Which act prohibits the government from concealing the existence of any personal data?

Searches

Typically, public police conduct a search of an arrestee right after an arrest. This has been consistently upheld by courts for the protection of the officer who may be harmed by a concealed weapon. However, evidence obtained through an unreasonable search and seizure is not admissible in court; this is known as the exclusionary rule.

The 4th Amendment prohibition against unreasonable searches and seizures applies only to government action. Searches by private citizens, including security officers, even if “unreasonable,” are therefore not “unconstitutional” and the exclusionary rule does not apply, as ruled in Burdeau v. McDowell, 256 US 465, 1921 (Inbau et al., 1996: 54; Nemeth, 2005: 83–104). At the same time, the law of searches by private security officers is not clear and varies widely. Even though private security may not be restrained by the 4th Amendment, a lawsuit may result following a search. A search is valid when consent is given or where, in a retail environment, a state shoplifting statute permits the retrieval of merchandise. A search for weapons following an arrest may be justified through common law, which states that citizens have the right of self-defense. The recovery of stolen goods as the basis for a search is typically forbidden, except in some state shoplifting statutes. Whenever possible, private security personnel should let public police conduct searches in order to transfer potential liability.

Fourth Amendment—Unreasonable Search and Seizures

Concerning the Fourth Amendment, opponents argued that the ESS, Clipper Chip, and CALEA violate the Fourth Amendment criteria of probable cause, particularity, and restrictions against unreasonable search and seizure.

Probable Cause: Opponents pointed out that the U.S. Constitution requires the government to establish “probable cause” with a court before conducting surveillance. Any surveillance without reasonable cause, as would be possible with the Clipper Chip, key-escrow, or key-recovery technologies, in ESS and CALEA, is not consistent with Fourth Amendment protection of probable cause.

Particularity: Opponents further argued that a Clipper Chip would be implanted, not upon probable cause, but rather “in case” of a possible future crime. This broad-based access affecting all citizens is in conflict with the Particularity Clause that limits the scope of authorized searches. On the other hand, supporters argued that the Clipper Chip is more like regulatory drug testing, which requires no warrant. Since the government's plan required a warrant, this argument was not compelling.

Unreasonable Search and Seizure: Supporters also argued that breaking a single encrypted message or wiretapping a single telephone call rarely uncovers crimes. Instead, ongoing surveillance generally must be used. Opponents countered that ongoing surveillance is an unreasonable “search and seizure,” a Fourth Amendment violation that threatens individual rights.49 Both opponents and supporters agree that several questions exist that require court determination, including: (1) Does broad-based, on-going access, such as provided by the Clipper Chip, key escrow, or key recovery constitute a search? (2) If so, is that search reasonable? (3) Since wiretap law permits the secret seizure of a conversation with a court order, but does not permit the subsequent secret seizure of a record of that conversation, how are these modern capabilities to be defined?

Right of People To Be Secure in their Persons, Houses, Papers, and Effects: In addition, supporters argued that a key is not a conversation, but the means to decrypt one. Opponents countered that the purpose of encryption is to create or increase privacy. Therefore, the owner of a private key or telephone conversation has both a subjective and objective “expectation of privacy,” and any law that requires disclosure of either to the government is a violation of that expectation.

US Criteria, Laws, and Regulations

■

US Constitution Fourth Amendment

The US Constitution’s Fourth Amendment states “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.” Therefore, any evidence secured outside of a search warrant is considered excluded evidence, and no search warrant can be given without probable cause. This extends to the requirement of the search warrant needing a judicial approval before its execution. Determination of reasonableness depends on the judicial balancing of the individual interest, generally regarded as a privacy interest, against the governmental interest, including law and order, national security, internal security, and the proper administration of the laws. Reasonableness generally entails a predicate of probable cause and, with many exceptions, the issuance of a warrant.

The Fourth Amendment “is wholly inapplicable to a search or seizure, even an unreasonable one, affected by a private individual not acting as an agent of the Government or with the participation or knowledge of any governmental official.” United States v. Jacobsen, 466 U.S. 109, 113 (1984). As a result, no violation of the Fourth Amendment occurs when a private individual acting on his own accord conducts a search and makes the results available to law enforcement.

The Fourth Amendment rule is that an investigator executing a search warrant is able to look in any place listed on the warrant where evidence might conceivably be concealed. Traditionally, an investigator was precluded from looking into any location beyond the evidence they wish to seize. However, electronic evidence may be stored anywhere. The result is that an investigator can electronically look anywhere in search of digital evidence. Katz v. United States stated that “the Fourth Amendment protects people, not places.” The result is that the Fourth Amendment continues to be deeply tied to physical places.

Wiretaps and Intercepts Laws

Accordingly, investigators must consider two issues when asking whether a government search or a private search of a computer requires a warrant. First, does the search violate a reasonable expectation of privacy? And if so, is the search nonetheless permissible because it falls within an exception to the warrant requirement? Since the vast majority of computers are networked and communications is the main objective behind networking computers, the Wiretap laws become involved. The purpose of these laws is to protect voice and electronic communications from illegal interception. As an example, network sniffing is illegal unless one of the numerous exceptions applies. There are three key exceptions:

The first exception allows for the protection of the owner’s property or systems under attack.

The next exception is the consent exception, if you have the consent of the user to monitor the communications. This is usually accomplished by the use of banners stating, “Using the computer constitutes your permission to be monitored.” In most of the cases where this exception is used, the system owner must prove that the user received the banner notification before monitoring began.

The third exception is the computer trespasser exception. This allows the system owner to monitor the attacker while the system is being attacked. Of course, it is legal to monitor in support of a court order or law enforcement. These exceptions do not authorize the system owner or operator to perform unlimited monitoring.

ECPA Provisions

The Electronic Communications and Privacy Act protects the right of the customers or subscribers of Service Provider services. This statute restricts the rights of the Service Provider to provide information concerning a customer’s communications, or revealing the content of a customer’s communications or information concerning a customer’s network activity. Normally, this law is involved with undelivered e-mail and network activity by customers. Again, there are several exceptions to this law:

The first exception states that the recipient of the communications can authorize the disclosure of the communications.

The second exception states that a court order or Search Warrant can authorize the disclosure of this communications information.

The third exception involves the Service Provider inadvertently obtaining the content of communications that involves criminal activity. This information can be provided to Law Enforcement.

The fourth exception is the Service Provider’s right to protect his property or service.

The fifth exception states the Service Provider can provide the contents of communications to government agencies when the Service Provider inadvertently obtained the contents of a communication and the Service Provider believes that an emergency situation exists and a person may be seriously injured.

Privacy Law provisions

The US Privacy Act of 1974 was originally passed as a result of the Watergate scandal and the apparent abuses of governmental power performed during that period. The primary features of the Privacy Act are as follows:

Restricts disclosure of personal information from systems of records

Requires Federal agencies to comply with the law for collecting, maintaining, using, and disseminating information from personal records

Provides individuals with access to records about themselves

Allows individuals to request amendments to records which are inaccurate, irrelevant, untimely, and incomplete

Addresses the collection, maintenance, use, and dissemination of Social Security Numbers

Provides legal remedies, both civil and criminal, for violations of the Privacy Act

Over the past 30 years this Act has been slightly modified to now encompass what is known as Personally Identifiable Information (PII) which includes:

Name

Social Security Number

Date and place of birth

Photo

Biometric records, etc., including any other personal information which is linked or linkable to an individual

Education

Financial transactions

Medical history

Criminal or employment history and information which can be used to distinguish or trace an individual’s identity.

The use and storage of PII is considered one of the primary security safeguard requirements for all US Governmental agencies during the normal course of activities conducted by each agency.

Federal Rules of Civil Procedure (FRCP) provisions for eDiscovery

Electronically stored information that is admitted as evidence at a trial or hearing is electronic evidence; it may include electronic communications, such as e-mails, text messages, and chat room communications; digital photographs; website content, including social media postings; computer-generated data; and computer-stored records, therefore subject to the requirements for discovery in an electronic format, otherwise known as “eDiscovery.”

Under the Federal Rules of Evidence (FRE), relevant evidence is generally admissible, and irrelevant evidence is not. “Relevant evidence” is defined as evidence that has “any tendency to make the existence of any fact that is of consequence to the determination of the action more probable or less probable than it would be without the evidence.” Rules 401 and 402 of the FRE address this fundamental question of “logical relevance.”

The major decision addressing the admissibility of electronic evidence is Judge Grimm’s 51-page opinion in Lorraine v. Markel American Insurance Company, which reads as a comprehensive guide to the admission of electronic evidence. In Lorraine, Judge Grimm describes a decision model for addressing the admission of electronic evidence, which, unsurprisingly, is nearly identical to the one many proponents apply to the admission of more traditional forms of evidence.

The Lorraine model suggests that the proponent of electronic evidence focus first on relevance, asking whether the electronic evidence has any tendency to make some fact that is of consequence to the litigation more or less probable than it would be otherwise.

Second, the proponent should address authenticity, asking if he can present evidence demonstrating that the electronic evidence is what it purports to be.

Third, the proponent must address any hearsay concerns associated with the electronic evidence, asking if it is a statement by the declarant, other than one made by the declarant while testifying at the trial or hearing, offered for the truth of the matter asserted, and, if the electronic information is hearsay, whether an exclusion or exception to the hearsay rule applies.

Fourth, the proponent must address the application of the original documents rule.

Fifth, and finally, the proponent should consider “whether the probative value of the [electronic] evidence is substantially outweighed by the danger of unfair prejudice [,]” confusion, or waste of time. Careful consideration of these traditional evidentiary principles will permit a proponent to successfully admit electronic evidence.

CFAA Provisions

The purpose of the Computer Fraud and Abuse Act is to establish the conditions under which a person can be prosecuted for causing damage to computers, computer information, or violating a person’s privacy. Damages must exceed $5000 in 1 year. However, there is a very liberal interpretation as to how the costs of damages are interpreted: cost of the damage and cost to repair the damage. Plus multiple incidents can be combined to meet the $5000 threshold. The law applies to any “protected” computer; any government computer, any computer involved in interstate or foreign commerce, or any computer used by the banking industry. The definition for damage is very liberal also: damage or alteration of medical records, anything affecting our national defense or security, anything that causes physical injury to anyone, or causes a threat to the public health and safety. The penalties range from 1 to 10 years in prison and a fine for the first offense. The punishment is determined by the hacker’s “state of mind” or his intentions. In other words, was the damage caused by the hacker’s reckless behavior, or did the hacker intentionally cause the damage, or did damage occur inadvertently by his actions?

Summary

Proper search authority is a necessary first step in the forensic examination process. Evidence collected without it is very likely to be excluded. The Fourth Amendment to the U.S. Constitution protects citizens from unreasonable searches and seizures. The protections afforded by the Fourth Amendment only cover actions by the government. It does not apply to private citizens acting on their own. Law enforcement can search and seize digital evidence with and without a search warrant. Searches with a warrant are always better, from a legal standpoint, than searches without one. That said, exigent circumstances can and do arise that would permit officers to do otherwise.

On the private side, supervisors and employers are likely to have broad authority to search company computers, especially if the employee read and signed a computer usage agreement clearly stating that the company computers, e-mail, and so on could be searched at any time.

Consulting with the appropriate legal counsel before searching or seizing digital evidence is never a bad idea. If you have questions or concerns, those should always be raised in advance.

Constitutional Framework of American Criminal Justice

Considerable protections are provided against governmental action that violates the Bills of Rights. Most applicable is the Fourth Amendment, which provides:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated and no warrants shall issue upon their probable cause supported by oath, affirmation and particularly describing the place to be searched and the persons or things to be seized.6

Responding to the clamor for individual rights, calls for a reduction in arbitrary police behavior, and a general recognition that the rights of the individual are sometimes more important than the rights of the whole, judicial reasoning, public opinion, and academic theory for since the early 1990s have suggested and formulated an expansive interpretation of the Fourth Amendment.7 When and where police can be constrained and criminal defendants liberated appears to be the trend.

On its face, and in its express text, the Fourth Amendment is geared toward public functions.8 The concepts of a “warrant,” an “oath,” or “affirmation” are definitions that expressly relate to public officialdom and governmental action. Courts have historically been reticent to extend those protections to private sector activities. In Burdeau v. McDowell,9 the Supreme Court held unequivocally that Fourth Amendment protection was not available to litigants and claimants arrested, searched, or seized by private parties. The Court explicitly remarked:

The Fourth Amendment gives protection against unlawful searches and seizures…. Its protection applies to governmental actions. Its origin and history clearly shows that it was intended as a restraint upon the activity of sovereign authority and was not intended to be a limitation upon other than governmental agencies.10

The Court's ruling is certainly not surprising, given the historical tug-of-war between federal and states' rights in the application of constitutional law. Over the long history of constitutional interpretation, courts have been hesitant to expand constitutional protections to cover the actions of private individuals rather than governmental actions. The Burdeau decision has been continuously upheld in a long sequence of cases and is considered an extremely formidable precedent.11 The Burdeau decision and its progeny enforce the general principle that the Fourth Amendment is applicable only to arrests, searches, and seizures conducted by governmental authorities. The private police and private security system have historically been able to avoid the constrictions placed on the public police in the detection and apprehension of criminals.12

If constitutional protections do not inure to defendants and litigants processed by private sector justice, then what protections do exist? Could it be argued that the line between private and public justice has become indistinguishable or at least so muddled that the roles blur? Are private citizens, subjected to arrest, search, and seizure actions by private police, entitled to some level of criminal due process that is fundamentally fair and not overly intrusive? Does the Fourth Amendment's strict adherence to the protection of rights solely in the public and governmental realm blindly disregard the reality of public policing? Is this an accurate assessment of what the general citizenry experiences? Or should the constitution be more generously applied to encompass the actions of private police and security operatives? All of these dilemmas are, at first glance, easy to answer, when assessing case law. Even despite the continuous resistance to said applications, the advocates for such arguments are perpetually persistent.

Limitations on government intrusion into privacy

For the most part, the authorities described above limit how private individuals can collect and use information about other individuals. Our legal system also contains fundamental restrictions on the ability of governmental authorities to collect private information. The most basic of these is the Fourth Amendment to the United States Constitution, which restricts the government from invading “the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures.”19 From this comes the prerequisite that law enforcement officials obtain a judicial warrant based “upon probable cause” before intruding into any place in which a person has a reasonable expectation of privacy. In June 2014, the Supreme Court re-affirmed the importance of this provision in the digital age by holding that the Fourth Amendment requires a warrant before police may examine data on a detained person’s mobile device.20

Of course, subsequent developments such as the USA Patriot Act21 and NSA surveillance scandals of recent years may call into question the efficacy of these limitations on government power. And to be sure, the opportunities for data collection presented by augmented reality and its supporting technologies will sorely tempt law enforcement agencies to find new ways to monitor and collect individuals’ electronic data.

With this legal framework in mind, then, let’s consider how AR-related technologies are likely to test the boundaries of American privacy laws.

3.1.13.3 Legal and Regulatory Considerations

The investigation of crimes involving digital media and the examination of that digital media in most countries are covered by both national and international legislation. In criminal investigations, national laws normally restrict how much information can be seized and under what circumstances it can be seized. For example, in the United Kingdom, the seizure of evidence by law enforcement officers is governed by the Police and Criminal Evidence Act (1984) and the Regulation of Investigatory Powers Act (2000) (RIPA). The Computer Misuse Act (1990) provides legislation regarding unauthorized access to computer material, and this can affect the Investigator as well as the criminal and is a particular concern for civil investigators who have more limitations on what they are allowed to do than law enforcement officers.

In the United States, one of the pieces of legislation that the investigator must be aware of is the rights of the individual under the Fourth Amendment, which limits the ability of government agents to search for and seize evidence without a warrant. The Fourth Amendment states:

“The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”

According to OLE,e the Supreme Court stated that a “seizure of property occurs when there is some meaningful interference with an individual’s possessory interests in that property,” United States v. Jacobsen, 466 U.S. 109, 113 (1984), and the Court has also characterized the interception of intangible communications as a seizure. See Berger v. New York, 388 U.S. 41, 59–60 (1967). Furthermore, the Court has held that a “search occurs when an expectation of privacy that society is prepared to consider reasonable is infringed.” Jacobsen, 466 U.S. at 113.

OLE goes on to state that “A search is constitutional if it does not violate a person’s ‘reasonable’ or ‘legitimate’ expectation of privacy. Katz v. United States, 389 U.S. 347, 361 (1967) (Harlan, J., concurring).”

Another piece of legislation in the United States is the Patriot Act, which provides law enforcement agents with an increased ability to use surveillance tools such as roving wiretaps. The Patriot Act introduced important changes that have increased the prosecutorial power in fighting computer crimes. The Patriot Act references the Computer Fraud and Abuse Act (18 U.S.C. § 1030) with both procedural and substantive changes. There were also changes to make it easier for law enforcement to investigate computer crimes.

Also relevant piece of legislation in the United States is with regard to border searches. According to the Supreme Court, routine searches at the border do not require a warrant, probable cause, or even reasonable suspicion that the search may uncover contraband or evidence.

Similar to the UK's RIPA, since 1968, in the United States, the Wiretap Statute (Title III), 18 U.S.C. §§ 2510–2522 has been the statutory framework used to control the real-time electronic surveillance of communications. When law enforcement officers want to place a wiretap on a suspect’s phone or monitor a hacker breaking into a computer system, they have to do so in compliance with the requirements of Title III. The statute prohibits the use of electronic, mechanical, or other devices to intercept a private wire, an oral, or electronic communication between two parties unless one of a number of statutory exceptions applies. Title III basically prohibits eavesdropping (subject to certain exceptions and interstate requirements) by anyone, everywhere in the United States.

In the United States, the Electronic Communications Privacy Act (ECPA) places limitations on the ability of Investigators to intercept and access potential evidence. In Europe, Article 5 of the European Convention on Human Rights gives similar privacy limitations to the ECPA and limits the processing and sharing of personal data both within the EU and with other countries outside the EU.

The Convention on Cybercrime (ETS No. 185), also known as the Budapest Convention on Cybercrime, is an international treaty that was created to try to address the harmonization of national laws relating to computer crime and Internet crimes in order to improve the investigative techniques and increase cooperation between nations. The Convention was adopted by the Committee of Ministers of the Council of Europe on November 8, 2001 and was opened for signature in Budapest, later that month. The convention entered into force on July 1, 2004 and by the end of 2010, 30 states had signed, ratified, and acceded to the convention. These included Canada, Japan, the United States, and the Republic of South Africa. A further 16 countries have also signed the convention but not yet ratified it. The Convention is the only binding international instrument dealing with cybercrime.

The “International Organization on Computer Evidence” is an organization that was established in 1999 and has been working to establish compatible international standards for the seizure of evidence to guarantee the ability to use digital evidence collected by one state in the Courts of another state.

In civil investigations, the relevant laws of many countries restrict the actions that the Investigator can undertake in an examination. Regulations that are in place with regard to network monitoring and the accessing of personal communications or data stored in the network exist in many countries, and the rights of an individual to privacy is still an area which is still subject to decisions in the Courts.

This is intended only to highlight the range of laws and regulations that the Investigator will need to be aware of and that the Forensics Laboratory will need to ensure that have been taken into account when developing the guidelines for operational processes and procedures.

Tracking vehicles

Use of technology to track vehicles is not new. In two cases that involve beepers attached to vehicles for the purpose of tracking the vehicle, the Court distinguished between tracking on public roads and tracking in private homes. In United States v. Knotts (1983), the Court held that vehicles may be constitutionally tracked while on public roads, due to the diminished expectation of privacy. The following year, the Court supplemented its ruling in Knotts from a case involving surveillance of a vehicle inside a private home. The Court held that such warrantless tracking violated the Fourth Amendment prohibition against unreasonable search and seizure (United States v. Karo, 1984). The Court has held that the warrantless use of a thermal scanner to determine whether marijuana was growing in a private residence was unconstitutional (United States v. Kyllo, 2001).

In 2012, a unanimous Supreme Court held that police must obtain a search warrant before using a GPS device to track the movements of a car on public streets. The United States Supreme Court case of United States v. Jones left a significant question in its wake; however, that has not been resolved.

In Jones, law enforcement officers obtained a search warrant to install a GPS tracking device on a car that belonged to Jones’s wife. After the search warrant had expired and outside the jurisdiction of the Court that issued the search warrant, officers attached the GPS tracking device to the car and tracked the car’s movements for 28 days. Based in part on evidence obtained from tracking the car, Jones was convicted of drug trafficking and conspiracy. Jones appealed based upon the warrantless tracking of the car (United States v. Jones, 2012).

The majority of the justices held that installing a GPS unit on a car without a search warrant constituted a physical trespass, in violation of the Fourth Amendment. According to the majority opinion, authored by Justice Scalia, when the government placed the GPS unit on the suspect’s vehicle, it “physically occupied private property for the purpose of obtaining information” (United States v. Jones, 2012, p. 947). This constituted a search under the Fourth Amendment. Thus, a search warrant was required to authorize placement and use of the GPS unit. The Court expressly left open the question of whether acquiring vehicle location through electronic means would require a search warrant. The question left open in Jones is whether police would need a warrant to track cell phones (United States v. Jones, 2012).

Justice Sotomayor’s concurring opinion observed that the technology used by law enforcement in the Jones case will be duplicated and enhanced, permitting extensive and inexpensive government monitoring of individuals. She suggested that such technology may require the Court to restructure the Katz reasonable expectation of privacy test to reflect societal concepts of privacy.

The Jones decision would not apply to stolen vehicle recovery systems in many vehicles that allow law enforcement officers to track a vehicle, with the owner’s consent, if the vehicle is stolen. Theft recovery systems are available for other devices, including computers.

9.3 Privacy and privacy impact assessment

The term privacy refers to the right of an individual, a group of individuals, or an organization to keep information of a personal or proprietary nature from being disclosed to others. Many nations view privacy as a basic human right. The Universal Declaration of Human Rights, Article 12, states: “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honor and reputation. Everyone has the right to the protection of the law against such interference or attacks.”

The U.S. Constitution contains no express right to privacy; however, the Bill of Rights reflects the concern of the framers for protecting specific aspects of privacy.5 In the United Kingdom privacy is guaranteed by the Data Protection Act. The European Court of Human Rights has developed many documents defining the right to privacy.

At the same time, the right to privacy is limited by laws. For example, taxation laws require individuals to share information about personal income or earnings. Individual privacy may conflict with other basic human rights, e.g., freedom of speech. Privacy laws differ from country to country; laws in one country may require public disclosure of information considered private in other countries and cultures.

The digital age has confronted legislators with significant challenges related to privacy as new threats have emerged. For example, personal information voluntarily shared, but stolen from sites granted access to it or misused, can lead to identity theft.

Some countries have been more aggressive than others in addressing the new privacy concerns. For example, the countries of the European Union (EU) have very strict laws governing handling of personal data in the digital age. A sweeping new privacy right, the “right to be forgotten,” is codified as part of a broad new proposed data protection regulation in the EU. This right addresses the following problem: Today it is very hard to escape your past when every photo, status update, and tweet lives forever on some Web site.

Our discussion targets primarily public clouds where privacy has an entirely new dimension because the data, often in an unencrypted form, resides on servers owned by a CSP. Services based on individual preferences, the location of individuals, membership in social networks, or other personal information present a special risk. The owner of the data cannot rely exclusively on the CSP to guarantee the privacy of the data.

Privacy concerns are different for the three cloud delivery models and also depend on the actual context. For example, consider Gmail, a widely used SaaS delivery model. Gmail privacy policy reads (see www.google.com/policies/privacy/, accessed on October 6, 2012): “We collect information in two ways: information you give us …like your name, email address, telephone number or credit card; information we get from your use of our services such as: …device information, …log information, …location information, …unique application numbers, …local storage, …cookies and anonymous identifiers …We will share personal information with companies, organizations or individuals outside of Google if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to: meet any applicable law, regulation, legal process or enforceable governmental request …protect against harm to the rights, property or safety of Google, our users or the public as required or permitted by law. We may share aggregated, nonpersonally identifiable information publicly and with our partners like publishers, advertisers or connected sites. For example, we may share information publicly to show trends about the general use of our services.”

The main aspects of privacy are: the lack of user control, potential unauthorized secondary use, data proliferation, and dynamic provisioning [290]. The lack of user control refers to the fact that user-centric data control is incompatible with cloud usage. Once data is stored on the CSP’s servers, the user loses control of the exact location, and in some instances the user could lose access to the data. For example, in case of the Gmail service, the account owner has no control over where the data is stored or how long old emails are stored in some backups of the servers.

A CSP may obtain revenues from unauthorized secondary usage of the information, e.g., for targeted advertising. There are no technological means to prevent this use. Dynamic provisioning refers to threats due to outsourcing. A range of issues is very fuzzy; for example, how to identify the subcontractors of a CSP, what rights to the data they have, and what rights to data are transferable in case of bankruptcy or merger.

There is a need for legislation addressing the multiple aspects of privacy in the digital age. A document elaborated by the Federal Trade Commission for the U.S. Congress states [122]: “Consumer-oriented commercial Web sites that collect personal identifying information from or about consumers online would be required to comply with the four widely accepted fair information practices:

Notice. Web sites would be required to provide consumers clear and conspicuous notice of their information practices, including what information they collect, how they collect it (e.g., directly or through nonobvious means such as cookies), how they use it, how they provide Choice, Access, and Security to consumers, whether they disclose the information collected to other entities, and whether other entities are collecting information through the site.

Choice. Web sites would be required to offer consumers choices as to how their personal identifying information is used beyond the use for which the information was provided (e.g., to consummate a transaction). Such choice would encompass both internal secondary uses (such as marketing back to consumers) and external secondary uses (such as disclosing data to other entities).

Access. Web sites would be required to offer consumers reasonable access to the information a Web site has collected about them, including a reasonable opportunity to review information and to correct inaccuracies or delete information.

Security. Web sites would be required to take reasonable steps to protect the security of the information they collect from consumers. The Commission recognizes that the implementation of these practices may vary with the nature of the information collected and the uses to which it is put, as well as with technological developments. For this reason, the Commission recommends that any legislation be phrased in general terms and be technologically neutral. Thus, the definitions of fair information practices set forth in the statute should be broad enough to provide flexibility to the implementing agency in promulgating its rules or regulations.”

There is a need for tools capable of identifing privacy issues in information systems, the so-called Privacy Impact Assesment (PIA). As of mid-2012 there were no international standards for such a process, though different countries and organizations require PIA reports. An example of an analysis is to assess the legal implications of the U.K.-U.S. Safe Harbor process to allow U.S. companies to comply with the European Directive 95/46/EC6 on the protection of personal data.

Such an assessment forces a proactive attitude toward privacy. An ab-initio approach to embedding privacy rules in new systems is preferable to painful changes that could affect the functionality of existing systems.

A PIA tool that could be deployed as a Web-based service is proposed in [345]. The inputs to the tool includes project information, an outline of project documents, privacy risks, and stakeholders. The tool will produce a PIA report consisting of a summary of findings, a risk summary, security, transparency, and cross-border data flows.

The centerpiece of the PIA tool is a knowledge base (KB) created and maintained by domain experts. The users of the SaaS service providing access to the PIA tool must fill in a questionnaire. The system uses templates to generate additional questions necessary and to fill in the PIA report. An expert system infers which rules are satisfied by the facts in the database and provided by the users and executes the rule with the highest priority.

Which of the following acts restricted the governments ability to secretly intercept communications?

Which act protects citizens from unreasonable government searches and is often?

Which act enabled the public to gain access to certain government records?

Which act presumes that a student's records are private and not available to the public without the consent of the student?