Privacy

1
Privacy

• September 27, 2004
• CS 4001B
• Fall 2004

2
A Broader View

• The US Constitution recognizes no explicit right
  to privacy, but history of court rulings
  recognizes implicit right to be let alone by the
  Government in the 4th Amendment. (Which is that?)
  Thus Roe v. Wade is a privacy-related ruling.
  Laws protecting people from others attentions
  are usually justified on other grounds (e.g.
  anti-stalking, anti-telemarketing).

3
What are the key aspects of privacy?

• The rights to keep ones personal information
  secret or to expect personal information, when
  disclosed, to be held in confidence and to be
  used only for permitted purposes.
• The right to be left alone from unwanted
  attention, etc.
• The right to be free from surveillance (being
  followed, watched, and eavesdropped upon)
• The phrase comes from a famous 19th Century legal
  essay by Warren and Brandeis prompted by
  technology developments (growing intrusions by
  newspaper photographers on public).

4
Privacy

• What is it that these three views have in common?
  Are they just a case of a word being used in
  different senses?
• All three have to do with a persons rights to
  control or have a say in how they are represented
  to the world. This is very culturally specific!
• All three have to do with people rather than
  simply information subjects. Companies can claim
  confidentiality, but not privacy.

5
Dealing With Privacy

• Safeguarding personal and group privacy, in order
  to protect individuality and freedom against
  unjustified intrusions by authorities
• Collecting relevant personal information
  essential for rational decision-making in social,
  commericial, and governmental life
• Conducting the constitutionally limited
  government surveillance of people and activities
  to protect public order and safety

6
Risks of New Technology

• Invisible Information Gathering
• Supermarket club cards
• Cookies
• Data collected by advertisers (data spillage)
• Peer-to-peer systems to trade music and other
  files
• Computer Matching and Profiling
• Location, Location, Location
• GPS
• Cell phones
• Tracking devices in cars

7
Databases

• Personal information is out there in tons of
  databases
• Lots of complaints about the governments use of
  computer technology to invade citizens privacy
  so
• Privacy Act of 1974
• Computer Matching and Privacy Protection Act of
  1988

8
Privacy Act of 1974

• Restricts the data in federal government records
  to what is relevant and necessary to the legal
  purpose for which it is collected
• Requires federal agencies to publish a notice of
  their record systems in the Federal Register so
  that the public may learn about what databases
  exist.
• Allows people to access their records and correct
  inaccurate information.
• Requires procedures to protect the security of
  the information in databases
• Prohibits disclosure of information about a
  person without his or her consent (with several
  exceptions.)

9
Computer Matching and Privacy Protection Act of
1988

• Requires the government to follow a review
  process before doing computer matching for
  various purposes
• The Government is careless about following the
  provisions of this law.

10
Obeying the Rules

• General Accounting Office is Congress watchdog
  agency
• Monitor the governments privacy policies
• 1997 study showed that 80 of the federal
  government web sites linked from the White House
  web page violated provisions of the Privacy Act
• Some stopped using cookies, others didnt
• In 2000, only 3 of the sites fully complied with
  the fair information standards for notice,
  choice, access, and security established by the
  Federal Trade Commission for commercial web sites
  (The FTC itself did not comply!)
• Employee leaks

11
US Constitution 4th Ammendment

• Part of the Bill of Rights (10 amendments that
  define rights of individual citizens)
• The right of the people to be secure in their
  persons, houses, papers, and effects, against
  unreasonable searches and seizures, shall not be
  violated, and no Warrants shall issue, but upon
  probable cause, supported by oath or affirmation,
  and particularly describing the place to be
  searched and the persons or things to be seized.

12
Weakening the 4th Ammendment

• USA Patriot Act of 2001 lets the government
  collect information from financial institutions
  on any transactions that differ from a customers
  usual pattern and eased government access to many
  other kinds of personal information without a
  court order
• Automated Toll Collection and Itemized Purchase
  Records
• Satellite surveillance and thermal imaging
• Issue still open, Supreme Court says maybe an
  intrusion no rulings made, so government
  agencies continue to use images

13
Weakening the 4th Ammendment

• Olmstead v. United States (1928)
• Use of wiretaps on telephone lines without a
  court order
• Katz v. United States (1967)
• Wiretaps reversed
• United States v. Miller (1976)
• Law-enforcement agents do not need a court order
  to get bank records

14
Search and Surveillance Tools

• Electronic Body Searches
• Face-recognition
• What else??

15
Privacy and Personal Information

• If some forms of privacy are sometimes right,
  what are the implications for system designers?
• If personal information is subject to privacy,
  then personal information has to be
  distinguishable from other kinds of information.
  For example, there could be different
  requirements for securing or exchanging personal
  information, or for auditing a system to
  demonstrate that personal information has been
  obtained and used properly.
• These are difficult requirements to satisfy. A
  persons mothers maiden name (for example) is
  usually just a field associated with a data
  object. But to satisfy these requirements,
  meta-information (information about the
  information) may also have to be stored about
  where the information came from, what it can be
  used for, etc.

16
Privacy and Personal Information

• If personal information should be held in
  confidence, it should be clear who can
  legitimately view it, and who requires special
  authorization.
• Which, in turn, suggests that policies governing
  use restrictions (which are often legal documents
  written to contain a companys liability or
  customer-service documents written to reassure
  consumers) have technical consequences.
• And things change. Companies merge, the laws
  under which they operate change, the significance
  of information changes, etc. What if policies
  change or change in meaning? Should authorization
  be sought again? (This suggests the need for
  meta-meta-information that associates
  meta-information with the versions of policies
  that they were gained under.)

17
Fair Information Practices

• In 1998, the Organization for Economic
  Co-operation and Development (OECD), comprising
  30 countries, concluded that the role of the
  private sector is to adopt clear privacy policies
  for disclosure on the Internet.
• In 1998, the FTC suggested that privacy policies
  follow a code for fair information practices,
  which overlaps with the OECD Privacy Guidelines.
• These policies are not followed uniformly by
  companies.

18
Fair Information Practices

• Notice / awareness
• E.g. when policy changes no invisible collection
• Choice / consent
• ?E.g. opt-in rather than opt-out or no consent
  requirement
• Access / participation
• ?E.g. right to access and challenge personal
  information
• Integrity / security
• ?E.g. expectation that personal information is
  not vulnerable to leaks
• Enforcement / redress.
• ?E.g. procedure for dealing with
  disagreements/dissatisfaction

19
Additional Best Practices

• Collect only the data needed (for specific
  purposes by authorized personnel).
• Keep data only as long as needed.
• Record keepers must be accountable for
  compliance.

20
Things to Think About

• Concepts arent clear (whats private information
  and why?)
• Privacy isnt just security
• Rights over information use, accuracy, personal
  representation, freedom from intrusion
• Privacy conflicts with other rights
• Privacy by design (designed into a system)
  imposes big information management requirements
  on systems
• Spam, Spam, Spam, Spam