From: Nathan J. Nelson
To: Dr. Tucker, Shin-Ping
Subject: Homework 4
19 February 2019
What would you do?
1. You’re the webmaster for a site that caters to young children. What measures must you take to ensure that your website does not violate the Children’s Online Privacy Protections Act?
According to the FTC, there are several areas that have to be met when operating a website that caters to young children.
b. Direct notice to parents, where verifiable consent, with limited exceptions before collecting information.
c. Parents have the option of consenting to the collection of the data, but prohibiting the operator from sharing with 3rd parties, unless such action is integral to site or service.
d. Must make available all data to a parent’s minor, where they have the option of reviewing, or, deleting the information.
e. Must be given the opportunity to stop the collection
f. Can only retain personal information for so long before removing the data permanently from the system.
2. Your friend is going through a tough time with his current significant other and believes she is cheating on him. He is aware of your technical prowess and has asked you to help him purchase a and install a stalking app on her cell phone. What would you say?
Remind your friend that to install said devices onto and individuals’ phone without their knowledge is illegal. Furthermore, according to the text it is also illegal to listen to someone’s phone call without their knowledge and permission.
Case Study 1
Critical Thinking Questions
1. Do you feel there should have be some sort of redress for the 21 million people whose personal information was stolen even if thy cannot prove actually monetary damages?
At a minimum a letter should have been drafted and sent out to each individual, explaining how they allowed the breach to occur, acknowledge fault, and agree to compensation if monetary damages did occur.
2. How might foreign powers and or terrorists use the stolen data to mount intelligence operations against the United States.
Having had a high-level security clearance in the past, I know about the in-depth amount of information one has to provide in order to obtain a clearance of that level. If a foreign party or terrorist organization were to obtain this information, they would have direct leverage over a multitude of people through bank records, relatives, friends, family etc.
3. Go online to do research on the steps OPM has taken to improve its cybersecurity? Are you satisfied with these actions? If not, what additional changes would you suggest?
After having perused several sites, I can make the statement while improvements have been made, they are still lagging behind. For instance, information pertaining to high value assets has been identified but not encrypted and they have not encrypted data transmissions from one machine to another. Furthermore, OPM has still failed to comprehensively test all facets of their business, nor has it fully implemented the suggestions of the IG.
Case Study 2
Critical Thinking Questions
1. Do you think it is time to consider changes to the ECPA to bring it more in line with the Bill of Rights, or do you believe that concerns about terrorism and crime justify efforts to revise the Bill of Rights?
The fact that the ECPA has not been more inline with the Bill of Rights is disturbing, however that is not to discount the terrorist’s threats that do exist in our world today. The 4th Amendment clearly states;
“The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized” (Constitution of United States of America 1789 (rev. 1992)).
To seize these records, without informing the individuals involved is in clear violation of the 4th Amendment.
2. Congress proposed legislation in both 2013 and 2015 to revise the ECPA; however, the changes never made it through the legislative process. Do research and write a brief summary explaining why no action was taken.
According to the ACLU and Technology Review, while the House passed a bill 416-0 the legislation died in the Senate due to lobbying by Jeff Sessions and Republican Lobbyists and lawmakers.
3. Why do you think media organizations would support Microsoft in its suits against the United States over the provisions of the ECPA?
One reason could be that media organizations are more frequently storing their information, informants, and sensitive information online. In their eyes, how long till the government starts censoring their content.
“Complying with COPPA: Frequently Asked Questions.” Federal Trade Commission, 25 June 2018, www.ftc.gov/tips-advice/business-center/guidance/complying-coppa-frequently-asked-questions.
Snell, Elizabeth. “OPM Data Breach Controls Improved, Further Action Required.” HealthITSecurity, HealthITSecurity, 7 Aug. 2017, healthitsecurity.com/news/opm-data-breach-controls-improved-further-action-required.