Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "The Privacy Papers", Rebecca Herold

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKPRVPAP.RVW 20020926 The Privacy Papers , Rebecca Herold, 2002, 0-8493-1248-5, U$69.95 %A Rebecca Herold %C 920 Mercer Street, Windsor, ON N9A 7C2 %D
    Message 1 of 1 , Nov 20, 2002
      BKPRVPAP.RVW 20020926

      "The Privacy Papers", Rebecca Herold, 2002, 0-8493-1248-5, U$69.95
      %A Rebecca Herold
      %C 920 Mercer Street, Windsor, ON N9A 7C2
      %D 2002
      %G 0-8493-1248-5
      %I Auerbach Publications
      %O U$69.95 +1-800-950-1216 auerbach@... orders@...
      %P 679 p.
      %T "The Privacy Papers: Managing Technology, Consumer, Employee,
      and Legislative Actions"

      The preface asserts that this volume is intended as an introduction to
      privacy for C-level executives. (I assume that means "Chief"
      executive officers, security officers, information officers, and the
      like, rather than referring to the grades they made in school.) This
      assertion is a bit odd, both in terms of the enormous size of the
      volume, and in terms of the statement, in the foreword, that the
      papers are included based on the editors personal choice.

      The introduction gives a historical look at early US privacy law.

      Part one deals with business organization issues, including papers on
      the privacy of employee email (case studies that are often
      unresolved), email pornography policy (have one), computer forensics
      and privacy (almost no content), policies for secure personal data
      (random security topics), security awareness (good program, but
      generic and not tailored for privacy), the case for privacy (vague
      thoughts, no case), attorney-client privilege and electronic data
      transmission (careless use of communications technology may void
      privilege), computer crime and analysis of computer evidence (you can
      get evidence from computers), a tale of two spies (spies may use
      computers), (US) federal laws affecting information systems auditors
      (more politics than details), computer forensics (*extremely* vague),
      the dangerous precedent set in the use of electronic identifiers
      (various cases linked *only* by the fact that *none* have been tested
      in court and therefore no precedents have been set), jurisdictional
      issues (almost irrelevant to privacy), anonymity on the net (generic),
      erosion of confidentiality (anecdotal reports), export regulations for
      cryptography (irrelevant to privacy), security awareness training
      (irrelevant), security standards (irrelevant to privacy), chief
      medical information officers (oddly irrelevant), information security
      management in healthcare (interesting and detailed), criminal activity
      on the Internet (clear but not much detail), identify theft
      (interesting but undetailed), identity theft (US-centric and not
      always helpful), obtaining information from ISPs (information service
      providers) (detailed content on a complex topic).

      Part two reviews tools and related technology. The first paper not
      only does not advise on its stated topic, selecting a cryptographic
      system, but it demonstrates essentially no understanding of
      cryptographic concepts, and a truly astonishing range of errors.
      (There definitely are inherent differences between symmetric and
      asymmetric encryption, asymmetric encryption does not use digital
      signatures, but provides for them, and the electronic codebook mode of
      DES [Data Encryption Standard] is not less able to provide
      authentication than the chaining modes.) Other essays deal with new
      paradigms for steganography (pointless), cookies and web bugs (a brief
      and limited apologia), online profiling (a political report on online
      business), intrusion detection systems (a review of a conference on
      the topic), Internet acceptable use policies (banal and unhelpful),
      ethics and the Internet (a brief take, only marginally about privacy),
      security of wireless LANs (long out of date), customer relationship
      management and data warehousing (little about privacy), anonymity,
      privacy, and trust (brief and random), Web certification (promotional
      piece for ICSA Labs), and an exhortation to get people to sign a
      confidentiality agreement.

      Part three is about US laws and issues. The pieces in this section
      are primarily either documents prepared by government departments, or
      prepared testimony before legislative committees (and sometimes both).
      There is a FAQ (Frequently Asked Questions list) on the HIPAA (Health
      Insurance Portability and Accountability Act) privacy rule prepared by
      the Department of Health and Human Services, testimony on HIPAA, a
      non-detailed description of the provisions of the Financial Services
      Modernization Act, a list of US laws with privacy provisions and
      another of proposed laws as of July 2001, testimony about privacy in
      wiretap laws, and a report on the Carnivore system.

      Part four turns to international laws and issues. The European Union
      directive on privacy is attacked as a barrier to trade, there is a
      detailed (but not very interesting or helpful) review of the EU
      directive and how it is implemented by some of the member states, a
      Department of Commerce description of the Safe Harbor program, and a
      list of international privacy laws.

      While isolated articles in this volume are interesting, the reader
      would have to be rather ignorant about privacy issues in order to get
      much out of the text overall.

      copyright Robert M. Slade, 2002 BKPRVPAP.RVW 20020926

      rslade@... rslade@... slade@... p1@...
      Find book info victoria.tc.ca/techrev/ or sun.soci.niu.edu/~rslade/
      Upcoming (ISC)^2 CISSP CBK review seminars (+1-888-333-4458):
      November 25, 2002 November 29,2002 Toronto, ON, Canada
      December 16, 2002 December 20,2002 San Francisco, CA
      February 10, 2003 February 14, 2003 St. Louis, MO
    Your message has been successfully submitted and would be delivered to recipients shortly.