Laboratory Manual to Legal issues in Information Security: Lab 5

  1. What is the Electronic Frontier Foundation’s mission statement?

Quoting directly from the website [1]-

July 10, 1990

A new world is arising in the vast web of digital, electronic media which connect us. Computer-based communication media like electronic mail and computer conferencing are becoming the basis of new forms of community. These communities without a single, fixed geographical location comprise the first settlements on an electronic frontier.

While well-established legal principles and cultural norms give structure and coherence to uses of conventional media like newspapers, books, and telephones, the new digital media do not so easily fit into existing frameworks. Conflicts come about as the law struggles to define its application in a context where fundamental notions of speech, property, and place take profoundly new forms. People sense both the promise and the threat inherent in new computer and communications technologies, even as they struggle to master or simply cope with them in the workplace and the home.

The Electronic Frontier Foundation has been established to help civilize the electronic frontier; to make it truly useful and beneficial not just to a technical elite, but to everyone; and to do this in a way which is in keeping with our society’s highest traditions of the free and open flow of information and communication.

To that end, the Electronic Frontier Foundation will:

  1. Engage in and support educational activities which increase popular understanding of the opportunities and challenges posed by developments in computing and telecommunications.
  2. Develop among policy-makers a better understanding of the issues underlying free and open telecommunications, and support the creation of legal and structural approaches which will ease the assimilation of these new technologies by society.
  3. Raise public awareness about civil liberties issues arising from the rapid advancement in the area of new computer-based communications media. Support litigation in the public interest to preserve, protect, and extend First Amendment rights within the realm of computing and telecommunications technology.
  4. Encourage and support the development of new tools which will endow non-technical users with full and easy access to computer-based telecommunications.

The Electronic Frontier Foundation

  • Did the U.S. government violate the constitutional rights of the U.S. citizens by ordering the NSA to review consumer confidential privacy information?

Yes, the U.S government did violate the constitutional rights of the U.S citizens by ordering the NSA to review consumer confidential privacy information.
The Fourth Amendment of the U.S. Constitution provides “[t]he right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.” [2].

The U.S citizens who used AT & T services, were well within their constitutional rights to expect their communications through the carrier, to be private. But the U.S Government’s review order, the NSA warrantless surveillance that followed, and AT&T “giving the NSA unfettered access to its communications” [3], violated these rights, at the time of the surveillance, and at the time of the filing of the Hepting v AT&T. District Court Judge Vaughn Walker in California, further rules that “government could not use the state secrets privilege to block the lawsuit.” [3]

However, before the appeals court could deliver a decision on the appeal, Congress passed the FISA Amendments Act in July 2008, which essentially “legalized the NSA’s wiretapping operation.” [3]

  • Why is Hepting v. AT&T case crucial to the long-term posture of how the U.S government can or cannot review consumer confidential information?

The Hepting v. AT&T case is crucial as, with time, and advancements in technology, the US government’s review of consumer confidential information can only increase. This was clearly seen when Edward Snowden blew the whistle on the NSA, much after the Hepting case.
Even in the computer and digital age, citizens should still be able to enjoy their freedom and constitutional rights to privacy, and organizations like the EFF, realize that “protecting access to developing technology was central to advancing freedom for all”. [4]

Cases such as Hepting v AT&T, which challenge the Government agencies actions, are crucial to “upholding the constitutional limitations on the executive branch’s power”. [5]

They also involve citizens in the dialog about privacy rights and make them question the reliability and accountability of the corporations who collect their private information and eventually end up selling themselves for profit, or bow down to power, and end up violating their privacy policies and breach the citizens’ confidentiality.

To this effect, EFF has stated that “Under the Constitution, important decisions about surveillance of Americans are not the executive’s alone, nor are decisions about whether the Constitution and Congress’ laws must be followed,” and that citizens “need to be vigilant about protecting ourselves, and ultimately the Constitution, against actions that ignore or overstep limits on executive power.”

Such cases are crucial and critical, and can serve as precedents for the cases to follow; with advancement in technology, the number of similar situations can only be expected to increase.

Only last week, questions were raised when it came to light the Yahoo! secretly scanned user emails for the NSA and FBI. [6]

  • If Hepting v. AT&T result in “Big Brother” being allowed to eavesdrop and/or review the local and toll telephone dialing and bills of individuals, will U.S. citizens and consumes have any privacy rights regarding use of communication technologies?

People increasingly, and almost exclusively, rely on technology to communicate both personal and official matters. Allowing a Government agency to have the right to freely and without warrants, review and surveil digital and printed information of individuals is akin to giving up all rights to privacy that they should be entitled to. From there on it can only get worse with privacy lines getting blurred in the whole “privacy v. security” debate, and it won’t be long before Orwell’s dystopian world, becomes reality. [7]

  • What are the legal implications of consumer privacy information being shared?

Apart from the blanket violation of the Fourth Amendment right to privacy, each industry has its laws for protecting consumer privacy information from being shared. HIPAA, COPPA, FTC etc have laws and compliance regulations which protect consumers and hold the companies to be liable.

  • What are the ethical implications of consumer privacy information being shared?

A person’s privacy information may involve “age, race, sex, weight, height, marital status, education level, politics, buying habits, medical and psychological issues, legal problems, employment status, personal interests, sexual activities and preferences, relationships, fantasies, economic circumstances, geographical location and a host of other characteristics.” [8] When this information is shared it can lead to can have direct damages like identity and financial theft, and also social implications involving blackmail, embarrassment, and even persecution. This is particularly highlighted in the case involving LGBT rights. While laws uphold rights for the citizens, it is an ever evolving body. When there is a gap between the face of society and the laws of the land in that particular era, a right to privacy enables citizens to enjoy human rights which may not yet be legal.

  • What are the information systems security implications of consumer information being shared?

Information systems are used extensively to collect consumer information. They need to have clear disclosures on the information they collect from their consumers and customers, not just for ethical reasons, but also legal ones. Depending on industry involved, and the audience (in case of COPPA), information systems need to be designed to disclose privacy notices, securely collect information, responsibly store it, and minimally and transparently share it, only if needed and approved. This has led to the design and development of CMS, databases and secure information systems.

  • What law allowed a federal judge to dismiss Hepting v. AT&T and other lawsuits against telecommunication service providers participating in the warrantless surveillance program authorized by the president?

In July, 2008, the government and AT&T were awarded the “retroactive immunity” from liability under the controversial FISA Amendments Act (FAA), which was enacted in response to the court victories in Hepting. Signed by President Bush in 2008, the FAA allows the Attorney General to require the dismissal of the lawsuits over the telecoms’ participation in the warrantless surveillance program if the government secretly certifies to the court that the surveillance did not occur, was legal, or was authorized by the president. [9]

  • True or false; EFF claimed that the ruling set forth by FISAAA was unconstitutional.

True. The EFF appealed that decision set forth by FISAAA, but it was affirmed, and in October, 2012, the Supreme Court declined to hear the case. [9]








7.Orwell, G. (1949). 1984.