Lab5 – Legal Regulations, Compliance, And Investigation

35

 

Introduction

When consumers provide personal information for a product or service, the assumption is the

receiving company will exercise due diligence to protect their information. Bear in mind there is

no all-purpose federal law mandating personal data should be protected, only certain industry-

specific laws, for example, health care and financial. But even without an overarching mandate,

most companies will attempt to protect your personal data just to avoid a charge of negligence

should a privacy breach occur.

One nonprofit organization that monitors how well companies guard personal data—among

other missions—is the Electronic Frontier Foundation (EFF). EFF’s purpose is to defend free

speech, privacy, innovation, and consumer rights. This lab takes a look at a class-action lawsuit

filed by EFF.

In this lab, you will explain the privacy issues related to an EFF case study, you will identify

U.S. privacy law violations and their implications, and you will assess the impact of those

violations on consumer confidential information.

Learning Objectives

Upon completing this lab, you will be able to:

Explain the mission statement of the Electronic Frontier Foundation (EFF).

Relate privacy issues in the case study to any personal or individual laws in the United

States.

Identify U.S. citizen privacy law violations and their implications for privacy and

confidential information in the case study.

Assess the impact of these violations on consumers’ confidential information from a legal,

ethical, and information systems security perspective.

Lab #5 Case Study on Issues Related to Sharing Consumers’ Confidential Information

 

Copyright © by Jones & Bartlett Learning, LLC, an Ascend Learning Company – All Rights Reserved.

 

 

36 | LAB #5 Case Study on Issues Related to Sharing Consumers’ Confidential Information

 

Deliverables

Upon completion of this lab, you are required to provide the following deliverables to your

instructor:

1. Lab Report file; 2. Lab Assessments file.

Instructor Demo

The Instructor will present the instructions for this lab. This will start with a general discussion

about privacy law and how this is different from information systems security as well as how

they are related. The Instructor will then present an overview of the Electronic Frontier

Foundation (EFF) and the case study in this lab.

Copyright © by Jones & Bartlett Learning, LLC, an Ascend Learning Company – All Rights Reserved.

 

 

37

 

Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved.

www.jblearning.com Student Lab Manual

 

 

Hands-On Steps

Note: This is a paper-based lab. To successfully complete the deliverables for this lab, you will need access to Microsoft® Word or another compatible word processor. For some labs, you may also need access to a graphics line drawing application, such as Visio or PowerPoint. Refer to the Preface of this manual for information on creating the lab deliverable files.

 

1. On your local computer, create the lab deliverable files.

2. Review the Lab Assessment Worksheet. You will find answers to these questions as you proceed through the lab steps.

3. Review the following case study on issues related to sharing consumers’ confidential information. Note that this information originated from the following Electronic Frontier

Foundation Web pages: https://www.eff.org/about, https://www.eff.org/cases/hepting, and

https://www.eff.org/nsa/hepting.

From the Internet to the iPod, technologies transform society and empower us as

speakers, citizens, creators, and consumers. When freedoms in the networked world come

under attack, the Electronic Frontier Foundation (EFF) is the first line of defense. EFF

broke new ground when it was founded in 1990—well before the Internet was on most

people’s radar—and continues to confront cutting-edge issues defending free speech,

privacy, innovation, and consumer rights today. From the beginning, EFF has

championed the public interest in every critical battle affecting digital rights.

Blending the expertise of lawyers, policy analysts, activists, and technologists, EFF

achieves significant victories on behalf of consumers and the general public. EFF fights

for freedom primarily in the courts, bringing and defending lawsuits even when that

means taking on the U.S. government or large corporations. By mobilizing more than

61,000 concerned citizens through the Action Center, EFF beats back bad legislation. In

addition to advising policymakers, EFF educates the press and public.

EFF is a donor-funded nonprofit and depends on support to continue successfully

defending digital rights. Litigation is particularly expensive. Because two-thirds of EFF’s

budget comes from individual donors, every contribution is critical to helping EFF

fight—and win—more cases (https://www.eff.org/about).

EFF Case Study Information

The Electronic Frontier Foundation (EFF) filed a class-action lawsuit against AT&T on

January 31, 2006, accusing the telecom giant of violating the law and the privacy of its

customers by collaborating with the National Security Agency (NSA) in its massive, illegal

Copyright © by Jones & Bartlett Learning, LLC, an Ascend Learning Company – All Rights Reserved.

 

 

38 | LAB #5 Case Study on Issues Related to Sharing Consumers’ Confidential Information

 

program to wiretap and data-mine Americans’ communications. In May 2006, many other

cases were filed against a variety of telecommunications companies. Subsequently, the

Multi-District Litigation Panel of the federal courts transferred approximately 40 cases to

the Northern District of California federal court.

In Hepting v. AT&T, EFF sued the telecommunications giant on behalf of its customers

for violating privacy law by collaborating with the NSA in the massive, illegal program

to wiretap and data-mine Americans’ communications. Evidence in the case includes

undisputed evidence provided by former AT&T telecommunications technician Mark

Klein showing AT&T routed copies of Internet traffic to a secret room in San Francisco

controlled by the NSA.

In June of 2009, a federal judge dismissed Hepting and dozens of other lawsuits against

telecoms, ruling that the companies had immunity from liability under the controversial

Foreign Intelligence Surveillance Act Amendments Act (FISAAA), which was enacted in

response to court victories in Hepting. Signed by President Bush in 2008, the FISAAA

allows the attorney general to require the dismissal of the lawsuits over the telecoms’

participation in the warrantless surveillance program if the government secretly certifies

to the court that the surveillance did not occur, was legal, or was authorized by the

president—certification that was filed in September of 2008.

Note: To read the full order from the federal judge who dismissed the many EFF lawsuits, the order is available here: http://www.eff.org/files/filenode/att/orderhepting6309_0.pdf.

 

EFF plans to appeal the decision to the 9th U.S. Circuit Court of Appeals, primarily

arguing that FISAAA is unconstitutional in granting to the president broad discretion to

block the courts from considering the core constitutional privacy claims of millions of

Americans (http://www.eff.org/cases/hepting; https://www.eff.org/nsa/hepting).

Note: Public proof regarding the case study came in June 2013 when British newspaper The Guardian first published news of massive electronic data collection by the NSA, a U.S. spy agency. Revelations from former NSA contractor and whistleblower Edward Snowden have detailed the extensiveness of data collection.

 

4. In your Lab Report file, describe the EFF’s mission statement.

5. In your Lab Report file, explain the privacy issues in the case study.

6. In your Lab Report file, identify the U.S. citizen privacy law violations in the case study and the implications those violations have on privacy and confidential information.

Note: This completes the lab. Close the Web browser, if you have not already done so.

Copyright © by Jones & Bartlett Learning, LLC, an Ascend Learning Company – All Rights Reserved.

 

 

39

 

Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved.

www.jblearning.com Student Lab Manual

 

 

Evaluation Criteria and Rubrics

The following are the evaluation criteria for this lab that students must perform:

1. Explain the mission statement of the Electronic Frontier Foundation (EFF). – [25%] 2. Relate privacy issues in the case study to any personal or individual laws in the United

States. – [25%]

3. Identify U.S. citizen privacy law violations and their implications for privacy and confidential information in the case study. – [25%]

4. Assess the impact of these violations on consumers’ confidential information from a legal, ethical, and information systems security perspective. – [25%]

 

Copyright © by Jones & Bartlett Learning, LLC, an Ascend Learning Company – All Rights Reserved.

 

 

40 | LAB #5 Case Study on Issues Related to Sharing Consumers’ Confidential Information

 

Lab #5 – Assessment Worksheet

Case Study on Issues Related to Sharing Consumers’ Confidential Information

Course Name and Number: _____________________________________________________ Student Name: ________________________________________________________________ Instructor Name: ______________________________________________________________ Lab Due Date: ________________________________________________________________

Overview

In this lab, you explained the privacy issues related to an EFF case study, you identified U.S.

privacy law violations and their implications, and you assessed the impact of those violations on

consumer confidential information.

Lab Assessment Questions & Answers

1. What is the Electronic Frontier Foundation’s mission statement?

 

2. Did the U.S. government violate the constitutional rights of U.S. citizens by ordering the NSA to review consumer confidential privacy information?

 

 

3. Why is the Hepting v. AT&T case crucial to the long-term posture of how the U.S. government can or cannot review consumer confidential information?

 

 

4. If Hepting v. AT&T results in “Big Brother” being allowed to eavesdrop and/or review the local and toll telephone dialing and bills of individuals, will U.S. citizens and consumers have any

privacy rights left regarding use of communication technologies?

 

 

5. What are the legal implications of consumer privacy information being shared?

 

Copyright © by Jones & Bartlett Learning, LLC, an Ascend Learning Company – All Rights Reserved.

 

 

41

 

Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved.

www.jblearning.com Student Lab Manual

 

 

6. What are the ethical implications of consumer privacy information being shared?

 

7. What are the information systems security implications of consumer information being shared?

 

8. What law allowed a federal judge to dismiss Hepting v. AT&T and other lawsuits against telecommunication service providers participating in the warrantless surveillance program

authorized by the president?

 

 

9. True or false: EFF claimed that the ruling set forth by FISAAA was unconstitutional.

 

 

Copyright © by Jones & Bartlett Learning, LLC, an Ascend Learning Company – All Rights Reserved.