Formal Written Report Assignment
AndyNguyen1904
SAMPLE03_Model3FormalWrittenReport.pdf
CGC Data Security in the 21St Century
Customer Privacy Rights versus Intelligence Community Interests
Prepared for
Jean Doe
International Vice President
Marketing & Public Relations
Central Global Communications
Tirana, Albania
Prepared by
[STUDENT NAME]
Marketing Analytics Manager
Central Global Communications
Tirana, Albania
December 7, 2013
CGC Data Security in the 21 St
Century 1
Table of Contents
Introduction .................................................................................................................................................. 2
Purpose and Scope .................................................................................................................................... 2
Background ............................................................................................................................................... 2
Protection of Customer Data .................................................................................................................... 3
Compliance or Refusal by Leadership ....................................................................................................... 3
Disclosure to Customers ........................................................................................................................... 5
Competing Loyalties .................................................................................................................................. 5
Whistleblower Hero or Traitor? ................................................................................................................ 5
Conclusions and Recommendations ............................................................................................................. 6
Conclusions ............................................................................................................................................... 6
Recommendations .................................................................................................................................... 6
Works Cited ................................................................................................................................................... 8
List of Illustrations ......................................................................................................................................... 9
Honor Code Statement ............................................................................................................................... 10
CGC Data Security in the 21 St
Century 2
Introduction
Purpose and Scope
Central Global Communications is a successful international communications company that
encompasses all manner of electronic communications including internet, cellphone, email, server
hosting, photo and video storage, videoconferencing abilities, and financial entity servicing. In today’s
world of government intrusion into the personal data of private citizens Central Global Communications
needs to be prepared for how intelligence community collection of our customer data will affect our
business operations as well as our public image.
Background
Security concerns around electronic mediums have in the past been primarily targeted towards
protecting users/customers from private hackers who broke into systems and gathered personal data
for criminal intentions such as identity theft and financial fraud or to install destructive programs to
cause loss of data. The international community developed and established security and encryption
standards to combat such acts and most service providers established a customer service standard that
they would take responsibility for any harm caused by their security systems failing (Symantec).
For some time now governments around the world have been involved in hacking and breaking security
systems to collect data on citizens of their own or other countries, to gather sensitive intelligence and
diplomatic data, and to test out the disruption of systems in other countries’ infrastructure (Smithson).
While some of this has been in the public domain, until fairly recently this has gone unnoticed by the
average citizen until Bradley Manning, Edward Snowden, Wiki leaks/Julian Assange have made
headlines. I will focus primarily on the invasion by the intelligence agencies of the United States of
America as those are the recent cases most famously revealed to the world.
CGC Data Security in the 21 St
Century 3
Protection of Customer Data
As robust as our security systems currently are and will continue to expand and improve, we must face
the fact that we will never be able to prevent the intrusion by a determined intelligence service. There
is not a system ever built that cannot be broken into; if you can build it they can break it. The US
Government employs hackers to test their own systems against intrusion. Their intelligence services
recruit the most brilliant candidates in their fields before college graduation, and after the 9/11 attacks
top people privately employed in key fields rushed to apply to intelligence agencies (National Security
Agency).
Legal Issues
USA Intelligence agencies were given broad and varying powers under The Patriot Act and the Foreign
Intelligence Surveillance Act and their many variations and updates and revisions (USA PATRIOT ACT)(
Foreign Intelligence Surveillance Act). The key importance of these laws was that they were to be
used only for surveillance of non-USA citizens and only those reasonably suspected of a strong
connection to terrorism. Citizens of the USA have historically taken their constitutionally guaranteed
privacy rights very seriously and citizens of the rest of the world don’t expect that USA laws will apply to
them. While it may still be a matter of debate in the public as to whether the USA intelligence services
have broken their own laws and the laws of other countries, since CGC operates worldwide and is
headquartered within the USA, we are expected to adhere to these laws even within our overseas
operations.
Compliance or Refusal by Leadership
As of the time of this report I am unaware of any requests by any USA intelligence agency for
information from CGC. Given our expansion across the globe it is only a matter of time until that
request is made. Looking at the situation now before any request gives CGC leadership the chance to
CGC Data Security in the 21 St
Century 4
discuss options and determine our policy on the matter. CGC leadership needs to make a decision to
comply or refuse such requests and fight them in FISA courts, which FISA courts almost never refuse
requests (Bernius).
Figure 1: FISA Requests for Surveillance of US Citizens 2005-2012
(Source: http://www.outsidethebeltway.com/charting-33-years-of-fisa-report-data/)
Figure 2: FISA Request Approved Ratings for Business Records on Individuals 2005-2012
Source: http://www.outsidethebeltway.com/charting-33-years-of-fisa-report-data/
Multiple tech companies have been found to have been working in concert with the NSA either by
voluntarily supplying data or in making sure that any encryption could be beaten by the NSA and
selected counterparts in countries allied with the USA (Ball, Borger and Greenwald).
CGC Data Security in the 21 St
Century 5
Disclosure to Customers
CGC leadership needs to decide if we should inform our clients now before requests are made whether
we will accede to requests or fight them in FISA courts. CGC leadership also needs to decide if we do
disclose personal data to intelligence agencies if we are going to tell the customer about that specific
incident, which is also likely against the FISA court order and could result in negative consequences for
CGC (Yahoo News).
Competing Loyalties
Every employee of CGC from the CEO to the night janitor in the Singapore office is a human being with
their own belief system and also with potentially strong opinions about the USA Constitution, personal
rights and freedoms, and if they are even subject to the laws of the United States merely because their
employer is headquartered there. Once CGC leadership makes a decision about the company’s official
position on the matter, the human factor is still the critical variable in how a scenario like this would play
out in the public eye.
Whistleblower Hero or Traitor?
One of the biggest concerns we at CGC should have is if we have whistleblowers that will go public
when these events happen. If we have not warned customers about our planned response to these
requests it coming out could seriously damage our credibility and customer trust. Regardless of whether
we have warned customers in advance ‘in the fine print’, a disclosure of the event by an employee
would bring it to the forefront of our customers’ minds and may have a significant negative impact on
our business reputation and income. Also it could cause both us as a corporation and the employee to
suffer serious consequences by the intelligence agency and its government for ‘tipping their hand’ on
who they are investigating. Whether people such as Manning, Assange, and Snowden are heroes or
traitors to citizens around the world is one that will be forever debated. However, every country has
CGC Data Security in the 21 St
Century 6
secrets and every government will see a whistleblower as a traitor regardless of their relationship with
the USA. This is why no country would accept Snowden before Putin agreed to take him, ostensibly just
to ‘poke’ President Obama. The USA is a world power and the CIA and NSA have an exceptionally long
reach. Manning is probably safest in a US Military Prison, while Snowden and Assange will be looking
over their shoulders for the remainder of their lives.
Conclusions and Recommendations
Conclusions
CGC should establish a policy now on how we will handle requests for private customer data from
government agencies before a request is received and we are forced to respond in panic mode. CGC
should decide what to tell customers, as well as how and when in order to best preserve our public
image. CGC should decide what steps we can take to keep employees from directly disclosing to the
public the interactions between government agencies and CGC.
Recommendations 1. CGC should inform all customers now on what the policy is for handling such requests. It should
be carefully crafted to explain that our hands will be tied legally and we will have no choice in
the matter
2. CGC should subtly point out that even if we refuse, the intelligence agency will likely be able to
beat any security system we have in place and get the information anyway
3. CGC should establish training for all employees about compliance with both our internal policy
on this matter as well as with the applicable laws.
4. CGC should have every employee sign a non-disclosure agreement as part of the new hire
process. CGC should establish in their HR manuals that employees who violate the non-
CGC Data Security in the 21 St
Century 7
disclosure agreement will be immediately terminated with no severance, payouts, or benefits
unless mandated by law.
CGC Data Security in the 21 St
Century 8
Works Cited Ball, James, Julian Borger, and Glenn Greenwald. "Revealed: How US and UK Spy Agencies
Defeat Internet Privacy and Security." The Guardian. Guardian News and Media
Limited, 5 Sept. 2013. Web. 4 Dec. 2013. <http://www.theguardian.com/world/2013/
sep/05/nsa-gchq-encryption-codes-security>.
Bernius, Matt. "Charting 33 Years' of FISA Reports to Congress." Outside the Beltway. N.p.,
12 June 2013. Web. 4 Dec. 2013. <http://www.outsidethebeltway.com/charting-33-
years-of-fisa-report-data/>.
Flaherty, Anne. "Google Asks FISA Court to Lift Gag Order." Yahoo News. Associated Press,
18 June 2013. Web. 4 Dec. 2013. <http://news.yahoo.com/google-asks-fisa-court-
lift-212939956.html>.
"Foreign Intelligence Surveillance Act." Federation of American Scientists. FAS, 15 Oct.
2003. Web. 4 Dec. 2013. <http://www.fas.org/irp/agency/doj/fisa>.
"Introduction to SSL." Symantec. Symantec Corporation, 1995. Web. 4 Dec. 2013.
<http://www.symantec.com/page.jsp?id=how-ssl-works>.
"Opportunities for Students at the National Security Agency." National Security Agency.
NSA, 10 Sept. 2013. Web. 4 Dec. 2013. <http://www.nsa.gov/careers/opportunities_
4_u/students/index.shtm>.
Smithson, S. "Internet Traffic Was Routed via Chinese Servers." The Washington Times.
Washington Times, 15 Nov. 2010. Web. 4 Dec. 2013. <http://www.washingtontimes.
com/news/2010/nov/15/internet-traffic-was-routed-via-chinese-servers/?page=all>.
"The USA PATRIOT Act: Preserving Life and Liberty." Department of Justice. DOJ, n.d.
Web. 4 Dec.2013. <http://www.justice.gov/archive/II/highlights.htm>.
CGC Data Security in the 21 St
Century 9
List of Illustrations
Figure 1: FISA Requests for Surveillance of US Citizens 2005-2012…………………………………………………………4
Figure 2: FISA Request Approved Ratings for Business Records on Individuals 2005-2012……………………...4
CGC Data Security in the 21 St
Century 10
Honor Code Statement
I have abided by CCBC’s academic honor code on this assignment, and I attest that I
have neither cheated in any way nor have I failed to give proper credit to all other
sources of ideas and materials.
DRAFT VERSION FOLLOWS
Data Security in the 21St Century
Customer Privacy Rights versus Intelligence Community Interests
Prepared for
Jean Doe
International Vice President
Marketing & Public Relations
Central Global Communications
Tirana, Albania
Prepared by
[STUDENT NAME]
Marketing Analytics Manager
Central Global Communications
Tirana, Albania
December 7, 2013
CGC Data Security in the 21 St
Century 1
Table of Contents
Introduction .................................................................................................................................................. 2
Purpose and Scope .................................................................................................................................... 2
Background ............................................................................................................................................... 2
Protection of Customer Data .................................................................................................................... 3
Compliance or Refusal by Leadership ....................................................................................................... 3
Disclosure to Customers ........................................................................................................................... 4
Competing Loyalties .................................................................................................................................. 4
Whistleblower Hero or Traitor? ................................................................................................................ 4
Conclusions and Recommendations ............................................................................................................. 5
Conclusions ............................................................................................................................................... 5
Recommendations .................................................................................................................................... 5
Illustrations ................................................................................................................................................... 7
FISA Requests for Surveillance of US Citizens ....................................................................................... 7
FISA Request Approved Ratings for Business Records on Individuals .................................................. 7
Works Cited ................................................................................................................................................... 8
CGC Data Security in the 21 St
Century 2
Introduction
Purpose and Scope
Central Global Communications is a successful international communications company that
encompasses all manner of electronic communications including internet, cellphone, email, server
hosting, photo and video storage, videoconferencing abilities, and financial entity servicing. In today’s
world of government intrusion into the personal data of private citizens Central Global Communications
needs to be prepared for how intelligence community collection of our customer data will affect our
business operations as well as our public image.
Background
Security concerns around electronic mediums have in the past been primarily targeted towards
protecting users/customers from private hackers who broke into systems and gathered personal data
for criminal intentions such as identity theft and financial fraud or to install destructive programs to
cause loss of data. The international community developed and established security and encryption
standards to combat such acts (Symantec) and most service providers established a customer service
standard that they would take responsibility for any harm caused by their security systems failing.
For some time now governments around the world have been involved in hacking and breaking security
systems to collect data on citizens of their own or other countries, to gather sensitive intelligence and
diplomatic data, and to test out the disruption of systems in other countries’ infrastructure. (Smithson)
While some of this has been in the public domain, until fairly recently this has gone unnoticed by the
average citizen until Bradley Manning, Edward Snowden, Wikileaks/Julian Assange have made headlines.
I will focus primarily on the invasion by the intelligence agencies of the United States of America as
those have been the primary cases the public has been exposed to.
CGC Data Security in the 21 St
Century 3
Protection of Customer Data
As robust as our security systems currently are and will continue to expand and improve, we must face
the fact that we will never be able to prevent the intrusion by a determined intelligence service. There
is not a system ever built that cannot be broken into. The US Government employs hackers to test their
own systems against intrusion. Their intelligence services recruit the most brilliant candidates in their
fields before college graduation (Student Opportunities at NSA), and after the 9/11 attacks top people
privately employed in key fields rushed to apply to intelligence agencies.
Legal Issues
USA Intelligence agencies were given broad and varying powers under The Patriot Act (USA Department
of Justice) and the Foreign Intelligence Surveillance Act (USA Department of Justice) and their many
variations and updates and revisions. The key importance of these laws were that they were to be used
only for surveillance of non-USA citizens and only those reasonably suspected of a strong connection to
terrorism. Citizens of the USA have historically taken their constitutionally guaranteed privacy rights
very seriously and citizens of the rest of the world don’t expect that USA laws will apply to them. While
it may still be a matter of debate in the public as to whether the USA intelligence services have broken
their own laws and the laws of other countries, since CGC operates worldwide and is headquartered
within the USA, we are expected to adhere to these laws even within our overseas operations.
Compliance or Refusal by Leadership
As of the time of this report I am unaware of any requests by any USA intelligence agency for
information from CGC. Given our expansion across the globe it is only a matter of time until that
request is made. Looking at the situation now before any request gives CGC leadership the chance to
discuss options and make decision on what our policy will be. CGC leadership needs to make a decision
to comply or refuse such requests and fight them in FISA courts, which FISA courts almost never refuse
CGC Data Security in the 21 St
Century 4
requests (Bernius). Multiple tech companies have been found to have been working in concert with the
NSA either by voluntarily supplying data or in making sure that any encryption could be beaten by the
NSA and selected counterparts in countries allied with the USA. (Greenwald)
Disclosure to Customers
CGC leadership needs to decide if we should inform our clients now before requests are made whether
we will accede to requests or fight them in FISA courts. CGC leadership also needs to decide if we do
disclose personal data to intelligence agencies if we are going to tell the customer about that specific
incident, which is also likely against the FISA court order and could result in negative consequences for
CGC. (CBS News)
Competing Loyalties
Every employee of CGC from the CEO to the night janitor in the Singapore office is a human being with
their own belief system and also with potentially strong opinions about the USA Constitution, personal
rights and freedoms, and if they are even subject to the laws of the United States merely because their
employer is headquartered there. Once CGC leadership makes a decision about the company’s official
position on the matter, the human factor is still the critical variable in how a scenario like this would play
out in the public eye.
Whistleblower Hero or Traitor?
One of the biggest concerns we at CGC should have is if we have whistleblowers that will go public
when these events happen. If we have not warned customers about our planned response to these
requests it coming out could seriously damage our credibility and customer trust. Regardless of whether
we have warned customers in advance ‘in the fine print’, a disclosure of the event by an employee
would bring it to the forefront of our customers’ minds and may have a significant negative impact on
our business reputation and income. Also it could cause both us as a corporation and the employee to
CGC Data Security in the 21 St
Century 5
suffer serious consequences by the intelligence agency and its government for ‘tipping their hand’ on
who they are investigating. Whether people such as Manning, Assange, and Snowden are heros or
traitors to citizens around the world is one that will be forever debated. However, every country has
secrets and every government will see a whistleblower as a traitor regardless of their relationship with
the USA. This is why no country would accept Snowden before Putin agreed to take him, ostensibly just
to ‘poke’ President Obama. The USA is a world power and the CIA and NSA have an exceptionally long
reach. Manning is probably safest in a US Military Prison, while Snowden and Assange will be looking
over their shoulders for the remainder of their lives.
Conclusions and Recommendations
Conclusions 1. CGC should establish a policy now on how we will handle requests for private customer data
from government agencies
2. CGC should decide what to tell customers, as well as how and when.
3. CGC should decide what steps we can take to keep employees from disclosing to the public the
interactions between government agencies and CGC
Recommendations 5. CGC should inform all customers now on what the policy is for handling such requests. It should
be carefully crafted to explain that our hands will be tied legally and we will have no choice in
the matter
6. CGC should subtly point out that even if we refuse, the intelligence agency will likely be able to
beat any security system we have in place and get the information anyway
7. CGC should establish training for all employees about compliance with both our internal policy
on this matter as well as with the applicable laws.
CGC Data Security in the 21 St
Century 6
8. CGC should have every employee sign a non-disclosure agreement as part of the new hire
process. CGC should establish in their HR manuals that employees who violate the non-
disclosure agreement will be immediately terminated with no severance, payouts, or benefits
unless mandated by law.
CGC Data Security in the 21 St
Century 7
Illustrations
FISA Requests for Surveillance of US Citizens
FISA Request Approved Ratings for Business Records on Individuals
Source: http://www.outsidethebeltway.com/charting-33-years-of-fisa-report-data/
CGC Data Security in the 21 St
Century 8
Works Cited Bernius, Matt. Outside The Beltway. 12 June 2013. 4 December 2013.
<http://www.outsidethebeltway.com/charting-33-years-of-fisa-report-data/>.
CBS News. 19 June 2013. 4 December 2013. <http://www.cbsnews.com/news/google-asks-fisa-court-to-
lift-gag-order-on-nsa-surveillance-program/>.
Greenwald, Glenn. "The Guardian." 5 September 2013. 4 December 2013.
<http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security>.
National Secuity Agency . n.d. 4 December 2013.
<http://www.nsa.gov/careers/opportunities_4_u/students/index.shtml>.
Smithson, S. 15 November 2010. The Washington Times. 4 December 2013.
<http://www.washingtontimes.com/news/2010/nov/15/internet-traffic-was-routed-via-
chinese-servers/?page=all>.
Symantec. n.d. 4 December 2013. <http://www.symantec.com/page.jsp?id=how-ssl-works>.
USA Department of Justice. Foreign Intelligence Surveillance Act. n.d. 4 December 2013.
<https://www.fas.org/irp/agency/doj/fisa/>.
—. The USA PATRIOT Act: Preserving Life and Liberty . n.d. 4 December 2013.
<http://www.justice.gov/archive/ll/highlights.htm>.
