Privacy and Privacy and Personal Personal Information Information A supplementary guide to A supplementary guide to a complex and a complex and controversial social controversial social phenomenon. phenomenon. http://www.youtube.com/watch?v=dfZhCB457Gs http://www.youtube.com/watch?v=dfZhCB457Gs
40
Embed
Privacy and Personal Information A supplementary guide to a complex and controversial social phenomenon. .
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Privacy and Privacy and Personal Personal
InformationInformationA supplementary guide to a A supplementary guide to a complex and controversial complex and controversial
social phenomenon.social phenomenon.http://www.youtube.com/watch?v=dfZhCB457Gshttp://www.youtube.com/watch?v=dfZhCB457Gs
Three Key Aspects of PrivacyThree Key Aspects of Privacy
Freedom from intrusion-being left Freedom from intrusion-being left alonealone
Control of information about Control of information about oneselfoneself
Freedom from surveillance (from Freedom from surveillance (from being followed, watched, and being followed, watched, and eavesdropped upon)eavesdropped upon)
Personal InformationPersonal Information
Any information relating to, or traceable to an Any information relating to, or traceable to an individual personindividual person
Any information associated to a particular Any information associated to a particular person’s “handle”, user name, online person’s “handle”, user name, online nickname, ID number or email addressnickname, ID number or email address
Not restricted to text data, also includes Not restricted to text data, also includes imagesimages
Invisible Information GatheringInvisible Information Gathering
ISP LogsISP Logs CookiesCookies Data SpillageData Spillage
ISP LogsISP Logs
Where we wentWhere we went What we didWhat we did How long we stayedHow long we stayed
CookiesCookies
At first controversialAt first controversial Shopping cartsShopping carts
A site with name/address can link information in A site with name/address can link information in cookies with uscookies with us
Data SpillageData Spillage
DoubleClick – received financial DoubleClick – received financial information from Quickeninformation from Quicken
E-Loan had partners collecting its customer E-Loan had partners collecting its customer informationinformation
Secondary Use of Personal Secondary Use of Personal InformationInformation
Computer MatchingComputer Matching Combining and comparing information from different databases Combining and comparing information from different databases
(usually using a person’s SSN to match records)(usually using a person’s SSN to match records)
Computer ProfilingComputer Profiling Using data in computer files to determine characteristics of people Using data in computer files to determine characteristics of people
most likely to engage in certain behaviormost likely to engage in certain behavior Used by businesses to determine what people are likely to buyUsed by businesses to determine what people are likely to buy Used by federal agencies to identify people to watch – people who Used by federal agencies to identify people to watch – people who
have committed no crime but have the propensity to do sohave committed no crime but have the propensity to do so
DatabasesDatabases
1982 – Government agencies had an estimated 1982 – Government agencies had an estimated 3.5 billion personal files, roughly 15 per 3.5 billion personal files, roughly 15 per person in the countryperson in the country
Computer Matching and Privacy Protection Computer Matching and Privacy Protection Act of 1988Act of 1988
Requires government agencies to follow a review Requires government agencies to follow a review process before doing computer matching for various process before doing computer matching for various purposespurposes
The Fourth AmendmentThe Fourth Amendment
The right of the people to be secure in their The right of the people to be secure in their persons, houses, papers and effects, against persons, houses, papers and effects, against unreasonable searches and seizures, shall not unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or upon probable cause, supported by Oath or affirmation, and particularly describing the affirmation, and particularly describing the place to be searched, and the persons or place to be searched, and the persons or things to be seized.things to be seized.
Satellite Surveillance and Satellite Surveillance and Thermal ImagingThermal Imaging
Satellite SurveillanceSatellite Surveillance Satellite imaging to view a person’s property for Satellite imaging to view a person’s property for
the growth of marijuana or cotton not illegalthe growth of marijuana or cotton not illegal Used by local governments to see non-permitted Used by local governments to see non-permitted
housing additions that could raise taxeshousing additions that could raise taxes Thermal ImagingThermal Imaging
Not permitted without a warrantNot permitted without a warrant
The Fourth AmendmentThe Fourth Amendment
““Government uses a device that is not in Government uses a device that is not in general public use, to explore details of the general public use, to explore details of the home that would previously have been home that would previously have been unknowable without physical intrusion, the unknowable without physical intrusion, the surveillance is a ‘search’” and requires a surveillance is a ‘search’” and requires a warrant.warrant.
Consumer InformationConsumer Information
The following issues are relevant to The following issues are relevant to the collection and use of the collection and use of consumer information.consumer information.
Databases and MarketingDatabases and Marketing Children on the WebChildren on the Web Principles for Data CollectionPrinciples for Data Collection
Databases and MarketingDatabases and Marketing
Besides the Government, many Besides the Government, many corporate database systems track the corporate database systems track the personal information of consumers. personal information of consumers.
Used for unsolicited mailing lists, Used for unsolicited mailing lists, targeting internet advertising (by targeting internet advertising (by location or user), internal customer location or user), internal customer reliability evaluations, identifying reliability evaluations, identifying potential members for an organization potential members for an organization based on common interest, and so on.based on common interest, and so on.
Benefits of Corporate Benefits of Corporate DatabasesDatabases
Many users respond to targeted Many users respond to targeted advertisementsadvertisements
92,000,000 Americans respond by purchasing 92,000,000 Americans respond by purchasing products or sending contributions.products or sending contributions.
Corporations send out fewer catalogs with Corporations send out fewer catalogs with targeting – fewer disinterested recipients.targeting – fewer disinterested recipients.
Targeted web offers are clicked 16 times Targeted web offers are clicked 16 times as probably as untargeted ads. Up to 50 as probably as untargeted ads. Up to 50 times as likely to be used as newspaper times as likely to be used as newspaper printed offers.printed offers.
Problems with Corporate Problems with Corporate DatabasesDatabases
Privileged information and unwanted Privileged information and unwanted contact.contact.
Tracking purchases of alcohol, cigarettes, Tracking purchases of alcohol, cigarettes, contraceptivescontraceptives
Creating lists of likely sufferers of infertility or EDSCreating lists of likely sufferers of infertility or EDS Lists of hacking enthusiasts, neo-nazi searches, etc.Lists of hacking enthusiasts, neo-nazi searches, etc.
Difficult to undo the damageDifficult to undo the damage Expecting mother has miscarraigeExpecting mother has miscarraige Dissemination of personal data to prisoners Dissemination of personal data to prisoners
(Metromail)(Metromail) Change-of-address notice provided to mass mailersChange-of-address notice provided to mass mailers
Children on the WebChildren on the Web
Children cannot make informed Children cannot make informed decisions about providing personal decisions about providing personal information on the web.information on the web.
In 1998, 89% of child targeted sites In 1998, 89% of child targeted sites collected information.collected information.
In 2000 sites were banned from collecting In 2000 sites were banned from collecting information on children under 13 without information on children under 13 without verified parental consent.verified parental consent.
Children can also be victimized by Children can also be victimized by net-savvy child predators.net-savvy child predators.
Principles For Data Principles For Data CollectionCollection
The main tenet of appropriate The main tenet of appropriate data collection is that a data collection is that a consumer must give informed consumer must give informed consent.consent. 1. Collect only the data
needed
2. Explain your policy
3. Offer an opt-out
4. Protect Sensitive Data
5. Do not keep unneeded data
6. Maintain accuracy and security
7. Let people access their data
Privacy RisksPrivacy Risks
As it becomes easier to identify and As it becomes easier to identify and coordinate an individual’s coordinate an individual’s information, it becomes easier to information, it becomes easier to abuse this nexus of information.abuse this nexus of information.
Social Security Numbers enabled Social Security Numbers enabled Identity Thief'sIdentity Thief's
A National ID system could A National ID system could aggravate the situationaggravate the situation
Benefits of National ID Benefits of National ID CardsCards
As a physical object, the ID card offers As a physical object, the ID card offers security.security.
As a technologically advanced card As a technologically advanced card (microchip, magnetic strip, hologram, (microchip, magnetic strip, hologram, etc.) forgery is harder.etc.) forgery is harder.
Regulated national ID would Regulated national ID would encourage heightened security – encourage heightened security – illegal immigrants and wanted illegal immigrants and wanted criminals would not easily get around.criminals would not easily get around.
Detriments of ID CardsDetriments of ID Cards
Police States and unwarranted Police States and unwarranted government involvement.government involvement.
Encourages dissemination of personal Encourages dissemination of personal information – damages personal privacy.information – damages personal privacy.
Mistakes in the system would cause Mistakes in the system would cause wide-spread consequences for all wide-spread consequences for all affected.affected.
Woman mistakenly marked dead by IRS – with Woman mistakenly marked dead by IRS – with national ID would have been denied access to national ID would have been denied access to many more necessities of society.many more necessities of society.
Personal Health and Medical Personal Health and Medical InformationInformation
Paper records allowed numerous people Paper records allowed numerous people to see information they don’t necessarily to see information they don’t necessarily requirerequire
Database-based computerized records Database-based computerized records allow for control over information allow for control over information released to protect patient privacyreleased to protect patient privacy
For medical insurance, we give up a lot of For medical insurance, we give up a lot of private information to verify visits, which private information to verify visits, which allows insurance companies to detect or allows insurance companies to detect or prevent fraudprevent fraud
Public RecordsPublic Records
1994 – Driver’s Privacy Protection Act1994 – Driver’s Privacy Protection Act Prohibits unauthorized disclosure of state Prohibits unauthorized disclosure of state
motor-vehicle-department recordsmotor-vehicle-department records Allows disclosure to any government agency Allows disclosure to any government agency
and to private investigatorsand to private investigators Long available on paper, when filed for – Long available on paper, when filed for –
allowed identity of anyone viewing itallowed identity of anyone viewing it Now available online – allows anonymityNow available online – allows anonymity
Legal PrecedentsLegal Precedents
We’ve shown you how the world We’ve shown you how the world works, and given examples where works, and given examples where policy changes have been effected.policy changes have been effected.
Now, let us consider what Now, let us consider what precedents have guided the precedents have guided the development of these policies. You development of these policies. You will find that many policies seem to will find that many policies seem to violate passed legislation. Are these violate passed legislation. Are these laws outdated, or under-enforced? laws outdated, or under-enforced?
From 1970, this act is considered to be From 1970, this act is considered to be the first law, anywhere in the world, to the first law, anywhere in the world, to regulating use of consumer information.regulating use of consumer information.
Credit Bureaus may only disclose information to Credit Bureaus may only disclose information to employers, the government, and insurance employers, the government, and insurance agencies.agencies.
A clause made an exception for “others A clause made an exception for “others who need [the information] for who need [the information] for legitimate business purposes involving legitimate business purposes involving the consumer.”the consumer.”
Further ActsFurther Acts
These issues extend far further than These issues extend far further than was presented in the text, and many was presented in the text, and many of the following laws exemplify the of the following laws exemplify the complex and ever-changing nature complex and ever-changing nature of privacy litigation.of privacy litigation.
1974 - Privacy Act of 1974 - Privacy Act of 19741974
““No agency shall disclose any record No agency shall disclose any record which is contained in a system of which is contained in a system of records by any means of communication records by any means of communication to any person, or to another agency, to any person, or to another agency, except pursuant to a written request by, except pursuant to a written request by, or with the prior written consent of, the or with the prior written consent of, the individual to whom the record individual to whom the record pertains…”pertains…”
1974 – Privacy Act of 1974 – Privacy Act of 19741974
Exceptions:Exceptions: For statistical purposes by the Census Bureau and the For statistical purposes by the Census Bureau and the
Bureau of Labor Statistics Bureau of Labor Statistics For routine uses within a U.S. government agencyFor routine uses within a U.S. government agency For archival purposes “as a record which has sufficient For archival purposes “as a record which has sufficient
historical or other value to warrant its continued historical or other value to warrant its continued preservation by the United States Government"preservation by the United States Government"
For law enforcement purposes For law enforcement purposes For congressional investigations For congressional investigations Other administrative purposesOther administrative purposes
Each U.S. Government agency must have in Each U.S. Government agency must have in place an administrative and physical security place an administrative and physical security system to prevent the unauthorized release of system to prevent the unauthorized release of personal recordspersonal records
1986 – Computer Fraud and 1986 – Computer Fraud and Abuse ActAbuse Act
Criminal Offenses:Criminal Offenses: Intentionally accessing a computer Intentionally accessing a computer
without authorization to obtain without authorization to obtain information contained in a financial information contained in a financial record of a financial institution, or record of a financial institution, or contained in a file of a consumer contained in a file of a consumer reporting agency on a consumerreporting agency on a consumer
Extended the government’s Extended the government’s restrictions on wire taps to include restrictions on wire taps to include transmissions of electronic data by transmissions of electronic data by computerscomputers
Designed to prevent unauthorized Designed to prevent unauthorized government access to private government access to private electronic communicationselectronic communications
Title I – protects electronic communication Title I – protects electronic communication while in transitwhile in transit
Title II – Stored Communications Act – Title II – Stored Communications Act – protects messages stored on computers, protects messages stored on computers, slightly weaker than Title Islightly weaker than Title I
Title III – prohibits the use of pen register Title III – prohibits the use of pen register and/or trap and trace devices to record and/or trap and trace devices to record dialing, routing, addressing and signaling dialing, routing, addressing and signaling information used in the process of information used in the process of transmitting wire or electronic transmitting wire or electronic communicationscommunications
1988 – Video Privacy 1988 – Video Privacy Protection ActProtection Act
Prevents “wrongful disclosure of Prevents “wrongful disclosure of video tape rental or sale records”video tape rental or sale records”
Any “video tape service provider” Any “video tape service provider” that discloses rental information that discloses rental information outside the ordinary course of outside the ordinary course of business liable for up to $2500 in business liable for up to $2500 in actual damagesactual damages
1994 – Communications Assistance 1994 – Communications Assistance for Law Enforcement Actfor Law Enforcement Act
““To amend Title 18, United States Code, to To amend Title 18, United States Code, to make clear a telecommunications carrier’s make clear a telecommunications carrier’s duty to cooperate in the interception of duty to cooperate in the interception of communications for Law Enforcement communications for Law Enforcement purposes, and for other purposes.”purposes, and for other purposes.”
Obliges telecommunication companies to Obliges telecommunication companies to make it possible for law enforcement agencies make it possible for law enforcement agencies to tap any phone conversations made on its to tap any phone conversations made on its networks, as well as made call detail records networks, as well as made call detail records availableavailable
The “tap” on the lines must not be possible The “tap” on the lines must not be possible for the user to detect by a government agencyfor the user to detect by a government agency
1996 – Health Insurance 1996 – Health Insurance Portability and Accountability ActPortability and Accountability Act
Establishes regulations for the use and Establishes regulations for the use and disclosure of Protected Health disclosure of Protected Health Information (PHI)Information (PHI)
Relates to any part of a patient’s medical Relates to any part of a patient’s medical record or payment historyrecord or payment history
““Covered entities” (health plans, billing Covered entities” (health plans, billing services, etc) may only release the services, etc) may only release the minimum required information to minimum required information to facilitate treatmentfacilitate treatment
Must disclose PHI when required by lawMust disclose PHI when required by law
2001 – PATRIOT Act2001 – PATRIOT Act
Provide Appropriate Tools Required Provide Appropriate Tools Required to Intercept and Obstruct Terrorismto Intercept and Obstruct Terrorism
One of the largest anti-privacy acts One of the largest anti-privacy acts passed to datepassed to date
Federal courts have ruled that some Federal courts have ruled that some provisions are unconstitutional provisions are unconstitutional infringements on civil libertiesinfringements on civil liberties
Courtroom ExamplesCourtroom Examples Jessup-Morgan v. America Online, Inc.Jessup-Morgan v. America Online, Inc. Raytheon, Inc. v. John Does, 1-21Raytheon, Inc. v. John Does, 1-21
Your ISP can reveal information about you if they want toYour ISP can reveal information about you if they want to Itex Corp. v. John Does 1-100Itex Corp. v. John Does 1-100
You need not have actually committed a crime You need not have actually committed a crime to have information released your isp. It can to have information released your isp. It can simply be insulting someone with enough simply be insulting someone with enough money, such as corporate managementmoney, such as corporate management
In The Matter of Geocities.In The Matter of Geocities. Companies are required to inform you of how Companies are required to inform you of how
they use your informationthey use your information McVeigh v. CohenMcVeigh v. Cohen
What you say online in chartrooms is your What you say online in chartrooms is your business, and is protected because of the virtual business, and is protected because of the virtual aspect of the internet.aspect of the internet.
Liu v. DeFeliceLiu v. DeFelice Zeran v. America OnlineZeran v. America Online
Impersonating someone on the internet to Impersonating someone on the internet to obtain information is the same as obtain information is the same as impersonating them in real life.impersonating them in real life.
ToySmart bankruptcy caseToySmart bankruptcy case If a company tells you that they will If a company tells you that they will
not release you information, they are not release you information, they are required to uphold the agreement required to uphold the agreement even if it is not signed by the even if it is not signed by the customers.customers.
European Union PrivacyEuropean Union Privacy
Personal Data must be collected for Personal Data must be collected for specific purposesspecific purposes
Data must be removed once it is no longer Data must be removed once it is no longer neededneeded
You need explicit consent to process You need explicit consent to process personal datapersonal data
Your criminal conviction data is privateYour criminal conviction data is private
Class DiscussionClass Discussion Are businesses that provide free Internet Are businesses that provide free Internet
services or PCs in exchange for tracking Web services or PCs in exchange for tracking Web activities offering a fair option for consumers, activities offering a fair option for consumers, or are they unfairly taking advantage of low-or are they unfairly taking advantage of low-income people who must give up some privacy income people who must give up some privacy for these services? for these services?
Should it be illegal for one to secretly hide Should it be illegal for one to secretly hide one’s identity from public observation methods, one’s identity from public observation methods, such as video cameras through the use of such as video cameras through the use of concealed technology?concealed technology?
Should the government be allowed to make Should the government be allowed to make illegal the encryption of phone calls that they illegal the encryption of phone calls that they have made explicit steps to gain access to?have made explicit steps to gain access to?