Lab5 – Legal Regulations, Compliance, And Investigation
Lab5 – Legal Regulations, Compliance, And Investigation
35
Introduction
When consumers provide personal information for a product or service, the assumption is the
receiving company will exercise due diligence to protect their information. Bear in mind there is
no all-purpose federal law mandating personal data should be protected, only certain industry-
specific laws, for example, health care and financial. But even without an overarching mandate,
most companies will attempt to protect your personal data just to avoid a charge of negligence
should a privacy breach occur.
One nonprofit organization that monitors how well companies guard personal data—among
other missions—is the Electronic Frontier Foundation (EFF). EFF’s purpose is to defend free
speech, privacy, innovation, and consumer rights. This lab takes a look at a class-action lawsuit
filed by EFF.
In this lab, you will explain the privacy issues related to an EFF case study, you will identify
U.S. privacy law violations and their implications, and you will assess the impact of those
violations on consumer confidential information.
Learning Objectives
Upon completing this lab, you will be able to:
Explain the mission statement of the Electronic Frontier Foundation (EFF).
Relate privacy issues in the case study to any personal or individual laws in the United
States.
Identify U.S. citizen privacy law violations and their implications for privacy and
confidential information in the case study.
Assess the impact of these violations on consumers’ confidential information from a legal,
ethical, and information systems security perspective.
Lab #5 Case Study on Issues Related to Sharing Consumers’ Confidential Information
Copyright © by Jones & Bartlett Learning, LLC, an Ascend Learning Company – All Rights Reserved.
36 | LAB #5 Case Study on Issues Related to Sharing Consumers’ Confidential Information
Deliverables
Upon completion of this lab, you are required to provide the following deliverables to your
instructor:
1. Lab Report file; 2. Lab Assessments file.
Instructor Demo
The Instructor will present the instructions for this lab. This will start with a general discussion
about privacy law and how this is different from information systems security as well as how
they are related. The Instructor will then present an overview of the Electronic Frontier
Foundation (EFF) and the case study in this lab.
Copyright © by Jones & Bartlett Learning, LLC, an Ascend Learning Company – All Rights Reserved.
37
Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved.
www.jblearning.com Student Lab Manual
Hands-On Steps
Note: This is a paper-based lab. To successfully complete the deliverables for this lab, you will need access to Microsoft® Word or another compatible word processor. For some labs, you may also need access to a graphics line drawing application, such as Visio or PowerPoint. Refer to the Preface of this manual for information on creating the lab deliverable files.
1. On your local computer, create the lab deliverable files.
2. Review the Lab Assessment Worksheet. You will find answers to these questions as you proceed through the lab steps.
3. Review the following case study on issues related to sharing consumers’ confidential information. Note that this information originated from the following Electronic Frontier
Foundation Web pages: https://www.eff.org/about, https://www.eff.org/cases/hepting, and
https://www.eff.org/nsa/hepting.
From the Internet to the iPod, technologies transform society and empower us as
speakers, citizens, creators, and consumers. When freedoms in the networked world come
under attack, the Electronic Frontier Foundation (EFF) is the first line of defense. EFF
broke new ground when it was founded in 1990—well before the Internet was on most
people’s radar—and continues to confront cutting-edge issues defending free speech,
privacy, innovation, and consumer rights today. From the beginning, EFF has
championed the public interest in every critical battle affecting digital rights.
Blending the expertise of lawyers, policy analysts, activists, and technologists, EFF
achieves significant victories on behalf of consumers and the general public. EFF fights
for freedom primarily in the courts, bringing and defending lawsuits even when that
means taking on the U.S. government or large corporations. By mobilizing more than
61,000 concerned citizens through the Action Center, EFF beats back bad legislation. In
addition to advising policymakers, EFF educates the press and public.
EFF is a donor-funded nonprofit and depends on support to continue successfully
defending digital rights. Litigation is particularly expensive. Because two-thirds of EFF’s
budget comes from individual donors, every contribution is critical to helping EFF
fight—and win—more cases (https://www.eff.org/about).
EFF Case Study Information
The Electronic Frontier Foundation (EFF) filed a class-action lawsuit against AT&T on
January 31, 2006, accusing the telecom giant of violating the law and the privacy of its
customers by collaborating with the National Security Agency (NSA) in its massive, illegal
Copyright © by Jones & Bartlett Learning, LLC, an Ascend Learning Company – All Rights Reserved.
38 | LAB #5 Case Study on Issues Related to Sharing Consumers’ Confidential Information
program to wiretap and data-mine Americans’ communications. In May 2006, many other
cases were filed against a variety of telecommunications companies. Subsequently, the
Multi-District Litigation Panel of the federal courts transferred approximately 40 cases to
the Northern District of California federal court.
In Hepting v. AT&T, EFF sued the telecommunications giant on behalf of its customers
for violating privacy law by collaborating with the NSA in the massive, illegal program
to wiretap and data-mine Americans’ communications. Evidence in the case includes
undisputed evidence provided by former AT&T telecommunications technician Mark
Klein showing AT&T routed copies of Internet traffic to a secret room in San Francisco
controlled by the NSA.
In June of 2009, a federal judge dismissed Hepting and dozens of other lawsuits against
telecoms, ruling that the companies had immunity from liability under the controversial
Foreign Intelligence Surveillance Act Amendments Act (FISAAA), which was enacted in
response to court victories in Hepting. Signed by President Bush in 2008, the FISAAA
allows the attorney general to require the dismissal of the lawsuits over the telecoms’
participation in the warrantless surveillance program if the government secretly certifies
to the court that the surveillance did not occur, was legal, or was authorized by the
president—certification that was filed in September of 2008.
Note: To read the full order from the federal judge who dismissed the many EFF lawsuits, the order is available here: http://www.eff.org/files/filenode/att/orderhepting6309_0.pdf.
EFF plans to appeal the decision to the 9th U.S. Circuit Court of Appeals, primarily
arguing that FISAAA is unconstitutional in granting to the president broad discretion to
block the courts from considering the core constitutional privacy claims of millions of
Americans (http://www.eff.org/cases/hepting; https://www.eff.org/nsa/hepting).
Note: Public proof regarding the case study came in June 2013 when British newspaper The Guardian first published news of massive electronic data collection by the NSA, a U.S. spy agency. Revelations from former NSA contractor and whistleblower Edward Snowden have detailed the extensiveness of data collection.
4. In your Lab Report file, describe the EFF’s mission statement.
5. In your Lab Report file, explain the privacy issues in the case study.
6. In your Lab Report file, identify the U.S. citizen privacy law violations in the case study and the implications those violations have on privacy and confidential information.
Note: This completes the lab. Close the Web browser, if you have not already done so.
Copyright © by Jones & Bartlett Learning, LLC, an Ascend Learning Company – All Rights Reserved.
39
Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved.
www.jblearning.com Student Lab Manual
Evaluation Criteria and Rubrics
The following are the evaluation criteria for this lab that students must perform:
1. Explain the mission statement of the Electronic Frontier Foundation (EFF). – [25%] 2. Relate privacy issues in the case study to any personal or individual laws in the United
States. – [25%]
3. Identify U.S. citizen privacy law violations and their implications for privacy and confidential information in the case study. – [25%]
4. Assess the impact of these violations on consumers’ confidential information from a legal, ethical, and information systems security perspective. – [25%]
Copyright © by Jones & Bartlett Learning, LLC, an Ascend Learning Company – All Rights Reserved.
40 | LAB #5 Case Study on Issues Related to Sharing Consumers’ Confidential Information
Lab #5 – Assessment Worksheet
Case Study on Issues Related to Sharing Consumers’ Confidential Information
Course Name and Number: _____________________________________________________ Student Name: ________________________________________________________________ Instructor Name: ______________________________________________________________ Lab Due Date: ________________________________________________________________
Overview
In this lab, you explained the privacy issues related to an EFF case study, you identified U.S.
privacy law violations and their implications, and you assessed the impact of those violations on
consumer confidential information.
Lab Assessment Questions & Answers
1. What is the Electronic Frontier Foundation’s mission statement?
2. Did the U.S. government violate the constitutional rights of U.S. citizens by ordering the NSA to review consumer confidential privacy information?
3. Why is the Hepting v. AT&T case crucial to the long-term posture of how the U.S. government can or cannot review consumer confidential information?
4. If Hepting v. AT&T results in “Big Brother” being allowed to eavesdrop and/or review the local and toll telephone dialing and bills of individuals, will U.S. citizens and consumers have any
privacy rights left regarding use of communication technologies?
5. What are the legal implications of consumer privacy information being shared?
Copyright © by Jones & Bartlett Learning, LLC, an Ascend Learning Company – All Rights Reserved.
41
Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved.
www.jblearning.com Student Lab Manual
6. What are the ethical implications of consumer privacy information being shared?
7. What are the information systems security implications of consumer information being shared?
8. What law allowed a federal judge to dismiss Hepting v. AT&T and other lawsuits against telecommunication service providers participating in the warrantless surveillance program
authorized by the president?
9. True or false: EFF claimed that the ruling set forth by FISAAA was unconstitutional.
Copyright © by Jones & Bartlett Learning, LLC, an Ascend Learning Company – All Rights Reserved.