Data privacy,

security, legality &

ethics

ELC1A08 Digital literacies and language

Source
Where are we in the subject?
• Last week: creating and modifying a
video
• This week: Data privacy, security,
legality & ethics
• Next week: Life-long learning
software: apps to help you learn
English
• Assessments:
• Your video
Source
• The completed blog is due at the
end of the semester.
2
Agenda
• Data privacy: how it affects you
• Security: how you might lose
control of data
• Legality: laws about data
• Ethics: the proper use of
information
• Persuasion: Personalisation of
Source
content to the audience’s
concerns, values and level of
knowledge 3
Lecture Questions
By the end of this lecture you should be able to answer the
following questions:
• Data privacy is important to prevent
what?
• Not wiping drives before throwing away
old phones, computers or USB sticks
may cause what problems?
• What is software that locks people out of
Source their own data called?
• What data privacy-related activities are
illegal?
• What is a person who reveals
information about possible illegal activity
within an organisation called? 4
Introduction
Why is data risk important?
• You may break the law if you lose
data or breach data privacy
• You may lose secret information and
get in trouble
• You may embarrass your
organisation
• You may cause economic losses to
your organisation
• You may be cheated and lose your
own money
• You may get other people into Source
trouble by revealing their private
data. 5
Issues in Data Risk
How these topics relate to what we have already
studied:
• Data privacy: ubiquitous surveillance.
• Security: How much information to give to home
robots
• Legality: Intellectual property in virtual worlds
• Ethics: Machine sentience, propaganda, media
manipulation
New issues:
• Data privacy: data loss, passwords, identity theft,
arguments about privacy, human rights activities,
working from home.
• Security: Cyberwarfare, viruses, ransomware, leaks
• Legality: Regulation of social media, censorship,
stock market manipulation
Source
• Ethics: whistleblowing. 6
Data Privacy
• Data loss
• Passwords
• Identity Theft
• Arguments about privacy
• Data privacy
• Working from home
• Data privacy and you

Source
Privacy concerns with Facebook 7
Data privacy: Data loss
• You store other people’s private data; e.g. on your
laptop, mobile phone, USB stick
• Private data includes contact details and email contents
• Valuable data includes group project files, assignments
• Reasons for data loss:
• Left in a taxi, bus, bar, etc.
• Stolen
• Broken: wet, damaged, overheated
Source
• Virus, ransomware, spyware
• How can you protect yourself? Discuss with a partner.

8
Data Privacy: Passwords
The top 10 most • User names are easy to guess, and are often the
common passwords same as email addresses. So security comes
mostly from the password.
list 2023:
1. password • Hackers get user names, then try internet sites
with millions of passwords to try to break into
2. 123456 accounts.
3. 123456789 • Use a different password for each site or device,
4. guest so if one is compromised, the others are not. Use a
5. qwerty Password Manager service to help you remember
6. 12345678 them.
7. 111111 • Use strong passwords: longer passwords are
8. 12345 better
9. col123456 • Use two-factor authentication; e.g. a website
10. 123123 sends a request to your phone to check if you are
Source trying to log in.
• Use email tester website and password tester
websites to see if your email and password has 9
Data Privacy: Identity Theft
If hackers know enough
information about you,
they can sell it to
criminals. Identity theft is
common, about 15 million
Americans had their
identity stolen in 2012. Source
Criminals can pretend to
be you,for
• apply sodocuments
that they can:
such as passports & ID cards
• apply for credit cards using your name
• give a false identity to police if they are arrested
• ask your friends and colleagues for information or money10
Arguments about privacy
• "If you have something that
you don't want anyone to know,
maybe you shouldn't be doing
it in the first place.” Google
CEO Eric Schmidt (Source).
• Schmidt blacklisted CNET
reporters from Google after the
tech news company published
an article with information
about his salary, neighborhood,
hobbies, and political donations
-- all obtained from Google
11
Guillaume Paumier, CC-BY.
searches.
Data privacy: Human rights activities
• In countries where the
government violates the law
or human rights of the
people, there are
organisations and journalists
who try to protect people
and report violations.
• These organisations and
people need data privacy to
avoid arrest and
punishment.
Source
12
Working from home and your data privacy
If you are working from home,
your manager can track your
online activity in Microsoft 365,
according to Privacy International:
‘administrators can gain access to
reading people's e-mails,
documents and 1-1 messages
on Teams’… ‘There are no
limitations to how
employers can use these
features and there are no
active prompts informing Source
workers if they're enabled.’ 13
Working from home and other people’s data
privacy
• Working from home may involve using your own
computer, rather than your employer’s
• This is a data privacy risk:
• Less network security; e.g. firewalls
• Less automatic updates to patched software
• Anti-virus software may be out-of-date
• Email attachments in Downloads folder not
deleted
• Family members may access the computer
and see private information
• Work files may be taken home on USB stick,
and lost
• Home environment may be unsuitable:
Source crowded, noisy, bad Wi-Fi; so staff work in a
coffee shop, etc., where there is no privacy 14
Data Privacy and You
What are the threats to data privacy
(data loss, weak passwords, identity
theft, data privacy, working from
home):
• at university?
• in your career?
How can you handle them?

Example:
I am studying nursing. I will handle
patient’s confidential medical
information. I must avoid putting it
on my personal laptop, USB or
phone. I must be careful about
transferring information to outsider
organisations, such as medical 15
Data Security
• Cyberwarfare
• Viruses
• Ransomware
• Leaks
• Security and
you

Source

16
 Security: Cyberwarfare
• Cyberwarfare is the use of
computer attacks against an
enemy state, causing comparable
harm to actual warfare and/or
disrupting vital computer
systems. Some intended
outcomes could be spying,
destruction, propaganda, or
economic warfare.
• Targets include government
websites, the electrical power
grid, oil pipelines, health services,
banking systems, terrorist
websites, and military command
Staff Sgt. Wiggin Bernadotte, a cyber warfare operator Source Public Domain 17
systems.
Security: Viruses
• A computer virus is a program that
copies itself into other programs.
• Viruses spread by physical devices;
e.g. USB sticks, or via networks such
as the internet. Viruses may read a
user’s contact list, and email an
infected file to all contacts, or direct
contacts to an infected website.
• Anti-virus software can help protect
against viruses.
• Making backups of files can protect
against data loss caused by viruses, Source
but the backups must not contain the 18
virus.
Security: Ransomware
• Ransomware is a type program that
threatens to publish the victim's
personal data or block access to it
unless a ransom is paid.
• About 623 million ransomware
attacks in 2021 (Source)
• Ransomware can
pretend to be the police, and
demand a fine, usually in
cryptocurrency.
• Targets have included universities,
hospitals, delivery companies,
railways, oil companies, car
Source
manufacturers and government
departments. 19
Security: Leaks
• A data leak is a security violation, in which
sensitive, protected or confidential data is
copied, transmitted, viewed, stolen or used
by an unauthorised individual.
• They can be caused by attacks by
criminals or as part of cyberwarfare.
• They can be allowed by poor computer
security or careless disposal of used
computer equipment or data storage
media; e.g. not wiping drives before throwing
away old phones, computers or USB sticks.
• Data breach notification laws may require Source
organisations that lose data to inform users
such as customers or the government. 20
Video on AI’s Implications on Privacy and Data
Security
Watch the video
The Implications of AI on Privacy and Data Security: What You Need to Know,
and consider the following:
1. Analysis: It recommends “being more cautious about what information we
share online. We should be careful about the websites we visit and the apps
we download as many of these collect data without our knowledge. We can
also use privacy focused browsers and search engines like DuckDuckGo to
avoid being tracked.”
Is this a good recommendation?
2. Clarity: What did you think of the voice of the
narrator?
3. Clarity: What did you think of the relevance of the
images to the content?
4. Appropriacy: Was the video interesting? What new
information did you learn?
5. Persuasiveness: Will you change your online
activity as a result of watching this video? 21
Computer Security and You
What computer security threats
(cyberwarfare, viruses, ransomware,
and leaks) do/will you face:
• in daily life?
• at university?
• in your career?
• How will you handle these threats?

Example:
I am a Fashion student, specialising in
Knitwear Design and Technology.
Knitwear manufacturing uses Computer
Aided Designing (CAD) and Computer
Computerized Flat Knitting Machine (Jacquard
Aided Manufacturing (CAM) software.
Machine) 11 by Asivechowdhury Source License
Viruses could halt production and data
leaks could let competitors steal my
22
designs.
Legality
• Regulation of social
media
• Censorship
• Stock market
manipulation
• Legality and you

Source

23
Legality: Regulation of Social Media

Regulations may include

measures against:
• Cyberbullying
• Hate speech
• Fake news
• Addiction
• Use by terrorists

Source

24
Legality: Censorship
• Internet censorship is the control of
what can be accessed, published, or
viewed on the Internet.
• Done by regulators, or individuals and
organizations may engage in self-
censorship for moral, religious, or
business reasons, to conform to societal
norms, due to intimidation, or out of
fear of legal consequences. Source

• Reasons include:
• Politics; e.g. Twitter banned Trump
• Social norms; e.g. no gambling
• Security; e.g. military information
• Economics; e.g. music copyrights
25
Legality: Stock market manipulation
• ‘Anyone with a web-connected device
could potentially illegally manipulate
the price of a stock by simply
spreading false information about that
business on an online message board,
in a chat room, on social media or
even with a video posted to YouTube.’
• ‘Though market manipulation is illegal,
it occurs regularly. There is simply too
much illegal activity occurring for the
entirety of it to be documented and
penalized by the SEC. Even if the SEC
were to flag all potential forms of
manipulation, there would not be
Source enough time or manpower to
sufficiently analyze all of it.’ (Forbes) 26
Legality and You
What computer legality issues (cyberbullying, hate speech, fake news,
internet addiction, use by terrorists) do/will you face:
• in daily life?
• at university?
• in your career?
• How will you handle these issues?
Example 1:
I am studying Investment Science and Finance Analytics. The statistics that
I calculate and the programs and models that I create must reflect the real
world so that they are accurate. Therefore, I must know about online stock
market manipulation techniques, and handle them properly in my analyses
and predictions.
Example 2:
One of my classmates in a group project seems to be a social media
addict. He doesn’t get enough sleep, never exercises, has bad eyes and a
bad neck. He prefers the internet to talking to real people, and has bad
communication skills. He only attends class when attendance is taken. He
hides his phone under his desk and types angry arguments about online
games on social media. He wants to be an e-sports commentator, but his
posts are annoying, not entertaining. In group work he is not interested in
the topics or his groupmates. He needs to learn better time management
skills, how to manage his emotions, and receive counselling. In our project
Source he did not do any work. Social media should have laws to prevent people
like him from becoming addicted, and help them get treatment. 27
Ethics
• Whistleblowing
• Ethics and you

Source 28
Ethics: Whistle-blowing
• A whistle-blower is a person, often an employee, who
reveals information about activity within a private or public
organisation that they think is illegal, immoral, illicit, unsafe
or fraudulent.
• Over 83% of whistle-blowers report internally to a
supervisor, human resources, compliance, or a neutral third
Edward Snowden-2 by Laura
party within the company, hoping that the company will Poitras / Praxis Films Source
address and correct the issues. Licence

• A whistle-blower can also communicate with external

entities, such as the media, government, or law
enforcement, or in HK, the ICAC.
• Organisations see whistle-blowing as not loyal, betraying
the group, and revealing secrets, so punish them by firing
them, or using the law.
• Famous whistle-blowers include Edward Snowdon, who Julian Assange by D. Silvers,
Silver and Cancillería del
revealed illegal American spying programmes, and Ecuador Source Licence
29
Julian Assange, founder of WikiLeaks.
Ethics and you
• What computer ethics issues do/will you face:Source

• in daily life?
• at university?
• in your career?
• How will you handle these issues?
Sample:
One of my classmates used an online essay-writing service
to write an out-of-class assignment for him. Another
classmate asked if she could borrow the assignment to get
some ideas. He refused. She told the teacher about him
buying the assignment, and the teacher failed him. I think
she was right to report him, but wrong to do it for revenge.
Overall I don’t think she was ethical, but I can’t report her 30
because she will deny asking, and I don’t have proof.
Persuasion
Personalisation of content to the audience’s
concerns, values and level of knowledge.
Find a partner, preferably in the same field as
you. Discuss how to persuade people in your
field about one of the issues from this lecture:
data privacy, security, legality or ethics. Source
Consider their:
• Concerns – what should they be worried about, and why?
• Values – if there is a data problem, does it go against their
values? e.g. for business people, data security is vital to protect
trade secrets
• Level of knowledge – how much do people in your field know
already? What information can you add to persuade them?
Organise the information into Attention, Interest, Desire & Action.31
Sample Persuasion using AIDA Organisation
Our bank issues laptops to employees so that they can
work from home, but recently some have been lost or Attention
stolen.
We had to report the loss to clients, as well as the Interest
police. It was extremely embarrassing and damaged
our reputation.
Skilled hackers could access information on any
machine they possess. We must be able to prevent Desire
such data leaks.
We need a system so that if an employee reports a lost Desire
or stolen laptop, our I.T. staff can remotely wipe the
memory and disable the staff member’s account logins.
We should set up a project about this immediately. Action
32
Homework
Prepare to write a risk analysis by
considering the digital risks faced in
your future profession.
Example for future teachers /
university lecturers:
• Data privacy: students’ PolyU ID,
grades, medical information for sick
leave, special needs
• Security: Campus security, theft,
especially of IT equipment such as
laptops and phones, loss of hardware
containing student information.
• Legality: Online sexual harassment,
hacking of computers, key logging,
crypto-currency mining on
institutional computers, freedom of
speech vs. hate speech.
• Ethics: Plagiarism, cheating, ethical
clearance for human and animal
experiments.
The End