Chapter 8 : Ethics and Society

avatar
Created by
aciidic tootoxic

Cards (131)

  • Society includes organisations and individuals although society can be classed as a country, a town, a street or just a group of people
  • Anything that causes change, such as an increase in taxes or a new government, will have an impact on society
  • Digital technologies are continually developing and are therefore continually imposing changes upon society
  • Society can either embrace those changes, be indifferent to them (ignore them) or put up barriers to them
  • Technical content covered in previous chapters
    • cyber security
    • mobile technologies
    • wireless networking
    • cloud storage
    • theft of computer code
    • issues around copyright of algorithms
    • cracking
    • hacking
    • wearable technologies
    • computer based implants
  • Many ordinary citizens value their privacy and may not like it when governments or security services have too much access
  • Governments and security services often argue that they cannot keep their citizens safe from terrorism and other attacks unless they have access to private data
  • There are laws in place that require digital technologies to be used responsibly
  • Laws to be discussed
    • Copyright, Designs and Patents Act (CDPA)
    • Computer Misuse Act (CMA)
    • Regulation of Investigatory Powers Act (RIPA)
    • Investigatory Powers Act (IPA)
    • Data Protection Act (DPA)
  • Computer Misuse Act (CMA)
    Makes unauthorised access to a computer system (hacking) a crime which can be punished by a prison sentence or a heavy fine
  • Crimes covered by the CMA
    • Unauthorised access to computer material
    • Unauthorised access to computer material with the intent to commit further crime
    • Unauthorised modification of computer material
  • Proving that a specific person gained unauthorised access can be difficult because hacking usually takes place anonymously and from remote locations
  • The law covers all computer systems and there is no definition of what a computer system is meaning that portable devices such as smart phones are also covered by the CMA
  • If both the location of the hacker and the computer system are outside of the UK, then the CMA does not apply, meaning that cloud-based storage and email systems are not always protected by the CMA
  • The CMA can act as a deterrent to potential criminals, but it does not stop a crime from taking place
  • Manufacturers of electronic devices also have a responsibility to ensure that the devices are secure from potential hackers
  • Privacy or security?
    Some people value their privacy and have concerns that any system that monitors their activities or personal data could be used against them, while others see the use of security measures as protecting them against crime and terrorism
  • Data Protection Act (DPA) 2018
    An updated UK law following the European Union's General Data Protection Regulation (GDPR), which requires organisations that store personal data to ensure it is kept safe
  • Organisations store all sorts of personal data about individuals, such as photos, user account details, bank details, social media posts, email addresses, and medical records
  • The Data Protection Act (DPA) 2018 ensures that personal data is kept safe and that individuals' privacy is protected
  • Data Protection Act (DPA) 2018
    Updated UK law following the European Union's General Data Protection Regulation (GDPR)
  • Data theft
    • Major identity manager breach exposes sensitive user info
    • TalkTalk says 'less than 1.2 million' customer details stolen in hack
    • Vodafone says 1,827 customers' bank details accessed in attack
    • Hackers target UK parliament email accounts
    • Facebook showed terrorists the profiles of people moderating them
    • Verizon partner exposes 14 million customer records
  • Medical records
    • Google's search results had to be purged after medical records were accidentally uploaded
  • DPA requirements for organisations
    • Protect personal data using appropriate security
    • Only keep data while it is needed
    • Data must be accurate and kept up-to-date
    • Report theft of personal data to the Information Commissioner
    • Inform users affected
    • Could be prosecuted if found to have inadequate security
  • Individual rights under the DPA
    • Right to be informed that data will be stored about them
    • Right to access personal data stored about them
    • Right to have inaccurate personal data corrected
    • Right to be forgotten (to have data removed when it is no longer needed)
  • The GDPR still applies to the Data Protection Act following the UK's exit from the European Union
  • The Regulation of Investigatory Powers Act (RIPA) was passed into law in 2000
  • RIPA
    • Makes it illegal to intercept or monitor communications without legal authority
    • Allows law enforcement agencies to monitor communications
    • Allows organisations to monitor communications within their own communication networks
  • Purposes RIPA enables interception of communications by public authorities
    • To prevent or detect serious crime
    • In the interests of national security
    • To protect public health
    • To protect the economic well-being of the UK
    • To detect illegal use of telecommunication systems
  • Investigatory powers under RIPA
    • Interception of communications (eg telephone calls, emails, letters)
    • Collection of communications data (eg billing data or 'who, when and where')
    • Intrusive surveillance (on residential premises/in private vehicles)
    • Direct surveillance (in public places)
    • Use of covert human intelligence sources (agents, informants, undercover officers)
    • Access to encrypted data
  • Owners of private telecommunication systems
    • Have the right to intercept and monitor communications within that system
  • Examples of communications organisations can monitor
    • Emails sent and received
    • Communications within chat rooms or instant messaging
    • Activity on social networks
    • Websites visited
    • Telephone conversations
    • Intercepted postal items
  • Reasons organisations can intercept communications
    • Establish facts
    • Monitor the achievement of standards
    • Prevent or detect crime
    • Investigate unauthorised use of its systems
    • Access relevant communications (eg emails) when staff are absent from work
  • The RIPA is intended to protect against crime, but many people are concerned that this law can be used for 'snooping' on people
  • Investigatory Powers Act (IPA 2016)

    Also known as the "Snoopers Charter", sets out how far investigatory powers can be used in relation to personal data
  • Powers granted by the Investigatory Powers Act
    • Collect the browsing records of anyone in the UK
    • Internet and communication companies must keep browser records for one year
    • This information can be used by authorities such as the Food Standards Agency and the Department for Work and Pensions
    • Collect Internet connection records
    • Allow security services to collect mass communication data
    • Allow security services to hack into a suspect's electronic device
    • Ask a judge to issue a warrant for intrusive surveillance
  • Some people think the Investigatory Powers Act will generate such 'big data' that it will be impossible to analyse and will make it harder to detect crime and terrorism
  • Some people think the Investigatory Powers Act is an invasion of their privacy
  • Other people believe if they have nothing to hide then they have nothing to worry about
  • In some countries, people do not trust their government and the ability for the government to monitor communications could be a major concern to citizens