Documents
Resources
Learning Center
Upload
Plans & pricing Sign in
Sign Out

Ethics

VIEWS: 52 PAGES: 61

									           CS 305
 Social, Ethical, and Legal
Implications of Computing

          Chapter 5
           Privacy


          Herbert G. Mayer, PSU
              status 4/21/2011
 Slides derived from prof. Wu-Chang Feng


                  1
Syllabus
    Privacy
    Case Study
    Information Explosion
    Terminology
    Public Records, Information
    In-Class Exercise
    Privacy Act 1974
    Covert Government Surveillance
    USA Patriot Act
    Privacy and the Internet
    REAL ID



                              2
Privacy
Two basic concepts
      Zone of inaccessibility near person
         Discussion at dinner in a restaurant
         Going to the toilet
         Public phone privacy
         Stepping across violates a person’s dignity and treats the person
          as a means to an end
      Personal information, e.g. knowledge gathered about a person
         Patient data
         Phone records

Basic conflict:
      Rights of privacy vs. access to information


                                     3
Harms of Privacy
Allows people to plan illegal / immoral activities
     Drug trafficking
     Domestic violence
Allows for abuse of power
     Hide information to someone else’s net harm
Allows for cover-ups
     Enron
Can encourage social and economic inequalities by
 creating cliques of information
     Private club with business dealings discriminating against
      others

                                 4
Benefits of Privacy
 Can have public / private life separated.
      Allows someone to be himself/herself
      Example: professional athletes

 Allows for the creation / discussion of new ideas
      Can protect IP
      Allows for secret plans (good ones)

 Allows people to be at peace to be creative and to
  develop spiritually
 Allows for separation of data into spheres of access
      Student grades 


                                5
Right to Privacy
Grew out of property rights
English common law: "A man's home is his castle"
      Not even the king could enter without probable cause of
       criminal activity

Reaction to Quartering Act of 1765 allowing soldiers to
  reside in homes of citizens
      3rd Amendment: “No Soldier shall, in time of peace, be
       quartered in any house, without the consent of the owner, nor
       in time of war, but in a manner to be prescribed by law”




                                  6
Right to Privacy
U.S.
      Derived right
      1890’s Warren and Brandeis argued for “rights of privacy”
         Combat the abuses of newspapers
         Rights already granted in France
      Eventually, numerous court cases have helped to define the
       limitations and rights of privacy for individuals
      Rosenberg: “privacy is a prudential right”
         Rational agents agree to recognize some privacy rights because
          granting the rights benefits society
         What ethical framework?
         Example: Telemarketing
         See ref: http://www.jstor.org/pss/2220399




                                    7
Aspects of Privacy
Invasion
      Intruding on someone’s daily life, interrupting solitude (spam,
       pop-up windows)
Information collection
      DVD rental records
      Surveillance cameras on street lights
Information processing
      Identity theft from aggregating information
      Collecting financial records to detect terrorist acitivity
Information dissemination
      Spreading private personal information (e.g. e-mail, texts)
      Rumor spreading

                                   8
Case Study
Parents covertly installing a security camera to monitor
  a nanny babysitting a child
      Act utilitarian evaluation
      Rule utilitarian evaluation
      Social contract theory
      Kantian evaluation




                                     9
Information Explosion

 With modern technology, we are leaking information
  everywhere
      E.g. Credit card transactions, e-mail, cell phone records

 Easy to store, easy to gain access to, easy to do bad
  things with




                                10
Terminology
Public record
      Information about an incident or action reported to a
       government agency for the purpose of informing the public
      Examples: birth certificates, marriage licenses, motor
       vehicle records, criminal records, deeds to property

Public information
      Information you provide to an organization that has the
       right to share it with others
      Usually given because of perceived benefit
      Example: phonebooks



                               11
Terminology

Personal information
      Information that is not public information or part of a public
       record
      Once given away, it becomes public information
      Example: favorite eating habits




                                  12
 Public Records
Government has billions of records on citizens
Some examples:
      Census records
          Information to be kept confidential except in national emergencies
          Used to round up Japanese after Pearl Harbor

      Internal Revenue Service records
          Information about income, assets, charitable organizations that you
           support, medical expenses, etc..
          IRS information has been misused / lost / stolen over time
          H&R Block’s use of cross-marketing on users of Free File service

      FBI National Crime Information Center 2000
          39 million records
          More than 80,000 law enforcement agencies have access to these files
          2 million information requests per day, with an average response time of
           less than 1 second
          Abuses and errors have occurred


                                        13
Public Information

 We often give away our rights to our privacy in
  exchange for some benefit (however small)
      Club cards – used as an index into a database of purchases
      TiVos – record information about user’s viewing
       preferences, times, how/when they watch, etc.
         Some information sold to advertisers!
      Car black box – record the last several minutes of usage for
       “diagnostic” purposes
      Enhanced 911 and cell phone GPS
      Cookies




                                 14
In-Class Exercise
 Critics of grocery club cards give examples of card-
  member prices being equal to the regular product
  price at stores without customer loyalty programs.
  In other words, customers who want to get food at
  the regular price must use the card. Customers pay
  extra if they don’t want to use the card.
      Is it fair for a store to charge us more if we don’t want to use
       its loyalty card?
      Is it ethical to give bogus information or to switch cards with
       others to confuse loyalty programs?




                                 15
In-Class Exercise

Most modern cars have a “black box” that records
  important vehicle data such as speed, engine RPM,
  braking, throttle, (sometimes GPS), etc. Argue
  whether or not such data should be private.
      Two points to consider:
         What happens in case of an accident? (e.g. Toyota)
         Should the person have the right to “remove” the information
          before a warrant is issued for the data?




                                   16
Some U.S. Legislation
Federal Communications Act (1934) limits warrantless wire tapping
Fair Credit Reporting Act (1970, 1995) – Privacy and accuracy of
   your bill paying record, credit cards, etc.
The Family Educational Rights and Privacy Act (1974) – students >
   18 yrs old can review educational records and change errors
Employee Polygraph Protection Act (1988) – Prohibits most private
  employers from using lie detector test
Video Privacy Protection Act (1988) – rental companies can’t
   disclose rental records without consent
Children’s Online Privacy Protection Act (2000) – limit amount of
   public information gathered from children using the Internet
Health Insurance Portability and Accountability Act (1996) –
  provides guidelines for protecting privacy of patients and their
  records

                                 17
 U.S. Dept of Health, Education and
 Welfare (now HHS) “Bill of Rights”
Code of Fair Information Practices
  1.   There must be no personal data record-keeping systems whose very
       existence is secret
  2.   There must be a way for an individual to find out what information is
       in his or her file and how the information is being used
  3.   There must be a way for an individual to prevent personal information
       obtained for one purpose from being used for another purpose
       without his or her consent.
  4.   There must be a way for an individual to correct information in his or
       her records
  5.   Any organization creating, maintaining, using, or disseminating
       records of personally identifiable information must assure the
       reliability of the data for its intended use and must take precautions to
       prevent misuse

                                      18
Privacy Act 1974
Codified the principles of HEW in the U.S.
Problems:
      Only applies to government databases
      Only covers records indexed by personal id
      No one in government is in charge of enforcing the
       provisions
      Allows information to be shared between agencies as long as
       it is “routine use”




                                19
Privacy & Information Collection
Wiretapping – interception of a telephone conversation
Does the 4th Amendment apply?
      “The right of the people to be secure in their persons,
       houses, papers, and effects, against unreasonable searches
       and seizures, shall not be violated, and no Warrants shall
       issue, but upon probable cause, supported by Oath or
       affirmation, and particularly describing the place to be
       searched, and the persons or things to be seized”

Tension between government and privacy advocates




                                20
Covert Government Surveillance
Olmstead vs. U.S. (1928)
      Olmstead had bootlegging (alcohol) business
      U.S. wiretapped
      Used evidence to convict
      Supreme court said it was neither search nor seizure since
       only tangible items covered under the 4th amendment




                                  21
Covert Government Surveillance

1934 – Federal Communications Act made it illegal to
  intercept and reveal wire communications
      Privacy advocates happy
      However, during WWII, FBI wanted to reinstate wiretapping
         J. Edgar Hoover - “Intercept but do not reveal” loophole
         Led to decades of covert wiretapping




                                   22
More Government Surveillance
Charles Katz vs. U.S. (1967)
       Bug – hidden microphone
       U.S. “bugged” outside of public phone booth
       Convicted Katz of illegal gambling
       Supreme court ruled in favor of Katz
          “the 4th Amendment protects people, not places”

Led to Omnibus Crime Control and Safe Streets Act (1968)
       Allows policy agency through court order to tap a phone for 30 days
       Government still argued for warrantless wiretapping for national
        security purposes
       Supreme court rejected this in 1972, ruling that 4th Amendment
        forbids warrantless wiretapping




                                      23
More Government Surveillance
Electronic Communications Privacy Act (1986)
      Allows police to attach pen register (displays number dialed)
       for outgoing
      And trap and trace device (displays callers number) for
       incoming
      Court order needed, but not probable cause
      Allows roving wiretaps (moving phone to phone) if target
       actively attempts to evade a wiretap




                                 24
 More Government Surveillance
Challenges of Internet communication
      Increasing use of data networks to carry on illegal activity
      Led to technology and laws to bring wiretapping statutes to
       the Internet
Carnivore
      FBI system from late 1990s that monitored Internet traffic
      Tried to force ISPs to install it (Earthlink)
      Earthlink filed legal challenge, but lost
Communications Assistance for Law Enforcement Act
  (CALEA) (1994)
      Require networking equipment vendors to support wiretapping
       on digital calls (i.e. VoIP).
      Extends (warranted) wiretapping to digital domain

                                  25
More Government Surveillance
9/11
      Loosened many of the precedents for wiretapping and
       surveillance

Warrantless wiretapping after 9/11
      CIA intercepts cell phone numbers being used by top al-
       Qaeda members
      Wanted to wiretap them
      Bush signed order to allow warrantless wiretapping as long as
       one end point was international
      Led to the USA Patriot act




                                    26
USA Patriot Act

Enacted after Sept. 11th, 2001 bombing of the World
  Trade Center with two passenger planes
Congress passed:
      Uniting and Strengthening America by Providing Appropriate
       Tools Required to Intercept and Obstruct Terrorism (USA
       PATRIOT) Act of 2001




                               27
USA Patriot Act
Patriot Act amended more than 15 existing laws
Provisions fell into 4 primary categories
  1.   Providing federal law enforcement and intelligence officials
       with greater authority to monitor communications
  2.   Giving the Secretary of the Treasury greater powers to
       regulate banks, preventing them from being used to launder
       foreign money
  3.   Making it more difficult for terrorists to enter the U.S.
  4.   Defining new crimes and penalties for terrorist activity




                                   28
Uh oh…
Allows :
      Police to install Internet pen registers without demonstrating probable
       cause (reveals URLs and web sites)
      Warrants can be issued if police can show that the information to be
       gained “relevant” to an ongoing criminal investigation
      Roving surveillance loosened so police do not have to
          Show that a target uses a particular device being tapped
          Report the devices that were monitored
      Law enforcement, under certain circumstances, allowed to search
       homes and seize evidence without first serving a search warrant
          If there is reasonable cause that notification will have an adverse effect
      FBI can obtain warrants authorizing the seizure of business, medical,
       educational, and library records of suspects if related to an ongoing
       investigation
          No need for probable cause

                                          29
Patriot Act Success & Failure
Charges brought against 361 individuals
      191 convicted and/or pled guilty

Visible failure
      In our own backyard
      Brandon Mayfield and the phantom fingerprint
         Bombing in Madrid, Spain 3/11/2004
         Partial fingerprint from bag of detonators that matched Mayfield
         FBI warrantless search and seizure and eventual arrest as a
          material witness in May 2004
         Formal apology and $2 million awarded in November 2006




                                   30
 Patriot Act II
Congress reauthorized Act in 2006 with some civil liberty
  protections
      Some provisions made permanent
      4 year sunset clause on roving wiretaps associated with
       people (not phone numbers) and on seizing records without
       probable cause

Unclear what the impact is. See:
      http://www.eff.org/Censorship/Terrorism_militias/patriot-act-II-
       analysis.php
      http://www.alternet.org/story/15541
      For you wikipedia people 
         http://en.wikipedia.org/wiki/USA_PATRIOT_Act


                                  31
Privacy & Information Processing
Data mining of records databases to find patterns and
  relationships
      Secondary use of data
      Collaborative filtering algorithms to determine
       “recommendations” (Netflix, Amazon)
      Identifying taxpayers who need to pay more to the IRS
         Discriminant Function (DIF)
      Syndromic Surveillance System
         NYC system for detecting epidemics and/or environmental
          problems
      Total Information Awareness program
         DARPA project to identify personal behavior patterns
         Finanical, medical, communication, travel, and other records in
          one uber-database


                                    32
In-Class Exercise
Promise of anonymity for the innocent
      Many intelligence-gathering systems have been proposed that mine
       the data and transaction records of an entire population.
      Some examples are bank transactions and email exchanges.
      During the scans, no personal identifiers are specifically accessed
       or stored.
      If a pattern is seen that represents highly suspicious activity, the
       person is at that point identified and an investigation on him/her is
       started.
      Ignoring the question of the accuracy of the pattern-matching
       algorithms and the ethics of monitoring law-abiding citizens, how
       comfortable are you with a promise from the organizations involved
       that they will scan your data anonymously and never identify the
       owner of that data without reasonable cause?



                                     33
 Controlling Data Mining
Who owns the data of a transaction?
      The buyer or the seller?

Opt-in versus opt-out
      Opt-in policy requires customer to explicitly give permission
       for an organization to share information with another
         Preferred by privacy advocates
         Should be treated similarly to patient-doctor relationship
         Hippocratic databases that have explicit rules on how long
          records are stored and who is allowed to obtain records
      Opt-out policy requires the customer to explicitly forbid an
       organization from sharing information with another
         Preferred by direct marketing associations
         Preferred by Facebook


                                    34
Privacy on the Internet?
Cookies
     Allows an organization to do things like “shopping carts” that
      are stateless on the server
     Allows tracking of users visit to the web site
Problems with cookies
     Ads and cookies
        Many sites have linkages to 3rd party advertisers that coordinate
         your visits to multiple sites
        Allows directed advertising
     ISPs tracking of web sites visited to: “provide better service”
        AOL database made available
     Web bugs / beacons
        Usually invisible object that allows checking if the user has
         viewed a page / email
        Back to Facebook…
                                   35
 Facebook’s Beacon
Facebook data-mining application launched
  on November 6, 2007
      Partner Sites:
         Blockbuster, Fandango, eBay, Hotwire,
          Overstock.com, Gamefly, Zappos, and more.
      User’s internet activity monitored, stored, and
       published on Facebook
      Triggered controversy over user privacy
      Resulted in a class-action law suit
      Shut down in September 2009




                                  36
The Process




              37
Privacy Issues
 Lack of notice to users
 Lack of consent from users
 Unauthorized transfers of personal information
 Opt-out as opposed to opt-in (active by default)
 Program found to be active despite user opt-outs
 Program active despite users being signed out
        Data always sent and stored regardless of user authorization
 Violated numerous state and federal laws
             Electronic Communications Privacy Act
             Computer Fraud and Abuse Act
             California Computer Crime Law
             California Consumer Legal Remedies Act


                                      38
Critics
MoveOn.org started a Facebook group/petition
  regarding Beacon’s privacy problems
      Cited the lack of user authorization as the most pressing
       issue
      Gained 50,000 members within 10 days
      Forced Facebook to switch to an opt-in policy
Class-action law suit
Settlement agreement:
      Shut down Beacon program
      Pay $9.5 million into a settlement fund (most went to the
       lawyers)
      Facebook to start a foundation for increasing online privacy
       and security

                                39
My Information & the Internet

Almost everyone with a computer has purchased
 something online
     Requires a login id of some type
     Need address and other things (birthdate, etc)
     What are your rights to this information?

Anything goes!
     Organizations like TRUSTe help to provide users some
      guidance
        Privacy seal that is only given if a site adheres to certain policies
     What happens when the organization goes out of business?



                                    40
National ID anyone?
After Sept. 11, 2001, there has been debate regarding a
   national id system for Americans
      Advantages:
         SSN’s are poor IDs
         Stop illegal aliens from working in U.S.
         Make it more difficult for illegal people to enter country
         Give police a way to positively identify people
      Disadvantages:
         No evidence that it would lead to reduced crime
         Government can do data mining easier




                                    41
Real ID Act
Feb. 2005 – REAL ID Act passed by congress
      Idea was to make driver’s licenses more reliable form of ID.
      Requires all states to issue new licenses by end of 2008.
      Needed to open bank account, fly on plane, receive government
       service, etc…
      Could include a biometric (e.g. fingerprint)

Some issues
      Could bring tracking to new level
      Is basically a national ID card

Status
      Stalled in most states
      Not enforced yet


                                         42
Real ID Act
February, 2005: Congress passes the REAL ID act
      Compels states to design their driver's licenses by 2008 to
       comply with federal antiterrorist standards
      As of 2008, if you live or work in the United States, you will
       need a federally approved ID card to travel on an airplane,
       open a bank account, collect Social Security payments, or
       take advantage of nearly any government service (including
       access to national parks and some courthouses)

Supporters say it adheres to the recommendations of
  the 9/11 Commission and is needed to frustrate both
  terrorists and illegal immigrants


                                  43
Real ID Act
Some fear that it gives unfettered authority to the Department of
  Homeland Security to design state ID cards and driver's
  licenses.
       Possibilities include biometric information such as retinal scans,
        fingerprints, DNA data and RFID tracking technology

Others fear that this effectively results in a national ID card (or
   worse).
       "It's going to result in everyone, from the 7-Eleven store to the bank
        and airlines, demanding to see the ID card. They're going to scan it
        in. They're going to have all the data on it from the front of the
        card...It's going to be not just a national ID card but a national
        database."
               Barry Steinhardt, Director ACLU technology and
               liberty program


                                     44
Criticisms of Real ID Act
Requires licenses contain actual addresses
      There are no exceptions made for those who fear for their personal
       safety (e.g., judges, police/undercover officers, domestic violence
       victims) or do not have a permanent home (e.g., the homeless, who
       may be urgently in need of Medicare or other benefits).
Prohibits states from issuing driver's licenses to illegal aliens.
      Results in these illegal aliens driving without licenses -- which isn't
       going to help anyone's security.
Expensive.
      States are required to verify all information, and redesigning their
       driver's licenses to conform with the law.
      The ID must include features designed to thwart counterfeiting and
       identity theft.
      It's an unfunded mandate: the federal government is forcing the states
       to spend their own money to comply with the act. Estimates of the
       cost to the states for compliance include $120 million.
                                       45
Criticisms of Real ID Act
Concerns exist about the privacy of the data.
      All 50 states' DMVs will share information in common database; may
       verify information given to them against various federal databases.
      States are required to retain copies of the documentation supporting
       the IDs (birth certificates, etc.) for 7-10 years, but no requirements are
       defined for ensuring the security of this information.
      Possible such data will be sold to commercial entities: some states
       already allow driver's license data to be sold to third parties.
      The IDs must include a "common machine-readable technology" that
       must meet requirements set by Department of Homeland Security,
       which has indicated a preference for RFID chip use in the past.
          Private businesses able to use remote scanners to read RFID tags too, for
           inclusion in customer data files, sharing with other organizations, etc.
          No safeguards are defined within the Act to prevent this type of use
           (unlike the requirements in the State Department's addition of RFID to
           passports).




                                          46
Criticisms of Real ID Act
"The wackiest thing is that none of this is required."
      "In October 2004, the Intelligence Reform and Terrorism
       Prevention Act of 2004 was signed into law. That law included
       stronger security measures for driver's licenses, the security
       measures recommended by the 9/11 Commission Report.
       That's already done. It's already law.“
      Ref: Bruce Schneier, security expert
      http://www.schneier.com/blog/archives/2005/05/real_id.html




                                  47
Some discussion
   questions



       48
In-Class Exercise
Critics of grocery club cards give examples of card-member prices
   being equal to the regular prices at stores without customer
   loyalty programs. (In other words, those without a card, or who
   don't want to use it are charged extra fees.) Is it fair for a store
   to charge us more if we don't want to use its loyalty card?
   Explain your reasoning.


Some consumers give phony personal information when they apply
  for rewards/loyalty cards at stores. Others take it a step further
  by regularly exchanging their cards with those held by other
  people. Are these people doing anything wrong? Why?




                                  49
In-Class Exercise
In a recent study, people in subway stations were
   ordered a cheap pen in return for disclosing their
   passwords. About 90 percent offered their
   passwords in return for the pen.

Do people really value privacy?




                           50
In-Class Exercise

Think about what you do when you get up in the
  morning.
How would you act differently if you knew that you were
  being watched?
Would you feel uncomfortable?
Do you think you would get used to being watched?




                          51
In-Class Exercise
Divide the class into two groups (pro and con) to debate
  the proposition that every citizen of the US ought to
  carry a national ID card.


Divide the class into two groups (pro and con) to debate
  President Bush's actions in authorizing warrentless
  surveillance by the NSA.




                          52
In-Class Exercise
Dept. of Homeland Security is interested in using computers to
 identify suspected terrorists operating within the US.
      It would like to mine databases containing information about
       purchases and travel to detect patterns that may identify individuals
       who are engaged in (or planning) terrorist activities.
      The Dept. asks a panel of computer scientists to determine the
       feasibility of this project. Panel member suggests the most difficult
       problem will be determining what patterns of transaction to look for.
      Further: Possible to construct computer program that uses AI to
       mimic a terrorist organization. Program would determine the actions
       needed to execute an act of terror: once these actions are identified,
       possible to search database records to find evidence of these actions.
Debate:
      the wisdom of developing a computer program capable of planning
       the steps needed to execute an act of terror
      the ethics of the Department's plan for mining commercial databases
       for the purpose of detecting potential terrorists' patterns

                                      53
Information Awareness Office
(old logo)




              54
Dilbert the Wise




                   55
More Fun




           56
Additional
Resources

    57
Additional Resources
Right to privacy:
      http://www.fontanalib.org/Constitutional%20Origin%20of%20the%20Ri
       ght%20to%20Privacy.htm
      http://www.publaw.com/privacy.html
      http://www.ala.org/ala/washoff/oitp/emailtutorials/privacya/05.htm
      http://www.epic.org/
      http://tinyurl.com/ds77q
Privacy issues
      http://www.postgazette.com/pg/05058/462446.stm
      http://www.aclu.org/Privacy/Privacylist.cfm?c=130
      http://www.privacy.org/
      http://www.schneier.com/blog/archives/2004/12/the_digital_per.html
      http://www.techweb.com/rss/54200987
      http://tinyurl.com/86546
      http://tinyurl.com/c93en
      http://action.aclu.org/reformthepatriotact/
                                       58
Additional Resources
National ID cards/REAL ID:
      http://www.epic.org/privacy/id_cards/
      http://www.privacy.org/pi/activities/idcard/
      http://tinyurl.com/7dlw9 (Time)
          "The national ID card that isn't, yet"
      http://www.schneier.com/essay-034.html
      http://www.schneier.com/crypto-gram-0112.html#1
      http://tinyurl.com/cgehn (National Review)
      http://tinyurl.com/dymb3 (News.com)
      http://tinyurl.com/bnuxz (News.com)
      http://tinyurl.com/9o8ho
          "DHS privacy chief wary of national IDs"
      http://tinyurl.com/cr4w7 (Washington Post)
      http://www.unrealid.com/
      http://www.schneier.com/blog/archives/2005/05/real_id.html
      http://tinyurl.com/8h4a3 (News.com FAQ on REAL ID)
                                           59
Additional Resources
 Social Security Numbers:
       http://tinyurl.com/dlmsk (News.com)
 Identity theft:
       http://tinyurl.com/9ymqo
       http://tinyurl.com/98ldg
 RFID-enabled passports:
       http://tinyurl.com/e299g (Wired)
 Biometrics
       http://tinyurl.com/a4c8y
 Secure Flight Program:
       http://www.schneier.com/crypto-gram-0508.html#12


                                    60
Additional Resources
NSA telephone monitoring:
      http://en.wikipedia.org/wiki/NSA_warrantless_surveillance_con
       troversy
      http://www.npr.org/news/specials/nsawiretap/legality.html
      http://www.usatoday.com/news/washington/2006-05-10-
       nsa_x.htm
      http://www.acsblog.org/bill-of-rights-2835-guest-blogger-nsa-
       again-violates-the-law.html
      http://www.darkreading.com/document.asp?doc_id=96927&WT
       .svl=column1_1




                                  61

								
To top