Date: Sat, 3 Apr 1999

Guest article

By Netiva Caftori

Regional Director, Computer Professionals for Social Responsibility

Editor's note: When I first asked Dr. Caftori to write an article for this

column, the Melissa Computer Virus was nowhere to be seen. Now we have all

survived its onslaught and learned that information embedded within

Microsoft Word documents played a part in finding the alleged hacker. I was

shocked to learn that such personal information existed in every Word

document document I had written, yet I can appreciate its potential value

because of the role it played leading to the quick success in stopping the

virus. The problem of computer ethics further hit home this week as I read

stories about how Yugoslavian hackers were invading NATO computers. Stories

like these make Dr. Caftori's discussion of the ethical issues more timely

today than ever before.

Dr. Caftori is a professor of computer science at Northeastern Illinois

University. She is also active as a speaker on issues pertaining to women

and computers. In her spare time she is a prolific artist, with much of her

work drawing upon inspiration from her homeland, Israel.

Mark Michaels, Editor

Ethical Implications of Technology

Netiva Caftori

Regional Director, Computer Professionals for Social Responsibility (CPSR)

Northeastern Illinois University (NEIU)

n-caftori@neiu.edu

http://www.neiu.edu/~ncaftori

Computers by their nature lend themselves to storing more information,

retrieving it faster and connecting it to other associated data. Our privacy

is constantly being invaded by spam (unwanted and unsolicited email), use of

cookies to track our surfing on the Internet without our permission or

knowledge, viruses, plus the unauthorized usage of databases

as portrayed below. It is no wonder that invasion of privacy would be one of

the most important ethical problems we face nowadays.

Computer Professionals for Social Responsibility (CPSR) is an

organization explores these issues as it addresses the benefits and risks to

society resulting

from the use of computers. For information, please visit our Web page at

http://www.cpsr.org

A major step away from privacy rights is Intel's plan to proceed with the

controversial Processor Serial Number (PSN), which has been embedded in its

Pentium III chips despite the continued public opposition and government

investigations. The chip ID will soon be

installed in all the company's products including Internet appliances and

portable devices. Intel is also working with several Australian content

providers on developing web sites that can only be accessed if the user

releases the PSN. See http://www.bigbrotherinside.com/

Yet Intel's actions are not unique. By now many have heard about the

Microsoft Word virus known as the Melissa virus. What is not reported

adequately is the fact that this virus was

made possible through a well-known design flaw in Microsoft Word. The flaw

was discussed at length before Microsoft released the product. The

increased ability of these types of problems to occur was well known. The

fact that a virus of this type eventually caused problems did not surprise

many in the industry. Other vendors offer similar features in a much more

secure way. See http://linuxtoday.com/stories/4464_flat.html

Security should be personal, not CPU-centric. An ID in information

appliances serves no worthy purpose. Privacy on the 'Net is more than an

issue of personal choice. Without privacy our every political view,

personal interest, contact with a friend or checking the stock market

becomes track-able for uses ranging from selling Twinkies to monitoring

population segments.

Attorney General Janet Reno has asked a federal commission to study the

possibility of requiring that a DNA sample be collected from every person

arrested in the United States and permanently kept in a national database.

If the proposal were adopted, the DNA database would be very large. In

1997, over 15 million people were arrested in the US. Current law allows

only individuals convicted for a few crimes including sex offenders to

have their DNA collected

Civil libertarians oppose the increased collection, arguing that mass

collection of DNA would be an illegal search with little purpose in most

cases, especially minor crimes. There are concerns that the DNA samples

collected could be used for other purposes, such as research into genetic

issues, or be released to others such as insurance companies. However the

collection of DNA has started in the military and in some states such as

Louisiana, New York and North Carolina. The Intel PSN would have the

potential of the computer-version of a DNA data-base. But the information

would be much more universal than just criminals.

One way to protect our privacy on the 'Net is to use encryption.

Congressman Bob Goodlatte (R-VA) has re-introduced legislation for the

fifth time in the House of Representatives to relax export controls on

encryption products. His bill is The Security And Freedom through

Encryption (SAFE).H.R. 850, Act.

>SAFE limits export license requirements for encryption products that are

>generally available on the Internet or through retail outlets.

>It also renders it lawful to use and sell encryption in the US and

>prohibits the federal or state governments from requiring key escrow. It

>also contains the controversial provision that creates a new federal crime

>for the use of encryption to conceal criminal conduct.

>SAFE has widespread support in the House but it faces an uphill battle.

>The bill has 204 co-sponsors including House Majority Leader. See

>http://www.crypto.org/

>We must maintain a balance between individual rights such as privacy and

>the common good. There must be a real danger to the common good which

>must first be dealt with, before curtailing privacy rights if possible.

>When rights are restricted the action should be minimal. Undesired side

>effects must be guarded against, e.g., if widespread HIV testing is found

>necessary, efforts to enhance the confidentiality of medical records must

>be made.

>Since the Internet may reach us all and is border-less, more cooperation

>among nations is necessary. New technologies are increasingly eroding

>privacy rights. Surveillance authority is regularly abused, even in many

>democratic countries.

>The Global Internet Liberty Campaign's comprehensive survey of privacy

>laws in fifty countries around the world has found that there is a growing

>trend in almost all jurisdictions to enact comprehensive privacy and data

>protection acts, either to address past government abuses, to promote

>electronic commerce, or to ensure compatibility with international

>standards.

>On the one hand, 'Net commerce requires securing users privacy to succeed.

>Yet commerce is also insisting on expanding its own push onto our computer

>screens. A front-page story in the San Jose Mercury news appeared recently,

>telling of a new huckster invasion of our schools. The company is ZapMe

>Corp. It offers fifteen Pentium II computers for free to schools, providing

>Internet access and maintenance. The catch is that there is a portion of

>the screen that is dedicated to advertising. The advertisers can collect

>data on how the students are using the computers.

>http://www.mercurycenter.com/svtech/news/indepth/docs/zapme032299.htm

>This intrusive advertising (now combined with interactive surveillance) is

>justified as a benefit for the Info-Poor, according to the SJ Mercury.

>This equalizer argument will probably be seen again -- it helps to justify

>ads, surveillance, and even spam. Surveys routinely show that the

>Info-poor are less concerned with privacy than are the Info-rich. It is

>unfortunate that these Info-poor kids, who already have a low concern for

>privacy, will have their expectation of privacy further eroded in school

>by this socialization of surveillance.

>Other issues such as SDI (Strategic defense Initiative), Internet

>Governance, Computers in education, Computers in the workplace, Internet

>Law, Community networks, Computers and the environment and Y2k are

>examples of what CPSR is concerned with. It is a grass-root organization,

>and new members are welcome:

>https://swww.igc.apc.org/cpsr/sec-membership-form.html