Privacy
advertisement
Privacy Is This Big Brother Today? http://news.yahoo.com/blogs/upgrade-your-life/being-monitored114944170.html Pizza http://www.aclu.org/pizza/ But This Isn’t Fiction Check it out: https://aboutthedata.com/#education Nor is This http://digitalshadow.com/ DNA Sequencing DNA Sequencing DNA Sequencing Surreptitious DNA Sequencing The Clock A scary example from the ACLU: http://www.aclu.org/blog/techn ology-and-liberty/marylandsuspends-facebook-passwordpolicy-job-interviews https://www.aclu.org/technology-and-liberty/surveillance-society-clock Privacy Regained 2012 Privacy Tradeoffs • Privacy vs security Privacy Tradeoffs • Privacy vs convenience/price Privacy Tradeoffs • Privacy vs widespread AI How Much Do You Care? How often do you post on Facebook? A. Nearly every day B. Generally at least once a week C. Several times a year D. Never How Much Do You Care? Have you ever untagged yourself from someone else’s Facebook post? A. Often B. Occasionally C. Never Facebook and the Government https://govtrequests.facebook.com/ Recall One Issue: Who Owns the Data? • Conceptual Muddle: Who owns the data, you or Facebook? • Policy Vacuum: Do you have a right to privacy in someone else’s corporate data? Very Personal Privacy A Different Threat RFIDs Doing it with Cell Phones • You go to the hospital and are diagnosed with H1N1. On the Other Hand The New Yorker, page 61, July 5, 1993 … And on the Subject of Phones Policy Vacuums and Privacy “The intensity and complexity of life, attendant upon advancing civilization, have rendered necessary some retreat from the world, and man, under the refining influence of culture, has become more sensitive to publicity, so that solitude and privacy have become more essential to the individual; but modern enterprise and invention have, through invasions upon his privacy, subjected him to mental pain and distress, far greater than could be inflicted by mere bodily injury.” Who said this when? What is Privacy? It’s about access: • To my physical person • To information about me and my life Definitions: • The right to be let alone [Warren and Brandeis, 1890] Policy Vacuums and Privacy Samuel Warren’s problem: The Boston tabloid press liked printing lurid details of the lives of the Boston upper crust. The existing laws: • Laws against libel and slander. • Property law, which, for example, prevents someone from coming in to your house to see who’s there or check out your bank statement. The technology that created the problem: • Widely circulated newspapers. • Cameras. Kodak Brownie introduced in 1884. Louis Brandeis More from Warren and Brandeis Numerous mechanical devices threaten to make good the prediction that “what is whispered in the closet shall be proclaimed from the house-tops”. Brandeis’s evolution of idea • Right to be left alone conflicts with free speech • Intellectual privacy • Protection from the government (not the press) But he didn’t know about Facebook and Google http://tablet.olivesoftware.com/Olive/Tablet/AustinAmericanStatesman/SharedArticle.aspx?href=AAS%2F2015%2F04% 2F19&id=Ar06900 What is Privacy? It’s about access: • To my physical person • To information about me and my life Definitions: • The right to be let alone [Warren and Brandeis, 1890] • The right to control my “zone of inaccessibility” Where do Privacy Zones Come From? When information was mostly analog and local, the laws of physics created an automatic zone of privacy. In a digital world, privacy requires explicitly designed institutions, incentives, laws, technologies, or norms about which information flows are permitted or prevented and which are encouraged or discouraged. The Second Machine Age, p. 253. Why Protect Privacy? • It is a prudential right. • A utilitarian argument: What Can Happen When We Don’t What Can Happen When We Don’t What Can Happen When We Don’t Ravi got 30 days in jail. A: Too lenient. B: About right. C: Too strong The Expectation of Privacy One idea: Privacy is important when someone has the expectation that it exists. Katz v. United States, 389 U.S. 347 (1967) Ruling "The Government's activities in electronically listening to and recording the petitioner's words violated the privacy upon which he justifiably relied while using the telephone booth and thus constituted a 'search and seizure' within the meaning of the Fourth Amendment.“ Regardless of the location, a conversation is protected from unreasonable search and seizure under the Fourth Amendment if it is made with a “reasonable expectation of privacy”. Wiretapping counts as a search (physical intrusion is not necessary). The Expectation of Privacy One idea: Privacy is important when someone has the expectation that it exists. • The expectation exists: • The expectation doesn’t exist: But what’s wrong with this criterion? The Legal Wrangling over GPS Tracking Fred Robinson, 69, is accused of: • Stealing more than $250,000 of public money from the Paideia Academy charter school to start a day-care business, and • Taking as much as $175,000 from his job in Treasurer Larry Williams' office, where he was allegedly a no-show. http://www.wired.com/threatlevel/2012/01/warrantless-gps-monitoring/ The Legal Wrangling over GPS Tracking Here, installation of the GPS tracker device onto defendant Robinson’s Cavalier was not a ‘search’ because defendant Robinson did not have a reasonable expectation of privacy in the exterior of his Cavalier. Agents installed the GPS tracker device onto defendant’s Cavalier based on a reasonable suspicion that he was being illegally paid as a ‘ghost’ employee on the payroll of the St. Louis City Treasurer’s Office. January, 2012, Federal Judge David Noce, in case against Fred Robinson accused of stealing public money. The Supreme Court’s Ruling in a Similar Case January 23, 2012 United States v. Antoine Jones 2005 Police install tracking device while car in parking lot. “We hold that the government's physical intrusion on the Jeep for the purpose of obtaining information constitutes a 'search' .” No Need to Throw it Out • Used to throw out records because: • Needed the space • It was possible • Now we don’t because: • Bits take up very little space • It’s hard in databases No Need to Throw it Out Suppose you could record the totality of your life experience. The storage requirement for a video stream and two audio streams, plus GPS location, is only about 10,000 Gb per year - which will cost about £10 by 2017. Spooky? A: You would do it B: No way. http://cns.utexas.edu/news/entry/wearable-cameras Is Forgetting Important? http://www.archive.org/index.php The Library of Congress 2013 Update: http://blogs.loc.gov/loc/2013/01/update-on-the-twitterarchive-at-the-library-of-congress/ Why Not? • Security: • Terrorists and just plain criminals Why Not? • Security: • Terrorists and just plain criminals The Government: •National Crime Information Center (NCIC) •Combined DNA Index System (CODIS) Private Entities: • SentryLink Best of Both Worlds? Alonzo Jay King, Jr. arrested for pointing a gun at a crowd in 2009. Police took a DNA swab at the time of arrest and checked their database. His swab matched the DNA from an unsolved 2003 rape case. Best of Both Worlds? The Constitutional Question Should the government be allowed to collect your DNA when you are merely arrested? What do you think? A: Yes B: No The Constitutional Question Should the government be allowed to collect your DNA when you are merely arrested? Maryland v. King, 569 U.S. ___ (2013) held (5 to 4): …when officers make an arrest supported by probable cause to hold for a serious offense and bring the suspect to the station to be detained in custody, taking and analyzing a cheek swab of the arrestee's DNA is, like fingerprinting and photographing, a legitimate police booking procedure that is reasonable under the Fourth Amendment. The Constitutional Question Can the government collect your DNA when you are merely arrested? Maryland v. King, 569 U.S. ___ (2013) from the dissent (Scalia): … because of today's decision, your DNA can be taken and entered into a national database if you are ever arrested, rightly or wrongly, and for whatever reason. Best of Both Worlds? Careful system design Will the government (using CODIS) know everything about you and your health? Best of Both Worlds? Careful system design Will the government (using CODIS) know everything about you and your health? CODIS doesn't contain an individual's DNA profile. It contains only 13 genetic markers, known as "junk markers," that were specifically chosen because they are not correlated to any physical or medical traits. Best of Both Worlds? Careful system design What if someone hacks into CODIS? Best of Both Worlds? Careful system design What if someone hacks into CODIS? There is nothing in CODIS other than those 13 DNA markers. The names of the people to whom the DNA profiles belong aren't stored in the database. Once there's a hit, law enforcement contacts the jurisdiction that uploaded that profile to find out to whom it belongs. Another Example - Fingerprints Convenience vs. Privacy? Would you use it? Another Example - Fingerprints What could go wrong? Why Not? • Security: • Terrorists and just plain criminals Companies behaving badly – the fallout from Enron Sarbanes - Oxley • Passed in 2002. • Requires public companies to retain business records, including emails, for 5 years. Why Not? • Security: • Terrorists and just plain criminals People convicted of sex crimes Why Not? • Security: • Terrorists and just plain criminals But aren’t many of us “criminals”? Why Not? • Security: • Terrorists and just plain criminals • Dealing with strangers “A society of strangers is one of immense personal privacy. Surveillance is the cost of that privacy.” Why Not? • Security: • Terrorists and just plain criminals • Dealing with strangers • Special protection for children RFID just down the road Why Not? • Security: • • • • Terrorists and just plain criminals Dealing with strangers Special protection for children Accidents and disasters Why Not? • Security: • • • • Terrorists and just plain criminals Dealing with strangers Special protection for children Accidents and disasters Car Black Boxes Damned Interesting More Information Leveling the Playing Field April, 2007: N.J. governor Jon Corzine’s SUV was travelling 91 mph before it crashed. November, 2011, Mass. Lt. Governor Tim Murray crashed a government-owned vehicle while going 108 miles per hour, not wearing a seat belt. And Now for My Car http://www.cbsnews.com/stories/2010/03/22/business/main6323252.shtml As with All New Technology The legal challenge from the side that doesn’t like the answer: Bachman vs. General Motors Danielle Bachman, driving a 1996 Chevy Cavalier, crossed the median and hit a delivery van head-on. She and her mother sued GM, claiming that the crash was caused by her airbag inflating. They tried to prevent GM from presenting EDR data. GM requested a Frye hearing and won. The Frye Rule "Just when a scientific principle or discovery crosses the line between the experimental and demonstrable stage is difficult to define. Somewhere in this twilight zone the evidential force of the principle must be recognized, and while the courts will go a long way in admitting expert testimony deduced from a well-reasoned scientific principle or discovery, the thing from which the deduction is made must be sufficiently established to have gained general acceptance in the particular field in which it belongs." Frye v United States, 1923, Court of Appeals, the District of Columbia. Rule 702 The Federal Rules of Evidence (1975) Rule 702. Testimony by Experts If scientific, technical, or other specialized knowledge will assist the trier of fact to understand the evidence or to determine a fact in issue, a witness qualified as an expert by knowledge, skill, experience, training, or education, may testify thereto in the form of an opinion or otherwise, if (1) the testimony is based upon sufficient facts or data, (2) the testimony is the product of reliable principles and methods, and (3) the witness has applied the principles and methods reliably to the facts of the case. Daubert v. Merrell Dow Parents sue Dow claiming birth defects caused by Bendectin. The District Court granted Dow a summary judgment based on a wellcredentialed expert's affidavit saying that maternal use of Bendectin has not been shown to be a risk factor for human birth defects. Although parents had responded with the testimony of eight other well-credentialed experts, who based their conclusion that Bendectin can cause birth defects on animal studies, chemical structure analyses, and the unpublished “reanalysis” of previously published human statistical studies, the court determined that this evidence did not meet the applicable “general acceptance”' standard for the admission of expert testimony. The Court of Appeals agreed, citing Frye, for the rule that expert opinion based on a scientific technique is inadmissible unless the technique is “generally accepted”' as reliable in the relevant scientific community. The US Supreme Court reversed that ruling and held that the Federal Rules of Evidence, not Frye, provide the standard for admitting expert scientific testimony in a federal trial. Daubert v. Merrell Dow Pharmaceuticals, Inc., 509 U.S. 579 (1993) From the Daubert Decision Things a judge should consider: 1. Whether the scientific theory or technique can be and has been tested; 2. Whether it has been subject to publication and/or peer review; 3. The known or potential rate of error: 4. The existence and maintenance of standards controlling the technique's operation; and 5. General acceptance in the scientific community. A Recent Example http://www.huffingtonpost.com/2013/06/22/george-zimmerman-trial-judge-noaudio-testimony-in-zimmerman-trial_n_3483631.html Polygraphs Admissibility in court http://en.wikipedia.org/wiki/Polygraph#Admissibility_of_polygraphs_in_court Why Not Protect Privacy? • Security • White men’s clubs • The lives of “public figures” • Free speech (Warren & Brandeis, again) • Medical research • Better service Why Not Protect Privacy? • When the data protect you • The case of Reade Seligmann Why Not Protect Privacy? • When the data protect you • The case of Reade Seligmann (April, 2006) 12:02 AM Time stamped photo shows alleged victim dancing 12:24 AM Seligmann’s ATM card used 12:25 AM Seligmann’s cell phone used 12:46 AM Seligmann’s prox card used to enter his dorm Why Not Protect Privacy? • When the data protect you • Colorado v. Cain A man accused of vehicular homicide was acquitted when the EDR in his car showed he was not speeding at the time of the accident. Why Not Protect Privacy? http://www.salon.com/2010/09/21/t racked_down_my_thief/ How Much Is There? Biometrics – Technology Reduces Privacy • Super Bowl 2001 • Biometrics today FBI to Give Facial Recognition Software to Law Enforcement Agencies http://www.sciencedirect.com.ezproxy.lib.utexas.edu/science/journal/0 9694765 Biometrics – Technology Reduces Privacy But Increases Security What things about you are unique? Biometrics – Technology Reduces Privacy But Increases Security What things about you are unique?
