Vous êtes sur la page 1sur 8

Computer Security and Ethics

Virginia Horniak
student at Department of Computer
Science and Engineering,
Mlardalen University
PO Box 883
721 23 Vsters, Sweden
vhk99001@student.mdh.se
ABSTRACT The privacy and security in computers has the last decades been a
Today there is a great concern among businesses and individuals hot topic to debate. There are many laws around the world
about privacy and security while using computers and the allowing governments to control the communication of the
Internet. The two topics, privacy and security, are closely related countrys citizens. There are organisations, which are not satisfied
in the computer-industry and on the Internet and there are many with the legislation and find that it violates the right to an
questions that overlap each other. individuals privacy. The fifth chapter describes the legislation in
United States and the directives that have been stated in the
Secure communication is in many cases a requirement assuring European Union. The freedom of individuals and the ethical
privacy and security for businesses and individuals. One of the questions are also described.
security techniques used in communication is data encryption,
which prevents unwanted users to gain access of the information
that is transmitted between computer networks or on the Internet.
2. PRIVACY AND SECURITY -
We will in this paper, among other things, look on the technique DEFINITIONS AND DIFFERENCES
of encrypting data, authentication of users in network systems and The two concepts privacy and security often overlap each other
on the ethical questions concerning privacy and security in since they are closely related; however there are some quite
computer networks. important differences between these two issues [1]. The privacy
on the Internet concerns the fact that users of the Internet are
1. INTRODUCTION often worried about loosing their personal information to
This paper treats the questions concerning ethical aspects of companies on the Internet that later on abuse the information. The
privacy and security in network systems. The security today is a security on the Internet and in computer networks is on the other
big issue in the use of the Internet and network systems and there hand an important issue concerning users who are afraid that the
are representatives in public and in private sectors, saying that communication they are having can be accessed and manipulated
there is a need of increasing the security or that the available by unauthorized intruders, who have no right to the information.
security can be enhanced. This paper will however concentrate on There are of course other concerns, besides the wire-tapping,
the existing computer security: the encryption of data and the dealing with the security on the Internet, like for example hacking
authentication of users in a computer network. and computer viruses attacking computer networks. This paper
As you will see there are many encryption algorithms and will however describe the security concerning the vulnerability to
authentication protocols; each of them has its own advantages and unauthorized access of data that is either placed in a computer
disadvatages. But the red thread throughout the topics in this system or that is transmitted through computer systems, like for
paper is the ethical aspect. The ethical aspects in computer example on the Internet.
security are many and the biggest aspect is a persons right to The main difference between the concepts security and privacy in
privacy. Throughout this paper these aspects will be considered, computer systems is that the information is secure if the owner
therefore it is good if the reader has them in the back of the head has control over it. The information is on the other hand private if
while reading this paper. the subject of the information has control over it [2].
The concepts privacy and security are often confused and overlap Security may be confused with privacy because of the fact that
each other in many contexts. These two concepts are described secure, or confidential, information is not open for unauthorized
and differentiated in the second chapter. There is also a parties, while private information is not revealed without
description of computer security and its goals. permission.
The third chapter describes cryptography, what the term Anonymity is a term that combines security and privacy by
cryptography includes and different encryption ciphers and guaranteeing privacy, since anonymous information has no
standards. To be able to encrypt and decrypt data there is a need subject, and requiring security so that the anonymous information
of a key distribution and there are many ways of distributing the proceeds being anonymous.
keys which are described. The three most important goals for the security are:
In the fourth chapter the authentication and its many protocols are
integrity, which means that information cannot be
described. Many of these described protocols have some kind of
changed during transmission
flaws where intruders can come in between two communicating
authentication, which occurs when an identity is
parties. In the section about authentication there is a description of
established between two users
these flaws and they are illustrated.
confidentiality, which means that the information stays possibilities the string can be written in and automatically the
confidential during transmission and intruder will have more difficulties in finding the right key. Keys
non repudiation, meaning that it is important to be able are most often as long as 256 bits but can be up to 1000 bits long.
to prove that a message has been sent. If the encryption- and decryption algorithms are secret there is no
need of keys since no one has the knowledge of the algorithms
To achieve the wanted security there are privacy-enhancing but if the algorithms are known the keys have to be secret. Most
technologies called PETs that protect the personal privacy [3]. often the algorithms are known to the public and to test whether
One of the oldest most effective PETs is the one that protects the an encryption algorithm is secure enough it is often publicized
content of the messages transmitted between two communicating and attempts are made by academic cryptologists to break the
users on the Internet, the technique called cryptography. algorithms. If years have passed and no one has managed to break
the system the algorithm can be assumed to be solid and then the
Cryptography is only a tool and does not guarantee security.
important aspect is to keep the keys secret.
There are several cryptographic tools such as hash values, public
key cryptography and private key cryptography. In the next There are two categories of encryption methods: substitution
section the different aspects and tools of cryptography will be ciphers and transposition ciphers.
described.
3.1.1 Substitution Ciphers
3. CRYPTOGRAPHY In a substitution cipher each letter, or each group of letters, gets
replaced by another letter or group of letters to disguise it.
3.1 Terminology and General Cryptography
Cryptology is the term including both the terms cryptography (i.e. There is a general encryption system called the monoalphabetic
encryption), which is the name of the science of creating substitution, where the key is a 26-letter string that corresponds to
cryptosystems, and cryptanalysis, which is the term of breaking the full alphabet.
cryptosystems. A cryptosystem, or an encryption system as it is plaintext: abcdefghijklmnopqrstuvwxyz
also called, is a system that provides confidentiality to the parties
cipher text: QWERTYUIOPASDFGHJKLZXCVB NM
that want to communicate with each other on the Internet [4].
The plaintext attack would after encryption with the key above
The message that is going to be encrypted is known as the
become the cipher text QZZQEA. At a first glance this seems to
plaintext, see figure 1. The output of the encryption is called
be a secure system since the variation of keys can be 26! ( 4 *
cipher text and it is the cipher text that later on is transmitted
between for example computer networks [5]. 1026), nevertheless the cipher can be broken easily. Languages
most often have a statistical property where certain letters are
Intruder more common than others and by making guesses at common
letters and likely patterns of vowel and consonants it is quite easy
for a cryptanalyst to build up a preliminary cipher text.

Encryption Decryption
3.1.2 Transposition Ciphers
Plaintext method method Plaintext While substitution cipher only substitutes the plaintext, the
transposition cipher does not disguise the letters but instead this
type of cipher changes the order of the letters. You can se an
example of a transposition cipher in figure 2.

Cipher text
Encryption Decryption
M E G A B U C K
key key

Figure 1. The encryption model. 7 4 5 1 2 8 3 6 Plaintext


pleasetransferonemilliondollars
If there is an intruder in the computer system he can either be a p l e a s e t r
passive intruder who only listens to the communication, or an
active intruder who records the messages, replays them, injects
a n s f e r o n
own messages or modifies the traffic passed on the network. Ciphertext
The algorithm that encrypts the plaintext into the cipher text has a afllselatooslnmoesilrnnxpaed
key as a parameter and normally the intruder does not know what e m i l l i o n
the decryption key is and therefore he cannot decrypt the message
that he has recorded while listening to the traffic passed on the d o l l a r s x
network.
To be able to encrypt and decrypt the data passed on the network Figure 2. A transposition cipher.
there is a need of two keys, which consist of a short string that can
be changed as often as it requires and it is in the keys the secrecy
can be found. The longer the key is the better since there are more
In this example the word MEGABUCK is the keyword, which As mentioned earlier the DES was cracked and is no longer used
numbers the columns with its letters. The letter A in by the industry but it was an important intermediate goal for the
MEGABUCK numbers the column as the first one, B as the government of the United States to get a standard in the
second one and so on. The plaintext is then written horizontally in cryptography used by most of the industries.
rows under the keyword, and the cipher text is read out by
columns, starting with the column which has the lowest key letter. 3.3 Key Distribution
The first problem a cryptanalyst encounters while trying to break The distribution of the encryption and the decryption key has
the encryption is to disguise whether this is a substitution cipher been one of the biggest and weakest problems in most
or a transposition cipher. The next step is to guess the number of cryptosystems [5]. Earlier the encryption and the decryption key
columns and to place the columns in right order by once again were always the same, or at least they had some mathematical
look at the patterns of the letters and match the letters correctly. connection to each other, and therefore if an intruder got hold of a
key there were no problems for him to decrypt the data passed on
3.2 Modern Cryptography the network.
As you have read, cryptography used to be simple algorithms To avoid the problem of key distribution there were two new
relying on very long keys in the substitution ciphers and in the cryptosystems developed, the public key and the private key
transposition ciphers, but that was in the past. Nowadays cryptography.
cryptography is based on relative short keys and complex
encryption algorithms instead and no matter how much cipher text 3.3.1 Private Key Cryptography
a cryptanalyst obtains, he will probably not make any sense of it. In private key encryption, also called symmetric encryption, there
is one key for both encryption and decryption.
3.2.1 Data Encryption Standard This type of cryptosystem can be used for authentication when
Substitution and transposition ciphers are nowadays implemented several persons share the same key. For example if Bob, Alice
with simple circuits and an example of this kind of encryption is and Carol share the same key Bob knows that it is Alice who
used in the cipher called DES (Data Encryption Standard), which contacts him when she presents the key to Bob and verifies that
was developed by IBM for the United States government in she is Alice. This can cause a problem called the replay attack,
1977. DES was widely used by the industry but after being because when Bob has the key Alice gave him he can present the
cracked and modified the usage of it has reduced. key to Carol and claim that he is Alice. In this type of attacks, the
In figure 3 there is an example of a simple monoalphabetic authentication is replayed and the person replaying the data gives
substitution cipher where the 64 bit long plaintext passes an himself out as being somebody else, which you can see in figure
algorithm with several steps of the same iteration. Each step uses 4 [2].
a different 56-bit key, and produces a 64 bit long cipher text. The
algorithm is symmetric, therefore encryption and decryption uses
the same algorithm. Alice Bob Carol

64 bit plaintext
{Bob, I am Alice}
A, B and Cs shared {Carol, I am Alice}
Initial transposition key
A, B and Cs shared
key
Iteration 1
Figure 4. A Replay Attack.

56 bit key Iteration 2 3.3.2 Public Key Cryptography


. In 1976 an engineer named Diffie at Sun Microsystems invented
. together with Hellman from the Stanford University the public
. key cryptography [4], also called the asymmetric cryptography,
Iteration 16
where the encryption and decryption keys are different or cannot
be derived from each other.
32 bit swap Each user in a system using public key cryptography has two
keys: one public encryption key that is publicized and used by
everyone and one private decryption key that is not shared with
Inverse transposition anyone.
Figure 3. The DES. When a user wants to decrypt a message he has to have a unique
pair of decryption and encryption keys. While sending a secret
64 bit ciphertext message the sender has to get hold of the public encryption key
and encrypt the message with the key before sending the message.
Only the right receiver who has the correct decryption key is able challenge. Alice encrypts the number with the key that she shares
to decrypt the message. with Bob and sends the cipher text KAB(RB) back to Bob. When
As you can see in figure 5 the replay attack is not possible in Bob receives this message he knows that the message comes from
public key encryption. Alice, because if there would be an intruder in the system he
would not know the secret key that is shared between Alice and
Bob. The largeness of the sequence number sent by Bob to Alice
Alice Bob Carol ensures that an intruder will have difficulties in overhearing the
number as plaintext and the encrypted number.
{Bob, I am Alice}
Sending the encrypted number to Bob, Alice is not sure whether it
As secret key {Bob, I am Alice} really is Bob or an intruder who has sent her the number. To find
As secret key out if it is Bob she is talking to, Alice sends him a random number
(RA) as plaintext and Bob encrypts the random number in the
same way as Alice did and sends it back to her as cipher text,
Bob, Carol is not KAB(RA). This communication can of course be shortened as in
fooled figure 7.

Alice Bob
Figure 5. A failure of a Replay Attack.
A
4. AUTHENTICATION
Authentication is the technique used when a process verifies that RB
the communication partner is who he is supposed to be [5]. To be
able to pass through the authentication without having permission KAB(RB)
to it is a difficult task. In this section there will be a short
description of the different authentication protocols that are used
in computer systems. RA
An authentication protocol starts with the event that a process, for
example a user Alice, wants to establish e secure connection with KAB(RA)
another user, Bob. Alice either sends a message directly to Bob or
to a trusted and honest key distribution centre (KDC). This Figure 6. A two-way authentication using the challenge
communication between Bob and Alice can be interrupted by an response-protocol.
intruder who replays, modifies or blocks the communication.
Nevertheless, when authentication is completed Alice and Bob Alice Bob
know they are talking to each other, not to an intruder, and there
is a secret session key established that is to be used in upcoming
conversations. This session key is established to reduce the A, RA
amount of traffic including the secret decryption key or the public
key and to reduce the amount of cipher text an intruder can get
hold of. If the process would crash and an intruder would get hold
of the core dump the damage is hopefully minimized since the RB, KAB(RA)
only obtainable key is the session key.
Authentication protocols often use public key cryptography to
establish the session key, while private key cryptography is used
to encrypt the data. KAB(RB)
The following sections are about authentication protocols that are
based on the sharing of a secret key between two users.
Figure 7. A shortened challenge-reponse protocol.
4.1 The Challenge-Response Protocol
The first protocol is called the challenge-response protocol. Let us The problem with the challenge-response protocol is that an
assume that Alice (A) and Bob (B) have exchanged a secret key intruder can easily break it with a reflection attack. The reflection
(KAB), to be sure that the authentication passes one party sends a attack can take place if Bob is able to accept simultaneous
random number to the other party, transforms it with the secret connections at once, and then the intruder can cheat Bob out of
key and sends it back. For an example see figure 6. the secret key Bob shares with Alice as you can see in figure 8.
In the example we can see the communication step by step. At The intruder starts first one session, receives a random number
first Alice sends a message with her identity to Bob, who does not from Bob (RB), which the intruder sends back in a new session as
know whether the message really comes from Alice, therefore his own random number. Bob encrypts RB in the second session
Bob sends a large number (RB) as plaintext to Alice as a
Alice picks x Bob picks y

and when the intruder receives the cipher text KAB(RB), the
intruder can finish the first session by sending KAB(RB) back to n, g, gx mod n
Bob.
The conclusion is that when designing an authentication protocol
it is important not to give away information that an intruder can
gy mod n
use and the two communicating parties have to use different keys.
Alice computes Bob computes
(gy mod n)x = (gx mod n)y =
Intruder Bob
gxy mod n gxy mod n
A, RT
First session
Figure 9. The Diffie-Hellman key exchange.
RB, KAB(RT)

Although there are difficulties in computing the two large


numbers x and y, an intruder can perform a bucket brigade attack,
A, RB also called the man-in-the-middle attack. The intruder places
Second session himself between Alice and Bob, as you can see in figure 10, and
RB2, KAB(RB) receives Alices message that is intended for Bob. The intruder
sends a correct message with calculations to Alice and an initiate
message to Bob. Bob responds on the intruders message with
Bobs own calculations. Finally Alice and the intruder compute
First session the secret key gxz mod n, while Bob and the intruder compute the
KAB(RB) secret key gyz mod n. Now every message Alice sends, to who
she thinks is Bob, can either be modified or stored by the intruder
Figure 8. A reflection attack. and thereafter passed on to Bob. The same thing occurs in the
other direction.
4.2 The Diffie-Hellman Key Exchange
There is another type of authentication protocol, called the Diffie-
Alice picks x Intruder picks z Bob picks y
Hellman key exchange, which allows strangers to establish shared
secret keys, something Bob and Alice did not have to do in the
prior protocol. Alice and Bob have to, in this case, agree on two
large public prime numbers, n and g, where (n-1)/2 also is a prime n, g, gx mod n
and certain conditions apply to g. Bob and Alice pick two large
(512-bit) numbers, x and y, that are kept secret. According to n, g, gz mod n
figure 9 Bob and Alice send the different numbers to each other,
make calculations and the result of the calculations of Bob and gz mod n
Alice will always be the same. This results in a shared secret key,
gxy mod n. An intruder does not have any possibilities of gy mod n
computing gxy mod n, although knowing n and g, because there is
no algorithm for computing discrete logarithms modulo a very
large prime number and therefore the intruder cannot compute x
and y. Figure 10. A bucket brigade attack.

4.3 Key Distribution Center


As we have seen there are problems with protocols sharing secret
keys, but there is a trusted approach called the key distribution
centre (KDC). All authentication and session key management
between users goes through the KDC and the idea behind it is not
that complicated. As you can see in figure 11 the idea is quite
simple because all Alice does is identifying herself to the KDC
(A), picking a session key (KS), telling the KDC that she wants to
talk to Bob (B) and encrypting the message with the secret key
KA that Alice shares with the KDC. The KDC on the other hand
constructs a message to Bob including Alices identity (A), and
the session key the KDC has received from Alice (KS), encrypted
with the secret key KB that the KDC only shares with Bob.
paper. This new standard was a response to the growing fear of
Alice KDC Bob the government that the digitalized communication and the
widespread use of high-quality encryption would make the
governments work difficult.
A, KA(B, The encryption standard EES was supposed to be implemented in
KB(A, KS) all digital communication equipment that was either sold or used
in the United State, by incorporating a computer chip called
Clipper into different telecommunication devices [9]. The Clipper
chip works in the following way: the Clipper chip in the sending
Figure 11. An authentication protocol using KDC. machine encrypts the data, without the control of the sender, and
the Clipper chip in the receiveing machine decypts the data. The
whole process is hidden from the user and the encryption
The problem with this authentication protocol is the possible algorithm, called SkipJack, is of course classified by the National
replay attack made by an intruder. The intruder can in some way Security Agency (NSA), since it is still considered to be reliable
copy the second message, the one from the KDC to Bob, and and robust for use.
replay it several times to Bob but there are solutions to this The feature added to the EES, was that all the decryption keys
problem. Either a timestamp can be added to the message, or a used by the Clipper chip would be stored and only available for
unique identifier can be put in each message. If a message with an authorities, like National Institute for Standards and Technology
old timestamp is received, the message can be discarded and if the (NIST) and the Automated Systems Division of the Department
receiving party remembers the identifier then a message can also of Treasury. This standard was met with a big opposition from
be discarded if the identifier already has been received. industry, civil liberties organizations and cryptologists; therefore
There are of course several other authentication protocols but it was also abandoned after some time had passed.
these are the most known with problems that are known and have Many organisations, like the Electronic Frontier Foundation
been taken care of. (EFF) [9] were opponents to the Clipper chip and the power the
authorities would have keeping all the keys. Organisations like
5. ETHICS AND LAWS EFF are dedicated to protect the privacy of Americas citizens and
The discussions about computer and network security have been to educate the public about the democratic potentials of
many since they relate to the difference between democracy and communication technologies. The organisations find that
the state where Big Brother is watching you [5]. proposals like EES insult the fundamental rights, concerning the
There is a need for individuals to maintain some kind of privacy, citizen right to information without the interference of
while governments most often see the need for security to be most authoritites.
important. The government managed to achieve its aim by legislating the
There are several countries around the world, for example France, import and the export of munitions [4].
that have totally forbidden nongovernmental cryptography just The law in the United States, called Export Administration
because governments do not want citizens keeping secrets from Regulations (EAR), concerns the prohibition of import and the
them. The legislations concerning cryptography around the world export of munitions, such as jet fighters and tanks, without the
ensures indirectly that the electronic communication structure is permission of the Department of Defence.
wiretap-friendly and is easy to watch, but the modern
United States International Traffic and Arms Regulation have
mathematical techniques of encryption are still developing,
stated that cryptographic algorithms are a type of munitions and
offering electronic privacy to the people [4].
EAR was therefore updated in 1996 prohibiting all citizens from
There are several cases in United States where people, not only exporting cryptographic software. The updated version of EAR
American citizens but also researchers that have spend some time was stated by President Clinton in 1996 in the following speech:
in the US, have been sentenced to years in prison and fines for
I have determined that the export of encryption products
breaking the American legislation [5].
described in this section could harm national security and foreign
On the other hand many governments themselves have policy interests even where comparable products are or appear to
eavesdropped on citizens without any permission and cases like be available from sources outside the United States, and that facts
these make the discussion heated. and questions concerning the foreign availability of such
encryption products cannot be made subject to public disclosure
5.1 Legislation in the United States or judicial review without revealing or implicating classified
The American debate on privacy has been burning since the information that could harm the United States national security
Second World War and since the first legislation of the rights of and foreign policy interests.
privacy in 1941, four types of privacy right cases have been The EAR was further revised and reformulated in year 2000, by
defined in the Fourth Amendment [2]. the Department of Commerce. This revision concentrates more on
The debate in the United States about the specific legislation of the encryption and the source code than the older version and the
cryptographic technologies started in 1993, when the government following amendment was added to the EAR:
announced a new encryption standard, called the Escrowed Encryption items can be used to maintain the secrecy of
Encryption Standard (EES), which has replaced the older standard information, and thereby may be used by persons abroad to harm
called Data Encryprion Standard (DES), described earlier in this
national security, foreign policy and law enforcement interests. . . Philosophically, the two distinctions of privacy say us that a
. As the President indicated in Executive Order 13026 and in his person can have control but no privacy, or privacy but no control.
Memorandum of November 15, 1996, export of encryption Is it possible having the right to control and the right to privacy at
software, like export of encryption hardware, is controlled the same time?
because of this functional capacity to encrypt information on a On the other hand if privacy would depend on the control of the
computer system, and not because of any informational or data of an individual there is no possibility that this individual
theoretical value that such software may reflect, contain, or would have privacy since there is far too much data to have
represent, or that its export may convey to others abroad. For this control of. A user in a network system can only have control of
reason, export controls on encryption software are distinguished data to which he has access to, therefore is the right to privacy
from controls on other software regulated under the EAR. better understood in terms of restricted access.
This part of the law clearly states that the government sees There are two sides in the ethical debate concerning computer
encryption as a threat to national security, but commercial security. One part finds that the technology to encrypt data, and
encryption software including symmetric algorithms using keys provide confidentiality to the users in a computer networks, is out
with the length 64 bits or less are not prescribed by law [6]. in the open. Therefore are the attempts, made by authorities, to
Because of the critical and loud opposistion of the legislation, it prevent citizens from communicating privately, not only
has become more liberalized and the exporting license has undemocratic but also useless [4]. Libertarians argue that citizens
become looser. Cryptography businesses have instead been have rights to encrypt whatever they want, without governments
offered to agree on the earlier feature, which is to store the interfering and storaging of encryption and decryption keys.
decryption keys and make them available for authorities [4]. On the other hand governments have a need of controlling
citizens for the need of the security of a country. The possibility
5.2 Directives in the European Union to be able to prevent terrorism by buging communication in
While the laws in the United States are based on the privacy of computer networks is invaluable and there are governments which
the citizens, the European Parliament decided to go the other way think that the right to privacy of citizens unfortunately must be
and stated principles of data protection. In July 1995, the disregarded. There is a third party in the discussion [10] saying
European Parliament through the Council of Europe Convention that the existing methods of encryption are technical facts rather
on Data Protection took on a memorandum that protects the than an ethical question. The ethical question lies in the way
fundamental rights and freedom of individuals, concentrating on encryption is used, where the information is crucial.
protecting the right of privacy [7].
This chapter will be finished with the words of Immanuel Kant,
The aim of the directive that was stated by the European who has been one of the philosophers fighting for the ethical
Parliament is to protect the fundamental rights and freedom of behavior. He states that a person should "Act in such a way that
natural persons, and in particular the right to privacy with respect you treat humanity, whether in your own person or in the person
to the processing o personal data. The second intention with this of another, always at the same time as an end and never simply as
directive was to make the flow of the personal information within a means" [9].
the European Union easier. Earlier legislation in the European
Union was more focused on the recording of private data, while 6. CONCLUSION
the existing directive is more broader, regulating all processing of There are many ways to have a secure communication in
personal data, including recording of information. According to computer networks today. Today there are both possibilities to
the directive, all data is not permitted to be processed. Sensitive encrypt the data that is transmitted in a computer network and
personal data like the revealing of ethnical or racial origins, possibilities to control which users have authority to use network
political opinions, religious beliefs, and the data concerning systems. Both encryption and authentication have algorithms and
health or sex life, is only allowed to be processed if it is necessary protocols that have been or are widely used.
to protect the vital interest of the person who the data concerns.
There are of course other exceptions of the processing of data in Along with the computer security there are ethical questions that
the directive; like the medical data that is permitted to be come up. Authorities are concerned over the fact that encrypted
processed in a health system for purposes of treatment. communication over computer networks can be misused by
terrorists and other criminals and therefore the legislation in many
The person whose data has been processed has the right to be countries around the world has come into force. Civil rights
informed who the person is who controls his data, why it has been organisations mean that the right to communicate with each other
processed and who is going to take part of it [8]. using encryption is a civil right. The legislation is by many found
Not all the countries in the European Union follow the directive; to be a violation of a persons right to privacy.
United Kingdom has for example a Data Protection Act, which While we wait for the next generation of privacy-protected
was stated in 1984 and does not acknowledge the right of privacy technology, where there will be no one who feels that the
[7]. technology in combination with the legislation is a violation of
human right to privacy, it is important that the industry adopts a
5.3 Individual freedom more universal and ethical approach towards privacy.
Privacy can be seen as the protection from intrusion and the
protection from information gathering made by unauthorized 7. REFERENCES
persons. The individual control of personal data is also a type of
[1] Richard A. Spinello, Herman T. Tavani. Readings in
privacy that can come in conflict with the first formulation [3].
CyberEthics. Jones and Bartlett. ISBN 0-7637-1500-X
[2] L. Jean Camp. Web Security and Privacy: An American [7] James Morris-Lee. Privacy: Its everyones business now.
Perspective. The Information Society 15, 1999 Direct Marketing, Apr 1996
[3] Herman T. Tavani, James H. Moor. Privacy Protection, [8] Dag Elgesem. The Structure of Rights in Directive 95/46/EC
Control of Information, and Privacy-Enhancing on the Protection of Individuals with Regard to the
Technologies. Proceedings of the Conference on Computer Processing Personal Data and the Free Movement of Such
Ethics-Philosophical Enquiry (CEPE 2000) Data. Ethics and Information Technology 1, 1999
[4] Whitfield Diffie, Susan Landau. Privacy on the Line: The [9] Lester Dorman, Phil Lin. Digital Privacy: The Ethics of
Politics of Wiretapping and Encryption. The MIT Press, Encryption. Stanford University.
1998 http://www.totse.com/en/privacy/encryption/dpcryp.ht
[5] Andrew S. Tanenbaum. Computer Networks. Prentice Hall. ml
ISBN 0-13-394248-1 [10] Chris Zielinski. The Ethics of Encryption and Inscription.
[6] Jean Camp, K. Lewis. Code as speech: A discussion of Ethicom 98.
Bernstein v. USDOJ, Karn v USDOS, and Junger v Daley in http://www.iwsp.org/Ethics_of_encryption.htm
light of the U.S. Supreme Courts recent shift to Federalism.
Ethics and Information Technology 3, 2001