IS 376: Privacy Concerns
October 18, 2012
Perspectives on Privacy
• Discussions of privacy revolve around the notion of ACCESS,
– where access means either physical proximity to a person
– knowledge about that person.
• There is conflict between a person that wants to restrict
ACCESS to them by creating a “a zone of inaccessibility”
(Edmund Byrne) and outsider who wants to gain access.
• Privacy is a social arrangement that allows individuals to have
some level of control over who is able to gain access to their
physical selves and their personal information.
Harms and Benefits of Privacy
– Most wrong doing takes place under cover of privacy (Ferdinand
– Nuclear families cannot share personal issues hence too much
pressure on some (Edmund Leach).
– Outsiders fail to acknowledge a dysfunctional family or abuse until
someone is injured.
– Socialization and individuation are both necessary steps for a
person to reach maturity/blossom (Morton Levine).
– Privacy is recognition of each person's freedom (Jeffry Reiman,
– Privacy lets us be ourselves (Charles Sykes).
– Privacy lets us remove our public persona (Gini Graham).
Is There a Natural Right to Privacy?
• Born out English Common Law tradition:
– “a man’s home is his castle.” No one – not even the
King – can enter without permission, unless there is
PROBABLE CAUSE of criminal activity.
The Fourth Amendment
“The right of the people to be secure in their persons, houses,
papers, and effects, against unreasonable searches and seizures,
shall not be violated, and no Warrants shall issue, but upon
probable cause, supported by Oath or affirmation, and particularly
describing the place to be searched, and the persons or things to
Privacy – What Is It?
• The rights and responsibilities that govern the ACQUISITION,
DISCLOSURE, and USE OF PERSONAL INFORMATION.
– Acquisition - from the individual, third party, legally or
illegally, with or without the individual’s awareness.
– Disclosure - to other people or entities
– Use - storing, manipulating or evaluating personal
Aspects of Privacy
• The Three Aspects are
– Freedom from intrusion
– Control of personal information
– Freedom from surveillance
Kinds of Privacy
• Different aspects:
– Information privacy: collection, use and disclosure of
personally identifiable information (PII).
– Communications privacy: private information should be
safely delivered to the intended party.
– Privacy in public (and work) places: electronic profiling (i.e.,
collecting a variety of in-depth information about an
• Home/work distinction & public space/private space distinction
• Any type of information that is related to a person’s private life or
concerns, recorded in any form.
• Can also be personally identifiable information (PII), which can be used
to uniquely identify, locate or contact a person.
• Not just content - but also events (a transaction) that may implicate a
Privacy-implicating Activities: An Incomplete List
• Health and Medical Records
Purchasing History –
– Direct, Phone, Internet
• Financial transactions of all
types - tax, banking, etc.
• Subscriber Information -
Telephones, Cable TV, Video
– Employment Records
• Communications of all kinds -
– “Judicial History” - Driving
Telephone Calls, emails, etc.
record, civil and criminal cases,
• Credit History
Privacy: The Two-Part Test
• ...the Fourth Amendment protects people, not
places... Katz vs.. United States, 389 U.S. 347
• Courts have used a two-part test to determine
whether, at the time of the search, a defendant had a
legitimate expectation of privacy in the place or things
• Did the person actually expect some degree of privacy?
• Is the person's expectation objectively reasonable -- that is,
one that society is willing to recognize?
Katz vs. United States, 389 U.S. 347 (1967) (Harlan,
Reasonable Expectation of Privacy
• Over the years, court rulings has set the precedent that the key to
understanding privacy issues is reasonable “Expectation of Privacy.”
• These are the general criteria:
– General legal principles: no privacy if behaviors or communications are
knowingly exposed to public view.
– Vantage point: a point where anyone can see or hear what is going on.
– Certain buildings or pieces of land: so most public places come with no
expectation of privacy (some exceptions are public phone booths and
– Technological sophistication: laws are constantly updated to adapt to
new technological innovations.
• A process in which an individual agrees to participate after being
given detailed information about the benefits and potential risks of
his or her action.
• The person must be advised about:
– Nature of information collected
– Why and how it is going to be used
– Freedom to withdraw
Opt-in vs. Opt-out
– Potential customer to self-select the information (services) they
wish to subscribe to, and how the information can be used.
– Information can be sent to customers without prior permission. But
customers must be provided with the option to ask to be removed
from the list.
Some Important Federal Privacy
• 2004: Fair Education Rights and Privacy Act
• 2001: USA Patriot Act (USAPA) [reauthorized in 2006 with amendments]
• 2000: Children’s Online Privacy Protection Act
• 1999: Financial Modernization (Gramm-Leach-Bliley) Act
• 1998: Children’s Online Privacy Protection Act
• 1998: Telephone Anti-Spamming Amendments Act
• 1994: Communications Assistance for Law Enforcement (CALEA)
Some Important Federal Privacy
Laws - b
• 1992: Cable Act
• 1991: Telephone Consumer Protection Act
• 1988: Computer Matching and Privacy Act
• 1988: Video Privacy Protection Act
• 1986: Electronic Communications Privacy Act
• 1984: Cable Communications Policy Act
• 1978: Right to Financial Privacy Act
• 1974: Education Privacy Act
• 1974: Privacy Act
• 1970: Fair Credit Reporting Act
• 1970: Freedom of Information Act
Do you know this man?
Privacy Act of 1974
• “No AGENCY shall disclose any record which is contained in a
system of records by any means of communication to any person,
or to another agency, except pursuant to a written request by, or
with the prior written consent of, the individual to whom the
– Data records should be “relevant and necessary” to the purpose for which
they are collected
– Establish procedures to allow individuals to see, copy and amend records
– Requires publishing notices describing all systems of records (no secret
– Agency is required to make reasonable efforts to maintain accurate, relevant,
timely and complete records about individuals
– Information collected for one purpose MAY NOT be used for another
purpose without notice to or the consent of the subject of record
USA Patriot Act 2001
Four principal categories:
• Provides feds. and Intel. agencies greater authority to
• Gives Sec. of Treasury greater powers to regulate banks,
preventing money laundering.
• Makes it more difficult for terrorists to enter USA.
• Defines new crimes and penalties for terrorist activity.
Does this by:
• Extends jurisdiction of court-ordered wiretaps to entire
• Allows for roving surveillance
• Law enforcement do not need a warranty to intercept
communications if they have permission from owner of
computer systems (e.g. ISP).
Online Privacy Breaches
• Online privacy can be compromised in three ways:
– When personal data is saved on a local computer;
– When the data is transported over the network;
– When the data is stored by a third party.
Web Browsing Privacy
your hard drive by the Web server, typically the one hosting the
Web page being viewed–to identify return visitors and their
• Web bugs
– A Web bug is a very small (often 1 pixel by 1 pixel) image on a
Web page that transmits data about a Web page visitor back to
the Web page’s server. Web bugs are used extensively by
“DoubleClick” and other Internet advertising companies.
– Any software installed without the user’s knowledge that
secretly gathers information about the user and transmits it to
Common Privacy Concerns
• Spam and Other Online Marketing Activities
• Electronic Surveillance and Monitoring
• Invisible information gathering
• Data spillage
• Secondary use of personal information
Top Ten Ways to Protect Privacy
1. Look for privacy policies on the Web
2. Get a separate email account for personal email
3. Teach your kids that giving out personal information
online means giving it to strangers
4. Clear your memory cache after browsing
5. Make sure that online forms are secure
6. Reject unnecessary cookies
7. Use anonymous remailers
8. Encrypt your email
9. Use anonymizers while browsing
10. Opt-out of third party information sharing
Extra! Use common sense
Source: Center for Democracy and Technology (http://www.cdt.org/)
Unauthorized access to a person’s:
– Social Security Number (SSN)
– Drivers License
– Credit Card Number
– Credit Reports
– Passport Numbers
– Birth Certificate
Identity Theft: Consequences
Unauthorized access may affect you by:
– Accessing/Opening bank accounts
– Using your credit cards
– Limiting your ability to do commercial
– Impersonating you at the professional level
– Committing criminal acts in your name
– Stalking you
– And worse yet, ruining your life!
Top Ten Ways to Prevent Identity
1. Destroy private records and statements.
2. Secure your mail.
3. Safeguard your Social Security number.
4. Don't leave a paper trail.
5. Never let your credit card out of your sight.
6. Know who you're dealing with.
7. Take your name off marketers' hit lists.
8. Be more defensive with personal information.
9. Monitor your credit report.
10. Review your credit card statements carefully.
Source: MSN Money
Illinois State Law
• HB 1633 signed by the governor in June 2005 (effective Jan. 1, 2006)
• Very similar to the law passed in California, making IL the second
state to require companies to notify customers in case of security
• Any data collector doing business in the state of Illinois that is
involved in a security breach must notify customers in the “most
expedient time possible” and “without unreasonable delay.”
– Security breach -- unauthorized acquisition of computerized
data that may compromise the security, confidentiality, or
integrity of personal data.
– Methods of notification include writing, electronic
correspondence (e.g. radio and TV), or substitute notice (e-mail,
company website, and state-wide media
– Penalties include lawsuits brought by the Illinois Attorney
General against violators, fines, and individual legal actions to
recover actual damages, punitive damages, and in egregious
cases, plus attorneys fees.
Cell Phones Are Ubiquitous
• More and more cell phone models have built-in Global
Positioning System (GPS) capabilities.
• So this makes tracking in real time a cell phone as easy as
point and click.
• ULocate is one of the commercial providers to offer tracking
• The Federal Communications Commission (FCC) has released
its E911 (Enhanced 911) standard to require that emergency
callers be located within 50 meters.
• The National Emergency Number Association (NENA)
recently approved the technical standard for VoIP E911
specifically targeting Internet phones.
qAdd “Family Educational Rights and Privacy
Act (FERPA)” - 1974
q Allows for students 18 years and older the right to review their educational
records and request changes to records that contain erroneous information.
Students also have the right to prevent information in these records from
being released without their permission, except under certain circumstances.
For students under 18, these rights are held by their parents or guardians.
FERPA applies to all educational institutions that receive funds from the US
Dept. of Education (therefore, all public and private schools)