Apple Ceo Tim Week 4Discussion Replies
Need four replies to discussion boards, each one needs to be 2 paragraphs long with an in-text citation and each needs to have an open-ended question at the end. Please add reference at the end of each one separately, please do not add a cover page:
Question #1
Please respond to Heather:
What are the benefits and the compliance risk concerns with storing the organization’s data in the cloud?
The main benefit of storing the organization’s data in the cloud is that it will always be attainable. It will give the organization “ubiquitous access to data from an increasing variety of devises” (States News Service, 2015). “Advantages of the cloud paradigm include data preservation, high levels of expertise on the part of cloud service providers, scalability, affordability, and availability.88 Additionally, some studies have shown that businesses that adopt SaaS enjoy a return-on-investment of almost 600%. Cloud providers are benefited because they have control over content, can set access terms, and can also monitor usage statistics. These additional advantages for cloud providers also make cloud services attractive to copyright holders because the control exercised by the cloud provider can provide additional security and protect the copyright holder from infringement” (Kesan, Hayes, & Bashir, 2013, p. 362).
The compliance risks concerns are crucial to the program’s success. “An increasing proportion of data collections and use falls outside sectors that are covered by existing privacy laws. Even as rich data can yield information every bit as sensitive as what is contained in health or financial records, the increasing volume, velocity, and variety of data collection have made it impossible for individuals to exercise meaningful control over most data about them” (States News Service, 2015). Due to the large volume of documents that will be stored in the cloud, it will be difficult to maintain confidentiality. “Because consumers are entrusting their data to a third party, they are relying on that third party to adequately secure the information, have the services and data available at all times, and allow the consumer to move their information between providers freely, all in a context in which it is unclear how modern privacy law (including the Fourth Amendment and laws related to confidentiality) may apply. Another disadvantage is related to the risk of loss. If a provider fails to secure data and a consumer’s information is compromised, the risk of loss is likely to fall on the consumer rather than the cloud service provider” (Kesan, Hayes, & Bashir, 2013, p. 362).
What is the balance between efficiency and deprioritizing of privacy?
The balance between efficiency and deproritizing of privacy would be to keep efficiency and privacy at the same prioritization. Efficiency is just as important as privacy when discussing sensitive documents.
Is more regulatory intervention necessary?
Regulatory intervention would be very difficult to narrow down, but it is needed. Many cases will differ, and sharing information in one location might violate the regulations of another. Regulations would need to be specific and determine who is responsible should a breach occur.
Kesan, Hayes, and Bashir stated “[t]he market forces peering into private lives may not be doing so with malicious intentions, but the corresponding decrease in consumer control of their personal information is nonetheless harmful” (p. 471). To what degree do you think this statement is accurate?
I think their statement is relatively accurate. A consumer will never have complete control over their personal information, and unapproved sharing of the information could be extremely harmful for the consumer. Personal information retrievable electronically is unavoidable. Everyone has an electronic footprint out there, whether they know it or not, so protecting that information is critical.
References:
Finding privacy in the global cloud. (2015, January 26). States News Service. Retrieved from http://libraries.state.ma.us/login?gwurl=http://go.galegroup.com/ps/i.do?p=AONE&sw=w&u=mlin_b_necbusin&v=2.1&it=r&id=GALE (Links to an external site.)
(Links to an external site.)%7CA398876551&asid=0f0a3a0a8f569b66e4f06acef558e3c2
Kesan, J. P., Hayes, C. M., & Bashir, M. N. (2013). Information privacy and data control in cloud computing: Consumers, privacy preferences, and market efficiency. Washington and Lee Law Review, 70(1), 341-472. Retrieved from http://search.proquest.com.prx-necb.lirn.net/docvi…
Question #2
Please Reply to Deborah
What are the benefits and the compliance risk concerns with storing the organization’s data in the cloud?
Some of the most compelling benefits of cloud services are that they offer large-scale computing, that is more efficient, scalable, secure than existing solutions that were in use by corporations. Cloud services also provide seamless access to data from an increasing variety of devices (Kerry, 2016).
As with most new technologies, there are also risks. Turning over management and storage of a corporation’s data to another entity on a wholesale basis can present privacy, confidentiality, security, control and other concerns. The upsurge in data use has caused an increasing proportion of data collection and use to fall outside the purview of existing privacy laws. The growing volume, velocity, and variety of data that is collected have made it impossible for individuals to have any meaningful control over their personal information (Kerry, 2016).
In 2012, the Consumer Privacy Bill of Rights was updated and established globally-accepted privacy principles for technological advances such as distributed devices, big data, and cloud computing. The Obama administration was optimistic that this would address emerging privacy risks, however, applying these principles to specific sectors and issues are challenging because technology changes so rapidly and privacy requirements are heavily dependent on specific content (Kerry, 2016).
What is the balance between efficiency and deprioritizing of privacy?
Big data creates a tremendous opportunity for the world economy in apparent areas like national security, but also in many other areas such as product marketing, credit risk analysis, medical research and development, politics and urban planning. However, the significant benefits of big data are offset by concerns involving privacy and data protection. Privacy proponents are worried that the rapid advances in the data ecosystem will disrupt the power relationships between government, business, and individuals. This could lead to risks such as racial or other profiling, discrimination, over-criminalization, and restrictions on other freedoms.
Public policy leaders recognize that “finding the right balance between privacy risks and big data rewards may very well be the biggest public policy challenge of our time” (Polenetsky & Tene, 2016). Choices must be made between policy concerns such as scientific research, public health, national security, law enforcement, and efficient utilization of resources v. an individual’s right to privacy. Lawmakers will be put in a position where they have to decide whether issues, like curing a fatal disease or detecting and deterring potential terrorist plots, are worthy of imposing on a citizen’s right to privacy with surveillance or algorithmic decision-making methodologies (Polenetsky & Tene, 2016). Unfortunately, this discussion and policy-making are often driven by crisis.
Is more regulatory intervention necessary?
The European Union is quite advanced in its federal privacy regulation. Organizations can process personal data without an individual’s consent if the organization can demonstrate a “legitimate interest” as balanced against an individual’s right to privacy (Jolly, 2017). In these cases, individuals have a right to object to processing based “on compelling legitimate grounds,” so it comes down to a risk-benefit analysis (Jolly, 2017).
In the US, there is room for more comprehensive or consistent regulation. There is currently no single, comprehensive federal law that regulates the collection and use of an individual’s personal data. Instead, the US “has a patchwork system of federal and state laws and regulations that can sometimes overlap, dovetail and contradict one another” (Jolly, 2017).
Kesan, Hayes, and Bashir stated “[t]he market forces peering into private lives may not be doing so with malicious intentions, but the corresponding decrease in consumer control of their personal information is nonetheless harmful” (p. 471). To what degree do you think this statement is accurate?
In this article, the authors are looking at the risks and benefits of using the cloud, where our devices connect to complex global networks. Every time we access a new service, we are required to click through the provider’s terms of service (which often includes their privacy policy). If a user refuses to acknowledge the terms of service, he or she is automatically denied access to the service. Conversely, agreeing to the terms of service will give the user access, but if the user has not carefully read the terms, his or her legal rights can be significantly compromised, especially when it comes to data privacy rights (Kesan, Hayes & Bashir, 2013). The authors of this article analyzed the terms of service agreements and privacy policies of several major cloud service providers to better understand the state of user privacy when it comes to cloud services. The authors concluded that cloud service providers take similar approaches to user privacy. The terms of service were significantly more detailed when describing the user’s obligations to the provider than when describing the provider’s obligations to the user (Kesan, Hayes & Bashir, 2013). The disproportionate terms of service create an unfair advantage for the service provider. The other item worth noting is that the terms of service are typically non-negotiable, so even if an individual were to read and then debate the terms of service, it is unlikely that the individual would be granted any modifications to the agreement. For the reasons stated above, I agree with the authors that the decrease in consumer control of personal information is harmful and that privacy regulations should mandate that companies provide standard protections for personal information and also give individuals some mechanism that will allow them to maintain control over their own data (Kesan, Hayes & Bashir, 2013).
Jolly, L. (2017, July 01). Data Protection in the United States: Overview. Retrieved October 21, 2018, from https://content.next.westlaw.com/Document/I02064fb…
Kerry, C. F. (2016, July 29). Finding privacy in the global cloud. Retrieved October 21, 2018, from https://www.brookings.edu/blog/techtank/2015/01/26/finding-privacy-in-the-global-cloud/ (Links to an external site.)
Kesan, J. P., Hayes, C. M., & Bashir, M. N. (2013). Information privacy and data control in cloud computing: Consumers, privacy preferences, and market efficiency. Washington and Lee Law Review, 70(1), 341-472. Retrieved from http://search.proquest.com.prx-necb.lirn.net/docvi…
Polenetsky, J., & Tene, O. (2016, August 10). Privacy and big data. Retrieved October 21, 2018, from https://www.stanfordlawreview.org/online/privacy-a…
Question #3
Need a reply to: Deborah
Following is an argument in favor of providing personal/customer user information to support the investigation of a crime:
From the government’s perspective, once they have a court order, warrant or a subpoena all data relevant to a criminal investigation should be made available to them. This has been a heavily debated topic in light of some of the criminal cases that have been stalled because tech companies like Apple and Google have been unwilling to unlock devices or provide relevant communications that are stored on foreign servers.
The U.S. does not have a comprehensive national legal framework to protect data owners, processors and users and to provide guidelines on disclosure standards. For this reason, we have to abide by existing laws and support law enforcement requests that protect the health and welfare of the public (Chen, 2016).
In the absence of national data privacy regulations, the Office of Compliance is recommending adoption of the American Bar Association “Law Enforcement Access to Third Party Records Standards” for guidance on disclosure of customer information as follows (American Bar Association, 2016):
The Office of Compliance will cooperate with law enforcement requests for customer information related to a criminal investigation, pursuant to the following:
- Court order if the record contains highly protected information;
- Court order if the record contains moderately protected information; or
- Subpoena if the record contains minimally protected information.
- If the requested records contain highly protected information, we may seek additional administrative approval or agree to additional disclosure if there is a greater investigative need; and
If the information request is overly broad, we may request that the law enforcement agency narrow the request to avoid access to sensitive, but irrelevant information.
Following is an argument for not cooperating with a government request for personal/customer user information to support the investigation of a crime:
The Office of Compliance will continue to review and respond to law enforcement requests for customer information on a case by case basis. If we look at the recent precedent that other tech companies have set in the way they are responding to government requests for customer information, it is clear that they are caught in the middle. A company has a duty to its customers that sometimes conflicts with the interpretation of outdated U.S. privacy laws and increasingly more stringent international privacy laws. Microsoft has been a very vocal leader in this debate and has indicated that U.S. privacy laws are outdated and fail to serve law enforcement needs, or the needs of U.S. citizens who want assurances that their personal information is adequately protected. One of the more significant concerns for multi-national companies is the fact that if the U.S. Government requires companies to turn over customer data that is being maintained abroad, then foreign governments could follow suit and mandate that companies turn over the private information of American citizens (Pagliary, 2017).
One solution that has been tested is for the U.S. Government to negotiate deals with specific countries, allowing their courts request access to their citizens’ data stored on U.S. servers, and for the U.S. to be able to request access to information on foreign citizens that is stored in that country. The Obama administration negotiated a deal of this nature with the United Kingdom (Kaste, 2016).
If this approach catches on, the outcome could be a system in which privacy rights are no longer determined by where the data is stored, but instead by which country the owner of the data calls home. This affords people with data privacy protections in line with the laws of their own country (Kaste, 2016). Until these types of agreements are formalized, the Office of Compliance is recommending that we not agree to provide personal/customer information that is being stored outside the U.S.
From an ethics standpoint, complying with government requests of this nature could set a dangerous precedent where law enforcement could repeatedly require businesses such as ours to assist in criminal investigations, which would effectively make technology companies an agent of the government (Moser & MacDonald, n.d.).
American Bar Association. (2016, June 16). Law enforcement access to third party records standards. Retrieved October 21, 2018, from https://www.americanbar.org/groups/criminal_justic…
Chen, C. (2016, February 23). In Apple vs. FBI dispute, Bill Gates calls for balance. Christian Science Monitor. Retrieved from Gale database.
Kaste, M. (2016, March 03). For U.S. tech firms abroad and data in the cloud, whose laws apply? Retrieved October 21, 2018, from https://www.npr.org/sections/alltechconsidered/201…
Moser, R., & MacDonald, P. (n.d.). The FBI & Apple security vs. privacy. Retrieved October 21, 2018, from https://ethicsunwrapped.utexas.edu/case-study/fbi-…
Pagliary, J. (2017, October 19). Tech companies are hindering criminal investigations, under outdated law. Retrieved October 21, 2018, from https://money.cnn.com/2017/10/19/technology/criminal-investigations-microsoft-ireland-invs/index.html
Question 4
Original question: The government has requested that your organization provide personal/customer user information in order to investigate a crime. The Board of Directors has asked the Compliance and Ethics Department to provide an argument for and against providing this information. Please provide an argument supporting each of these positions.
Please respond to: Caleb
In the age of digital technology, the tracking, storage and transmission of data has become increasingly complex. I am certain that upon writing the 4th amendment, no one could envision that almost every adult in developed countries would have a piece of technology with almost limitless capabilities. Gathering evidence for a crime scene today is not as simple as dusting for fingerprints and looking at mug shots. Today’s investigators have a possible trail of digital fingerprints that can lead them to the truth. Traffic cameras, internet history, and GPS location service on everyone’s phone allows investigators to follow every lead, and have digital proof of their investigation. But where does the line of tracking someone’s phone and looking at its content split?
There are two different ethics to go along with this topic for a corporation to contemplate. The first is, will opening the technology that they have created help solve a crime? The obvious reason in aiding an investigation from a corporation’s point of view is finding out the truth. That is the moral dilemma that corporations face. As with the San Bernardino case and the murder of 14 people by home grown terrorist; having a piece of equipment that could lead to other crimes is extremely valuable. On the surface, most people would think that is an easy situation, just unlock his phone. And from a moral and ethics stand point, that would be the correct. If the company has the ability to aid in an investigation, then it should do so. Especially when dealing with heinous crimes or the potential of such as national security, murder, rape, child pornography, etc.
The opposite of that ethical coin is what compliance and ethics standards has that company set for itself and their customers? Once again, the San Bernardino case is the example. The shooter had an iPhone; so just open the iPhone, right? Apple prides itself on the security that it provides its customers. Apple users have an implicit trust with the apple products that their information will be secure. That trust in Apple to keep the customer’s data secure is a MAJOR selling point for Apple products. “Apple said accessing a locked iPhone would be “impossible” on devices running iOS 8 or higher” (Schroeder, 2015). Apple does not want to be the instrument in breaking the customer’s trust. The issue that companies have with doing anything and everything to aid in an investigation, is who determines what crimes they should break protocol and compromise the security of their customers? What crime is deemed worthy enough? To every victim or victim’s family, the company should always help. But, if they break compliance and company protocol for one, then they have to do it for every criminal investigation. That includes every possible lead for a criminal investigation that of course would completely dissolve the trust that the consumer has placed with Apple to protect their data. “Apple CEO Tim Cook argued that if Apple were forced to reengineer its products, it would open a Pandora’s box that could give the government outsized control over how Silicon Valley makes its products.” (Yadron, 2016)
Schroeder, S. (2015, October 21). Apple to U.S. court: We cant unlock new iPhones, even if we try. Retrieved from https://mashable.com/2015/10/21/apple-unlock-iphones-doj/ (Links to an external site.)Links to an external site.
Yadron, D. (2016, March 28). San Bernardino iPhone: US ends Apple case after accessing data without assistance. The Guardian. Retrieved from http://www.theguardian.com/technology/2016/mar/28/…