AI News, Difference between revisions of "Basic Computer Security/Introduction"

Difference between revisions of "Basic Computer Security/Introduction"

The aim of this book is to instruct the reader on numerous topics of computer security such as passwords, privacy, encryption, and networking.

This book is written for a reader with little to no previous knowledge of security issues, but one who is familiar with the basic functionality of his or her computer's operating system.

Reading this book should give you a basic understanding of the processes needed to secure your home computer and home network, as well as protect your privacy and data on the web.

16px (Also visible on the top right of the page.) This feature will facilitate returning to the index to move on to the next section, to return to this introduction, or to re-orient yourself if you click on a link and find yourself lost.

short word of warning before we begin: Any book on the subject of security is likely to enlighten the reader on a variety of nasty things that could potentially happen to him or her.

It is our hope that by reading this book you will learn more about the world around you and gain valuable knowledge and understanding that will help you protect yourself, your privacy, and your information.

While these are probably not the best place to start learning about security, you may find them useful or interesting after you have become more familiar with some of the basics.

Privacy

Privacy is the ability of an individual or group to seclude themselves, or information about themselves, and thereby express themselves selectively.

In some countries individual privacy may conflict with freedom of speech laws and some laws may require public disclosure of information which would be considered private in other countries and cultures.

The concept of universal individual privacy is a modern construct primarily associated with Western culture, British and North American in particular, and remained virtually unknown in some cultures until recent times.

Such languages either use a complex description to translate the term (such as Russian combining the meaning of уединение—solitude, секретность—secrecy, and частная жизнь—private life) or borrow from English 'privacy' (as Indonesian privasi or Italian la privacy).[6]

The distinction hinges on the discreteness of interests of parties (persons or groups), which can have emic variation depending on cultural mores of individualism, collectivism, and the negotiation between individual and group rights.

There is extensive commentary over the meaning of being 'let alone', and among other ways, it has been interpreted to mean the right of a person to choose seclusion from the attention of others if they wish to do so, and the right to be immune from scrutiny or being observed in private settings, such as one’s own home.[8]

Although this early vague legal concept did not describe privacy in a way that made it easy to design broad legal protections of privacy, it strengthened the notion of privacy rights for individuals and began a legacy of discussion on those rights.[8]

Edwin Lawrence Godkin wrote in the late 19th century that 'nothing is better worthy of legal protection than private life, or, in other words, the right of every man to keep his affairs to himself, and to decide for himself to what extent they shall be the subject of public observation and discussion.'[9][10]

Control over one's personal information is the concept that 'privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others.'[13][14]

Behavioral barriers communicate to others—verbally, through language, or non-verbally, through personal space, body language, or clothing—that an individual does not want them to access or experience him or her.[18]

In various legal contexts, when privacy is described as secrecy, a conclusion if privacy is secrecy then rights to privacy do not apply for any information which is already publicly disclosed.[21]

When privacy-as-secrecy is discussed, it is usually imagined to be a selective kind of secrecy in which individuals keep some information secret and private while they choose to make other information public and not private.[21]

Through the 'social ritual' of privacy, or the social practice of respecting an individual's privacy barriers, the social group communicates to the developing child that he or she has exclusive moral rights to his or her body—in other words, he or she has moral ownership of his or her body.[22]

This entails control over both active (physical) and cognitive appropriation, the former being control over one's movements and actions and the latter being control over who can experience one's physical existence and when.[22]

According to Joseph Kufer, an autonomous self-concept entails a conception of oneself as a 'purposeful, self-determining, responsible agent' and an awareness of one's capacity to control the boundary between self and other—that is, to control who can access and experience him or her and to what extent.[24]

In a way analogous to how the personhood theory imagines privacy as some essential part of being an individual, the intimacy theory imagines privacy to be an essential part of the way that humans have strengthened or intimate relationships with other humans.[27]

Because part of human relationships includes individuals volunteering to self-disclose some information, but withholding other information, there is a concept of privacy as a part of the process by means of which humans establish relationships with each other.[27]

James Rachels advanced this notion by writing that privacy matters because 'there is a close connection between our ability to control who has access to us and to information about us, and our ability to create and maintain different sorts of social relationships with different people.'[27][28]

An example of the legal basis for the right to physical privacy is the U.S. Fourth Amendment, which guarantees 'the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures'.[30]

Information or data privacy refers to the evolving relationship between technology and the legal right to, or public expectation of, privacy in the collection and sharing of data about one's self.

For various reasons, individuals may object to personal information such as their religion, sexual orientation, political affiliations, or personal activities being revealed, perhaps to avoid discrimination, personal embarrassment, or damage to their professional reputations.

For example, web users may be concerned to discover that many of the web sites which they visit collect, store, and possibly share personally identifiable information about them.

Similarly, Internet email users generally consider their emails to be private and hence would be concerned if their email was being accessed, read, stored or forwarded by third parties without their consent.

Medical privacy Protected Health Information OCR/HIPAA (Health Insurance Portability and Accountability Act of 1996) allows a person to withhold their medical records and other information from others, perhaps because of fears that it might affect their insurance coverage or employment, or to avoid the embarrassment caused by revealing medical conditions or treatments.

The secret ballot helps to ensure that voters cannot be coerced into voting in certain ways, since they can allocate their vote as they wish in the privacy and security of the voting booth while maintaining the anonymity of the vote.

Secret ballots are nearly universal in modern democracy, and considered a basic right of citizenship, despite the difficulties that they cause (for example the inability to trace votes back to the corresponding voters increases the risk of someone stuffing additional fraudulent votes into the system: additional security controls are needed to minimize such risks).

Government agencies, corporations, groups/societies and other organizations may desire to keep their activities or secrets from being revealed to other organizations or individuals, adopting various security practices and controls in order to keep private information confidential.

Eventually, the scope of those rights broadened even further to include a basic 'right to be let alone', and the former definition of 'property' would then comprise 'every form of possession—intangible, as well as tangible.'

Privacy has historical roots in philosophical discussions, the most well-known being Aristotle's distinction between two spheres of life: the public sphere of the polis, associated with political life, and the private sphere of the oikos, associated with domestic life.[34]

It is generally agreed that the first publication advocating privacy in the United States was the article by Samuel Warren and Louis Brandeis, 'The Right to Privacy', 4 Harvard Law Review 193 (1890), that was written largely in response to the increase in newspapers and photographs made possible by printing technologies.[35][36]

As large-scale information systems become more common, there is so much information stored in many databases worldwide that an individual has no practical means of knowing of or controlling all of the information about themselves that others may have hold or access.

This is a reactive view of privacy protection as it waits until there is a violation before acting to protect the violated individual, sometimes through criminal punishments for those who invaded the privacy of others.

Participation in certain privacy elements of the government and businesses should allow people to choose whether they want to be a part of certain aspects of their work that could be considered privacy invasion.

The Internet has brought new concerns about privacy in an age where computers can permanently store records of everything: 'where every online photo, status update, Twitter post and blog entry by and about us can be stored forever', writes law professor and author Jeffrey Rosen.[38]

Microsoft reports that 75 percent of U.S. recruiters and human-resource professionals now do online research about candidates, often using information provided by search engines, social-networking sites, photo/video-sharing sites, personal web sites and blogs, and Twitter.

This has created a need by many to control various online privacy settings in addition to controlling their online reputations, both of which have led to legal suits against various sites and employers.[38]

Importantly, directly observed behaviour, such as browsing logs, search queries, or contents of the Facebook profile can be automatically processed to infer secondary information about an individual, such as sexual orientation, political and religious views, race, substance use, intelligence, and personality.[39][40]

Solove presented another classification of actions which are harmful to privacy, including collection of information which is already somewhat public, processing of information, sharing information, and invading personal space to get private information.[46]

It can happen that privacy is not harmed when information is available, but that the harm can come when that information is collected as a set then processed in a way that the collective reporting of pieces of information encroaches on privacy.[47]

Exposure is a special type of disclosure in which the information disclosed is emotional to the subject or taboo to share, such as revealing their private life experiences, their nudity, or perhaps private body functions.[47]

Invasion of privacy is a different concept from the collecting, aggregating, and disseminating information because those three are a misuse of available data, whereas invasion is an attack on the right of individuals to keep personal secrets.[47]

An invasion is an attack in which information, whether intended to be public or not, is captured in a way that insults the personal dignity and right to private space of the person whose data is taken.[47]

'Decisional interference' is when an entity somehow injects itself into the personal decision making process of another person, perhaps to influence that person's private decisions but in any case doing so in a way that disrupts the private personal thoughts that a person has.[47]

But in his dissent, he now changed the focus whereby he urged making personal privacy matters more relevant to constitutional law, going so far as saying 'the government [was] identified ....

One law school treatise from Israel, however, on the subject of 'privacy in the digital environment', suggests that the 'right to privacy should be seen as an independent right that deserves legal protection in itself.'

The right to privacy gives us the ability to choose which parts in this domain can be accessed by others, and to control the extent, manner and timing of the use of those parts we choose to disclose.[49]

Each individual is continually engaged in a personal adjustment process in which he balances the desire for privacy with the desire for disclosure and communication of himself to others, in light of the environmental conditions and social norms set by the society in which he lives. —

Under liberal democratic systems, privacy creates a space separate from political life, and allows personal autonomy, while ensuring democratic freedoms of association and expression.

Etzioni notes that corporate data miners, or 'Privacy Merchants,' stand to profit by selling massive dossiers personal information, including purchasing decisions and Internet traffic, to the highest bidder.

And while some might not find collection of private information objectionable when it is only used commercially by the private sector, the information these corporations amass and process is also available to the government, so that it is no longer possible to protect privacy by only curbing the State.[58]

Regan's goal is to strengthen privacy claims in policy making: 'if we did recognize the collective or public-good value of privacy, as well as the common and public value of privacy, those advocating privacy protections would have a stronger basis upon which to argue for its protection'.[59]

In a free market approach, commercial entities are largely allowed to do what they wish, with the expectation that consumers will choose to do business with corporations that respect their privacy to a desired degree.

Such an approach may be limited by lack of competition in a market, by enterprises not offering privacy options favorable to the user, or by lack of information about actual privacy practices.

This built upon the already existing privacy requirements that applied to telecommunications providers (under Part 13 of the Telecommunications Act 1997), and confidentiality requirements that already applied to banking, legal and patient / doctor relationships.

These include, but are not limited to, the Telecommunications Act 1997, Spam Act 2006, the Do Not Call Register Act 2009, general confidentiality obligations arising from certain professional relationships including with doctors, lawyers and other health providers, state based legislation including NSW workplace surveillance laws, state based laws that apply in NSW, Queensland and other states for the handling of health information and the handling of information by state government agencies.

Article 245 Whoever unlawfully subjects another person to a body search or a search of his residence or unlawfully intrudes into another person's residence shall be sentenced to fixed-term imprisonment of not more than three years or criminal detention.

Article 246 Whoever, by violence or other methods, publicly humiliates another person or invent stories to defame him, if the circumstances are serious, shall be sentenced to fixed-term imprisonment of not more than three years, criminal detention, public surveillance or deprivation of political rights.

Article 252 Whoever conceals, destroys or unlawfully opens another person's letter, thereby infringing upon the citizen's right to freedom of correspondence, if the circumstances are serious, shall be sentenced to fixed-term imprisonment of not more than one year or criminal detention.

In civil law jurisdictions, the right to privacy fell within the ambit of the right to a private life (droit a la vie privee) from which the tort could be claimed.

Although there are comprehensive regulations for data protection, some studies show that despite the laws, there is a lack of enforcement in that no institution feels responsible to control the parties involved and enforce their laws.[66]

The European Union is also championing for the 'Right to be Forgotten' concept (which allows individuals to ask that links leading to information about themselves be removed from internet search engine results) to be adopted by other countries.[67]

For example, e-mails can be encrypted (via S/MIME or PGP) and anonymizing proxies or anonymizing networks like I2P and Tor can be used to prevent the internet service providers from knowing which sites one visits and with whom one communicates.

Although some privacy advocates recommend the deletion of original and third-party HTTP cookies, Anthony Miyazaki, marketing professor at Florida International University and privacy scholar, warns that the 'elimination of third-party cookie use by Web sites can be circumvented by cooperative strategies with third parties in which information is transferred after the Web site's use of original domain cookies.'[76]

A review and evaluation of scholarly work regarding the current state of the value of individuals' privacy of online social networking show the following results: 'first, adults seem to be more concerned about potential privacy threats than younger users;

This is exacerbated by the research indicating that personal traits such as sexual orientation, race, religious and political views, personality, or intelligence can be inferred based on the wide variety of digital footprint, such as samples of text, browsing logs, or Facebook Likes.[39]

The principle of privacy by design states that privacy and data protection are embedded throughout the entire life cycle of technologies, from the early design stage to their deployment, use and ultimate disposal.

The practice of constructing, ostensibly, software or information systems that adhere to given privacy policies and relevant compliances is a developing area and is known as Privacy engineering

When self-synchronization is reached, the model states that the personal interests of individuals toward their privacy is in balance with the business interests of enterprises who collect and use the personal information of those individuals.[82]

While companies that capitalize on the Internet's powerful potential to invade privacy are denounced as villains of the information age, millions of people type out highly personal data and send it off to Web sites they've barely heard of, with no strong legal protection against misuse of the information.

a search for photos with the hashtag #selfie retrieves over 23 million results on Instagram and 'a whopping 51 million with the hashtag #me' However, due to modern corporate and governmental surveillance, this may pose a risk to privacy.[94]

In a research which takes a sample size of 3763, researchers found that for selfies, female generally have greater concerns than male social media users.

Identity Management: Concepts, Technologies, and Systems (Artech House Information Security and Privacy)

if(typeof tellMeMoreLinkData !== 'undefined'){

A.state('lowerPricePopoverData',{'trigger':'ns_53A41W1PY97C2AZKA9EJ_28312_1_hmd_pricing_feedback_trigger_product-detail','destination':'/gp/pdp/pf/pricingFeedbackForm.html/ref=_pfdpb/137-5709991-8359415?ie=UTF8&%2AVersion%2A=1&%2Aentries%2A=0&ASIN=1608070395&PREFIX=ns_53A41W1PY97C2AZKA9EJ_28312_2_&WDG=book_display_on_website&dpRequestId=53A41W1PY97C2AZKA9EJ&from=product-detail&storeID=booksencodeURI('&originalURI=' + window.location.pathname)','url':'/gp/pdp/pf/pricingFeedbackForm.html/ref=_pfdpb/137-5709991-8359415?ie=UTF8&%2AVersion%2A=1&%2Aentries%2A=0&ASIN=1608070395&PREFIX=ns_53A41W1PY97C2AZKA9EJ_28312_2_&WDG=book_display_on_website&dpRequestId=53A41W1PY97C2AZKA9EJ&from=product-detail&storeID=books','nsPrefix':'ns_53A41W1PY97C2AZKA9EJ_28312_2_','path':'encodeURI('&originalURI=' + window.location.pathname)','title':'Tell Us About a Lower Price'});

return {'trigger':'ns_53A41W1PY97C2AZKA9EJ_28312_1_hmd_pricing_feedback_trigger_product-detail','destination':'/gp/pdp/pf/pricingFeedbackForm.html/ref=_pfdpb/137-5709991-8359415?ie=UTF8&%2AVersion%2A=1&%2Aentries%2A=0&ASIN=1608070395&PREFIX=ns_53A41W1PY97C2AZKA9EJ_28312_2_&WDG=book_display_on_website&dpRequestId=53A41W1PY97C2AZKA9EJ&from=product-detail&storeID=booksencodeURI('&originalURI=' + window.location.pathname)','url':'/gp/pdp/pf/pricingFeedbackForm.html/ref=_pfdpb/137-5709991-8359415?ie=UTF8&%2AVersion%2A=1&%2Aentries%2A=0&ASIN=1608070395&PREFIX=ns_53A41W1PY97C2AZKA9EJ_28312_2_&WDG=book_display_on_website&dpRequestId=53A41W1PY97C2AZKA9EJ&from=product-detail&storeID=books','nsPrefix':'ns_53A41W1PY97C2AZKA9EJ_28312_2_','path':'encodeURI('&originalURI=' + window.location.pathname)','title':'Tell Us About a Lower Price'};

return {'trigger':'ns_53A41W1PY97C2AZKA9EJ_28312_1_hmd_pricing_feedback_trigger_product-detail','destination':'/gp/pdp/pf/pricingFeedbackForm.html/ref=_pfdpb/137-5709991-8359415?ie=UTF8&%2AVersion%2A=1&%2Aentries%2A=0&ASIN=1608070395&PREFIX=ns_53A41W1PY97C2AZKA9EJ_28312_2_&WDG=book_display_on_website&dpRequestId=53A41W1PY97C2AZKA9EJ&from=product-detail&storeID=booksencodeURI('&originalURI=' + window.location.pathname)','url':'/gp/pdp/pf/pricingFeedbackForm.html/ref=_pfdpb/137-5709991-8359415?ie=UTF8&%2AVersion%2A=1&%2Aentries%2A=0&ASIN=1608070395&PREFIX=ns_53A41W1PY97C2AZKA9EJ_28312_2_&WDG=book_display_on_website&dpRequestId=53A41W1PY97C2AZKA9EJ&from=product-detail&storeID=books','nsPrefix':'ns_53A41W1PY97C2AZKA9EJ_28312_2_','path':'encodeURI('&originalURI=' + window.location.pathname)','title':'Tell Us About a Lower Price'};

Would you like to tell us about a lower price?If you are a seller for this product, would you like to suggest updates through seller support?

Questions and Answers on Privacy and Confidentiality

In the last decade challenges to privacy from a multitude of sources have been on the rise.  Consequently questions about privacy and libraries are escalating.  The Privacy Subcommittee of the American Library Association’s Intellectual Freedom Committee has prepared this “Q &

This responsibility is assumed when library procedures create records such as closed-stack call slips, computer sign-up sheets, registration for equipment or facilities, circulation records, what Web sites were visited, reserve notices, or research notes.

In protecting the privacy rights and the confidentiality rights of library users, librarians, staff, educators, volunteers, and trustees should limit the degree to which personally identifiable information is monitored, collected, disclosed, and distributed while fulfilling their duty to comply with their state’s library confidentiality statute.

 Librarians involved in training volunteers, new employees, student assistants, or trustees should inform them of the requirements that they not abuse confidentiality and that they protect library users’ rights of privacy.

“Personally identifiable information” (PII) covers a greater range than “personal identification,” such as an individual’s name, address, telephone number, social security number, driver's license number, e-mail address, etc.

For minors seeking personal, social, and sexual identities, having the subjects of their research or reading known may be embarrassing or put them at risk for teasing or bullying.

Because of the chilling effect that such scrutiny can have on open inquiry and freedom of expression, libraries and bookstores have long resisted requests to release information that connects individual persons with specific books.

The interior design and functions of library buildings — including school libraries — can be planned to preserve privacy of inquiry, even while the user’s presence and behavior remain observable.

To the greatest extent possible, the user should be able to work independently, both to afford privacy and to reduce the quantity of confidential records for which the library must be responsible.

One of the lessons learned on the way to democracy was that no matter how ethical the current office holder may be, someday someone else may try to abuse the position.

Policies can provide guidance and strength, especially when new technology makes issues look different, By establishing strong privacy and confidentiality policies, libraries and schools can protect staff from pressure to violate users’ rights.

All libraries — not just those that are publicly funded — should have in place privacy policies and procedures to ensure that confidential information in all formats is protected.

Librarians should consult with their attorneys or school district legal counsel to develop policies that limit the degree to which personally identifiable information is monitored, collected, retained, disclosed, and distributed.

See for example “Access to Digital Information, Services, and Networks,” in which ALA reaffirmed that “Users have both the right of confidentiality and the right of privacy.” Links to selected sample library privacy policies can be found at “Privacy Resources for Librarians, Library Users, and Families.”  In addition, Part 3, Chapter 4.5, “Guidelines for Developing a Library Privacy Policy,“  of the Intellectual Freedom Manual (2010), discusses the process involved in developing a confidentiality policy.

Library management has an obvious further interest in ensuring that employee practices do not adversely impact user service or infringe on user rights, including user rights of privacy and confidentiality.

But library employers and educational institutions who use electronic or video surveillance or engage in monitoring of computer, e-mail, or telephone use by employees must carefully evaluate these practices in light of both legal requirements and the profession's ethical commitment to upholding rights of privacy and confidentiality.

Legal issues: Few laws regulate employee monitoring in the private sector, although federal, state, and local government employees benefit from some degree of legal protection.

Further, employees have a right to know what security and information management systems are in place to protect personnel records containing PII, and a right to clear enumeration of the circumstances under which such information may be provided to third parties.

Staff use of library resources: All staff use of library resources or public access workstations that is conducted outside of work hours and/or is not directly job-related should be covered in the same way that any library user's privacy and confidentiality is protected.

The library should have a continuing training plan to educate adult and student staff, educators, trustees, volunteers, and contract workers about library privacy principles, policies and procedures, and library staff’s legal and ethical responsibilities as custodians of personally identifiable information (PII).

When there is a conflict between the right of individuals to view constitutionally protected speech and the sensibilities of unwilling viewers, free expression rights have generally prevailed in the Courts unless unwilling viewers are unable to avert their eyes.

privacy audit is a technique for assuring that an organization’s goals and promises of privacy and confidentiality are supported by its practices, thereby protecting confidential information from abuse and the organization from liability and public relations problems.

An audit ensures that information processing procedures meet privacy requirements by examining how information about customers and employees is collected, stored, shared, used and destroyed.

Services such as bibliographic instruction, reference consultation, teaching and curriculum support in school libraries, readers’ advice in public libraries, and preservation of fragile or rare library materials in special collections libraries are just a few instances of services that require library staff to be aware of users’ information-access habits.

It is attention and commitment to fundamental principles of data security that may best ensure that user rights to privacy and confidentiality are not threatened through their use of library services.

Section 7 of the Federal Privacy Act of 1974 provides that any agency requesting an individual to disclose his or her SSN must “inform that individual whether that disclosure is mandatory or voluntary, by what statutory authority such number is solicited, and what uses will be made of it.” The Family Educational Rights and Privacy Act (FERPA) requires publicly-funded schools to obtain written consent for the release of personally identifiable information, which courts have ruled includes SSNs.

The widespread use of SSNs by public and private agencies had created a dual threat of fraud victimization and the invasion of privacy, by linking significant amounts of personal and financial information through a single number.

it is clear that the lack of a broad, uniform policy allows for unnecessary exposure of personal Social Security numbers.” Libraries have long used SSNs to trace patrons who have outstanding fines or overdue materials, often through collection agencies.

According to FPCO, any record maintained by an educational institution directly related to a student, in any format, that allows the student to be identified from the information contained in it, is considered an “educational record.” Analysts within FPCO have issued guidance stating that library circulation records and similar records maintained by a university library are “educational records” under FERPA.

Though FERPA generally requires institutions to protect the privacy of educational records, it contains many exceptions that allow disclosure of a student's educational records without the student's consent or permission.

In addition, colleges and universities may disclose records and information to the parents of adult students if the student is a tax dependent or if the student is under 21 and has violated any law or regulation concerning the illegal use of drugs or alcohol.

University and college libraries may therefore draw upon professional ethics and academic freedom principles to craft policies that extend additional privacy protection to users' library records;

Library policies on confidentiality should state clearly that personally identifiable information collected by the library will not be shared with any other agency or organization unless required by a court order.

See “State Privacy Laws Regarding Library Records.” In all states, regardless of the status of the law, library policies regarding the collection, use and dissemination of PII should be carefully formulated and administered to ensure that they do not conflict with the ALA Code of Ethics that states “we protect each user's right to privacy and confidentiality.” Libraries choosing to use PII for any library-related purpose other than for which the PII was gathered should consider the following standard “opt-in” practices: 22.

Most libraries conduct business with a variety of vendors in order to provide access to electronic resources, to acquire and run their automated systems, and in some instances, to offer remote storage (e.g.

Whenever a third party has access to personally identifiable information (PII), the agreements need to address appropriate restrictions on the use, aggregation, dissemination, and sale of that information, particularly information about minors.

These risks include changes in the privacy policies of the third-party service without customer notification and disclosure of the user's library circulation records or other personally identifiable information, whether such disclosure is inadvertent or purposeful.

Those responsible for maintaining the security of the library, its users, staff, collections, computing equipment and networks all have a special obligation to recognize when they may be dealing with sensitive or private information.

Like other staff whose jobs are not direct library service (principals, teachers and other educators, custodians, guards, etc.), those with access to personally identifiable information (PII) or to users’ personal files need to be informed of library ethics and of job expectations that they will not abuse confidentiality.

Libraries that use surveillance cameras should have written policies stating that the cameras are not to be used for anything else to avoid “function creep.” If the cameras create any records, the library must recognize its responsibility to protect their confidentiality like any other library record.

General monitoring by staff of the content or use of library materials and resources in any format by patrons is inappropriate in all instances with the exception of observation for the purposes of protecting library property.

For your state statute or opinion, see “State Privacy Laws regarding Library Records.” Library policy should require that law enforcement requests for any library record be issued by a court of competent jurisdiction that shows good cause and is in proper form.

When creating its privacy policies, library and educational institution governing authorities need to be fully aware of any such laws regarding disclosure and the rights of parents, and create policies accordingly.

In the event of a request for information from a federal or local law enforcement agency, librarians should consult with their library administration and/or legal counsel before complying with such requests.

If a librarian is compelled to release information, further breaches of patron confidentiality will be minimized if the librarian personally retrieves the requested information and supplies it to the law enforcement agency.

Today’s sophisticated high-resolution surveillance equipment is capable of recording patron reading and viewing habits in ways that are as revealing as the written circulation records libraries routinely protect.

Since any such personal information is sensitive and has the potential to be used inappropriately in the wrong hands, gathering surveillance data has serious implications for library management and school administrators.

If the library decides surveillance is necessary, it is essential for the library to develop and enforce strong policies protecting patron privacy and confidentiality appropriate to managing the equipment, including routine destruction of the tapes in the briefest amount of time possible, or as soon as permitted by law.

In addition, some state laws indicate that libraries shall not disclose any information that identifies a person as having used a library or a library service, even if that information is not in the form of a “record.” Protecting patron confidentiality is best accomplished by purging the records or images as soon as their purpose is served.

When library personnel believe that surveillance cameras have recorded evidence of a crime, they should preserve those images and turn them over to the library director or the library’s legal counsel, who can then turn over the images to law enforcement in accordance with the law, especially if the images might reveal information about a person’s use of specific library resources.

As a legal matter, libraries may voluntarily disclose surveillance camera images to law enforcement if the images do not reveal any person’s use of specific library materials or resources.

When state law requires the police to obtain a court order before viewing or copying protected library records, the library can extend cooperation by identifying relevant records and preserving those records until a court order is served on the library.

In particular, a minor’s right to keep his or her library records private will be governed by a state’s library confidentiality statute.  Libraries may wish to consult the legal counsel of their governing authorities to ensure that policy and practice are in accord with applicable law.

The statement also acknowledges that use of interactive Web 2.0 tools requires the balancing of two competing intellectual freedom priorities — preservation of minors’ privacy and the right of free speech.

According to FPCO, any record maintained by an educational institution directly related to a student, in any format, that allows the student to be identified from the information contained in it, is considered an “educational record.” Analysts within FPCO have issued guidance stating that library circulation records and similar records maintained by a school library are “educational records” under FERPA.

Though FERPA generally requires institutions to protect the privacy of educational records, it contains many exceptions that allow disclosure of a student's educational records without a parent’s or student's consent or permission.

  State library confidentiality laws may apply to K-12 libraries as well as public libraries, and may impose additional duties to protect students’ library records that go beyond FERPA’s requirements/permissions.  Therefore, school libraries may therefore draw upon professional ethics and intellectual freedom principles to craft policies that extend additional privacy protection to students’ library records;

The Code of Ethics, states in Article III, “We protect each library users’ right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired, or transmitted.” The American Association of School Librarians’ “Position Statement on the Confidentiality of Library Records” expresses this concept, “The library community recognizes that children and youth have the same rights to privacy as adults.” These documents provide an ethical defense for school librarians defending minors’ privacy in a school library.

In addition to an official privacy policy, school libraries should also have a records retention policy detailing the types of records maintained, the length of retention, and a schedule for their destruction.

Biometrics in Identity Management: Concepts to Applications (Artech House Information Security and Privacy) 1st Edition

if(typeof tellMeMoreLinkData !== 'undefined'){

A.state('lowerPricePopoverData',{'trigger':'ns_6WA7F4S8VEV94YESD4BV_10400_1_hmd_pricing_feedback_trigger_product-detail','destination':'/gp/pdp/pf/pricingFeedbackForm.html/ref=_pfdpb/141-0287561-0593604?ie=UTF8&%2AVersion%2A=1&%2Aentries%2A=0&ASIN=1608070174&PREFIX=ns_6WA7F4S8VEV94YESD4BV_10400_2_&WDG=book_display_on_website&dpRequestId=6WA7F4S8VEV94YESD4BV&from=product-detail&storeID=booksencodeURI('&originalURI=' + window.location.pathname)','url':'/gp/pdp/pf/pricingFeedbackForm.html/ref=_pfdpb/141-0287561-0593604?ie=UTF8&%2AVersion%2A=1&%2Aentries%2A=0&ASIN=1608070174&PREFIX=ns_6WA7F4S8VEV94YESD4BV_10400_2_&WDG=book_display_on_website&dpRequestId=6WA7F4S8VEV94YESD4BV&from=product-detail&storeID=books','nsPrefix':'ns_6WA7F4S8VEV94YESD4BV_10400_2_','path':'encodeURI('&originalURI=' + window.location.pathname)','title':'Tell Us About a Lower Price'});

return {'trigger':'ns_6WA7F4S8VEV94YESD4BV_10400_1_hmd_pricing_feedback_trigger_product-detail','destination':'/gp/pdp/pf/pricingFeedbackForm.html/ref=_pfdpb/141-0287561-0593604?ie=UTF8&%2AVersion%2A=1&%2Aentries%2A=0&ASIN=1608070174&PREFIX=ns_6WA7F4S8VEV94YESD4BV_10400_2_&WDG=book_display_on_website&dpRequestId=6WA7F4S8VEV94YESD4BV&from=product-detail&storeID=booksencodeURI('&originalURI=' + window.location.pathname)','url':'/gp/pdp/pf/pricingFeedbackForm.html/ref=_pfdpb/141-0287561-0593604?ie=UTF8&%2AVersion%2A=1&%2Aentries%2A=0&ASIN=1608070174&PREFIX=ns_6WA7F4S8VEV94YESD4BV_10400_2_&WDG=book_display_on_website&dpRequestId=6WA7F4S8VEV94YESD4BV&from=product-detail&storeID=books','nsPrefix':'ns_6WA7F4S8VEV94YESD4BV_10400_2_','path':'encodeURI('&originalURI=' + window.location.pathname)','title':'Tell Us About a Lower Price'};

return {'trigger':'ns_6WA7F4S8VEV94YESD4BV_10400_1_hmd_pricing_feedback_trigger_product-detail','destination':'/gp/pdp/pf/pricingFeedbackForm.html/ref=_pfdpb/141-0287561-0593604?ie=UTF8&%2AVersion%2A=1&%2Aentries%2A=0&ASIN=1608070174&PREFIX=ns_6WA7F4S8VEV94YESD4BV_10400_2_&WDG=book_display_on_website&dpRequestId=6WA7F4S8VEV94YESD4BV&from=product-detail&storeID=booksencodeURI('&originalURI=' + window.location.pathname)','url':'/gp/pdp/pf/pricingFeedbackForm.html/ref=_pfdpb/141-0287561-0593604?ie=UTF8&%2AVersion%2A=1&%2Aentries%2A=0&ASIN=1608070174&PREFIX=ns_6WA7F4S8VEV94YESD4BV_10400_2_&WDG=book_display_on_website&dpRequestId=6WA7F4S8VEV94YESD4BV&from=product-detail&storeID=books','nsPrefix':'ns_6WA7F4S8VEV94YESD4BV_10400_2_','path':'encodeURI('&originalURI=' + window.location.pathname)','title':'Tell Us About a Lower Price'};

Would you like to tell us about a lower price?If you are a seller for this product, would you like to suggest updates through seller support?

Bitcoin Q&A: Full node and home network security

Does running a Bitcoin and Lightning node at home attract hackers? Why is security through obscurity not the best strategy? What is some general advice on ...

Windows 10 (Beginners Guide) 2018

The Windows 10 operating system has been out for more than a couple years now. I still get questions on how to perform certain tasks and which settings to use ...

The Complete Ethical Hacking Course: Beginner to Advanced!

Get the complete hacking bundle! Additional FREE resources

Windows 7: FULL TUTORIAL (Basics)

Are you new to Windows 7 and want to learn how to navigate the operating system? In this tutorial, David will show you the ins and outs of Windows 7 (designed ...

Digital Security Prevention Methods - CompTIA A+ 220-902 - 3.2

Click SHOW MORE for important links! ** A+ Training Course Index: Professor Messer's Course Notes: ..

Computer Security / Privacy Cloud Computing: Digital Business with Unisys Chief Trust Officer (#238)

Security is on everyone's mind today, so corporations and the government must consider how to create secure systems while maintaining usability and customer ...

Bitcoin Q&A: Coin selection and privacy

How do coin selection algorithms work? What is STONEWALL and Ricochet? How did Samourai become one of the most privacy-preserving wallets? How much ...

Is Your CPU Spying On You?

Turns out all modern CPUs have backdoors built right into them. More Tech Discussions ...

USENIX Enigma 2016 - Computer Security and the Internet of Things

Tadayoshi Kohno, Short-Dooley Professor of Computer Science & Engineering, University of Washington Computers are now integrating into everyday objects, ...

Internet Safety for Kids K-3

Internet safety for kids is a topic getting much attention because children are being exposed to the Internet at a younger and younger age. IUP Communications ...