question and instruction are attached below
1. Article for essay:
Smartphones Have Privacy Risks
Top of Form
Bottom of Form
Around the turn of the century, the FBI [Federal Bureau of Investigation] was pursuing a case against a suspect—rumored to be Las Vegas strip-club tycoon Michael Galardi, though documents in the case are still sealed—when it hit upon a novel surveillance strategy.
The suspect owned a luxury car equipped with an OnStar-like system that allowed customers to “phone home” to the manufacturer for roadside assistance. The system included an eavesdropping mode designed to help the police recover the vehicle if it was stolen, but the FBI realized this same antitheft capability could also be used to spy on the vehicle’s owner.
When the bureau asked the manufacturer for help, however, the firm (whose identity is still secret) objected. They said switching on the device’s microphone would render its other functions—such as the ability to contact emergency personnel in case of an accident—inoperable. A federal appeals court sided with the company; ruling the company could not be compelled to transform its product into a surveillance device if doing so would interfere with a product’s primary functionality.
The specifics of that 2003 ruling seem quaint today [in 2012]. The smartphones most of us now carry in our pockets can easily be turned into surveillance and tracking devices without impairing their primary functions. And that’s not the only privacy risk created as we shift to a mobile, cloud-based computing world. The cloud services we use to synchronize data between our devices increase the risk of our private data falling prey to snooping by the government, by private hackers, or by the cloud service provider itself. And we’re packing ever more private data onto our mobile devices, which can create big headaches if we leave a cell phone in a taxicab.
What to do about it? In this [viewpoint], we’ll explore the new privacy threats being created as the world shifts to an increasingly mobile, multi-device computing paradigm. Luckily, there are steps both device makers and lawmakers can take to shore up privacy in the mobile computing age.
Cloudy with a Chance of Snooping
Law enforcement loves cloud computing. We don’t know exactly how much information the government collects from online service providers, but Google alone fields thousands of requests from the US government each year for private customer data. Other providers have been less transparent, but they presumably experience similar request volumes.
Shifting data to a remote server makes life easier for mobile users, but it also makes life easier for people who want to access their data with or without permission. Data stored on third-party servers is much more vulnerable to surreptitious snooping not only by the government but also by hackers and the service provider itself.
A FreedomBox Future?
What can we do to avoid the privacy problems created by third-party storage? Ars Technica talked to Eben Moglen, a law professor at Columbia University and chairman of the Software Freedom Law Center. He argued the only way for users to truly safeguard their privacy is not to relinquish control of personal information in the first place.
The best approach, Moglen argued, is for “storage and sync service to be provided in a form which deliberately disables computation on that data on the storage provider.” Under Moglen’s preferred model, services like Amazon’s S3 might help users store their data in encrypted form, but computation using unencrypted data would only occur on devices physically under the control of the data’s owner.
Moglen is a driving force behind the FreedomBox, a project to build a user-friendly home server that would allow ordinary users to provide many of the computing and communications services currently offered by firms like Google and Facebook.
Moglen acknowledges it’s a big technical challenge to make the FreedomBox a reality. Free web servers, mail servers, content management systems, and other software exists, but currently requires far too much user configuration to provide a plausible alternative to managed services for the average user. Improvements in reliability are also needed. And even federated social networking services like Identi.ca have failed to gain significant traction against centralized services like Twitter and Facebook.
But while progress has been relatively slow, Moglen believes his model will prevail eventually. “What we’re talking about is what’s going to affect the nature of humanity in the long run,” he told us. “The important question is can we do it at all. We’ve never met a problem we can’t solve”—given enough time.
Fixing the Third-Party Doctrine
While Moglen and his colleagues work on a user-friendly alternative to the cloud, users are entrusting a growing amount of information to cloud providers. Under a legal principle called the third-party doctrine, this data does not enjoy the same robust Fourth Amendment protections available to data physically controlled by a user. That means that the government may be able to obtain access to your private Facebook posts and even the contents of your Dropbox folder without getting a warrant.
There have been some moves toward extending full Fourth Amendment protections to online services. In 2010, the United States Court of Appeals for the Sixth Circuit held that remotely stored e-mail is protected by the Fourth Amendment. And in January, Supreme Court justice [Sonia] Sotomayor called the third-party doctrine “ill-suited to the digital age.” In the future, she may convince a majority of her colleagues to embrace the Sixth Circuit’s arguments. For now, data stored in the cloud lacks full Fourth Amendment protections in most jurisdictions.
In the meantime, Congress could update federal privacy law to give cloud services stronger statutory protections than the constitutional minimum established by the courts. The last time Congress rewrote electronic privacy law was in 1986. Obviously, communication technologies have changed dramatically in the last quarter-century. The legal categories Congress established then don’t necessarily make much sense today.
My Phone, the Spy
Lower Merion High School in suburban Philadelphia issued laptops to its 2300 students in the fall of 2009. Freshman Katarina Perich soon noticed the green light next to the camera on her school-issued MacBook was turning on for no apparent reason. “It was just really creepy,” she told USA Today.
Perich’s concerns were justified. The district eventually admitted it had installed an antitheft system that included the ability to remotely activate laptop cameras. The system had been activated and thousands of pictures of students’ homes were taken and transmitted back to the district’s servers. School district officials contend the surveillance was due to a technical glitch, and the authorities ultimately decided not to press charges. A civil lawsuit brought by some students was settled for $610,000.
A growing number of mobile devices have built-in cameras, microphones, and GPS [global positioning system] sensors. This means law enforcement agents no longer have to take the risk of physically invading a suspect’s property to install a bug or tracking device. They can simply order whichever company is in charge of the target device’s software to modify it to enable remote surveillance and tracking. And because most mobile devices do not have hardwired LED indicators like those on laptop cameras, the owners of these devices are none the wiser.
In repressive regimes, the danger of government spying is already considered severe. Removing batteries from cell phones is a common practice among dissidents. As the Washington Post reported last year, “The practice has become so routine that Western journalists sometimes begin meetings with Chinese dissidents by flashing their batteries—a knowing nod to the surveillance risk.”
The Need for Notification
Chris Soghoian, a privacy researcher and fellow at the Open Society Foundations, argues all device manufacturers should follow the good example set by laptop cameras. A user-visible LED should be hardwired to every camera, microphone, or GPS sensor on every mobile device. Soghoian argues LEDs have become cheap enough in bulk that the cost of adding two or three LEDs to every mobile device would be trivial.
But LEDs cannot help against another, related privacy threat: the use of cellular tower records to track a device’s location. This location tracking is inherent to the way cellular networks work; your cell phone provider needs to know which cell phone tower you’re close to in order to deliver information to you. On the other hand, cell-site location data is much less precise than the location data collected by GPS sensors. The privacy risk is somewhat reduced.
As with so many aspects of privacy law, the rules for law enforcement access to cell-site location records have not been clearly established. Some courts have ruled the government can obtain this data without a warrant; others have disagreed. January’s GPS tracking decision at the Supreme Court suggests that several justices are concerned about protecting location privacy, but the high court has not ruled clearly on whether cell-site location records are protected by the Fourth Amendment.
We use our smartphones to send and receive e-mail, take photographs, store lists of contacts, access social networks, and much more. As our mobile devices become increasingly packed with personal information, the potential harms from losing our phones grow accordingly….
There’s a well-known solution to this problem: disk encryption. If the data on a mobile device were properly encrypted, then a lost or stolen device wouldn’t create privacy problems. The new owner simply wouldn’t be able to access the previous owner’s data.
Unfortunately, full-disk encryption on mobile platforms is still a work in progress. One obstacle to effective disk encryption is the difficulty of entering a password with sufficient entropy using a touch-screen interface. On the desktop we commonly use passwords consisting of eight ASCII characters. But the “bandwidth” of our fingers is reduced on a touch screen, so smartphone password systems tend to be simpler, employing a 4-digit PIN [personal identification number] number or a sequence of simple “swipes.” Yet these systems have few enough possible combinations—10,000 for a 4-digit PIN, for example—that an attacker can write software to simply try all possible combinations until he finds the right one.
Theoretically, mobile users could enter longer passwords. For example, a 14-digit number has about as much entropy as an 8-character alphanumeric password. But the average user is unlikely to have the patience to enter a 14-digit password every time she pulls out her cell phone. Soghoian tells Ars that finding more efficient ways to enter secure passwords using a touch screen is an “open research problem.”
Still, Soghoian says smartphone vendors should at least offer their users the option to encrypt the storage on their mobile devices. Encryption with low-entropy passwords is better than no encryption at all, and users who particularly care about the privacy of their data do have the option of entering 14-digit passwords.
Making Privacy a Priority
This isn’t the first time firms pioneering a new computing paradigm have failed to pay adequate attention to security and privacy. For example, it took several embarrassing malware incidents before Microsoft began taking desktop security more seriously. It may take a series of similar privacy disasters on mobile platforms before leading mobile vendors make security a top priority.
The stakes are higher today than they were in the 1990s. Users carry their phones with them everywhere, and use them for more purposes than they used their desktop computers for a decade ago. It would be a mistake to wait for disaster to strike before acting. Taking proactive steps now—like supporting full-disk encryption and adding LEDs to input devices—could avoid major embarrassment later.
Policy makers also have work to do. The Supreme Court should heed Justice Sotomayor’s call to reconsider the third-party doctrine. And whether or not the court extends the Fourth Amendment to cloud services, Congress should overhaul electronic privacy law to ensure people enjoy the same robust privacy rights on 21st-century communications platforms as they do for 20th-century ones.
Full Text: COPYRIGHT 2013 Greenhaven Press, a part of Gale, Cengage Learning.
Lee, Timothy B. “Smartphones Have Privacy Risks.” Smartphones. Ed. Roman Espejo. Detroit: Greenhaven Press, 2013. Opposing Viewpoints. Rpt. from “My Smartphone, the Spy: Protecting Privacy in a Mobile Age.” 2012. Opposing Viewpoints In Context. Web. 15 Aug. 2013.
Write an argumentative essay of four full typed pages (double spaced) that answers an ethical question pertaining to one of these topics:
· Does the government have a right to collect whatever information it wants, to use however it sees fit?
· To what extent does the government have a right to collect information about its citizens?
· What rights and responsibilities do Food companies have when it comes to labeling?
· What responsibilities does Facebook have in monitoring their web pages? Address safety and security concerns.
As always, the answer to the question–your thesis–should be defended with three topics.
Evaluation criteria follow:
Ethical Choices: Student thoroughly discusses at least two sides of an ethical choice to be made.
· Decision Making: Student states a position on the issue based on at least three points and offers an opposing view and counterargument supported with database sources.
· Consequences: Student identifies consequences and demonstrates a sophisticated understanding of the scope, complexity, and/or magnitude of the consequences.
· Evidence: Student includes a Works Cited page that lists at least three database sources. The body of the essay includes a total of at four citations from sources.
· College level spelling and punctuation skills
· MLA format for margins, header, personal information, paragraph indention, double spacing
· In-text citations
· Works Cited page
· Clearly stated thesis statement
· Topic sentences that flows from thesis statement
· Sentence variety
· No egregious grammar mistakes
· Should be free from plagiarism.