INVITATION TO CYBERSECURITY 272 bottom line is this was a bungled investigation by law enforcement—they should have requested only specific and limited information until they obtained a warrant necessary for a thorough search like the one conducted by Alice. 10.2.4 Summary “If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him.” - Cardinal Richelieu The United States Constitution is the basis for our system of government and the foundation for our freedoms and rights. The Fifth and Fourteenth Amendments guarantee our right to due process, and the Fourth Amendment guarantees our right to privacy, and these rights must be protected in cyberspace as well as physical space. For example, in the story about Charlie’s privacy rights at work, how would you feel about Alice’s search if you were in Charlie’s shoes? If you did nothing wrong, then you would have nothing to hide, so why should you care? This is a popular argument for downplaying online privacy rights, but it is flawed. As we live more and more of our lives out in cyberspace, online privacy is becoming synonymous with personal privacy, especially with the popularity of smartphones and smart devices that come into our homes and personal spaces. It is not just law breakers that have something to hide; we all seek privacy and prefer to keep certain parts of our lives out of the public eye. For example, besides the physical privacy we obviously value, we value the ability to have private conversations with people we trust. Our friends know us well enough to properly contextualize our jokes and the random thoughts and feelings we express as we process ideas. As Cardinal Richelieu’s quote makes clear, our words can be dangerously misconstrued when taken out of context—this goes for anybody. The right to privacy and due process are vital to a flourishing society, and increasingly, that includes our cyberspace interactions. Cybersecurity professionals have a legal obligation and a moral responsibility to respect the rights of all citizens impacted by their work. In the next section, we will look at the law as it applies to cybercrime and cyber warfare 10.3 Laws “Legal obligations and restrictions should be considered at the outset of any cybersecurity strategy, just as a company would consider reputational harm and budgetary issues. Failure to comply with the law could lead to significant financial harms, negative publicity, and, in some cases, criminal charges.” - Cybersecurity Law by Jeff Kosseff In this section, we will briefly examine some of the most important hacking-related laws. One pragmatic reason for cybersecurity professionals to know the law is so that they can avoid criminal prosecution and civil lawsuits. Ignorance of the law, especially for profes-
RkJQdWJsaXNoZXIy MTM4ODY=