Privacy and personal informationbased on “ A Gift of Fire”, Basse, Prentice Hall, 2003

CS480 Computer Science Seminar

Fall, 2002

The impact of technology on privacy

• Former communist East Germany: detailed dossiers (opinions and activities) of about 6 million people, about a third of its population. The paper files filled about 125 miles of shelf space.

• Computer are not necessary to invade privacy. But computer technology greatly facilitates the file creation, merging, processing, and dissemination. It allows search and surveillance of huge numbers of people, often without our knowledge.

• Today, privacy is probably the “computer issue” that worries people most.

Importance of privacy

• “The man who is compelled to live every minute of his life among others and whose every need, thought, desire, fancy or gratification is subject to public scrutiny, has been deprived of his individuality and human dignity. He merges with the mass. … Such a being, although sentient (conscious), is fungible (exchangeable or substitutable); he is not an individual.” Edward J. Bloustein

• “It’s important to realize that privacy preserves not personal secrets, but a sense of safety within a circle of friends so that the individual can be more candid, more expressive, more open with “secrets”. Robert Ellis Smith.

Three key aspects of privacy

• Freedom from intrusion --- being left alone.

• Control of information about oneself.

• Freedom from surveillance (followed, watched, and eavesdropped on).

Critics of privacy

• “What do you have to hide?”

• Privacy – protects the guilty .– allows frauds.– it covers deception, hypocrisy, and

wrongdoing.

Privacy involves a balancing act

• Safeguarding personal and group privacy in order to protect individuality and freedom against unjustified intrusions by authorities.

• Collecting relevant personal information essential for rational decision-making in social, commercial, and governmental life.

• Conducting the constitutionally limited government surveillance of people and activities necessary to protect public order and safety.

Risks of the computer and networking technology (in the context of privacy)

Technologies may be used for

• Invisible information gathering.

• Secondary use.

• Computer matching and profiling.

• Enhancing the surveillance and tracking devices such as cameras, cell phones, satellites, GPS, computer chips can be used to locate and track individuals.

Invisible information gathering

Some examples:– Cookie technology (storing files on user’s hard disk)– Using credit or membership card– Surfing the web, there are tools that gathers info

about user’s activities (e.g., DoubleClick received financial info from a Quicken Web site; QuickClick, a service of NBCi that allows users to click any word and get info about the word, in the meantime, it also transmit user’s ID with each selected word.)

– Making a 800 or 900 call (automatically identify and file caller’s phone #)

Secondary use• Use of information for a purpose other than the

one for which it was supplied. Examples include:– Sales of consumer information to marketers or other

businesses.– Use of information in various databases to deny

someone a job, insurance coverage, etc.– Usenet newsgroups

• Thousands groups covering sensitive political, sexual, health, and religious topics.

• Posting amount to gigabytes a day which are archived. • Some employers review posting of job applicants using

powerful search engines.• Google acquired a Usenet archive with 630 million posting

from about 35,000 newsgroups in 2001.)

Computer matching and profiling

• Matching: combining and comparing information from different databases (e.g., use a person’s social security number to match records.)– Businesses use it to create consumer dossiers– Government uses it for detecting fraud and enforcing

laws.• Profiling: using data in computer files to

determine characteristics of people most likely to engage in certain behavior.– Businesses use it to find people who are likely

customers for specific products and services.– Government agencies use it to identify people to

watch

Enhancing the surveillance and tracking devices

• Cameras• Cell phones• GPS• EZ-Pass• Chips (implanted in animals or people)• Federal government ordered all wireless and cell

phone to have tracking capabilities for all 911 calls.

• A rental car agency fined a man for speeding based on information from a tracking device in the car.

“Big brother” (the government) is watching you

• In George Orwell’s novel “1984”, government watches everyone virtually all the time via “telescreens” in all home and public places. There was little crime and political dissent, and there is no love and no freedom.

“Big brother” (the government) is watching you• Databases: in 1982, federal agencies had about 3.5

billions personal files, 15 per person in the country, to help them perform their functions.

• Some misuses– In the 1960s and 1970s, FBI secretly used its National Crime

Information Center (NCIC) databases to track the movements of thousands of law-abiding citizens who happened to oppose the Vietnam War.

– Many other incidences where personal records were misused.• In the 1990s, both the IRS and the FBI announced plans

to drastically expand their databases. The IRS wanted to build a huge database of individuals, combining information from federal, state, and commercial sources, including motor vehicle department, credit bureaus, state and local real estate records, and so on. (What if IRS matches tax returns with files of a computerized dating service that include possibly exaggerated information on income?)

Federal Legislations

• To prevent misuse– The Privacy Act of 1974 (detailed in the

following slide)– The Computer Matching and Privacy

Protection Act of 1988

Privacy Act of 1974

• Restricts the data in federal government records to what is “relevant and necessary” to the legal purpose for which it is collected.

• Requires federal agencies to publish a notice of their record systems in the Federal Register so that the public may learn about what databases exists.

• Allows people to access their records and correct inaccurate information.

• Requires procedures to protect the security of the information in databases.

• Prohibits disclosure of information about a person without his or her consent.

The Computer Matching and Privacy Protection Act of 1988

• Government agencies are required to follow a review process before doing computer matching for various purposes.

• The congress found out a few years later that the government agencies were quite careless about following the provisions of the law.

Who will guard the guards themselves?

• The matching and profiling result in new attitude toward law enforcement: presumption of guilt instead of the traditional presumption of innocence.

• The General Accounting Office (GAO) is congress’ watchdog agency. It has found numerous violation of the laws by government agencies. Some examples:– Investigation in 1996 found White House maintain a secret

database on 200,000 people.– 1997: 80% of federal government web sites violated provision of

privacy act.– In 2000: only 3% of 65 government web sites fully comply with

the “fair information” standards.– Many leakages of information from FBI’s NCIC by employees

including selling information to private investigators, snooping on political opponents, and altering and deleting information.

– A high-ranking IRS official was indicted for selling info from tax files.

The Fourth Amendment

• “The right of the people to be secure in their persons, housed, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be search, and the persons or things to be seized.”

Weakening of the Fourth Amendment• Files and databases about us are in the hands of

doctors, financial advisors, business organizations, and government agencies.

• Many laws allow law enforcement agencies to get information from non-governmental databases without a court order, e.g., without a court order, the FBI may get information from credit reports about individuals, student and many other records; law enforcement agencies can have access to medical records without court orders (federal medical privacy rules of 2001); the government may collect information from financial institutions on any transactions that differ from a customer’s usual pattern and eased government access to many other kinds of personal information without court order (the USA Patriot Act of 2001 after 9-11).

Weakening of the Fourth Amendment continued

• Supreme court decisions and expectation of privacy: – 1928: Supreme Court rules wiretaps on telephone

lines without court order was not illegal (seizure of “conversation” is not physical seizure of material things).

– 1967: Supreme Court reversed the position that 4th Amendment does apply to conversation.

– However, the ruling in 1976 (U.S. v. Miller) weakens the 4th Amendment. The ruling relies on the concept known as “expectation of privacy” as illustrated in the following example. If we share information with businesses such as our bank, then we have no reasonable expectation of privacy for that information, and law enforcement agencies do not need a court order to get the information.

Further erosion of privacy

• Satellite surveillance and thermal imaging– photos taken by satellite is detailed enough to show

our backyard (have been used to catch people growing cotton without permit)

• Automated toll collection– Bridges, tunnels, and toll roads use automated toll

collection systems which created detailed billing records of drivers (time, places, etc.)

• Itemized purchase records– Law enforcement agencies have asked bookstores

and online seller Amazon.com to turn over records of books purchased by particular people.

Further erosion of privacy continued

• Electronic body searches with x-ray devices: ACLU termed it “an electronic strip search”.

• Face-recognition systems: Tampa police used a computer to scan the faces of all 100,000 uninformed fans and employees who entered the 2001 super Bowl to match against the criminal records. (the face-recognition technology has an accuracy rate of around 50%. Potentially, innocent people could have been wrongly detained.)

• Obviously, appropriateness on the use of these technologies must be carefully assessed and policies and guidelines on their use formulated.

• After 9-11, attitude toward surveillance technologies and policies changed dramatically in the U.S. Yet, the core of the security failure in 2001 was that the U.S. intelligence agencies failed to know that the attack was planned. Are we better or worse off with all the changes?

More search and surveillance tools

• Electronic body searches

• Who’s got your picture?

• Fighting terrorism

Consumer information

• Databases and marketing

• Children on the Web

• Credit bureaus

• Principles for data collection and use

More privacy risks

• Social security numbers

• National ID systems

• Personal health and medical information

• Public records: access vs. privacy

Protecting privacy: education, technology, and markets

• Awareness

• Privacy technologies and market responses– Privacy-enhancing technologies– Trusted third parties– Paying for consumer information– Are businesses getting the message?

Protecting privacy: law and regulation

• Philosophical views– Warren and Brandeis: the inviolate personality– Judith Jarvis thomas: is there a right to

privacy?– Criticism of Warren and Brandeis and of

thomson.– Applying the theorems.– Transactions

Contrasting viewpoints

• The free-market view

• The consumer-protection view

Contract and regulations

• A basic legal framework

• Requiring specific consent policies

• Regulation

• Ownership of personal data

• Conflicts with freedom of speech.

• Privacy regulations in the European Union.

Chapter 5 Homework

• Problems 2, 3, 5, 6, 8, 10, 11

What’s new in this week’s news

• Two articles in the Newsweek, 10-14-2002– “Those annoying ads that won’t go away”, B. Stone.

Hate those ‘pop-ups’ intrusions on your computer screen? Things may improve.

– “Glitterati vs. geeks”, S. Levy. Hollywood and Silicon Valley take the fight over content to the Supremes. Several interesting bills (some not yet passed):

• 1998 Sonny Bono Copy Right Extension Act• 1998 digital Millennium Copyright Act• Broadband Promotion Act• Peer to Peer Privacy Promotion Act• Digital Television Bills