The Benefits and Costs of Online Privacy Legislation

Many people are concerned that information about their private life is more readily available and more easily captured on the Internet as compared to offline technologies. Specific concerns include unwanted email, credit card fraud, identity theft, and harassment. This paper analyzes key issues surrounding the protection of online privacy. It makes three important contributions: First, it provides the most comprehensive assessment to date of the estimated benefits and costs of regulating online privacy. Second, it provides the most comprehensive evaluation of legislation and legislative proposals in the U.S. aimed at protecting online privacy. Finally, it offers some policy prescriptions for the regulation of online privacy and suggests areas for future research. After analyzing the current debate on online privacy and assessing the potential costs and benefits of proposed regulations, our specific recommendations concerning the government's involvement in protecting online privacy include the following: The government should fund research that evaluates the effectiveness of existing privacy legislation before considering new regulations. The government should not generally regulate matters of privacy differently based on whether an issue arises online or offline. The government should not require a Web site to provide notification of its privacy policy because the vast majority of commercial U.S.-based Web sites already do so. The government should distinguish between how it regulates the use and dissemination of highly sensitive information, such as certain health records or Social Security numbers, versus more general information, such as consumer name and purchasing habits. The government should not require companies to provide consumers broad access to the personal information that is collected online for marketing purposes because the benefits do not appear to be significant and the costs could be quite high. The government should make it easier for the public to obtain information on online privacy and the tools available for consumers to protect their own privacy. The message of this paper is not that online privacy should be unregulated, but rather that policy makers should think through their options carefully, weighing the likely costs and benefits of each proposal.

Cracks in the Foundation: The New Internet Legislation\u27s Hidden Threat to Privacy and Commerce

Scholarship to date has focused on the legal significance of the novelty of the Internet. This scholarship does not describe or predict actual Internet legislation. Instead of asking whether the Internet is so new as to merit new law, legislators and academics should re-evaluate the role of government in orchestrating collective action and change the relative weight of enforcement, deterrence, and incentives in Internet regulations. A perfect example of the need for this new approach is the recent CANSPAM Act of 2003, which was intended to protect personal privacy and legitimate businesses. However, the law threatens both of these interests, because it does not recognize either the limits of enforceability, or the enhanced possibilities for incentives offered by the decentralized architecture of the Internet

An Appraisal of Cyber Laws with Reference to E-Banking in Pakistan

The Information and Communication Technology (ICT) has revolutionized almost every aspect of human endeavor. Increased use of ICT such as computers, cellular phones, internet and other associated technologies are the routes which gave emergence to a lot of constructive as well as destructive work. The constructive work includes simplicity in business transactions provided convenient, effective, speedy and smooth processes. The destructive activities are considered as “electronic or cyber crimes” such as Identity theft, credit card and ATM frauds, criminal activities, spamming, phishing and other web-based crimes. This study will identify the adverse effects of the cyber crimes on e-retailing, effects of cyber crimes on financial transactions in e-banking sector, the present need to formulate policy framework, national legislation and independent investigation authority to penalize such criminals. Keywords: ATM, E-Banking, E-Commerce, EFT, E-Payment, ICT, M-Banking, PEC

Mitigating Online Survey Nonresponse Error in Aviation Research

As aviation researchers increasingly rely on online and email based methods of inquiry, it has become ever more necessary to identify the best practices in avoiding the blockage of research-oriented emails by spam filtration software. This study investigated the available literature on the use of email to distribute research surveys. Although data was available on how to and why to conduct research online, the literature lacked information on potential problems associated with the use of email in the conduct of such research. Evidence on how to avoid spam filtration was provided by the ex post facto findings of a study of aviation faculty. This data revealed that a dramatic difference in response rate can occur if specialized email construction and delivery techniques are utilized. Finally, a systemic method of survey/email nonresponse mitigation is provided

An Integrated Model for Personalization, Privacy and Security in eCommerce

Customers and firms must understand and appreciate one another’s personalization, privacy and security (PPS) vested interests. Customers and enterprises should establish and maintain sufficiently well implemented policies, mechanisms and behaviors to minimize unintended consequences of security breaches that breakdown relationships. An integrated model of personalization, privacy and security from both the customer’s and enterprises point of view is presented. The objective is to assure value exchange appropriate levels of vigilance in both security and privacy but not at the expense of the value derived from personalization. Keywords: Personalization

An Explanatory Model of Motivation for Cyber-Attacks Drawn from Criminological Theories

A new influence model for Cyber Security is presented that deals with security attacks and implementation of security measures from an attacker's perspective. The underlying hypothesis of this model is that Criminological theories of Rational Choice, Desire for Control, and Low Self-Control are relevant to cybercrime and thereby aid in the understanding its basic Motivation. The model includes the roles of Consequences, Moral Beliefs such as Shame and Embarrassment together with Formal Sanctions in deterring cybercrime, as well as role of Defense Posture to limit the Opportunity to attack and increase the likelihood that an attacker will be detected and exposed. One of the motivations of the study was the observation that few attempts have been made to understand cybercrime, in the context of typical crime because: (a) an attacker may consider his actions as victimless due to remoteness of the victim; (b) ease to commit cybercrimes due to opportunities afforded by the Internet and its accessibility, and readily available tools and knowledge for an attack; and (c) vagueness of cybercrime laws that makes prosecution difficult. In developing the model, information from studies in classical crime was related to Cybercrime allowing for analysis of past cyber-attacks, and subsequently preventing future IS attacks, or mitigating their effects. The influence model's applicability is demonstrated by applying it to case studies of actual information attacks which were prosecuted through the United States Courts, and whose judges' opinions are used for statements of facts. Additional, demonstration of the use and face validity of the model is through the mapping of the model to major annual surveys' and reports' results of computer crime. The model is useful in qualitatively explaining "best practices" in protecting information assets and in suggesting emphasis on security practices based on similar results in general criminology

Toward a phishing attack ontology

Phishing attacks are the most common form of social engineering where attackers intend to deceive targeted people into revealing sensitive information or installing malware. To understand the dynamics of phishing attacks and design suitable countermeasures, particularly the promotion of phishing awareness, cybersecurity researchers have proposed several domain conceptual models and lightweight ontologies. Despite the growing literature in ontology engineering highlighting the advantages of employing upper and reference ontologies for domain modeling, current phishing attack models lack ontological foundations. As a result, they suffer from a number of shortcomings, such as false agreements, informality, and limited interoperability. To address this gap, we propose a Phishing Attack Ontology (PHATO) grounded in the Reference Ontology for Security Engineering (ROSE) and the Common Ontology of Value and Risk (COVER), which are both founded in the Unified Foundational Ontology (UFO). Our proposal is represented through the OntoUML ontology-driven conceptual modeling language, benefiting from its ecosystem of tools and domain ontologies. We also discuss some implications of PHATO for the design of anti-phishing countermeasures.</p

A Response to the AIS Bright ICT Initiative

In 2015, the President of the Associate for Information Systems introduced the Bright ICT Initiative (Lee 2015), which provides a framework for improving Internet security based on four principles: origin responsibility, deliverer responsibility, rule-based digital search warrants, and traceable anonymity. We review these principles and show that at least three of these principles are at odds with the United Nation\u27s Universal Declaration of Human Rights and the founding principles of the Internet and may actually decrease individual security. We conclude giving suggestions for developing principles more in line with human rights