is to be revealed. In specific, privacy may be

divided into four categories (1) Physical: restriction on others to experience a person or situation

through one or more of the human senses; (2) Informational: restriction on searching for or

revealing facts that are unknown or unknowable to others; (3) Decisional: restriction on interfering

in decisions that are exclusive to an entity; (4) Dispositional: restriction on attempts to know an

individual's state of mind.

Ethics Ethics, also known as moral philosophy, is a branch of philosophy that involves

systematizing, defending and recommending concepts of right and wrong conduct. The term comes

from the Greek word ethos, which means "character". Ethics is a complement to Aesthetics in the

philosophy field of Axiology. In philosophy, ethics studies the moral behavior in humans and how

one should act.

Kenneth Einar Himma and Herman T. Tavani, wrote the story of Information Ethics in their

Handbook on Information and Computer Ethics as below:

“According to Froehlich (2004),7 the expression “information ethics” was introduced in the

1980s by Koenig et al. (1981) and Hauptman (1988), who then went on to establish the

Journal of Information Ethics in 1992. It was used as a general label to discuss issues

regarding information (or data) confidentiality, reliability, quality, and usage. Not

surprisingly, the disciplines involved were initially library and information science and

business and management studies. They were only later joined by information technologies

studies.”

Dictionary synonyms for ethics include: morals, standards, values, principles, beliefs. The

ethics of one person may not be the same as the ethics of another person. Ethics are shaped by ones

background such as religious and cultural beliefs, teachings of parents and school, life experiences

etc. People make decisions about what is right or wrong; good or bad based on their moral beliefs.

Nations usually make decisions about major ethical problems by make laws, eg for robbery,

murder, assault, rape, drug-taking etc.

In a business the ethics of the organisation are made up by the combined ethical beliefs of

the people employed in that business. Therefore, it is possible that some member of the

organisation may not behave in a manner that others in the organisation would approve of, or that

would be good for the company’s reputation. To get around this many businesses and professional

societies establish a Code of Practice, which is simply a set of rules of behaviour by which members of

the organisation must abide, or risk dismissal. Examples of rules that might be included in a Code

of Practice for the use of an organisation’s computer system are:

Do not use company computer system for personal activities;

Do not use company computer system outside of business hours without authorization;

Do not use company computer system in a manner that would breach the confidentiality of

personal data or in a way that would do harm to individuals or this organization – such as:

o Do not use customer information for any other purpose than the business activities

of this company;

o Do not disclose customer information to any unauthorized person or organization;

o Do not disclose commercially sensitive information about this company to any

unauthorized person or organization;

Do not copy copyright protected material, e.g. software, computer files, music files;

Do not view, access or download from the Internet any unlawful material, e.g. music files,

pornography;

Do not send offensive or unlawful material via the company’s email system

Do not disclose your User ID or Password to any other individual;

Do not damage, corrupt or destroy any company computer records;

Do not use company computer system for any unlawful purpose.

Cybercrime Cybercrime encompasses any criminal act dealing with computers and networks (called hacking).

Additionally, cybercrime also includes traditional crimes conducted through the Internet. For

example; hate crimes, telemarketing and Internet fraud, identity theft, and credit card account

thefts are considered to be cybercrimes when the illegal activities are committed through the use of

a computer and the Internet.

Types of Computer Crime Typically, computer crime can be categorized by the type of activity which occurs. Four

basic categories are utilized in describing computer crime. These are: theft, fraud, copyright

infringement, and attacks.

Theft

Theft in computer crime may refer to either unauthorized removal of physical items such as

hardware or unauthorized removal or copying of data or information. It is well known that laptop

computers are targeted at airports and restaurants. The prize garnered with theft of a laptop is

usually the data or information such as passwords for corporate systems contained on the laptops

rather than the hardware.

Fraud

. Fraud on the Internet may run the gamut from credit card offers which are utilized only to

capture personal information, to investor postings which promote a stock or investment offer to

encourage investment which will benefit the person posting the information, to medical and

pharmaceutical -related sites which purport to provide correct medical advice or sell altered

medications.

Copyright infringement

The Internet has provided a unique opportunity and environment for copyright

infringement. This type of computer crime encompasses use of software, music, etc. which is not

appropriately acquired (purchased). Software piracy occurs more easily with the ability to post files

for downloading all over the world. However, another more costly copyright infringement occurs

when trademarks and logos of corporations are posted on non-authorized web sites. Some

criminals utilize the trademarks and logos to appear to be a legitimate site to perpetrate fraud.

Many corporations have employees or consulting contractors who constantly crawl the web to sniff

out illegal usage of trademarks and logos.

Attacks on organizations and individuals

Attacks on organizational information systems may be either physical or logical. There are

several instances of web sites, products, and individuals being libeled or attacked by individuals or

groups. One of the classic examples was the attack on Proctor and Gamble as an occult

organization. AOL and other ISPs cooperate fully with criminal justice systems to reveal identities

of those deploying web sites of question.

Denial of Service Attacks (DoS) target specific web sites and associated servers. Some of the

newsworthy examples of DoS during 2000 - 2001 have occurred at Microsoft.com, eBay.com, and

Amazon.com .Web servers and connections can only handle so much traffic so Denial of Service

(DoS) usually take the form of one of two ways:

Coordinated attack (typically from unsuspecting desktops) to a particular IP address or URL

requesting a page – overwhelms server and DoS occurs

Attack sends incomplete packets so that traffic gets jammed with requests for re-send.

George W. Reynolds the author of Ethics in Information Technology Discussed the issue related to

attacks to organization and individuals and written:

“Unfortunately, the number of IT-related security incidents is increasing—not only in the United

States but around the world. Table 3-1 lists the most common computer security incidents according

to the “2008 CSI Computer Crime and Security Survey.” The figures shown in the table represent the

percentage of organizations responding to the survey that experienced such an incident during the

specified year. According to the survey, 53 percent of the responding organizations spend 5 percent

or less of their overall IT budget on information security.”

Approaches used by Identity Thieves Hacking Databases, Phishing, Spyware

Phishing is an attempt to steal personal identity data by tricking users entering the

information on a counterfeit Web site; this data includes credit card numbers, account

usernames, passwords, SSN.

Spoofed e-mails lead consumers to the fake Web sites

Spear-phishing is a variation in which employees are sent phony e-mails that look like

they came from high-level executives within their organization. Employees are again

directed to the fake Web site and then asked to provide personal Information.

Information Systems and Technology Vulnerabilities There are several classes of activities which may also harm information systems and

supporting technology. These activities may result in criminal charges depending upon the

circumstances and impact on information systems. Currently, these activities fall within classes of

viruses, worms, Trojan horse, time bomb, logic bomb, and trapdoors.

Viruses A virus is a program with intent to harm or render a computer system useless. The virus

method of attack is to attach itself to specific files such as data files. It is not a free standing

program. It copies itself when the infected file is executed.

A virus can damage data, delete files, erase your hard drive, or just cause annoying screen displays

or sounds. Viruses may hide within macros of Word or Excel documents. Some viruses are

programmed to trigger execution on a particular date or time. Viruses do not cause hardware

damage. Viruses spread from file to file. There are thousands of documented viruses!!!! Some

recent examples of viruses include the Melissa, Chernobyl, and Michelangelo.

Most virus protection software provides monthly updates to ensure that the computer system is

covered from recent virus discoveries. Two of the more popular versions of virus protection

include Norton (Symantec) and McAfee.

Worms Worms are another destructive program designed to create instability information systems

and supporting technology. Worms differ from viruses in that a worm is a free standing program.

A worm executes on its own functionality. Worms spread from computer system to computer

system rather than from file to file.

Examples of notorious worms include the July and August, 2001 attack of CODE RED on IIS

servers. IIS (Internet Information Services) is part of the Microsoft Windows Server operating

system which provides internet connectivity. Servers including federal government web sites,

Qwest DSL servers, and other corporate or governmental sites were hit.

A worm can reply to e-mails while attaching itself to the e-mail; can destroy File Allocation System

(FAT) on Windows systems and other similar attacks on other files systems on hard drives.

Because worms are free standing, they can spread on their own and do not require human

intervention to spread. Thus, in some ways, worms are more lethal than viruses.

Trojan horse This software derives its name from the Greek mythology depicting war activity between

the Greeks and Trojans of Troy. The Greeks pretended to depart the besieged Troy but left behind

a giant wooden horse as a “gift”. The Trojans brought the horse within the gates of Troy and Greek

warriors were hidden in the horse. The Greek warriors then captured Troy. Therefore, the

Trojan horse appears to have one function but in reality does something else.

Typically, a Trojan horse performs something destructive while the person at the keyboard thinks

they are downloading an animation or some other file. The Trojan horse commonly either loads a

software program to be utilized in a later Denial of Service attack or reads your passwords, credit

card numbers, etc., saved within your system. This vital information is later used to make

purchases or other criminal activities.

In August of 2001, a particularly damaging Trojan horse named the Trojan Offensive has been

reported. It damages the Registry of Windows operating system so that the system is trashed.

Time bomb These are software attacks that are designed to occur at a predetermined time or date. The

difference between a time bomb and a virus such as the Michelangelo is that technically the time

bomb does not spread. It impacts on the system upon which it has been loaded.

Logic bomb Logic bombs are software attacks that triggered by a predetermined event. The most

common logic bombs occur when information technology employees are laid off from

employment. Then, for example, billing systems go awry when an employee id number is no

longer on the payroll database.

Trapdoor Trapdoors are a system entrance that circumvents security system. These are hidden logins

or administrative user definitions added by system developers for unscrupulous reasons. Trapdoors

allow an unauthorized or unknown user to control a computer system. Trapdoors are typically

only aimed at servers or mainframe corporate systems.

Solution Now that we have discussed various types of computer exploits, the people who perpetrate these

exploits, and the laws under which they can be prosecuted, we will discuss how organization scan

take steps to implement a trustworthy computing environment to defend against such attacks.

The author of Ethics in Information Technology Discussed the issue and he proposed the

trustworthy computing as a method of solution and written:

“Trustworthy computing is a method of computing that delivers secure, private, and reliable

computing experiences based on sound business practices; this is what organizations worldwide are

demanding today. Everyone who provides computing services (software and hardware

manufacturers, consultants, programmers) knows that this is a priority for their customers. For

example, Microsoft has pledged to deliver on a trustworthy computing initiative designed to improve

trust in its software products”

Antivirus And Anti spyware Software Antivirus software consists of computer programs that attempt to identify, thwart and

eliminate computer viruses and other malicious software. Anti-spy wares are used to restrict

backdoor program, Trojans and other spy wares to be installed on the computer.

Firewalls A firewall protects a computer network from unauthorized access. Network firewalls may

be hardware devices, software programs, or a combination of the two. A network firewall typically

guards an internal computer network against malicious access from outside the network.

Cryptography Cryptography is the science of encrypting and decrypting information. Encryption is like

sending a postal mail to another party with a lock code on the envelope which is known only to the

sender and the recipient. A number of cryptographic methods have been developed and some of

them are still not cracked.

Cyber Ethics and Laws Cyber ethics and cyber laws are also being formulated to stop cybercrimes. It is a

responsibility of every individual to follow cyber ethics and cyber laws so that the increasing

cybercrimes shall reduce. Security software like anti viruses and anti-spy wares should be installed

on all computers, in order to remain secure from cybercrimes. Internet Service Providers should

also provide high level of security at their servers in order to keep their clients secure from all types

of viruses and malicious programs.

Conclusion Confidence can appear in a situation where commonly mistrustful people have no recourse

to authorities. This condition is similar to the situation that exists on the Internet. Demonstrated

ethical behavior on the part of many people can help to overcome the uncertainty, and ensure that

people choose to interact with each other. Asset in privacy is one such protest of ethical intent.

Businesses who wish to avoid the alternatives have begun to address the need for ethics in design

and operation. Merely asserting trustworthiness, however, is not likely to convince today’s cynical

consumers. Businesses will need to start building organisms that show their concern in behaving

ethically because only then will they be trusted.

References

Privacy and Information Technology. DeCew, Judith Wagner. 2011. 2011, p. 25.

Reynolds, George W. 2010. Ethics in Information Technology. Boston, MA 02210 : Joe Sabatino, 2010.

ISBN-10: 0-538-74622-X.

Tavani, Kenneth Einar Himma and Herman T. 2008. The Handbook of Information and Computer Ethics.

New Jersey : John Wiley & Sons, Inc, 2008. ISBN 978-0-471-79959-7.

Solove, Daniel J. 2011. Privacy, Information, and Technology. New York : Aspen Publishers, 2011.

0735510423.

http://books.google.com.af/books?id=Ze3_NDCHK2IC&printsec=frontcover#v=onepage&q&f=false