Privacy and Innovation - unintended adversaries
Let's consider something with tremendous opportunities to execute beginning the process with critical thinking skills.
Step 1. We will review a diagram with pictures showing many subjects we would find in an Enterprise Data Warehouse or Business Analytical service.
Step 2. We will identify the problem from the stakeholder or clients perspective.
The following translates the many laws in place today in the US which protect the privacy of each of the subjects, based on thematic subjects a person associates various topics as private in the mind of the users. If we measure the way many companies have not considered or perhaps we never validate the way our teams are delivering. If we had done so, I'd be surprised to know our corporate or national leaders would allow such things to continue.
US Domestic Laws
We call these practices cookies in our current conversations or targeted attacks.
Title I ECPA (18 USC 2511)(Node #278371)
Title I of the U.S. Electronic Communications Privacy Act (ECPA) (18 USC §2511) prohibits interception and disclosure of wired, oral or electronic communication while in transit. This law may apply when a perpetrator wiretaps a phone line, does physical bugging, or puts a keylogger on someone’s computer.
Title II ECPA (18 USC 2701-12)(Node #278372)Title I of the U.S. Electronic Communications Privacy Act (ECPA) (18 USC §2511) prohibits interception and disclosure of wired, oral or electronic communication while in transit. This law may apply when a perpetrator wiretaps a phone line, does physical bugging, or puts a keylogger on someone’s computer.
Title II of ECPA, The Stored Communications Act (18 USC §§2701‐12) makes it unlawful to intentionally access stored communications without authorization or by exceeding authorized access. This law may apply when a perpetrator accesses someone else’s email, voicemail, online social networking account or information stored on a computer or with a cloud provider. See also, NNEDV’s tipsheet on Cloud Computing.
Imagine every device owned and using any application from any of the stores online in our social media favorites. What if every device was now a machine to machine access tool. One that people who bought the device are unknowingly walking around ignorant to the way the device is being used.
Ethical Hackers
We have lost our morals to the point where many people are allowed to stalk a person under the premise of Ethical Hacking. The same behaviors are called social engineering attacks.
The laws are openly ignored and lawlessness promoted as if these American's were given full immunity from any criminal charges. Well, they are given immunity. There is no process in place and the ones in place are a waste of time, no one ever finds a way to take a complaint and it falls under no-ones actual jurisdiction.
Again!
We have countless laws and no way to enforce the law. This diagram helps us to visualize the requirements in a way that must be understood as describing in Text has yet to enable the law.  |
| UN Women's Law Work Group Thematic topics adopted for the visual |
In the diagram above, we have two people one female and one male with a globe to the right of the images. The visuals show us that the issue is both a female and a male problem across the globe.
Now each block surrounding identifies various thematic topics from the UN Law work group last report after the March 2013 meeting.
The STOP signs indicate laws protecting the subjects within the topic.
- Privacy laws need to be enforced
The Triangle with an exclamation
- A person would need to make a personal choice
- Public information
Many companies have a moral obligation and a leadership decision. Your company brand or risk your companies reputation, financial and legal risk.
- The actions have a negative impact on people's family, economic and social lives.
http://peoplecentereddesign.blogspot.com/2013/09/national-country-laws.html
Domestic - Tech Laws see attached "NNEDV-Finding Tech laws to charge for technology abuse"
Identify if the perpetrator violated laws in multiple jurisdictions, including state and federal levels: In addition to local/state laws, there are a range of U.S. federal laws that might be relevant. For example, the U.S. Electronic Communications Privacy Act (ECPA) addresses access, use, disclosure, interception and privacy protections of electronic communications.
Title I of the U.S. Electronic Communications Privacy Act (ECPA) (18 USC §2511) prohibits interception and disclosure of wired, oral or electronic communication while in transit. This law may apply when a perpetrator wiretaps a phone line, does physical bugging, or puts a keylogger on someone’s computer.
Title II of ECPA, The Stored Communications Act (18 USC §§2701‐12) makes it unlawful to intentionally access stored communications without authorization or by exceeding authorized access. This law may apply when a perpetrator accesses someone else’s email, voicemail, online social networking account or information stored on a computer or with a cloud provider. See also, NNEDV’s tipsheet on Cloud Computing.
_________________________________________________________________________________________________________
Domestic - Fourth Amendment
___________________________________________________________________________________________________________________________________________________
Medical Privacy Guide Laws related to medical records and children with parental relationship
Many of the laws related to children and consumers are not cited in the use case "current or future issues".
None of the laws which would exclude indigenous people, who have escalated their sovereignty to the united nations human rights justice process and we have not a single use case noted to exclude the tribal populations. In the use case for diabetes research, it is highly probable that the tribal population and fact that men with tribal heritage in Lakota Nations expect the males to not exceed 42.9 years of age due to diabetes related illnesses.
Rights protecting health record of children
1. See 45 C.F.R. Parts 160 and 164, available at http://www.hhs.gov/ocr/hipaa.
2. 45 C.F.R. § 164.501.
3. 45 C.F.R. § 164.502(g); see also 65 Fed. Reg. 82,500 (Dec. 28, 2000).
4. The regulations do not define “unemancipated minor” but defer to state law definitions of the term.
5.See note at the bottom of the Alan Guttmacher Institute’s chart of relevant state laws, attached to this guide.
6. Again, the regulations do not define these terms but rely on state law definitions.
7. 45 C.F.R. § 160.103.
8. 45 C.F.R. §§ 160.103, 164.504(e)(1).
9. 45 C.F.R. § 160.103.
10. 45 C.F.R. §§ 160.103, 164.501.
11. 45 C.F.R. § 164.524.
12. 45 C.F.R. §§ 164.502, 164.506, 164.508, 164.512, 164.514.
13. 45 C.F.R. §§ 164.510, 164.512.
14. 45 C.F.R. § 164.522(b).
15. 45 C.F.R. § 164.522(a).
16. 45 C.F.R. § 164.520.
17. 45 C.F.R. § 164.526.
18. 45 C.F.R. § 164.528.
19. 45 C.F.R. § 164.502(g)(3)(i).
20 See also A. English et al., State Minor Consent Laws: A Summary, 2nd ed. Chapel Hill, NC: Center for Adolescent Health & the Law, April 2003. This 200 page monograph summarizes each state's minor consent statutes, including the confidentiality and disclosure provisions of those statutes. Ordering information is available from info@cahl.org.
21. 45 C.F.R. § 164.502(g)(3)(i)(A).
22. But be aware that even a minor who is legally entitled to consent to most health care on her own may have to comply with a law that requires parental or judicial involvement in her abortion decision.
23. 45 C.F.R. § 164.502(g)(3)(i)(B).
24. 45 C.F.R. § 164.502(g)(3)(i)(C).
25. 45 C.F.R. § 164.502(g)(3)(ii)(A).
26. 45 C.F.R. § 164.502(g)(3)(ii)(B).
27. 45 C.F.R. § 164.502(g)(3)(ii)(C); see also 67 Fed. Reg. 53,200-53,2001 (Aug. 14, 2002).
28. 45 C.F.R. § 164.502(g)(5).
29. 45 C.F.R. § 164.512(b)(1)(ii); see also 45 C.F.R. § 164.512(c).
30. 45 C.F.R. § 164.524(a)(3)(iii).
31. 45 C.F.R. § 164.524(d)(2).
32. 45 C.F.R. § 164.522(b).
33. 45 C.F.R. § 164.522(a).
34. 45 C.F.R. § 164.512(j)(1)(i).
35. 45 C.F.R. § 164.520
_____________________________________________________________
Domestic Security Clearance - See attached "governmentclearancefordata_formD2254.doc"
I had a file or form DD254 (see attached Government clearance form for data) from the federal contracting award where it clearly states classified information and the process which tells me that from a standard perspective "big data" isn't the place for security intelligence information. The purpose in itself cannot afford to be subject to the definition of big data. Technology strained by the size of data, isn't valuable for security intelligence purposes. The information must be raw, without modifications, traceable, audit-able and without any question about integrity or validity.
This form clearly states the requirements a person must have and conditions of releasing the person for access to the information.
In addition, to the fact that a person intending to do harm to our nation would have access to and the ability to move or erase their activities making it much more difficult to manage.
One part of the form identifies the requirement that the user must be a US citizen. For this reason and based on the severity in any situation or deployment of Big Data, the ability to manage the standard in this regard tells me, the security intelligence information MUST be an exclusion from big data.
a) DD254 form - This document clearly states the contracting organization must first be a US Citizen, the source which might allow us to ensure this requirement was met is not a practice in place today.
a.1.) The NIST standard should read big data for public sector agencies must manage data regionally and the intent of Big Data intends to acquire population data for many person's to use in various ways for niche purposes. In the case of women, the violence against women act of 2006 file is located here at this link. The file shows a clear association with regard to Native American's and Indian Health centers particularly. For the use case, which I plan to prepare. Applicable references during our call about the countless laws and FACT that the rights of tribal people continue to be ignored.
a.2.) The subjective purposes are a threat to the security intelligence agency and expose citizen's to targeted attacks see Microsoft Security Report
a.3.) The current quality of information acquired and processed is subjective when intelligence information clearly must be factual (objective) and segregated away from untrained stakeholders.
a.4.) The purpose for any intelligence information would justify the exclusion when the definition of big data implies many things to many people and has the intent to reveal information when intelligence information intends to be restricted and only involve a very limited number of persons.
(fictional-cause)
Cause-people going around the policies as the product groups were not moving fast enough so a brilliant data person comes up with a way to provide mobile services ahead of the product group.
(Fictional story actual effects)
Effect-a host of images and video formatted files show in the data stores with telecom sensor information.
As a follow up, resilience and security validations need to be performed on the situation. The IT expert responds with, yes those are streaming video and images.
"I've seen way more bathrooms than I ever wanted to see"Images from people's bathrooms was funny to this IT person.
People the human in the role of a citizen
A retail company may consider these people as consumers, the fact would only be true if the person had an interest and CHOSE to be part of your companies advertising audience.A consumer or customer of a wireless service provider, expects certain protections and has been using mobile devices without threat of the types of violations being promoted in "Not So Smart phones".
One blogger wrote and highlighted the fact that people are generally hopeful in the right things being done before they would want to accept such an awful reality.
People believe in a higher power and expect corporations to be out for profit but even then these companies have boundaries. Those boundaries are laws and freedoms or liberties.
Applications on Mobile Devices
A person has no indication that the device they purchased and who's contract with their service provider can violate the privacy or norms they've become familiar with.- Whether you are a woman or a man, the issue is far from being a gender issue.
- IF we learn that our phones are being used to capture us in the restroom
- The patriot act is not covering this type of monitoring.
If that isn't enough to make you uncomfortable...
- It's capturing your wife in the restroom...
- It's capturing your daughter in the restroom...
- It's capturing your mother in the restroom...
- It's capturing your sister in the restroom...
With any problem, I am rarely going public with such wicked problems unless I have a solution to solve them.
No comments:
Post a Comment