Documents
Resources
Learning Center
Upload
Plans & pricing Sign in
Sign Out

Privacy

VIEWS: 13 PAGES: 20

									Privacy

   September 27, 2004

   CS 4001B
   Fall 2004
A Broader View

The US Constitution recognizes no explicit right
  to privacy, but history of court rulings
  recognizes implicit right to be let alone by the
  Government in the 4th Amendment. (Which
  is that?) Thus Roe v. Wade is a privacy-
  related ruling. Laws protecting people from
  others’ attentions are usually justified on
  other grounds (e.g. anti-stalking, anti-
  telemarketing).
What are the key aspects of privacy?

   The rights to keep one’s personal information secret or to
    expect personal information, when disclosed, to be held in
    confidence and to be used only for permitted purposes.
   “The right to be left alone” from unwanted attention, etc.
   The right to be free from surveillance (being followed, watched,
    and eavesdropped upon)


     The phrase comes from a famous 19th Century legal essay by
       Warren and Brandeis prompted by technology developments
       (growing intrusions by newspaper photographers on public).
Privacy

   What is it that these three views have in common?
    Are they just a case of a word being used in different
    senses?
   All three have to do with a person’s rights to control
    or have a say in how they are represented to the
    world. This is very culturally specific!
   All three have to do with people rather than simply
    information subjects. Companies can claim
    confidentiality, but not privacy.
Dealing With Privacy

   Safeguarding personal and group privacy, in
    order to protect individuality and freedom
    against unjustified intrusions by authorities
   Collecting relevant personal information
    essential for rational decision-making in
    social, commericial, and governmental life
   Conducting the constitutionally limited
    government surveillance of people and
    activities to protect public order and safety
Risks of New Technology

   Invisible Information Gathering
    –   Supermarket club cards
    –   Cookies
    –   Data collected by advertisers (data spillage)
    –   Peer-to-peer systems to trade music and other files
   Computer Matching and Profiling
   Location, Location, Location
    –   GPS
    –   Cell phones
    –   Tracking devices in cars
Databases

   Personal information is out there in tons of
    databases
   Lots of complaints about the government’s
    use of computer technology to invade
    citizens’ privacy so:
    –   Privacy Act of 1974
    –   Computer Matching and Privacy Protection Act of
        1988
Privacy Act of 1974

   Restricts the data in federal government records to what is
    relevant and necessary to the legal purpose for which it is
    collected
   Requires federal agencies to publish a notice of their record
    systems in the Federal Register so that the public may learn
    about what databases exist.
   Allows people to access their records and correct inaccurate
    information.
   Requires procedures to protect the security of the information in
    databases
   Prohibits disclosure of information about a person without his or
    her consent (with several exceptions.)
Computer Matching and Privacy
Protection Act of 1988

   Requires the government to follow a review
    process before doing computer matching for
    various purposes

*The Government is careless about following the
    provisions of this law.
Obeying the Rules

   General Accounting Office is Congress’ watchdog agency
     –   Monitor the government’s privacy policies
   1997 study showed that 80% of the federal government web
    sites linked from the White House web page violated provisions
    of the Privacy Act
     –   Some stopped using cookies, others didn’t
   In 2000, only 3% of the sites fully complied with the “fair
    information” standards for notice, choice, access, and security
    established by the Federal Trade Commission for commercial
    web sites (The FTC itself did not comply!)
   Employee leaks
US Constitution 4th Ammendment

   Part of the Bill of Rights (10 amendments that define
    rights of individual citizens)

   The right of the people to be secure in their persons,
    houses, papers, and effects, against unreasonable
    searches and seizures, shall not be violated, and no
    Warrants shall issue, but upon probable cause,
    supported by oath or affirmation, and particularly
    describing the place to be searched and the persons
    or things to be seized.
Weakening the 4th Ammendment

   USA Patriot Act of 2001 lets the government collect
    information from financial institutions on any
    transactions that differ from a customer’s usual
    pattern and eased government access to many other
    kinds of personal information without a court order
   Automated Toll Collection and Itemized Purchase
    Records
   Satellite surveillance and thermal imaging
    –   Issue still open, Supreme Court says maybe an intrusion –
        no rulings made, so government agencies continue to use
        images
Weakening the 4th Ammendment

   Olmstead v. United States (1928)
    –   Use of wiretaps on telephone lines without a court
        order
   Katz v. United States (1967)
    –   Wiretaps reversed
   United States v. Miller (1976)
    –   Law-enforcement agents do not need a court
        order to get bank records
Search and Surveillance Tools

   Electronic Body Searches
   Face-recognition
   What else??
Privacy and Personal Information
   If some forms of privacy are sometimes right, what are the
    implications for system designers?
   If personal information is subject to privacy, then “personal
    information” has to be distinguishable from other kinds of
    information. For example, there could be different requirements
    for securing or exchanging personal information, or for auditing
    a system to demonstrate that personal information has been
    obtained and used properly.
   These are difficult requirements to satisfy. A person’s mother’s
    maiden name (for example) is usually just a field associated
    with a data object. But to satisfy these requirements, “meta-
    information” (information about the information) may also have
    to be stored about where the information came from, what it
    can be used for, etc.
Privacy and Personal Information

   If personal information should be held in confidence, it should
    be clear who can legitimately view it, and who requires special
    authorization.
     –   Which, in turn, suggests that policies governing use restrictions
         (which are often legal documents written to contain a company’s
         liability or customer-service documents written to reassure
         consumers) have technical consequences.
     –   And things change. Companies merge, the laws under which they
         operate change, the significance of information changes, etc. What
         if policies change or change in meaning? Should authorization be
         sought again? (This suggests the need for meta-meta-information
         that associates meta-information with the versions of policies that
         they were gained under.)
Fair Information Practices

   In 1998, the Organization for Economic Co-operation
    and Development (OECD), comprising 30 countries,
    concluded that the role of the private sector is to
    adopt clear privacy policies for disclosure on the
    Internet.
   In 1998, the FTC suggested that privacy policies
    follow a code for fair information practices, which
    overlaps with the OECD Privacy Guidelines.
   These policies are not followed uniformly by
    companies.
Fair Information Practices

   Notice / awareness
     –   E.g. when policy changes; no invisible collection
   Choice / consent
     –   E.g. opt-in rather than opt-out or no consent requirement
   Access / participation
     –   E.g. right to access and challenge personal information
   Integrity / security
     –   E.g. expectation that personal information is not vulnerable to
         leaks
   Enforcement / redress.
     –   E.g. procedure for dealing with disagreements/dissatisfaction
Additional Best Practices

   Collect only the data needed (for specific
    purposes by authorized personnel).
   Keep data only as long as needed.
   Record keepers must be accountable for
    compliance.
Things to Think About

   Concepts aren’t clear (what’s private information and
    why?)
   Privacy isn’t just security
    –   Rights over information use, accuracy, personal
        representation, freedom from intrusion
   Privacy conflicts with other rights
   Privacy by design (designed into a system) imposes
    big information management requirements on
    systems
   Spam, Spam, Spam, Spam…

								
To top