Privacy - Simon Fraser University

advertisement
Social Implications of a
Computerized Society
Lecture 2
Instructor: Oliver Schulte
Simon Fraser University
Updates
• Web company responsibility.
Previously: Upper-level German court: E-bay has responsibility
to prevent sales of fake brand names (Rolexes).
• New: Lower-level court: this does not mean that E-bay has to
proactively check into transactions. Only that they have to
respond when violations are pointed out.
• New German study:
– 2/3 of people under 25 prefer electronic communication
(facebook, e-mail, IM) to face-to-face.
– With people over 45, 2/3 prefer face-to-face.
• Political campaigning and internet: BC health coalition protests.
• Swiss upset about fishing expeditions in anonymous bank
accounts.
Outline
•
•
•
•
•
Privacy and Computer Technology
“Big Brother is Watching You”
Privacy Topics
Protecting Privacy
Privacy of Communications
Key Concepts and Issues
•
•
•
•
•
•
•
Data Spillage
Secondary Use
Computer Matching
Computer Profiling
Invisible Information Gathering
New Dangers to Privacy
Privacy Protection Methods
Group Discussion
Questions
1. Have you experienced an invasion of privacy
yourself that was due to computer technology? Can
you propose a (feasible and reasonable)
rule/law/technology that would prevent this
problem?
2. Have you ever traded personal information/privacy
for a benefit? What trade-offs would you be willing
to make yourself? What should be the rules about
personal information gathering for everyone?
See FT article, facebook.
Privacy and Computer
Technology
Key Aspects of Privacy:
• Freedom from intrusion (being left alone)
• Control of information about oneself. Control
of publication (“notice and choice”).
• Freedom from surveillance (being tracked,
followed, watched)
Privacy and Computer
Technology (cont.)
New Technology, New Risks:
• Government and private databases
• Sophisticated tools for surveillance and
data analysis
• Vulnerability of data
Examples for New Risks
• Websites store and read cookies on a
personal computer.
• Data Spillage: DoubleClick (web ad
company) got financial information from a
Quicken web site.
• E-Loan partnered with companies whose
software was collecting its customer
information.
• Prisoner rapist processed personal data, sent
graphic letters to woman.
Privacy and Computer
Technology (cont.)
Terminology:
• Invisible information gathering collection of personal information about
someone without the person’s
knowledge
• Secondary use - use of personal
information for a purpose other than the
one it was provided for
Privacy and Computer
Technology (cont.)
Terminology (cont.):
• Data mining - searching and analyzing
masses of data to find patterns and
develop new information or knowledge
• Computer matching - combining and
comparing information from different
databases (using social insurance
number, for example, to match records)
Privacy and Computer
Technology (cont.)
Terminology (cont.):
• Computer profiling - analyzing data in
computer files to determine
characteristics of people most likely to
engage in certain behavior
• Business: find likely customers.
• Police: find likely ciminals.
Secondary Use Example
• Credit card companies sell your name and
information for targeted marketing.
• In 2006, the Bush admin asked Google to
hand over search data in defense of an
Internet pornography law. Google fought and
won in court.
• San Fran department of public health
determined that several men who had
contracted syphilis had met through an AOL
gay chat room. The department asked AOL
for the contact information about other visitors
to the chat room to inform them about the
possibility of having contracted the diseases.
Should AOL comply?
Computer Matching:
Examples
• IRS scans vehicle registration records to find
people with expensive cars and boats.
• During Vietnam war, Selective Service bought
birthday list from ice cream chain to find 18year olds who had not registered for the draft.
• ChoicePoint: 10 bill records, 35 gvt agencies
as clients. Info from Credit card bureaus, drug
tests, insurance fraud, liens, telephone
records etc. Choice Point Website
• Experian: generates customer profiles.
"Big Brother is Watching
You"
Databases:
• Burden of proof and "fishing
expeditions"
• Data mining and computer matching to
fight terrorism
Examples of Fishing
Expeditions
• Traditionally, crime happens first, then
suspects are sought.
• In fishing expeditions, gvt scans information
to look for suspicious activity or people.
• Examples:
– satellite photos to catch people growing
cotton, or building backyard porches
without permits.
– IRS scans vehicle registration records to
find people with expensive cars and boats.
Video Surveillance
• Security cameras
– Increased security
– Decreased privacy
• > 500,000 Cameras in England. Used to
enforce 9 pm curfew for young people (<16)
in some cities.
• Question: What do you think about increased
video surveillance in Vancouver?
• RDIF tagging - see Scientific American files.
Targeted Marketing
Marketing, Personalization and Consumer
Dossiers:
• Targeted marketing
– Data mining
– Paying for consumer information
– Data firms and consumer profiles
• Credit records
Data Use in Marketing:
Examples
• Credit bureaus sold mailing lists (e.g. “highly
affluent customers”, “people in financial
difficulties”.)
• DoubleClick sells ads on 1500 web sites.
Wanted to combine websurfing database with
offline purchase database and real names
and addresses.
• One company compiled list of adults likely to
be incontinent.
Stolen and Lost Data
Stolen and Lost Data:
• Hackers
• Physical theft (laptops, thumb-drives,
etc.)
• Requesting information under false
pretenses
• Bribery of employees who have access.
Stolen/Last Data:
Examples
• British Government lost hard discs with child
benefit details for 25m people; issued
warning about identity theft.
• U.S. government officials sold data to
collection agencies, credit card fraud ring.
• Barack Obama’s passport file was opened
without authorization.
Discussion Questions
• What data does the government have
about you?
• Who has access to the data?
• How is your data protected?
Expectation of Privacy
and Surveillance
Technologies:
• Weakening the Fourth Amendment (warrant
required)
• Supreme Court decisions and expectation of
privacy
– Modern surveillance techniques are
redefining expectation of privacy
– Examples: satellite image of backyard, car
tracking, “thermal image search”
U.S. Constitution and CDN
Charter
• Amend 4: The right of the people to be secure
in their persons, houses, papers, and effects,
against unreasonable searches and seizures,
shall not be violated, and no Warrants shall
issue, but upon probable cause, supported by
Oath or affirmation, and particularly
describing the place to be searched, and the
persons or things to be seized.
• CDN Charter: 8. Everyone has the right to be
secure against unreasonable search or
seizure.
What We Do Ourselves:
• Personal information in blogs and online
profiles
• See Facebook, JuicyCampus.
• Pictures of ourselves and our families
• File sharing and storing
• Is privacy old-fashioned?
– Young people put less value on
privacy than previous generations
– May not understand the risks
Discussion Questions
• Is there information that you have
posted to the Web that you later
removed? Why did you remove it? Were
there consequences to posting the
information?
• Have you seen information that others
have posted about themselves that you
would not reveal about yourself?
National ID System
• Social Insurance Numbers
– Too widely used by many government
agencies, even businesses and
universities.
– Easy to falsify
A New National ID
System?
• A new national ID system - Pros
– would require the physical card
– harder to forge
– have to carry only one card
• A new national ID system - Cons
– Threat to freedom and privacy
– Increased potential for abuse
• Question: do you think Canada should
introduce a new ID system?
What Difference Do
Computers Make? Gvt vs.
Citizen
Basically, traditional set of issues: law
enforcement/security vs.
privacy/individual freedom.
• new domains: e-mail monitoring,
computer matching/profiling
• new scope: millions of records on one
harddisk (U.K.)
What Difference Do
Computers Make?
Business vs. Client
• Old: Information of single ordinary person not
profitable and intrusive. Mass information
gathering too expensive/infeasible.
• New: Information of 1000s or millions of
ordinary people is valuable:
– databases can gather and store that much
information.
– data mining programs can find statistical
patterns.
Personal Information as a
Good
• Lots of people trade some personal
information for
service/discount/convenience etc.
• People need specify only certain pieces
of information (“optional fields”) 
degrees of privacy.
Utiliarian Perspective:
Costs and Benefits of Data
Mining
• + for business: personalization, “one-to-one”
or “push” marketing.
• cheaper, better targeted advertising.
• predict shopping patterns
• avoid risky customers
• “dynamic pricing” - different prices for
different customers.
• - cost of maintaing database, data mining.
Costs and Benefits for
Customers
• + for customer: receives goods, services.
• some appreciate relevant advertising
• Economic analysis suggests that
personalized marketing benefits customers.
• Intuition: each customer becomes their own
market, leading companies to compete on the
features they care about.
Privacy: A Rights
Perspective
• Privacy is basically a positive right: freedom
from (intrusion, surveillance) [not freedom to
act]
• 3rd-person preference: I want others to leave
me alone, not to spread information about
me, etc.
• Also important for negative rights or liberties:
governments that want to restrict speech,
assembly etc. begin by invading privacy (see
1984 novel).
Privacy As a Right:
Legal/Philosophical
Approaches
• Theories
– Warren and Brandeis: publication
restrictions, “the inviolate personality”
– Thomson: privacy is derived from other
rights, including a “right to one’s own
person”.
– Legal Categories - see SciAm chart.
• Transactions - who owns the right to an
interaction? e.g., search queries?
• Ownership of personal data
Deontic and Universalist
Perspectives
• Deontic:
– Snooping, Gossiping is intrinsically wrong.
– Rights must be respected.
• Universalist/Golden Rule:
– would Eric Schmidt (google) like a
computer to watch his searches?
– maybe it’s okay if the government sees
searches for “bomb-making”- but where
does it end? What about searches like
“free music”?
Principles for Data
Collection and Use
• Informed consent
• Opt-in and opt-out policies
• Fair Information Principles (or Practices), e.g
mechanism for correcting errors.
• Data retention: Keep data only as long as
needed.
– Google: anonymize search logs after 18
months. Cookies expire every 2 years.
Privacy and Computer
Technology
Discussion Questions
• Have you seen opt-in and opt-out
choices? Where? How were they
worded?
• Were any of them deceptive?
• What are some common elements of
privacy policies you have read?
Protecting Privacy: Free
Market View
Privacy as a “personal good”
• Freedom of consumers to make voluntary
agreements
• Diversity of individual tastes and values
• Response of the market to consumer
preferences
• Flaws of regulatory solutions: expensive to
follow and enforce, good laws hard to write.
Protecting Privacy:
Consumer Protection
View
• Secondary uses of personal information are
too common and easy.
• Consumers often not really in a position to
“negotiate” privacy terms. e.g., want a job.
• Costly and disruptive results of errors in
databases
• Ease with which personal information leaks
out
• Consumers need protection from their own
lack of knowledge, judgment, or interest paternalism?
Protecting Privacy:
Technology and Market
Solutions
• Privacy enhancing-technologies for
consumers: anonymization, digital cash,
access control for databases.
• Encryption
– Public-key cryptography
• Business tools and policies for protecting
data
– Privacy officer
– Trusted 3rd party: answers requests (e.g.,
credit-worthiness, does mailings)
Privacy Principles
• Collect only the data needed.
• Information user about data collection, and how it will
be used.
• Offer a way to opt out.
• Stronger protection for sensitive data (e.g., use opt
in).
• Keep data only as long as needed.
• Maintain accuracy and security of data; provide a
way for people to access and correct their record.
Protecting Privacy in the
EU
European Union Data Protection Directive
• More strict than U.S. regulations for the
private sector.
• Abuses still occur
• Puts requirements on businesses
outside the EU to deal with data from
the EU (e.g., Australia).
Protecting Privacy
Group Discussion Question
• How would the free-market view and the
consumer protection view differ on
errors in Credit Bureau databases?
• Who is the consumer in this situation?
• Is the national gun registry a privacy
issue?
Communication Privacy
Wiretapping and E-mail Protection: - see SciAm diagram.
• Telephone
– 1934 Communications Act prohibited interception of
messages
– 1968 Omnibus Crime Control and Safe Streets Act allowed
wiretapping and electronic surveillance by law-enforcement
(with court order).
– 2009 decision: international call tapping without warrant ok.
• E-mail and other new communications
– Electronic Communications Privacy Act of 1986 (ECPA)
extended the 1968 wiretapping laws to include electronic
communications, restricts government access to e-mail
Designing Communications
Systems for Interception
•
•
Communications Assistance for Law
Enforcement Act of 1994 (CALEA)
Telecommunications equipment must be
designed to ensure government can
intercept telephone calls
Rules and requirements written by Federal
Communications Commission (FCC)
Secret Intelligence
Gathering
• The National Security Agency (NSA)
– Foreign Intelligence Surveillance Act
(FISA) established oversight rules for
the NSA
• Secret access to communications
records
Communication
Discussion Questions
• What type of electronic communications
do you use on a regular basis? Are you
worried about the government or other
groups tapping into them?
Download