Ethical and Legal Dilemmas

Ethical and Legal Dilemmas in Home Monitoring and Management Services Assignment u10a1 Robert "Bob" Turner TS5336 Ethical and Legal Considerations in Information Technology Capella University December 16, 2011

E-mail: bob_turner@cox.net Instructor: Mr. Stuart Gold, PhD

Ethical and Legal Dilemmas

Ethical and Legal Dilemmas in Home Monitoring and Management Services The industry that has developed over the last 25 years around the concept of protecting the home through use of information technology and ensuring privacy by applying information assurance controls is today a multi-million dollar market force. Unfortunately, there does not appear to be a targeted legal or ethical framework that serves to regulate this field; which forces practitioners to rely on sorting through the mass of industry technical standards, building codes and generalized information technology related laws in order to deliver effective services. This paper presents arguments, for the benefit of students and professionals in the home security and information technology fields, that highlight the issues and complexities of law and ethics involved when maintaining privacy comes in conflict with the need for sharing information necessary to effect proper management of management services and protection of private homes or offices using information technology based tools and techniques. Legal and Ethical Use of Information and Technology From a casual review of articles in the local newspaper, Internet news sites and community specific weblogs, it is easy to determine that we live in challenging times for the global and national economy. Daily are the stories of economic suffering within various industries, threats and news of layoffs, legal conundrums and ethical missteps by leaders in industry, and stories of fraud, waste and privilege abuse. These conditions impact todays home technology market as it continues to deliver advanced systems and software applications for establishing or improving security along with personal productivity and home management. Included are those applications which serve to better the life of average citizens by delivering improved physical security, monitoring services, home health care delivery, and management of food inventory and delivery of entertainment services. Of course, with every Internet based avenue inward to the home to deliver services there is a corresponding outlet for personal and private information and activities to be shared with members of the Internet community. The adversarys work is made much easier since information leakage is commonplace among supervisory control and data acquisition, or SCADA, systems which are at the core of home security and management architectures (Nash, 2005). Loathe as we are for Government intervention, there are situations where the law can assist in shaping the direction of the industry and drive service and technological innovations we demand as consumers. Yet for nearly every law written, there is a corresponding and complimentary ethical framework for

Ethical and Legal Dilemmas

applying common sense, industry best practices and professional ethics to ensure effective and high quality services at the best price. Legal Frameworks According to the United States Government Accountability Office (2008), Federal policy identifies eighteen infrastructure sectors that are critical to the nations security, economy, public health, and safety, to include public and private functions such as banking and finance, energy, public health and healthcare, and telecommunications. Our nations reliance on computerized information systems and electronic data make it essential that the security of these systems and data is maintained (p. 1). Many critical infrastructure components are owned by the private sector. Effective government protection and provision of security services carries the imperative that public and private entities work together to protect these assets. The same partnerships among private industry and government agencies directly support effective provision of private home security and monitoring services through a framework of federal laws, regulations, and standards considered essential to the security of privately owned information technology systems and data. There are over 30 federal laws, regulations, and mandatory standards that pertain to securing privately owned IT systems and data in our nations critical infrastructure sectors (GAO, 2010, p.2). Among these laws are specific statutes concerning privacy practices, security service provisions and contractual implications which are useful in constructing state and local laws to regulate the home monitoring and management services industry. Privacy considerations. Among the many laws relating to privacy is the Electronic Communications Privacy Act of 1986, known by the acronym ECPA and discussed in a later section of this paper. Stemming from the ECPA, our Government has enacted rules governing how agencies are allowed to handle personal and private information. One specific regulation provides for protection of information considered as Sensitive Security Information, or SSI, which is codified in 49 U.S.C. 114. SSI is information obtained or developed in the conduct of security activities; which if disclosed, could constitute an unwarranted invasion of privacy, or could reveal information which contains trade secrets or privileged information. The Government imposed specific duties on agents and private citizens such as taking reasonable steps to safeguard SSI in that person's possession or control from unauthorized disclosure. The Act also imposes the duty to avoid disclosure to people unless they have a need to

Ethical and Legal Dilemmas

know, which can be defined as the requirement to understand pieces of information in the normal performance of their duties ("Protection of sensitive," 2004). Private concerns have adopted similar standards in order to have an approach which keeps their corporate interests in mind and serves to shield them from litigation. Security considerations. The governments role and responsibility in computer security relates primarily to securing federally owned, leased, or operated systems. Federal agencies generally do not mandate controls for the security of non-government computer systems. However, the federal government does require certain information held on non-government systems to be protected against unauthorized access and disclosure (Motef, 2004). As many home computing systems and those held by private home monitoring and management service providers can potentially contain sensitive Government information either created by a private entity or that which is inadvertently or deliberately downloaded, there is a duty imposed to protect the information once discovered. Contract compliance. Contracts are agreements that are legally enforceable which may involve a duty to do, or refrain from doing a specific act or obligation. Non-performance of this duty is considered a breach of contract. The law provides remedies if a promise is breached with the goal to make the breached party return to their prior position, as if the contract had not been breached, rather than punish the breaching party (USLegal.com, n.d.). Numerous facets of IT related management within home security and monitoring are simply the result of contract performance, the parties must rely on specific language and clauses being standard across the industry. Ethical Value Systems The effect of principled behavior strengthens cyber security. By employing Kohlbergs Theory of Moral Development and Education and the axioms expressed by Professor Kenneth Laudon, the information technology professional can develop ethically driven business rules for operating within the home monitoring and management services industry which set their business apart from those who set ethics behind profit. For review, Lawrence Kohlberg (1984) believes moral action flows from a three step process involving a deontic judgment of what is right, discerning responsibility and then carrying out the decision (p. 258). Kohlberg (as cited in Wahlberg and Haertel, 1997) understood that moral judgments may be

Ethical and Legal Dilemmas

defined as judgments of value, as social judgments, and as judgments that oblige an individual to take action (p. 57). Thus, a strong moral drive to produce ethically based judgments are divided according to ones intention to pursue the acts, in some cases, simply deemed as the right thing to do by those individuals (Chong and Opara, 2009). Professor Kenneth Laudon (1995) believed that from his study of 2,000 years of writings there emerged three critical arguments. Phenomenology versus positivism which asks what is good in the given situation derived from the logic and language of the moment or by observing the real world and inductively deriving the ethical principles. Rules versus consequences which positions those who believe good actions result from following the correct and generally accepted rules of behavior based on religion, intuition and aesthetics; contrasted against those who would rather take action that tend to produce the best outcome whether results or consequences. The final distinction being a contrast between individuals and collectivities which focuses on belief systems the locus of moral authority and stresses that belief in an individuals power of self-analysis versus community or society consensus could result in moral relativism based on whatever the group believes is the best rule (p. 34). Practical Application of Ethical Considerations in Information Technology The home monitoring and management industry is increasingly dependence on internet connected services and wireless interconnections to process tremendous volumes of data and to provide real time monitoring and control of home services which integrate into operations and call centers. Of particular interest to the ethicist are those systems which provide direct control of safety and security systems, plus those applications which directly impact life affirming medical services such as real time heart monitors which report to clinics or emergency responders or fire control systems which sense temperature or flames and respond with activation of fire suppression and warning systems. Privacy and Security Practices In practical application within the information technology industry, these ethical foundations motivate one employee to report suspicious activity such as the existence of peer-to-peer software, like BitTorrent or Morpheus, to a supervisor immediately while another employee with similar technical training would investigate and correct the cause of the suspicious activity without a report.

Ethical and Legal Dilemmas

Within the home security monitoring and management services industry, the application of Kohlberg and Laudons theories are found in the amount of personal information coincident to providing the service that can be gathered on celebrities and public figures; and subsequently revealed to cause damage or erosion of the image is but one aspect that provides incentives to protect on near equal measure to incentives to publish. Kohlberg suggests that the individuals continue to change their decision priorities over time, through education, peer or environmental influences, growing confidence or willingness to take risks based on experiences along with changes in values of ethical behavior (Chong and Opara, p. 52). The Right Product at the Right Time for the Right Cost The ethical dilemma in applying technology to solve problems is that despite what a designer is comfortable with, or desires to be challenged to achieve, is that the purpose of designing technology is most often to make it serve a certain function (Albrechtslund, 2007). Within an industry with sales exceeding $2.1 billion in 2010 with potential to reach more than $3.8 billion by 2016, lighting, home entertainment, and security systems accounted for nearly 58% of the U.S. home automation market in 2010 (BCC Research, 2011). Those who specialize in technology applied within a private home should guard against designing a fit for their favorite or most abundantly stocked tool or application; instead they should apply the available technology or engage in design of new technologies to meet a need or desire of the customer. Designing solutions to fit a validated requirement provides the opportunity to solve a problem instead of the opposing search for a problem to fit a tool. The Effects of Law on the Information Technology Profession The effects of local and state legal actions, whether through case law or legislation, are far reaching. In an article by technology columnist Gerald Kohl (2010), the Electronic Security Associations Director of Government relations, John Chwat, lamented that state bills in California and New York have a tendency to be copied by other states in rapid order (p.1). Within the home security and monitoring industry, the liability of manufacturers, designers, consultants and installation firms could be significant should an accident or incident result in death or harm to an individual or significant loss of property. While many contracts include clauses that indemnify manufacturers from installation defects, or exempt designers and installers from liability associated with manufacturer defects, the seemingly limitless effects of tort law and crusades by individual legislators often result in greater losses within the industry.

Ethical and Legal Dilemmas

Legislation Experts argue between the ethical basis for establishing laws even when, intuitively, the responsibility for managing, monitoring and security concerns seem to fall outside the normal arguments of morality, religion and philosophical systems of ethics (Tavani, 2001, p. 40-43). Other experts assert that digital environments can be regulated by their technological capabilities and the design choices made by computer systems engineers. For example, privacy features can be built into computer systems to guarantee personal data will be processed using fair information practices. These features and policy rules built within the architectures and designs of information systems can carry the effect of law and are every bit as important as the rules promulgated by traditional government institutions (Richards, 2006). State laws, such as New Yorks laws relating to home monitoring services, are slowly evolving but tend to focus the areas of liability, privacy and safety. According to the summary of NY Senate Bill 2074, terms used in a contract to indemnify or exempt manufacturers, sellers and/or monitors of burglary protection systems from liability for negligence should not be enforceable and existing contracts with the indemnification should be voided. The proposed language states that such terms must provide for recovery of costs associated with the installation, service and maintenance provided by the manufacturer, seller; including the monitor service (Kohl, 2010). Consumers who do not read the contract carefully are often victims of not only the incident or accident, but they become victims of the contract as well. At the Federal level, the lengthy debate leading to passage of the Patient Protection and Affordable Care Act included discussions by the Senate Committee on Aging. The committee examined the use of broadband technologies in healthcare, with emphasis on mobile and wireless devices. Committee members applauded the technologies available for home medical care highlighting an automatic insulin dispenser that wirelessly communicates adjustments to dosage as the patient's condition changes. The device then uploads readings to the patient's electronic medical record EMR. Underlying the utility of such devices is the need for widespread availability of broadband Internet service; with a return on investment in more robust communications networks reflected in lower Medicare costs (Versel, 2010). Continued Federal legislation and support for improving broadband Internet technology and infrastructure for non-standard home management services such as home medical monitoring with heart monitors,

Ethical and Legal Dilemmas

insulin delivery systems and other portable medical technologies can significantly influence the direction of home management systems. Countries outside of the United States also regulate the services related to home monitoring and management. Australias Private Security Act (2004) requires that countrys Chief Commissioner to register those in the business of acting as security equipment installers or security consultants (Australasian Legal Information Institute, 2004, Section 71). South Africas government regulates wages for private security firms engaged in monitoring and responding to alarms at premises which are guarded by persons or by electronic means (Badenhorst, 2010). Such specificity in legislation is a trend expected to continue as citizens react to advances in technology which increase access to the home and more services are offered, further breaching the boundary of privacy within homes and private offices. Local Law Enforcement and Monitoring Industry Partnerships Local governments incur costs in responding to false alarms generated by security monitoring systems with the mechanical controls industry reporting similar cost incurred responding to abnormal conditions reported to operations centers. Municipalities such as San Rafael, California report costs of $250,000 per year to respond to false alarms while smaller localities like Hercules, California, Astubula, Ohio and Kingman, Arizona have instituted fines of between $75 and $200 to offset costs incurred when police are required to respond to a false alarm (Anonymous, 2006). In George Demarcos (2004) article concerning the cost of local government response to false alarms, improvements in the relationship between law enforcement and the alarm industry has brought a measurable effect on the community through accurate reporting and adjudication of service calls when home monitoring technology delivers a false alarm. Noting that properly managed alarm systems provided opportunity cost savings of more than 80 percent in Los Angeles, California and 90 percent in Salt Lake City, Utah (p. 17). As technology improves and services response stabilizes, monitoring management proves its value in greater measure than legislation or the effect of case law outcomes. The Impact of Legislation The Electronic Communications Privacy Act of 1986, or ECPA, was enacted to extend federal wiretap laws to new forms of communication and has direct applicability to the home security monitoring field. The ECPA is based on the privacy rights derived from the protection against unreasonable

Ethical and Legal Dilemmas

searches and seizures found in the Fourth Amendment and Congress's power to regulate interstate commerce granted in Article I of the U.S. Constitution. Surveillance using wiretaps, pen registers and traps. One facet of the ECPA is the legislation regulating the practice of conducting surveillance using wiretaps or the less intrusive pen registers and so called trap and trace devices. As many home security systems communicate with monitoring operations centers over standard telephone lines, practitioners need to be concerned with the technologies used for conducting electronic surveillance. Pen registers are electronic devices that record the phone numbers that you call, while trap & trace devices record the numbers that call you. The Supreme Court decided in the 1979 case of Smith v. Maryland that because telephone users knowingly exposes phone numbers to the phone company when they dial them, the Fourth Amendment doesn't protect the privacy of those numbers against pen trap or trace surveillance by the government. The contents of a telephone conversation are protected, but not the dialing information (Electronic Frontier Foundation. n.d.). Likewise, wiretapping is any interception of a telephone transmission via the telephone signal while electronic eavesdropping is the use of an electronic transmitting or recording device to monitor conversations without the consent of the parties. It is important to note here that federal law does not currently regulate silent video communications, such as webcams or other video monitoring without an audio component (Privacy Rights Clearing House, 2010). Other aspects of legislation including the Patriot Act. There is little accessible Federal law speaking directly to the home monitoring and management industry beyond that which is common to all businesses. Local building codes and regulations vary and generally speak to building construction, wiring, lighting and sound isolation. Signals traversing the homes physical and logical telecommunications boundary can be subject to monitoring under the Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act, known as the USA-PATRIOT Act, and the Homeland Security Act with the legislation providing for government surveillance of private telephone or internet based communications and to encourage private entities to share information with the government by alleviating legal liability. The lack of specific legislative intervention could be due to the long-standing principles of constitutional law and to more recent principles of civil privacy legislation, only with proper showing on the part of law enforcement should breaches of privacy rules be allowed (Mitrano, 2003).

Ethical and Legal Dilemmas

10

How Case Law Impacts Home Monitoring and Management Services While specific applications in case law related to private home monitoring services is rare, the application of wiretap laws were highlighted in a recent case when Pennsylvania's Lower Merion school district installed remote control anti-theft software on student laptops which enabled the school district to access the video camera of a stolen laptop and recover an image of the user. The images were used to determine the identity of the user and take disciplinary action (Andersen, 2010). The United States Senates Judiciary Committee conducted a field hearing in March of 2010 and among the witnesses was Former Justice Department prosecutor Marc Zwillinger who urged caution with any law change that would make all silent video communications subject to Wiretap Act rules stating that in an age of webcams, wireless CCTV cameras, and cell phones that can take video, the law is badly out of date (Zwillinger, 2010, March 29). Title 18, Part I, Chapter 19 and Section 2510 of the United States Code was codified as the Wiretap Act. The act bans oral, wire, and electronic communications gathered without consent unless under a court order. Further defining electronic communications, the Wiretap Act covers any transfer of signs, signals, writing, images, sounds, data, or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photo electronic or photo optical system (The Wiretap Act, Section 2510(12)). The law also requires that communications have an aural component; so it does not currently regulate silent video communication. The Senate Judiciary Committee determined at the hearing that since Lower Merion's actions to include the use of a laptop microphone and therefore were ruled as not covered by the Wiretap Act. Zwillingers (2010) testimony urged caution with any law change that would make all silent video communications subject to Wiretap Act rules. Zwillinger pointed to other cases where the public is are comforted by the notion that video surveillance helps keep our children safe. As stated by Zwillinger, changes in the Wiretap Act could have two chilling effects. First, it would likely make illegal the array of public and private remote surveillance and security cameras found today at most ATMs, gas stations, casinos, doorsteps, and light poles and used for a multitude of legitimate purposes including security, crime fighting, traffic analysis, and scientific observation. Second, it could turn wellintentioned journalists, security professionals, parents, and scientists into serious criminals (p. 4-5)

Ethical and Legal Dilemmas

11

The extent of coverage for the Wiretap Act is sufficient to provide law enforcement latitude in conducting legitimate investigations. Additional remedies under the USA-PATRIOT Act provide the means for conducting legitimate and court authorized and duly warranted surveillance over suspected criminals. While the conduct of legitimate purchased surveillance and monitoring service is not currently impacted, the relevant legislative action bears watching. Routine Outcomes of Civil Proceedings Shapes Case Law Probably due to the home monitoring and management services industrys relative youth, most of the legal evolution in the home monitoring industry has been through establishment of local ordinance and building codes shaped by subsequent actions involving industry associations and legislatures. Such actions served to challenge the business aspects instead of setting any overwhelming precedent which forced specific changes. A majority of case law in the home monitoring industry involves breach of contract cases such as Peter Arroyo v. Safe Home Security where the plaintiff alleged Safe Home Security breached of contract arising from an agreement to provide security monitoring services when a burglary occurred and the installed the security system failed to properly operate with the result that his business sustained monetary losses. The Trial Judge deemed it a routine case and awarded Arroyo approximately $8,000 in loss and damage (Weiss, 2002). There continues to be no specific changes in how home monitoring and management services are delivered having been ordered by the courts. Organizing Information Technology to Ensure Regulatory Compliance In general, regulatory compliance is more challenging and complex for corporations because of the multitude of regulations such as Purchase Card Industry Data Security Standards, known as PCI-DSS, which offer robust and comprehensive standards and supporting materials for enhancing payment card data security to include a framework of specifications, tools, measurements and support resources to help organizations ensure the safe handling of cardholder information at every step (Security Standards Council, n.d.). The Sarbanes Oxley Act of 2002, amended in 2010 and known as SOX, imposed on corporate leadership a framework for responsibility and auditor oversight, including prior approval for nonaudit services by the auditor and the disclosure of all non-audit services of the auditor approved by the committee. Corporate Chief Executives and Financial Officers are now required to certify that their companies annual and quarterly reports as accurate and not misleading, and that they have met their

Ethical and Legal Dilemmas

12

responsibility for evaluating internal controls. Additionally, there has been a ban on new personal loans by companies to their directors or executives (Lander, 2003). The activities of the Federal Trade Commission, which has been intensely involved in the Internet privacy debate and has worked with various parties to examine and learn about privacy issues and has made recommendations to Congress about new legislation (Swindle, 2002). International Standard 27001-2 provides a model for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an Information Security Management System which can be guided by an organizations needs and objectives, security requirements, the processes employed based the size and structure of the organization (The ISO 27001 Directory, 2007). PCI-DSS, SOX & ISO 27001-2 are prominent among numerous acts and laws imposed according to a company's location, industry, and countries with which it conducts business. In order to fully comprehend the complicated demands of some regulations, companies and organizations employ specialists and consultants and produce special documentation to assist with documenting proper regulation deployment procedures. The inefficiencies and complexities of networks and endpoint management are well known, but IT departments often lack the manpower, budget or resources to address every potential threat on every endpoint in the network. Despite concerted efforts to establish a sound security policy, IT teams are still hit hard with security incidents due to a lack of visibility and control. Most organizations understand the impact of maintaining compliance and some have even developed and deployed unique solutions to address compliance issues since most commercial solutions fail to provide sufficient protection and management guarantees needed to tackle threats caused by a the continuing growth of Internet usage and rapid advancements in consumer technologies. Organizations such as the National Institute of Standards & Technology and the Center for Internet Security develop and maintain compliance guidelines to manage and protect valuable information assets (Promisec USA, 2009). The right technology, properly employed, promotes compliance while serving the customer and ultimately increasing profitability. Corporate policy compliance may be seen as somewhat easier to define than regulatory compliance because it is dictated inside a company and not by external bodies. Each organization decides for itself what employees can and cannot do based on the security risks involved.

Ethical and Legal Dilemmas

13

Conclusions The principle ethical dilemmas of adhering to a sense of personal privacy and protection of information used to manage services must be recognized by those companies and agencies involved with establishing home management and monitoring services. Providers must respect boundaries within a homeowners personal space whether monitoring fire and intrusion detection sensors or providing surveillance of intruders and for illegal activity. When not in conflict with social contracts found in the law; the needs of the customer must continue to drive what industry invents, develops and offers in the way of systems, processes and services. Industry must focus on ethical survival and be prepared to continue delivering the right service at the right cost with mutually acceptable quality. Personal and Professional Accountability It is natural and intuitive that those who own, operate or manage services, systems and technology within the industry must bring the most reliable and effective products to bear. Since home monitoring and management systems penetrate the perimeters established by the homes physical and internet boundaries, the need to maintain privacy and keep personal information in close hold with security considerations creates a natural sense of shared responsibility while placing a burden of highly ethical conduct on the service provider. Data security within the home is the responsibility of the owner or occupant while the owners information under control of the vendors becomes a shared responsibility with significant liability on the part of the vendor. Using the established law and ethical frameworks discussed in this paper, home owners and vendors can work to establish the parameters and controls necessary to shield both parties and to preserve the privacy of the customer in concert with integrity of IT networks, security appliances, information systems and professional practices of service providers. Other Elements Promoting Compliance While not presented as a panacea or the ultimate solution; the future of home monitoring and management services relies on a business sector willing to work continually improve standards and practices. Keeping pace means establishing professional practices groups or private organizations which codify an industry wide code of ethics would provide for better service delivery, training of practitioners, and finally, professional interest groups can serve as a legislative lobbying and advising body to foster more reasonable and useful development of law within Federal, State and Local governments.

Ethical and Legal Dilemmas

14

References Albrechtslund, A. (2007). Ethics and technology design. Ethics and Information Technology, 9(1), 63-63. doi:10.1007/s10676-006-9129-8 Andersen, N. (2010). School laptop spy case prompts wiretap act rethink. Retrieved December 3, 2011 from http://arstechnica.com/tech-policy/news/2010/03/school-laptop-spy-case-prompts-wiretap-actrethink.ars Anonymous, (2006). Alarm ordinance watch. Security Systems News, 9(9), 12-12. Retrieved November 25, 2011 from http://search.proquest.com/docview/225519723?accountid=27965 Australasian Legal Information Institute. (2004). Grant of private security business registration. Retrieved November 24, 2011 from University of Technology, Sydney website: http://www.austlii.edu.au/au/legis/vic/consol_act/psa2004217/s71.html Badenhorst, S. (2010). Amendment of sectoral determination 6: Private security. Retrieved November 24, 2011 from Private Security Industry Regulatory Authority website: http://www.psira.co.za/joomla/index.php?option=com_content&task=view&id=82&Itemid=37 BCC Research. (2011). Home automation and security technologies, products, and markets. (Report ID WA6566717). Norwalk, CT: Business Communications Company, Inc Chong, G., & Opara, E. (2009). Ethical framework for the IT and business professions. Communications of the IIMA, 9(3), 51-51-62. Retrieved October 29, 2011 from http://search.proquest.com/docview/858947065?accountid=27965 Electronic Frontier Foundation. (n.d.). Pen registers and trap and trace devices: Less powerful than a wiretap but with much weaker privacy safeguards. Retrieved December 1, 2011 from https://ssd.eff.org/wire/govt/pen-registers Kohl, G. (2010, April 15). Contract legislation in ny would affect dealers, monitoring firms. Retrieved November 25, 2011 from http://www.securityinfowatch.com/Dealers/1315733?pageNum=1 Kohlberg, L. (ed.) (1984). Essays on moral development 2: The psychology of moral development. San Francisco, CA: Harper and Row. Lander, G. (2003). What is sarbanes-oxley? Blacklick, OH: McGraw-Hill Trade. Retrieved December 9, 2011 from http://site.ebrary.com/lib/capella/Doc?id=10065195 Laudon, K. C. (1995). Ethical Concepts and Information Technology. (cover story). Communications Of The ACM, 38(12), 33-39. Retrieved October 29, 2011 from EBSCO host. Mitrano, T. (2003). Civil privacy and national security legislation: A three-dimensional view. Retrieved November 3, 2011 from http://www.educause.edu/EDUCAUSE Review/EDUCAUSEReviewMagazineVolume38/CivilPrivacyandNationalSecurit/157868 Motef, J. (2004). Computer security: a summary of selected federal laws, executive orders, and presidential directives. Washington, DC, Congressional Research Service, Library of Congress. Retrieved December 10, 2011 from http://www.fas.org/irp/crs/RL32357.pdf

Ethical and Legal Dilemmas

15

Nash, T. (2005). Backdoors and holes in network perimeters: A case study for improving your control system security. Washington, DC; U.S. Dept. of Homeland Security Control System Security Center. Retrieved December 12, 2011 from http://www.uscert.gov/control_systems/pdf/backdoor0503.pdf National Archives and Record Administration, (2004). Protection of sensitive security information. Retrieved December 10, 2011 from Government Printing Office website: http://ecfr.gpoaccess.gov/cgi/t/text/textidx?c=ecfr&rgn=div5&view=text&node=49:9.1.3.4.8&idno=49 Promisec USA, (2009). How to ensure compliance within an organization. New York, NY: Promisec. Richards, N. (2006). The information privacy law project. Washington, DC; Georgetown University; 94 Geo. L.J. 1087. Security Standards Council. (n.d.). Pci ssc data security standards overview. Retrieved December 9, 2011 from https://www.pcisecuritystandards.org/security_standards/index.php Swindle, O. (2002, June). In O Swindle (Chair). Perspectives on privacy law and enforcement activity in the united states. Paper presented at Working Party on Information Security and Privacy Paris, OECD, 25-26 June 2002. Paris, France. Retrieved December 10, 2011 from http://www.ftc.gov/speeches/swindle/perspectivesonprivacy.shtm The ISO 27001 Directory. (n.d.). An introduction to iso 27001 . Retrieved December 9, 2011 from http://www.27000.org/iso-27001.htm Tavani, H. (2011). Ethics and technology; controversies, questions and strategies for ethical computing. Hoboken, NJ; John Wiley and Sons, Inc. USLegal.com. (n.d.). Contract law & legal definition. Retrieved December 10, 2011 from http://definitions.uslegal.com/c/contract-law/ Versel, N. (2010, April 27). Senate panel explores home health monitoring technologies. Retrieved November 23, 2011 from http://www.fiercemobilehealthcare.com/story/senate-panel-exploreshome-health-monitoring-technologies/2010-04-27 Walberg, H. J., & Haertel, G. D. (1997). Psychology and educational practice. McCutchan Publishing Corporation. Retrieved December 1, 2011 from EBSCO host. Weiss, P. (2002). Peter arroyo v. safe home security (CV000499980S ). Retrieved November 25, 2011 from Superior Court of Connecticut, website: http://www.lexisone.com/lx1/caselaw/freecaselaw?action=OCLGetCaseDetail&format=FULL&sourc eID=bdiedc&searchTerm=efXi.Qcda.aadj.ecOG&searchFlag=y&l1loc=FCLOW Zwillinger, M. (2010, March 29). Statement of Marc J. Zwillinger before the U.S. Senate Committee on the Judiciary Subcommittee on Crime and Drugs for the hearing on Video Laptop Surveillance: Does Title III Need to Be Updated? Washington, DC: Zwillinger Genetski LLP. Retrieved December 3, 2011 from http://www.judiciary.senate.gov/hearings/testimony.cfm?id=e655f9e2809e5476862f735da15a7ed6 &wit_id=e655f9e2809e5476862f735da15a7ed6-1-4