6 Chapter 6: Information Privacy and Security

6.1Introduction

Modern technologies, such as portable digital devices, electronic publishing, social media, e-commerce, cryptocurrency, and digital messaging, have transformed businesses and changed the way people communicate, interact, transact, and process information. Communication channels using text messaging, video clips, and chats transcend traditional geographical boundaries and make it easier for people to share instant information in real time. Smart home assistant devices, such as Amazon Alexa, Google Assistant, and Apple Siri, allow us to use voice to communicate with various information systems and applications. The Internet of Things (IoT) allows various devices to be connected and synced up to the Internet through Wi-Fi. The COVID-19 pandemic accelerated the development and use of technology in people’s lives. This ranges from working remotely to rideshare to food delivery using new services, such as Uber Eats and Door Dash, to streaming services like Netflix, Hulu, and Amazon Prime Video.

Over time, technology has changed people’s perspectives of the notion of information security and privacy. There are more people today willing to share personal information using different technology platforms than ever before. When we consent to use certain services online, we are at the same time agreeing and allowing companies and service providers to collect and manage our personal information on their systems. Some of the information service providers collect is essential not only to identify the user but also for security and legal purposes related to payments, licensing issues, and other related legal matters. Having said that, companies have alternative ways to collect information about their users and connect this information to the user’s primary record. Most companies and service providers have published privacy and security policies that the user can read before using the service. However, when it comes to the consent form, the user is only given two options. Agree to the terms of condition of the service agreement and use the services, or disagree with the policy and be denied access. In response to recent security breaches and unregulated data collection by large technology organizations, the European Union (EU) created the right to be forgotten and the right to erasure as part of the General Data Protection Regulation (Guadamuz, 2017; Hoofnagle et al., 2019).

In the United States, several legislations and laws have been enacted to protect private and sensitive information. Some of these legislations include the Health Insurance Portability and Accountability Act (HIPPA), the Electronic Communication Act (ECPA), the Children’s Online Privacy Protection Act (COPPA), the Family Educational Rights and Privacy Act (FERPA), and the Video Privacy Protection Act (VPPA). Most of the regulations in the United States were enacted in response to a specific problem or a situation that arose forcing legislators to respond (Garner, 2018; Samoriski et al., 1996; Urgoiti, 2019). There is an absence of a comprehensive approach to the privacy issue. Current concerns arose following the US 2016 election and issues surrounding the company Cambridge Analytics and their inappropriate use of social media information highlighting the need for measures to further protect user information.

Encroachment into privacy by outsiders and hackers is still a serious problem and causes challenges to those dealing with information security. Historically, information professionals, including librarians, archivists, and record keepers, acted as guardians, protected, and defended a user’s right to privacy. The right to privacy is considered a basic human right as recognized by Resolution 59 of the UN General Assembly adopted in 1946 in Article 19 of the Universal Declaration of Human Rights (1948). This undertaking required that information professionals understand the moral and ethical obligation of safeguarding patron information. The American Library Association (ALA), the largest library association in the world, has long held that privacy is a core value of the librarian profession. Article II of the ALA’s Code of Ethics adopted on June 28, 1995, states that, “We uphold the principles of intellectual freedom and resist all efforts to censor library resources.”

Although privacy infringement existed in the preinformation society era, the challenges brought about by advances in information and communication technology require users to go through professional training to educate themselves on the risks involved dealing with sophisticated identity theft tools, cybercrimes using hacking to exploit vulnerabilities in online applications, banking, ecommerce transactions, online retail databases, and election stations (Armerding, 2018; Svirsky, 2019). To counter such threats, there is a need to adopt an integrated approach that incorporates both technical and nontechnical measures, such as creating awareness among users, building sound and robust infrastructure, training a new generation of cybersecurity professionals who can work the technical and nontechnical aspects of cybersecurity.

6.2The Context of Privacy

The term privacy is derived from the Latin word privatus. According to the Oxford English Dictionary, privacy is “the state or condition of not being alone, undisturbed, or free from public attention, as a matter of choice or right; seclusion; freedom from interference or intrusion.” As we stated earlier, privacy is considered a fundamental human right by the United Nations. Article 17 of the Universal Declaration of Human Rights and the International Covenant on Civil and Political Rights state that no one shall be subjected to arbitrary or unlawful interference with their privacy, family, home, or correspondence, nor to unlawful attacks on their honor and reputation (Conte, 2016). They also state that everyone has the right to the protection of the law against such interference or attacks (Diggelmann and Cleis, 2014).

Privacy is deeply personal and culturally specific. The scope by which privacy is viewed by people around the world varies from one group of people to another, from one culture to another. What might be considered normal or acceptable in a certain culture might not be acceptable and may even be considered an intrusion of privacy in another culture. In most societies, there are boundaries by which privacy is defined and there are diverse types of personal information that are closely guarded.

Privacy is concerned with the information and knowledge others might obtain about the person and the right to access or divulge such information without the concerned person’s consent. While information security is not a technological concept, information technology has shaped our view of privacy. For example, in the past, if you were in your room alone, you did not expect people to watch you and you did not have smart devices that might be spying on you (Fowler, 2019). If you were shopping, most of your transactions would have been paid in cash and no one would have a record of your activities. Today, using credit cards and shopping online, we are continuously monitored by someone as these activities are captured by different information systems.

Information privacy extends beyond financial transactions or personal information captured by information systems for identification and security purposes. The Internet and the web have made it easy for people to share personal information without realizing the long-term risk and implications. Many people share information with their friends on social media platforms, such as Facebook, Twitter, and Instagram, thinking that they are only sharing that information with their trusted closest friends and not considering that social media is made up of a web of contacts. Social media applications, such as WhatsApp, Viber, and Snapchat, give users the perception that their information is safe using an elevated level of encryption. However, these platforms can be hacked through compromised passwords, lost devices, and other security breach mechanisms.

Hackers are always looking for ways to challenge the security configurations of existing systems, identify vulnerability to steal valuable user information for monetary gain (Overfelt, 2016). Stolen information could also have social implications. It might create social and cultural backlashes and, in some cases, endanger people’s lives. Awareness and education are critical in tackling information security issues related to privacy. For example, the number of Internet users in the Middle East grew in the last two decades and the use of social media skyrocketed impacting culture and tradition. Aloul (2012) pointed out that one of the major security problems in the Middle East is dealing with large number of “uneducated” users that makes this population an easy target for hackers and cyberattacks.

6.3Privacy Control

Privacy control is a set of tools built into information system applications that allow users to control who can view their information and how much is revealed. These can include simple settings as well as more sophisticated settings that give users more control by type of data, type of users, and level of details. The problem with privacy settings and privacy control is twofold. The first problem is the degree to which these tools can protect against all aspects of privacy intrusions. How good are these tools at preventing access to private or sensitive information? What are the drawbacks of using such tools? The second problem is that people most often do not understand which part of the information to make public and which part of the information to restrict and make private. Users might also not have the knowledge needed to configure the applications and set the privacy control.

The Pew Compliance Report published in 2019 showed that most Americans are concerned about privacy and feel a lack of control over their own information (Auxier et al., 2019). The survey showed that the majority of Americans feel that their personal information is less secure now and that it is not possible to go through their daily life without being tracked. Most Americans feel they have little control of data collected about them by companies (81%) and government (84%). Governments, professional bodies, and international agencies play a key role in establishing rules and guidelines to protect personal information. They are aware of the implications of privacy issues in the emerging information society and have taken various steps toward circumventing the problems. Conferences and seminars have been held at national and international levels for the discussion of potential problems and workable solutions to these privacy issues. Some of these issues are at the national level and others are at the international level that touches on sovereignty and independence issues.

Privacy control is a set of options by which users can restrict access to their content. The technical features differ from one application to another and leave the responsibility for setting them up to the users. Unfortunately, despite all the security measures and privacy controls a software developer might put in place, there is a high chance that a data breach will occur. Organizations and government agencies need to be obligated to protect user information. Such compliance can only happen if the appropriate information security and privacy control legislations are created. In 1980, the Organization for Economic Co-operation and Development (OECD) in the EU developed the Code of Fair Information Practices (FIP). The FIP was put in place to safeguard the handling of personal information collected by enterprises and to ensure that fair treatment is accorded to individuals by these data users. The guidelines involve collection limitation, data quality, purpose specification, user limitation, security safeguards, openness, individual participation, and accountability.

The Electronic Privacy Information Center (EPIC) is a public interest research center in Washington DC, established in 1994 with the objectives of protecting privacy, First Amendment rights, and constitutional values. EPIC works on defending one’s rights in cyberspace and is a member of the Global Internet Liberty Campaign, the Internet Free Expression Alliance, the Privacy Coalition, and the Transatlantic Consumer Dialogue.

The Japanese data protection on the Internet and the Japanese guideline on protection of personal information are some of the measures used to restrict the collection of personal data, the use and disclosure of personal data, the limit of access by individuals to personal data, proper security arrangements for personal data, and clarification of responsibility over personal data (Komukai, 2020). The General Data Protection Regulation (GDPR) is the by far the most comprehensive regulation designed to protect privacy and information security (Dorraji and Barcys, 2014). The regulation covers areas such as fairness and transparency in data collection and use, data minimization and clear purpose of use, emphasis on data and information accuracy, storage limitations, integrity, confidentiality, and accountability.

6.4Information Security

Information security refers to the methods and processes used to protect print and electronic information from unauthorized access, misuse, manipulation, or destruction. Information security measures fall into two main categories. The first category is using technical measures, such as encryption, firewalls, blockchain, and so on. The second category involves human elements where ethics and moral obligations play a significant role in safeguarding sensitive and confidential information. According to Spinello (1995), the primary issue is to have a security policy that can be uniformly applied to the enterprise. Such a policy should be supported by management, made fully aware of by all employees, and consistently enforced.

Information security technical methods evolved over time from the reliance on simple password authentication to a more sophisticated method of using face recognition and biometric information. New software now provides varying degrees of authorization to different levels of staff depending on what functions and information they are allowed to access.

Several other methods that also pertain to access control are referred to as biometric security techniques. This is extremely sophisticated technology and quite expensive, thus only really used for protecting highly sensitive information, such as defense secrets. They are designed to use the unique biological characteristics that each human being has. The second aim of an enterprise security procedure includes preserving the “integrity of the system at [sic] its data,” as stated by Spinello in 1995. One of the ways that this might be accomplished is through encryption software and scrambling devices, such as digital signal processors. These work hand-in-hand with access control methods. They act by re-coding the data before it is transmitted over a telecommunications network, thus making it unreadable to unauthorized readers who do not have the proper method for decoding the message. It is useful in protecting transmissible data from being intercepted. For instance, e-mail uses local networks to be transmitted and is highly vulnerable. An example of one solution to this problem is end-to-end encryption, which protects the information within an e-mail message until it reaches its destination. However, a security gap may exist if knowledge of how the information is coded is revealed to outsiders.

Should unauthorized access occur, it is vital to have audit control software installed. This allows the enterprise to track down the culprits or find evidence if there has been a break-in. It does so by observing and recognizing operators and recording the times at which access occurred. It may also identify when an individual is trying to hack into the system, by trying random combinations, as it will reflect an unusual number of incorrect entries. As different users have different authorization levels it may also be possible to track whether employees have entered restricted areas, through a “terminal session log,” as defined by Spinello in 1995.

Human elements will continue to play a key role in information security. While it is possible to put in place secure servers, bulletproof firewalls, and encryption techniques, we will still need to have someone to administer these systems and he/she will still have access to the information stored in these systems. Given these circumstances, there is a need for moral obligation to protect information from insiders. The questions are, what do these moral responsibilities include, whom does it fall to, and how much is one held accountable for it?

These moral duties include protecting information systems properly. It also involves preserving information, especially valuable information, such as medical records. This stems from the need to prevent others from being hurt from misuse of their information and out of respect for their privacy. For instance, as mentioned earlier, revealing an individual’s medical history may hinder their chances for future employment. Furthermore, as protectors of that information, it is important that only those with the correct level of clearance should have access to the information. Every request for information should be considered carefully. For instance, if someone requests information on how to build a portable bomb from a librarian, should the librarian provide information knowing that more than likely this information may be used to create a weapon? In addition, information guardians have to protect information from misuse and ensure that they do not forsake the trust that was placed in them by exploiting the very information they are supposed to protect, to make a profit. Last but not least, corporate information should be treated with the same respect as individual information.

Moral responsibility should start with the individual, in this case the information technology professionals and developers. They must ensure that they design systems and software that are robust enough to withstand any attack and that there are sufficient backup and recovery systems to recover any loss of information. Their responsibilities are deciding which information may or may not be revealed as mentioned above. Corporations should not be excused from the responsibilities involved in protecting information. They share the same obligations as individuals. However, they have some additional factors to consider. For instance, companies are driven by profit; thus, they should take care that security is not sacrificed because of financial costs or for the sake of convenience. Their responsibility is protecting information not only for their customers but also for their employees as well. They should also ensure that their security measures are not intrusive or obstructive to staff and daily operations. Although, it has to be said, information security has not been placed as high in priority in the private sector as it should be.

6.5Information Security Challenges

Information systems and computer networks face security threats daily and the number of threats is growing and becoming more sophisticated. Wang and Yang (2017) pointed out that hacking attempts are on the rise and hackers have become more sophisticated and difficult to deal with. Hackers are using advanced technologies and constantly looking for vulnerabilities and weaknesses in the information system. Sometimes these weaknesses are not technical and are due to human ignorance or a lack of understanding the seriousness of the hacking problem. Most businesses, small or big, are facing difficulty in keeping up with the array of threats due to the growing variety of security challenges that can involve hardware devices, applications, and end user issues.

Early generations of information security threats involved malicious code, such as viruses, worms, Trojan horses, logic bombs, and other types of software, used to cause harm or deployed to collect sensitive information. According to Forester and Morrison (1994), hundreds of viruses were created in the late 1980s causing varying amounts of damage around the world. For example, in 1989, Robert Morris was suspended from college after devising a worm program (the Morris Worm) that affected more than 6000 machines and crippled the network connecting MIT, the RAND Corporation, and NASA’s Ames Research Center (Dressler, 2007).

With the advent of modern technologies, such as e-mail systems, social media applications, and other online communication tools, new types of threats emerged. These include phishing e-mails and messages that are designed to entice users to open files that could contain viruses or click on links that take users to fake websites with the objective of stealing personal information. Such methods have become more sophisticated with the use of AI (artificial intelligence) robots designed to spy and collect sensitive information. Deploying such tools as malware in the form of autonomous AI tools can inflict long-term damage without the need for human interference. Such systems have the capability to adjust themselves to the new environment and reinvent themselves if necessary, depending on the circumstances (Dietterich and Horvitz, 2015; Harel et al., 2017). Guarding against such capabilities requires an organization to develop and deploy even smarter tools to counter malicious AI software. Such a system can be trained to analyze micro-behavior of threats, such as phishing and ransomware (Joshi and Gupta, 2019).

The increased use of devices connected to the Internet in what has become known as the Internet of Things (IoT) has created an information security nightmare. Internet devices and applications, such as home automation and smart assistant devices (Amazon Alexa, Google Assistant, and Apple Siri), are generating substantial amounts of information that need to be managed and secured. Consumer devices, such as TV sets, cars, and personal devices, are the main driver of IoT, accounting for 5.2 billion units in 2017 and expected to top 12.86 billion units in 2020 (Tung, 2017).

The threat of information warfare is real. In 1996, it was reported that the US Department of Defense computers were attacked more than 250,000 times and most of these attacks were undetected. In September 1999, computer hackers called the “United Loan Gunmen” infiltrated the computers running the websites for NASDAQ and Amex in an attack on the world’s financial markets. Although there was no manipulation of data on the exchanges, it did prove how vulnerable even the most popular Internet sites might be. Some of these cyber weapons may have started out as defense weapons. For example, the United States has the most advanced spying devices in the world, costing nearly $30 billion a year. At present, these are used by the military primarily for protection and only in the event of war. But what happens if they direct their attention to spying on industries to benefit their own economy rather than achieving military advantage? Also, if their economy is attacked via methods of cyberwar, such as Trojan horses, should that be considered an act of war and reacted to with a similar response?

Earlier, the issue of protecting national security was raised. It is one thing when sophisticated systems are used to spy on the enemy but how about when it is used to spy on one’s own citizens with the mission of preserving national security? Although some voiced concerns over these types of invasion of privacy, others see as a necessary evil to protect the company’s interests. CyberSeek, an initiative funded by the National Initiative for Cybersecurity Education (NICE) reported that the United States has a shortfall of 314,000 cybersecurity professionals as of January 2019. The demand for cybersecurity professionals has also increased over the years. The global cybersecurity shortage of highly qualified professionals is projected to reach 1.8 million by 2022 (Crumpler and Lewis, 2019).

6.6 Cybersecurity

Cybersecurity is comprised of the methods and practices used to protect information systems, applications, and devices connected to the Internet and public networks. Cyberattacks are on the rise and cybersecurity threats are real. The recent ransomware attacks on companies and government institutions in the United States and other countries highlight the seriousness of the problem (Richardson et al., 2021). Cyberattacks do not only pose problems to individuals but also to private and public institutions, government agencies, and society at large. The Internet as a public network is vulnerable to all sorts of hacking and intrusion activities by anyone connected to the Internet and deciding to be a bad player. The term cyberwarfare is commonly used to refer to the methods used by one nation state to attack other nations with the intention of destroying or inflicting harm to their infrastructure, such as distribution lines or electricity grid or other vital resources (Janczewski and Colarik, 2007; Papathanasaki, and Maglaras, 2020).

Spying in cyberspace has become a common activity through deploying malicious software and AI to collect intelligence information. Most Internet and mobile applications use cookies to identify and track users as they navigate through different pages and use certain features on websites. Except for third parties’ cookies that are used for marketing purposes, most cookies are harmless and designed to enhance the user’s navigation experience. While cookies are not dangerous, they might create an opportunity for hackers and other bad players to take control of online sessions (session fixation attacks) and deploy more harmful programs with the aim of spying and collecting sensitive information. This sometimes is combined with other forms of data collection and monitoring using sophisticated AI and predictive analytics tools (Collier, 2019; Joshi and Gupta, 2019). The following are examples if cybersecurity threats and problems:

• Ransomware

Ransomware is rated as one of the top cybersecurity threats in 2021. Hackers, through identifying security vulnerability in information systems, deploy malicious applications that encrypt and steal sensitive data. The malware then prevents users from accessing their information until payment is paid—normally in crypto currency to prevent tracing the identity of the hackers. One of the methods by which ransomware is spread is through phishing e-mails or malicious spam. Email normally has attachments that can act as booby traps. Once the users click on the link, they will be directed to a fake website that compromises their login and personal information. There has been a rise in the number of ransomware attacks on local US governments, such as cities and police stations, schools, and government offices (Brill and Thompson, 2019).

• Phishing Threats

Phishing is a common security threat hackers use to direct users to fake websites with the object of collecting identification information and passwords. Phishing is carried out by sending e-mails that might appear to be coming from close friends, fellow workers, or trusted organizations. Studies have shown that the majority of cyberattacks happen using phishing e-mails. Phishing attacks attempt to exploit security vulnerabilities associated with a user’s lack of knowledge about information security practices. Some of the e-mails are drafted cleverly to cause panic by creating a sense of emergency making the person act without thinking and click embedded links or attached malicious programs.

In recent years, phishing attacks have become more sophisticated using real people information collected online using AI and data analytic tools. Information sent to users by e-mail or on social media asking them to go to certain websites or download certain information is quite a common method of phishing for personal data. According to Moore and Clayton (2007), phishing is the process of enticing people into visiting fraudulent websites and convincing them to enter credential information, such as usernames, passwords, addresses, social security numbers, and/or personal identification numbers (PINs).

• Cryptojacking

Cryptojacking is like ransomware in which hackers try to get access to cryptocurrencies using encrypted codes. For any type of information to have value, it must be in limited supply. Cryptocurrency in the form of Bitcoin is increasingly becoming an acceptable form of currency for business transactions. The market value of the digital currency has increased in the last few years, making an attractive target for hackers. The value of one bitcoin at some point reached more than $70,000 in 2021 which made it become the currency of choice for extortion and ransomware (Collier, 2019; Murko and Vrhovec, 2019).

• Cyberwarfare

Cyberwarfare is more evident today than ever before. The increased dependency on the Internet as a form of communication tool and as a platform for commerce has increased the risk of being targeted by adversaries in times of war and conflict (Cavelty, 2012; Janczewski and Colarik, 2007; Style and Maglaras, 2020). The Internet as a loose public network made up of billions of machines worldwide and content that is scattered all over relies heavily on encrypted data and firewalls to defend against intruders. Today, most information infrastructure, such as education institutions, health information systems, government departments, and private and public corporations, rely on technology and Internet communication. It is easy for hostile organizations and states to engage in cyberwarfare and inflict damage on adversaries given the low cost, high speed, and low risk compared to traditional warfare.

6.7Information Security and Recovery Measures

To address information security issues, there is a need to adopt a comprehensive approach to information security. The first part consists of the technical issues which involve firewalls, antivirus software, and encryption of data. The second part is the human part and involves educating users on how to deal with information security threats. Access control and password protection is one of the first and most essential methods for information security. Most users choose passwords that hackers find easy to guess. The choice of passwords and the strength of a password depend on several factors including the number of symbols allowed in the password, usually between 8 and 30; special characters, such as ampersand, percent, and dollar sign; and the number of symbols in the alphabet from which these symbols are chosen. Passwords must be changed periodically to minimize the chances of guessing and stolen information.

Encryption is another information security measure used to protect sensitive information, especially while transmitting data over the network or between different applications. Encrypted security tools are used to ensure the privacy, integrity, and authenticity of the information transmitted. For a cryptosystem to be considered strong, it should have the needed element to generate sophisticated keys that are not easy to guess. Cryptosystems include algorithms for key generation, encryption, and decryption techniques. The encryption algorithm is a mathematical function that produces a ciphertext and encryption key. Ciphertext is scrambled text produced by the encryption algorithm using a unique encryption key.

An audit trail is another information security measure organizations use to chronologically record system activities leading to certain events. Audit trail is a process where information is recorded in a log that can be examined in the event of a security incident. Audit trails provide system administrators with valuable information in tracking security violations and break-in attempts.

Backup and recovery mechanisms are information security measures used to restore data and recover information affected by system failures or security breaches. A backup is a copy of the data that is maintained on a separate system or is kept off-line on another medium like magnetic tape or an optical disk. The frequency by which data is recorded depends on the nature of the business and the sensitivity of the information. A backup schedule and procedure should be put in place to make sure that information is kept updated and current. Recovery procedures must be developed to deal with emergency conditions, such as severe work overload, hardware breakdown, software failure, reduced operations, degraded operations, partial failure, strikes or civil commotions, natural or human disasters, and operations at an alternative site.

6.8 Conclusion

This chapter discussed privacy and security concerns, challenges, and measures needed to combat privacy and security challenges. The increased use of public networks and open-system platforms has led to increased exposure to several different security vulnerabilities. Some of these security vulnerabilities involve technical issues, such as hardware and software issues, which can be tested and fixed. Other security valuables that involve social and human issues are harder to manage. Human issues require a certain level of security awareness, knowledge, and trust. This chapter covered different types of security threats, such as ransomware, phishing and cyberwarfare, and discussed the importance of raising awareness and competence through continuous training.

 

Discussion Questions

• What role can information professionals play in protecting privacy and security?
• Why do we need to worry about information security?
• What is your definition of sensitive data and confidential information?
• How do you differentiate between private and public information?
• How do you handle your own daily work and keep your information safe?
• Discuss an information security incident that involved phishing and what measures have been taken to address the issue. Has this impacted your life in any way and what lessons have you learned?
• Discuss the types of measures and actions that you have taken to protect your privacy in various social media platforms.

References

Aloul, F. A. (2012). The need for effective information security awareness. Journal of Advances in Information Technology, 3(3), 176–183.

Armerding, T. (2018). The 17 biggest data breaches of the 21st century. CSO Online, 20. https://www.csoonline.com/article/2130877/the-biggest-data-breaches-of-the-21st-century.html

Auxier, B., Rainie, L., Anderson, M., Perrin, A., Kumar, M., and Turner, E. (2019). Americans and privacy: Concerned, confused and feeling lack of control over their personal information. Pew Research Center, 15, 175–190.

Brill, A., and Thompson, E. (2019). Ransomware, a tool and opportunity for terrorist financing and cyberwarfare. Defence against Terrorism Review, 12. 45–58.

Collier, K. (2019). Crippling Ransomware Attacks Targeting US Cities on the Rise. CNN. https://www.cnn.com/2019/05/10/politics/ransomware-attacks-us-cities/index.html

Conte, A. (2016). Privacy, honour and reputation. In Defining Civil and Political Rights, edited by Scott Davidson and Richard Burchill (pp. 249–266). Routledge.

Crumpler, W., and Lewis, J. A. (2019). The Cybersecurity Workforce Gap. Center for Strategic and International Studies (CSIS).

Diggelmann, O., and Cleis, M. N. (2014). How the right to privacy became a human right. Human Rights Law Review, 14(3), 441–458.

Dietterich, T. G., and Horvitz, E. J. (2015). Rise of concerns about AI: Reflections and directions. Communications of the ACM, 58(10), 38–40

Dorraji, S. E., and Barcys, M. (2014). Privacy in digital age: Dead or alive?! Regarding the new EU data protection regulations. Social Technologies, 4(2), 292–305.

Dressler, J. (2007). United States v. Morris. In Cases and Materials on Criminal Law. St. Paul, MN: Thomson/West.

Cavelty, M. D. (2012, June). The militarisation of cyberspace: Why less may be better. In 2012 4th International Conference on Cyber Conflict (CYCON 2012) (pp. 1–13). IEEE.

Forester, T., and Morrison, P. (1994). Computer Ethics: Cautionary Tales and Ethical Dilemmas in Computing (2nd ed.). MIT Press.

Fowler, G. A. (2019). I found your data. It’s for sale. Washington Post. Available online at: https://www.washingtonpost.com/technology/2019/07/18/i-found-your-data-its-sale/

Garner, W. (2018, June). FERPA, HIPAA, and other privacy concerns in online education. In EdMedia+ Innovate Learning (pp. 519–523). Association for the Advancement of Computing in Education (AACE).

Guadamuz, A. (2017). Developing a right to be forgotten. In: Synodinou, T.-E., Jougleux, P., Markou, C., and Prastitou, T. (eds.) EU Internet Law: Regulation and Enforcement. pp. 59– 76. Springer International Publishing, Cham (2017)

Harel, Y., Gal, I. B., and Elovici, Y. (2017). Cyber security and the role of intelligent systems in addressing its challenges. ACM Transactions on Intelligent Systems and Technology (TIST), 8(4), 1–12.

Hoofnagle, C. J., van der Sloot, B., and Borgesius, F. Z. (2019). The European Union general data protection regulation: What it is and what it means. Information and Communications Technology Law, 28(1), 65–98.

Janczewski, L., and Colarik, A. (Eds.). (2007). Cyber Warfare and Cyber Terrorism. IGI Global.

Joshi, R. C., and Gupta, B. B. (Eds.). (2019). Security, Privacy, and Forensics Issues in Big Data. IGI Global.

Komukai, T. (2020). A comparative study of the extraterritorial enforcement of data protection rules in the EU, US and Japan. Global Privacy Law Review, 1(3), 180–185.

Moore, T., and Clayton, R. (2007, October). Examining the impact of website take-down on phishing. In Proceedings of the Anti-Phishing Working Groups 2nd Annual eCrime Researchers Summit (pp. 1–13).

Murko, A., and Vrhovec, S. L. (2019, November). Bitcoin adoption: Scams and anonymity may not matter but trust into Bitcoin security does. In Proceedings of the Third Central European Cybersecurity Conference (pp. 1–6).

Overfelt, M. (2016). World’s oldest hacking profession doesn’t rely on Internet. CNBC.com, May 13.

Richardson, W., Butt, U. J., and Abbod, M. (2021). Critical review of cyber warfare against industrial control systems. In Information Security Technologies for Controlling Pandemics, edited by Hamid Jahankhani, Stefan Kendzierskyj, and Babak Akhgar, 415-434.

Samoriski, J. H., Huffman, J. L., and Trauth, D. M. (1996). Electronic mail, privacy, and the Electronic Communications Privacy Act of 1986: Technology in search of law. Journal of Broadcasting and Electronic Media, 40(1), 60–76.

Spinello, R. A. (1995). Ethical Aspects of Information Technology.

Papathanasaki, M. and L. Maglaras, (2020) The Current Posture of Cyber Warfare and Cyber Terrorism. Global Foundation for Cyber Studies and Research.

Svirsky, D. (2019). Three Experiments About Human Behavior and Legal Regulation (Doctoral dissertation, Harvard University).

Tung, L. (2017). IoT devices will outnumber the world’s population this year for the first time. ZDNet.com, 7.

Urgoiti, L. (2019). The Video Privacy Protection Act and consumer data: Are you plugged in? UC Davis L. Rev., 53, 1689.

Wang, Y., and Yang, J. (2017, March). Ethical hacking and network defense: Choose your best network vulnerability scanning tool. In 31st International Conference on Advanced Information Networking and Applications Workshops (WAINA) (pp. 110–113). IEEE.