Privacy Information

The Gulf Coast Kayak Fishing Association (GCKFA) Forum and Web Site.

Privacy and Information Protection Policy

Postings on Message Boards and privacy information warning!

It is important for you to remain aware that when you provide personal information (e.g., last name, address, phone number) in a posting on any message board, that information is available to any other person or user having access and use of that message board, and may be used by someone in a manner unintended by you. For that reason, we discourage you from offering any personally identifying information within a posting to any message board,or data contained within the control panel section of this forum.

Forum Registration:

In order to register, you must provide us with a username (which does not have to be your real name), password and a valid e-mail address. This allows us to protect our community from abusive postings and provides a verifiable point of contact should legal questions arise. At any time, you have the ability to keep your e-mail address hidden from other users by selecting that option within your user profile. When you register, you have the option of providing some additional information such as occupation, interests, and homepage URL. This optional information is made available to other bulletin or message board users to foster a sense of community. If you have any concerns about providing this information, simply leave the fields blank and your registration will still be processed.

Consent to Monitor:

It is our intention to provide access to all law enforcement officials requiring access in the line of duty to assist us in tracking down and prosecuting any unauthorized access, or unauthorized disclosure of the membership or private data. This policy also applies to any person or entity accessing information, on the web site http://www.gulfcoastkayakfising.com/. The use of malicious logic, spyware, or viruses is strictly forbidden and may result in criminal prosecution. The definition of the web site includes but is not limited to any computers, network systems, and devices that supports the GCKFA.

Privacy information:

Any information on the GCKFA membership registration form is provided by each member at their own discretion however we hope the form will be complete. The use of this information is intended for the use of the GCKFA. We intend to take all reasonable precautions to protect every members privacy. Personal information will not be intentionally shared outside of the GCKFA. In the event of an unintentional disclosure every reasonable effort will be made to inform our members as soon as possible. By submitting the membership form you agree to our policies.

This policy may be changed at any time, for any reason, or for no reason at all.

References:

The Electronic Communications Privacy Act of 1986

(ECPA Pub. L. 99-508, Oct. 21, 1986, 100 Stat. 1848, 18 U.S.C. § 2510[1]) was enacted by the United States Congress to extend government restrictions on wire taps from telephone calls to include transmissions of electronic data by computer. Specifically, ECPA was an amendment to Title III of the Omnibus Crime Control and Safe Streets Act of 1968 (the Wire Tap Statute), which was primarily designed to prevent unauthorized government access to private electronic communications. Later, the ECPA was amended, and weakened to some extent, by some provisions of the USA PATRIOT Act. In addition, Section 2709 of the Act, which allowed the FBI to issue National Security Letters to Internet service providers (ISPs) ordering them to disclose records about their customers, was ruled unconstitutional under the First (and possibly Fourth) Amendments in ACLU v. Ashcroft (2004). It is thought that this could be applied to other uses of National security letters (NSLs).

Title I of the ECPA protects wire, oral, and electronic communications while in transit. It sets down requirements for search warrants that are more stringent than in other settings. Title II of the ECPA, the Stored Communications Act (SCA) protects communication held in electronic storage, most notably messages stored on computers. Its protections are weaker than those of Title I, however, and do not impose heightened standards for warrants. Title III prohibits the use of pen register and/or trap and trace devices to record dialing, routing, addressing, and signalling information used in the process of transmitting wire or electronic communications without a search warrant.

Several court cases have raised the question of whether e-mail messages are protected under the stricter provisions of Title I while they were in transient storage en route to their final destination. In United States v. Councilman, a U.S. district court and a three-judge appeals panel ruled they were not, but in 2005, the full United States Court of Appeals for the First Circuit reversed this opinion. Privacy advocates were relieved; they had argued in Amicus curiae briefs that if the ECPA did not protect e-mail in temporary storage, its added protections were meaningless as virtually all electronic mail is stored temporarily in transit at least once and that Congress would have known this in 1986 when the law was passed. (see e.g. RFC 822).

From a rights perspective, the ECPA protects individuals' communications against government surveillance conducted without a court order, from third parties without legitimate authorization to access the messages, and from the carriers of the messages, such as Internet service providers. However it appears to provide little privacy protection to employees with respect to their communications as conducted on the equipment owned by their employer.

Computer Fraud and Abuse Act of 1986

Criminal Offenses Under The Computer Fraud and Abuse Act:
Knowingly accessing a computer without authorization in order to obtain national security data
Intentionally accessing a computer without authorization to obtain:
Information contained in a financial record of a financial institution, or contained in a file of a consumer reporting agency on a consumer.
Information from any department or agency of the United States
Information from any protected computer if the conduct involves an interstate or foreign communication
Intentionally accessing without authorization a government computer and affecting the use of the government's operation of the computer.
Knowingly accessing a protected computer with the intent to defraud and there by obtaining anything of value.
Knowingly causing the transmission of a program, information, code, or command that causes damage or intentionally accessing a computer without authorization, and as a result of such conduct, causes damage that results in:
Loss to one or more persons during any one-year period aggregating at least $5,000 in value.
The modification or impairment, or potential modification or impairment, of the medical examination, diagnosis, treatment, or care of one or more individuals.
Physical injury to any person.
A threat to public health or safety.
Damage affecting a government computer system
Knowingly and with the intent to defraud, trafficking in a password or similar information through which a computer may be accessed without authorization

Patriot Act of 2001

The Act increases the ability of law enforcement agencies to search telephone, e-mail communications, medical, financial and other records; eases restrictions on foreign intelligence gathering within the United States; expands the Secretary of the Treasury’s authority to regulate financial transactions, particularly those involving foreign individuals and entities; and enhances the discretion of law enforcement and immigration authorities in detaining and deporting immigrants suspected of terrorism-related acts. The act also expands the definition of terrorism to include domestic terrorism, thus enlarging the number of activities to which the USA PATRIOT Act’s expanded law enforcement powers can be applied.

The Act was passed by wide margins in both houses of Congress and was supported by members of both the Republican and Democratic parties. Despite widespread congressional support, it has been criticized for weakening protections of civil liberties, as well as being overbroad in regard to its circumstances of application. In particular, opponents of the law have criticized its authorization of indefinite detentions of immigrants; searches through which law enforcement officers search a home or business without the owner’s or the occupant’s permission or knowledge; the expanded use of National Security Letters, which allows the FBI to search telephone, email and financial records without a court order; and the expanded access of law enforcement agencies to business records, including library and financial records. Since its passage, several legal challenges have been brought against the act, and Federal courts have ruled that a number of provisions are unconstitutional.

Many of the act's provisions were to sunset beginning December 31, 2005, approximately 4 years after its passage. In the months preceding the sunset date, supporters of the act pushed to make its sunsetting provisions permanent, while critics sought to revise various sections to enhance civil liberty protections. In July 2005, the U.S. Senate passed a reauthorization bill with substantial changes to several sections of the act, while the House reauthorization bill kept most of the act's original language. The two bills were then reconciled in a conference committee that was criticized by Senators from both the Republican and Democratic parties for ignoring civil liberty concerns.[1] The bill, which removed most of the changes from the Senate version, passed Congress on March 2, 2006 and was signed into law by President George W. Bush on March 9, 2006.

Privacy Act of 1974

Conditions of Disclosure
The Privacy Act states in part:

No agency shall disclose any record which is contained in a system of records by any means of communication to any person, or to another agency, except pursuant to a written request by, or with the prior written consent of, the individual to whom the record pertains....[1]
There are specific exceptions for the record allowing the use of personal records[2]:

For statistical purposes by the Census Bureau and the Bureau of Labor Statistics
For routine uses within a U.S. government agency
For archival purposes "as a record which has sufficient historical or other value to warrant its continued preservation by the United States Government"
For law enforcement purposes
For congressional investigations
Other administrative purposes
The Privacy Act mandates that each United States Government agency have in place an administrative and physical security system to prevent the unauthorized release of personal records.

Computer Matching and Privacy Protection Act
The Computer Matching and Privacy Protection Act of 1988, P.L. 100–503, amended the Privacy Act of 1974 by adding certain protections for the subjects of Privacy Act records whose records are used in automated matching programs. These protections have been mandated to ensure:

procedural uniformity in carrying out matching programs;
due process for subjects in order to protect their rights, and
oversight of matching programs through the establishment of Data Integrity Boards at each agency engaging in matching to monitor the agency's matching activity.
The Computer Matching Act is codified as part of the Privacy Act.

Access to Records
The Privacy Act also states:

Each agency that maintains a system of records shall—
upon request by any individual ... permit him ... to review the record and have a copy made of all or any portion thereof in a form comprehensible to him ...
permit the individual to request amendment of a record pertaining to him ...

Issues of Scope
The Privacy Act does apply to the records of every "individual," but the Privacy Act only applies to records held by an "agency"

Therefore the records held by courts, executive components, or non-agency government entities are not subject to the provisions in the Privacy Act. You have no right to these records, or at least no right protected by Congressional statute

SANS Institute IT code of Ethics 2004

IT Code of Ethics
Version 1.0 - April 24, 2004
This document may be reproduced and distributed -- providing proper credit to SANS is given.

I will strive to know myself and be honest about my capability.
I will strive for technical excellence in the IT profession by maintaining and enhancing my own knowledge and skills. I acknowledge that there are many free resources available on the Internet and affordable books and that the lack of my employer's training budget is not an excuse nor limits my ability to stay current in IT.
When possible I will demonstrate my performance capability with my skills via projects, leadership, and/or accredited educational programs and will encourage others to do so as well.
I will not hesitate to seek assistance or guidance when faced with a task beyond my abilities or experience. I will embrace other professionals' advice and learn from their experiences and mistakes. I will treat this as an opportunity to learn new techniques and approaches. When the situation arises that my assistance is called upon, I will respond willingly to share my knowledge with others.
I will strive to convey any knowledge (specialist or otherwise) that I have gained to others so everyone gains the benefit of each other's knowledge.
I will teach the willing and empower others with Industry Best Practices (IBP). I will offer my knowledge to show others how to become security professionals in their own right. I will strive to be perceived as and be an honest and trustworthy employee.
I will not advance private interests at the expense of end users, colleagues, or my employer.
I will not abuse my power. I will use my technical knowledge, user rights, and permissions only to fulfill my responsibilities to my employer.
I will avoid and be alert to any circumstances or actions that might lead to conflicts of interest or the perception of conflicts of interest. If such circumstance occurs, I will notify my employer or business partners.
I will not steal property, time or resources.
I will reject bribery or kickbacks and will report such illegal activity.
I will report on the illegal activities of myself and others without respect to the punishments involved. I will not tolerate those who lie, steal, or cheat as a means of success in IT.
I will conduct my business in a manner that assures the IT profession is considered one of integrity and professionalism.
I will not injure others, their property, reputation, or employment by false or malicious action.
I will not use availability and access to information for personal gains through corporate espionage.
I distinguish between advocacy and engineering. I will not present analysis and opinion as fact.
I will adhere to Industry Best Practices (IBP) for system design, rollout, hardening and testing.
I am obligated to report all system vulnerabilities that might result in significant damage.
I respect intellectual property and will be careful to give credit for other's work. I will never steal or misuse copyrighted, patented material, trade secrets or any other intangible asset.
I will accurately document my setup procedures and any modifications I have done to equipment. This will ensure that others will be informed of procedures and changes I've made.
I respect privacy and confidentiality.
I respect the privacy of my co-workers' information. I will not peruse or examine their information including data, files, records, or network traffic except as defined by the appointed roles, the organization's acceptable use policy, as approved by Human Resources, and without the permission of the end user.
I will obtain permission before probing systems on a network for vulnerabilities.
I respect the right to confidentiality with my employers, clients, and users except as dictated by applicable law. I respect human dignity.
I treasure and will defend equality, justice and respect for others.
I will not participate in any form of discrimination, whether due to race, color, national origin, ancestry, sex, sexual orientation, gender/sexual identity or expression, marital status, creed, religion, age, disability, veteran's status, or political ideology.