Ethical Impacts Flashcards
(125 cards)
1
Q
What is a patent?
A
Grant of property right issued by the US Patent and Trademark Office (USPTO) to an inventor, permitting owner to exclude public from making, using, or selling the protected invention, and allows for legal action in violations.
2
Q
Which law grants citizens the right to access certain information and records of the federal government upon request?
A
The Freedom of Information Act (FOIA)
3
Q
What is a utility patent?
A
Issued for a new process, machine, manufacture, or composition of matter
4
Q
What are three advantages of trade secret law over patents and copyrights?
A
- No time limitations on trade secret protections
- No need to file an application or otherwise disclose to outsiders for protection
- No risk that trade secret will be found invalid in court
5
Q
What is the focus of CALEA?
A
To require telecom industry to build tools into its products that federal investigators can use to eavesdrop on conversations and intercept electronic communications
6
Q
Which law defined standards to improve portability and continuity of health insurance coverage, reduce fraud, and simplify administration?
A
The Health Insurance Portability and Accountability Act
7
Q
Which law prohibits US government agencies from concealing the existence of any personal data record keeping system?
A
The Privacy Act
8
Q
What are the three areas addressed by ECPA?
A
- Protection of communications while in transfer
- Protection of communications held in electronic storage
- Prohibition of devices from recording dialling, routing, addressing, and signalling information without a search warrant
9
Q
What type of information is excluded from FOIA requests?
A
Freedom of Information Act prohibits request for excessively wide range searches of records.
10
Q
What are fair information practices?
A
Guidelines that govern the collection and use of personal data
11
Q
Which law mandates websites catering to children to offer comprehensive privacy policies, notify parents or guardians about their data collection practices, and receive parental consent before collecting any personal information from children under 13?
A
Children’s Online Privacy Protection Act (COPPA)
12
Q
Which law has strong privacy provisions for electronic health records (EHRs) - banning sale of info, promoting audit trails and encryption, and rights of access for patients?
A
The American Recovery and Reinvestment Act
13
Q
What is a trademark?
A
A logo, package design, phrase, sound, or word that differentiates a brand
14
Q
What is cyberterrorism?
A
Intimidation of the government or civilian population by using IT to disable national infrastructure (energy, transportation, finance, law enforcement, and emergency response) to achieve political, religious, or ideological goals.
15
Q
What is the basis for protecting personal privacy under law?
A
The Fourth Amendment’s defence against unreasonable searches and seizures without a warrant or probable cause.
16
Q
What types of speech are not protected by the First Amendment?
A
- Perjury
- Fraud
- Defamation
- Obsenity
17
Q
Which law ensures accuracy, fairness, and privacy of information gathered by credit card companies?
A
Fair Credit Reporting Act
18
Q
What is a copyright?
A
Exclusive right to distribute, display, perform, or reproduce an original work in copies, to prepare derivative works, and to grant these exclusive rights to others.
19
Q
Which law granted a four year extension of the US PATRIOT Act that allowed roving wiretaps and searches of business records, and extended authorization intelligence gathering on lone wolves?
A
The PATRIOT Sunsets Extension Act
20
Q
Which agreement created the World Trade Organization in Geneva to enforce compliance and has a section called Agreement on Trade Related Aspects of Intellectual Property Rights (TRIPS)?
A
The General Agreement on Tariffs and Trade (GATT), 1993
21
Q
What are key elements of end user security layer?
A
- Security education
- Authentication methods
- Antivirus software
- Data encryption
22
Q
What is the difference between data manipulation and misrepresentation?
A
Manipulation is largely illustrative
Misrepresentation deliberately influences audiences toward an outcome
23
Q
How does an organization implement a risk-based security strategy?
A
- Risk assessment
- Disaster recovery plan
- Define security policies
- Periodic security audits
- Compliance standards defined by external parties
- Track with security dashboard
24
Q
What are the keys laws establishing the legal framework for electronic surveillance?
A
- Communication Act (1934)
- Foreign Intelligence Surveillance Act (FISA) (1978, amended 2008)
- Title III of the Omnibus Crime Control and Safe Streets Act (1968, amended 1986) (the “Wiretap Act”)
Also:
- Electronic Communication Privacy Act (ECPA) (1986)
- Communication Assistance for Law Enforcement Act (1994)
- USA PATRIOT Act (2001)
25
Which legislation directly repeals the EU Data Protection Directive and indirectly the Privacy Shield framework?
The General Data Protection Regulation (GDPR) in 2018
Noncompliance can result in penalties for privacy violations amounting to as much as 4% of companies annual global revenue
26
What is confidentiality?
Protecting an organizations most sensitive information: IP, finance and payroll, customers, etc.
27
Which law modified 15 existing statutes and gave sweeping new powers to domestic law enforcement and international intelligence agencies for increased eavesdropping ability, email interception, and medical/financial records searches, and eased restrictions on foreign intelligence gathering in the States?
The US PATRIOT Act
28
Which law set requirements for sex offender registration and notification in the United States?
1994 Jacob Wetterling Crimes Against Children and Sexually Violent Offender Registration Act
(States required to create web sites to provide info for registered sex offenders)
29
What was ECPA passed to amend?
Title III of the Omnibus Crime Control and Safe Streets Act
30
Which law established mandatory guidelines for the collection and disclosure of personal financial information by financial institutions, including documenting their security plans?
The Gramm-Leach-Bliley Act (GLBA)
31
Which law governs national standards as to which sex offenders must register and which data must be captured?
The Sex Offender Registration and Notification Provisions (SORNA) of the Adam Walsh Child Protection and Safety Act of 2006
32
What is the right of privacy?
The right of privacy is the right to be left alone - the most comprehensive of rights, and the right most valued by free people
33
What are the two common payment methods for paid media marketing?
Cost per click
Cost per thousand impressions
34
Which law terminated the bulk collection of phone metadata by the NSA, instead requiring telecom carriers to respond to NSA queries for data; the act also restored authorization for roving wiretaps and the tracking of lone wolf terrorists?
USA Freedom Act
35
What are common benefits of data?
1. Human understanding
| 2. Social, institutional, economic efficiency
36
Which law changed the US patent system from “first to invent” to “first inventor to file”, and expanding the definition of prior art, making it more difficult to obtain a patent?
The Leahy-Smith America Invents Act
37
Who put forward a privacy multistakeholder process to develop a voluntary enforceable code of conduct specifying how Consumer Privacy Bill of Rights applies to facial recognition tech?
National Telecommunications and Information Administration (NTIA) of the US Department of Commerce
38
What is the purpose of the Title III of the Omnibus Crime Control and Safe Streets Act?
To regulate the interception of wire and oral communications
39
What is the purpose of the Privacy Act (1974)?
To regulate the concealment of data record keeping in the systems of the federal government
40
What is intellectual property?
Works of the mind that are distinctly owned or created by a single person or group
41
What is earned media?
Exposure an organization gets through press or social media mentions, positive ratings or reviews, tweets and shares, reposts, recommendations, etc.
42
Which UN agency is dedicated to the use of intellectual property?
The World Intellectual Property Organization (WIPO)
43
Why is integrity?
Data can only be changed by authorized individuals so that the accuracy, consistency, and trustworthiness of the data are gauaranteed
44
Which law allows consumers the request and obtain a free credit report each year from each of three consumer credit reporting agencies?
The Fair and Accurate Credit Transaction Act
45
What is a white hat hacker?
Someone hired to test security of information systems in order to improve defences
46
How was FISA amended in 2004 and 2008?
2004: authorized FISA to collect intel on lone wolf individuals
2008: granted NSA expanded authority to collect international communications flowing through US telecom equipment and facilities
47
How many firms record and review employee communications and activities on the job?
80%
48
Which law deals with the protection of communications while in transit from sender to receiver; the protection of communications held in electronic storage; and the prohibition of devices from recording dialing, routing, addressing, and signaling info without a warrant?
The Electronic Communications Privacy Act (ECPA) of 1986
49
What is the law functioning as a stopgap measure allowing businesses to transfer personal data about European citizens to the United States, after the Safe Harbour agreement was deemed invalid by the European Court of Justice?
The European-United States Privacy Shield Data Transfer Program Guidelines
50
How many internet users worldwide?
4 billion
51
What is the purpose of FISA?
To describe procedures for the electronic surveillance and collection of foreign intelligence information between foreign powers and agents of those powers.
52
Which organization combats cyberstalking?
The National Center for Victims of Crime
53
What is a design patent?
Issued for a new design embodied in or applied to an article of manufacture
54
What is a MSSP?
Managed Security Service Provider, who monitor, manage, maintain computer and network security
55
How is data accuracy defined?
Associated with data legitimacy
56
Which law requires member countries to ensure that data transferred to non-EU countries is protected and bars export to countries without EU-comparable data privacy protection standards?
The European Union Data Protection Directive, led to Safe Harbour agreement
57
What is the most common source of data inaccuracy?
Human error
58
What are five reasons for prevalent computer incidents?
1. Increase in complexity
2. Expansion and change in systems
3. Increase in BYOD policies
4. Growing reliance on software with known vulnerabilities
5. Increasing bad actor sophistication
59
Which law authorized intelligence gathering on individuals not affiliated with any terrorist org (lone wolves)?
The FISA Amendments Act of 2004
60
Who is responsible for US cyber security and resilience?
DHS, Office of Cybersecurity and Communications
61
What standard is often held up as a model for ethical treatment of consumer data?
The Organization for Economic co-Operation and Development (OECD)‘s fair information practices, to be adopted by member countries on a voluntary basis
62
What must characterize a patentable invention?
1. It must be useful.
2. It must be novel.
3. It must not be obvious to a person with ordinary skill in the same field.
63
What is a stalking app?
Cell phone app making it possible to track location, record calls, view every text and photo, and record website URLs.
64
What does CIA stand for?
Confidentiality
Integrity
Availability
The security practices of organizations worldwide must ensure confidentiality, maintain integrity, guarantee availability (the security triad).
65
Why was the main focus of the USA Freedom Act (2015)?
After the NSA revelations by Edward Snowden, this Act terminated the bulk collection of telephone metadata by the NSA; instead, now telecom holds the data and responds to NSA inquiries.
Also authorized roving wiretaps (surveillance of individual over multiple devices) and lone wolf terrorist tracking.
66
Which law regulates operations of credit reporting bureaus?
The Fair Credit Reporting Act
67
Which law protects investors by improving accuracy and reliability of corporate disclosures?
The Sarbanes-Oxley Act of 2002
68
Which law increased trademark and copyright enforcement and penalties for infringement?
The Prioritizing Resources and Organization for Intellectual Property (PRO-IP) Act of 2008
69
Which law protects financial records from unauthorized scrutiny by federal government?
The Right to Financial Privacy Act
70
What does the First Amendment not protect?
1. Promote hate
2. Defamation
3. Obscenity
4. Sedition
71
Which law describes procedures for electronic surveillance and collection of foreign intelligence information between foreign powers and agents of foreign powers?
The Foreign Intelligence Surveillance Act (FISA) of 1978
72
What are the two primary objectives of social media marketing?
1. Brand awareness
| 2. Driving traffic to website to increase sales
73
What is organic media marketing?
Employs tools tailored for social media platform to build a community and share with that community
74
Which law allowed NSA expanded authority to collect, without court-approved warrants, international communications flowing through US telecom equipment and facilities?
The Foreign Intelligence Surveillance Act (FISA) of 1978 Amendments Act of 2008
75
How is data integrity defined as a state and process?
1. State: defines a data set both valid and accurate
| 2. Process: describes measures used to ensure validity and accuracy of a data set
76
What qualifies as a trade secret?
Information must have economic value
Must not be readily ascertainable
Owner must have taken steps to maintain secrecy
77
Which laws were enacted to prosecute computer crime?
1. Computer Fraud and Abuse Act
2. Fraud and Related Activity in Connection with Access Devices Statute
3. The Stored Wire and Electronic Communications and Transactional Records Access Statutes
4. USA PATRIOT Act
78
Which laws protect trade secrets?
1. Uniform Trade Secrets Act
2. Economic Espionage Act
3. Defend Trade Secrets Act, amending EEA to create a federal civil remedy for trade secret misappropriation
79
What is the primary danger to facial recognition technology?
Loss of anonymity
80
What are key elements of the network security layer?
1. Authentication methods
2. Firewalls
3. Routers
4. Encryptions
5. Proxy servers
6. VPNs
7. IDSs
81
Which organization and initiative created set of fair information practices held up as a model for organizations to adopt the ethical treatment of consumer data?
The Organization for Economic Co-operation and Development (OECD) for the Protection of Privacy and Transborder Data Flows of Personal Data
82
What is black hat?
A hacker who violates computer security for their own personal profit or malice
83
Which law requires the telecom industry to build tools into its products that federal investigators can use with a court order to eavesdrop and intercept e-communications?
The Communications Assistance for Law Enforcement Act (CALEA) or “Digital Telephony Act”
84
Which law implements two WIPO treaties in the US: making it illegal to circumvent technical protection and providing tools to circumvent technical protection, and limiting the liability of ISPs for copyright infringement by their customers?
The Digital Millennium Copyright Act (DMCA)
85
What is the difference between security safeguards and purpose specification in the context of fair information practices?
1. Security safeguards focus on access, modification, or disclosure of personal data
2. Purpose specification is focused on specified purpose of the data collection and absence of consequent change in collected data
86
What quality management system certification is ubiquitous?
International Organization for Standardization (ISO) 9001
87
How is data privacy defined?
Aligned to information access and consent
88
What did CALEA amend?
The Communications Assistance for Law Enforcement Act (CALEA) amended both the Wiretap Act and the ECPA, because of growing wireless data networks
89
What is predictive coding?
A process coupling human intelligence with computer-driven concept searching to “train” software to recognize certain relevant documents
90
What is a data breach and what is a fundamental issue associated with it?
Unintended release of sensitive data or the access of sensitive data by unauthorized individuals
Many companies have a lack of initiative in informing people of data breaches, leading to data breach notification laws
91
Which law addresses the export of personal data outside the EU, enabling citizens to see and correct their personal data, standardizing data privacy regulations within the EU, and establishing penalties for violation of its guidelines?
The General Data Protection Regulation (GDPR)
92
What is cyber espionage?
Deployment of malware that secretly steals data in the computer systems of organizations; this data often provides a competitive advantage to the perpetrator.
93
What is an EDR?
The event data recorder records vehicle and occupant data for a few seconds before, during, and after any vehicle crash that is severe enough to deploy airbags.
94
Why are key elements of the application security layer?
1. Authentication methods
2. User roles and accounts
3. Data encryption
95
What is one way around inaccurately captured data?
Machine learning systems can use incomplete or occasionally inaccurate information without severe consequence
96
How does the fair use doctrine pertain to the use of copyrighted property?
1. The purpose and character of the use
2. The nature of the copyrighted work
3. The portion of the copyrighted work used
4. The effect of the use on the value of the copyrighted work
97
Why is the concept of reasonable assurance?
Managers must use their judgment to ensure that the cost of control doesn’t exceed the systems benefits or the risks involved
98
Which US companies where allowed to process and store the data of EU consumers and companies under the Safe Harbor framework?
Companies that were certified as meeting the directive’s safe harbour principles.
The European Court of Justice declared this invalid in 2015 after Snowden- framework now replaced by European-United States Privacy Shield Data Transfer Program.
99
What piece of legislation ensures a US citizen’s ability to obtain records of interest kept by the federal government?
FOIA
100
Which law provides students and their parents with specific rights regarding the release of student records?
Family Educational Rights and Privacy Act (FERPA)
101
Which order identifies various government intelligence-gathering agencies and defines what information can be collected, retained, and disseminated by the agencies; allowing for tangential collection of US citizen data (even when not specifically targeted)?
Executive Order 12333 (Reagan, 1981)
102
What is an exploit?
An attack on an information system that takes advantage of a particular system vulnerability (often due to poor design or implementation)
103
What are two advantages of social media marketing over traditional?
1. Marketers can create a conversation with ad viewers
| 2. Ads can be specifically targeted
104
What is information privacy?
1. Communications privacy (ability to communicate with others without being monitored by a third party)
2. Data privacy (ability to limit access to one’s personal data by other individuals and organizations)
105
To what countries in the UN does the European Union Data Protection Directive allow the export of data?
To countries with data privacy protection standards comparable to the EU
106
Which law regulates the interception of wire and oral communications?
Title III of the Omnibus Crime Control and Safe Streets Act (“Wiretap Act”)
107
What do marketers use along with cookies to provide targeted advertisements to online consumers?
Tracking software
108
Why is the 2013 Target data breach a “poster child” for these breaches?
1. Breach included financial data including debit and cc numbers
2. Breach caused $800M sales drop in the quarter partly due to loss of goodwill from customers
3. Breach caused $200M to banking industry in card replacement plus millions more as loss for fraudulent purchases
109
How many major companies record and review employee communications and activities on the job?
80%
110
How prevalent is cyberloafing and why does it cost US businesses annually?
More than 60% of least productive worker time lost, and costs $86B a year.
111
What are two ways that EDRs are used?
Vehicle event data recorders can be subpoenaed by court for use in court proceedings, and can capture and record data to be used by vehicle manufacturers to improve vehicle crash performance.
112
What is a cyber attack that takes place before the security community or software developers become aware of vulnerability and fix it?
Zero day exploit
113
What is the VEP policy?
The Vulnerability Equities Process (VEP) is how US federal agencies determine on a case to case basis how it should treat zero day computer security vulnerabilities, whether to disclose to public or company or keep them secret for offensive use
114
What is a piece of programming code, usually disguised, that causes a computer to behave in an unexpected and usually undesirable manner?
A virus
115
What is a harmful program that resides in the active memory of a computer and duplicates itself?
A worm
116
Why law declares spam to be illegal unless the message meets specific requirements?
Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM)
117
What is a set of programs that enable the user to gain admin-level access to a computer without consent?
Rootkit
118
Why is an APT attack?
Advanced persistent threat (APT) is a network attack where the intruder gains access to a network and stays for a long time undetected to steal data (rather than disrupt services)
119
What are the five phases of an APT attack?
1. Recon
2. Incursion
3. Discovery
4. Capture
5. Export
120
What are federal laws for prosecuting computer attacks?
1. Computer Fraud and Abuse Act
2. Fraud and Related Activity in Connection with Access Devices Statute
3. Stored Wire and Electronic Communications and Transactional Records Access Statutes
4. USA PATRIOT Act
121
What is US-CERT?
The United States Computer Emergency Readiness Team is a partnership between the Department of Homeland Security and private sectors that was established to protect internet infrastructure against cyberattacks
122
What % of internet users have personally experienced cyber abuse?
47%
72% have witnessed it
123
How is cyber stalking a problem?
14% of internet users under 30 have experienced
20% of women under 30
8% of total internet users have experienced
124
What law improved on the 1994 Wetterling Act?
SORNA of the Adam Walsh Child Protection and Safety Act of 2006 improved on the Jacob Wetterling Act by setting national standards for sex offender registration (the original called for local registration).
125
Who does Section 230 of the Communications Decency Act protect?
The website
