When consumers provide personal information for a product or service, the assumption is the receiving company will exercise due diligence to protect their information. Bear in mind there is no all-purpose federal law mandating personal data should be protected, only certain industry specific laws, for example, health care and financial. But even without an overarching mandate,
most companies will attempt to protect your personal data just to avoid a charge of negligence should a privacy breach occur.

One nonprofit organization that monitors how well companies guard personal data—among other missions—is the Electronic Frontier Foundation (EFF). EFF’s purpose is to defend free speech, privacy, innovation, and consumer rights. This lab takes a look at a class-action lawsuit filed by EFF.

Review the following case study on issues related to sharing consumers’ confidential information. Note that this information originated from the following Electronic Frontier Foundation Web pages: https://www.eff.org/about, and https://www.eff.org/cases/hepting.

From the Internet to the iPod, technologies transform society and empower us as speakers, citizens, creators, and consumers. When freedoms in the networked world come under attack, the Electronic Frontier Foundation (EFF) is the first line of defense. EFF broke new ground when it was founded in 1990—well before the Internet was on most people’s radar—and continues to confront cutting-edge issues defending free speech, privacy, innovation, and consumer rights today. From the beginning, EFF has
championed the public interest in every critical battle affecting digital rights.

Blending the expertise of lawyers, policy analysts, activists, and technologists, EFF achieves significant victories on behalf of consumers and the general public. EFF fights for freedom primarily in the courts, bringing and defending lawsuits even when that
means taking on the U.S. government or large corporations. By mobilizing more than 61,000 concerned citizens through the Action Center, EFF beats back bad legislation. In addition to advising policymakers, EFF educates the press and public.

EFF is a donor-funded nonprofit and depends on support to continue successfully defending digital rights. Litigation is particularly expensive. Because two-thirds of EFF’s budget comes from individual donors, every contribution is critical to helping EFF fight—and win—more cases.

EFF Case Study Information
The Electronic Frontier Foundation (EFF) filed a class-action lawsuit against AT&T on January 31, 2006, accusing the telecom giant of violating the law and the privacy of its customers by collaborating with the National Security Agency (NSA) in its massive, illegal program to wiretap and data-mine Americans’ communications. In May 2006, many other cases were filed against a variety of telecommunications companies. Subsequently, the Multi-District Litigation Panel of the federal courts transferred approximately 40 cases to the Northern District of California federal court.

In Hepting v. AT&T, EFF sued the telecommunications giant on behalf of its customers for violating privacy law by collaborating with the NSA in the massive, illegal program to wiretap and data-mine Americans’ communications. Evidence in the case includes
undisputed evidence provided by former AT&T telecommunications technician Mark Klein showing AT&T routed copies of Internet traffic to a secret room in San Francisco controlled by the NSA.

In June of 2009, a federal judge dismissed Hepting and dozens of other lawsuits against telecoms, ruling that the companies had immunity from liability under the controversial Foreign Intelligence Surveillance Act Amendments Act (FISAAA), which was enacted in response to court victories in Hepting. Signed by President Bush in 2008, the FISAAA allows the attorney general to require the dismissal of the lawsuits over the telecoms’ participation in the warrantless surveillance program if the government secretly certifies to the court that the surveillance did not occur, was legal, or was authorized by the president—certification that was filed in September of 2008.

Posting:

Why is the Hepting v. AT&T case crucial to the long-term posture of how the U.S. government can or cannot review consumer confidential information?
If Hepting v. AT&T results in “Big Brother” being allowed to eavesdrop and/or review the local and toll telephone dialing and bills of individuals, will U.S. citizens and consumers have any privacy rights left regarding use of communication technologies?
What are the information systems security implications of consumer information being shared?
Submission:

Your initial post is due Thursday by 11:55 PM. In your initial post, in no less than 500 words, answering each of the questions.