Privacy Lecture (Priv)

advertisement
Privacy
L. Grewe
CS4020
What We Will Cover
•
•
•
•
•
Privacy and Computer Technology
“Big Brother is Watching You”
Privacy Topics
Protecting Privacy
Communications
Privacy and Computer
Technology
Key Aspects of Privacy:
• Freedom from intrusion (being left
alone)
• Control of information about oneself
• Freedom from surveillance (being
tracked, followed, watched)
Privacy and Computer
Technology (cont.)
New Technology, New Risks:
• Government and private databases
• Sophisticated tools for surveillance and
data analysis
• Vulnerability of data
Privacy and Computer
Technology (cont.)
Terminology:
• Invisible information gathering collection of personal information about
someone without the person’s
knowledge
• Secondary use - use of personal
information for a purpose other than the
one it was provided for
Privacy and Computer
Technology (cont.)
Terminology (cont.):
• Data mining - searching and analyzing
masses of data to find patterns and
develop new information or knowledge
• Computer matching - combining and
comparing information from different
databases (using social security
number, for example, to match records)
Privacy and Computer
Technology (cont.)
Terminology (cont.):
• Computer profiling - analyzing data in
computer files to determine
characteristics of people most likely to
engage in certain behavior
Privacy and Computer
Technology (cont.)
Principles for Data Collection and Use:
• Informed consent
• Opt-in and opt-out policies
• Fair Information Principles (or Practices)
• Data retention
Privacy and Computer
Technology
Discussion Questions
• Priv.1) Have you seen opt-in and optout choices? Where? How were they
worded?
• Priv.2) Were any of them deceptive?
• Priv.3) What are some common
elements of privacy policies you have
read?
• POST answers on blackboard
"Big Brother is Watching
You"
Databases:
• Government Accountability Office
(GAO) - monitors government's privacy
policies
• Burden of proof and "fishing
expeditions"
• Data mining and computer matching to
fight terrorism
"Big Brother is Watching
You" (cont.)
The Fourth Amendment, Expectation of
Privacy and Surveillance Technologies:
• Weakening the Fourth Amendment
• Supreme Court decisions and
expectation of privacy
– Modern surveillance techniques are
redefining expectation of privacy
"Big Brother is Watching
You" (cont.)
• The Fourth Amendment, Expectation of
Privacy and Surveillance Technologies
(cont.):
• The USA Patriot Act and national security
letters
– No court order or court oversight needed
– 2003-2005 report found "widespread and
serious misuse" of the FBIs national
security letter authorities
"Big Brother is Watching
You" (cont.)
Video Surveillance:
• Increased presence of video cameras in
public spaces.
• Security cameras tradeoffs:
– Increased security
– Decreased privacy
"Big Brother is Watching
You" (cont.)
Discussion Questions
• Priv.4) What data does the
government have about you?
• Priv.5) Who has access to the data?
• Priv.6) How is your data protected?
• POST your answers on blackboard.
Diverse Privacy Topics
Marketing
• Targeted marketing uses:
– Data mining (collection of information about users)
– Paying for consumer information (pay
other companies for information about their consumers).
– Data firms and consumer profiles (3rd
party firms who’s sole purpose is user data collection and
profiling).
Diverse Privacy Topics
(cont.)
Location Tracking:
• Global Positioning Systems (GPS) computer or communication services that know exactly where a
person is at a particular time
• Cell phones and other devices are used
for location tracking – have built-in GPS sensors.
• Pros and cons
– Could use information to direct users to things they desire
(e.g. directions)
– Could be used to send direct/local advertising they don’t
want to see
– Applications to track location of children with their phone.
Diverse Privacy Topics
(cont.)
Stolen and Lost Data happens….:
• Hackers
• Physical theft (laptops, thumb-drives,
etc.)
• Requesting information under false
pretenses
• Bribery of employees who have access
Diverse Privacy Topics
(cont.)
What We Do Ourselves:
• Personal information in blogs and online
profiles
– Is this private or in public – domain to use this information
– Who can use this…can an employer look at this information and
reject an applicant …how about a university?
• Pictures of ourselves and our families
• File sharing and storing
• Is privacy old-fashioned?
– Young people put less value on privacy than previous generations.
Is this a generational idea?
– May not understand the risks
Diverse Privacy Topics
(cont.)
Public Records: Access vs. Privacy:
• Public Records - records available to general
public (bankruptcy, property, and arrest
records, salaries of government employees,
etc.)
• Identity theft can arise when public records
are accessed
• How should we control access to sensitive
public records?
Diverse Privacy Topics
(cont.)
National ID System:
• Social Security Numbers….Problems:
– Too widely used
– Easy to falsify
Diverse Privacy Topics
(cont.)
National ID System (Cont.):
• A new national ID system - Pros
– would require the card (a physical card)
– harder to forge
– have to carry only one card
• A new national ID system - Cons
– Threat to freedom and privacy
– Increased potential for abuse
– What happens with theft of card?
Diverse Privacy Topics
(cont.)
Children:
• Internet and Children:
– Not able to make decisions on when to provide information
– Vulnerable to online predators
• A Solution: Parental monitoring
– Software to monitor Web usage
– Web cams to monitor children while parents are at work
– GPS tracking via cell phones or RFID
Diverse Privacy Topics
Discussion Questions
• Priv.7) Is there information that you have
posted to the Web that you later removed?
Why did you remove it? Were there
consequences to posting the information?
• Priv.8) Have you seen information that others
have posted about themselves that you would
not reveal about yourself?
• POST answers on blackboard
Protecting Privacy
Solutions of both Technology and Market
practices
• Privacy enhancing-technologies for
consumers
– Encryption
• Technology to “disguise” the information during transmission
• Public-key cryptography
• Privacy in the Market:
– Company tools and policies for protecting
data
Protecting Privacy (cont.)
• Solution – Theories of Rights
– Warren and Brandeis published famous law review article The
Right to Privacy.
• People often quote this work in reference to privacy rights.
– Judith Jarvis Thomson, "The Right to Privacy," Philosophy &
Public Affairs, 4.4 (1975): 295. Discusses problems with Warren
and Brandeis publication.
• First, it appears to be too broad. This means that it counts as violations of privacy things
that intuitively are not. As Judith Thomson observes:
• If I hit Jones on the head with a brick I have not let him alone. Yet, while hitting
Jones on the head with a brick is surely violating some right of Jones's, doing it
should surely not turn out to violate his right to privacy. Else, where is this to
end? Is every violation of a right a violation of the right to privacy?
• In other respects, however, the theory appears to be too narrow. This means that it fails to
count as violations of privacy things that intuitively are. Thomson again writes:
• The police might say, "We grant that we used a special X-ray device on Smith,
we grant we trained an amplifying device on him so as to be able to hear
everything he said; but we let him strictly alone, we didn't even go near himour devices operate at a distance."
Protecting Privacy (cont.)
Rights and laws / Legislation:
• Regulation
– Companies and Market sectors may be self-regulated or
government regulated with regards to privacy.
– Example – The Medical Field is regulated by the government
passed “Health Insurance Portability and Accountability Act
(HIPAA)”
• Regulates who has access to medical records/info.
• HIPPA.org
• HIPPA regulations
Protecting Privacy (cont.)
Contrasting Viewpoints:
• Free Market View
– Let the market (companies, etc) determine
privacy rights
– Advantages:
•
•
•
•
•
Freedom of consumers to make voluntary agreements
Diversity of individual tastes and values
Response of the market to consumer preferences
Usefulness of contracts
Flaws of regulatory solutions
Protecting Privacy (cont.)
Contrasting Viewpoints (cont.):
• Consumer Protection View
– Consumers should be protected by given
rights.
– Advantages:
• Uses of personal information clearly understood and predetermined.
• Consumers need protection from their own lack of knowledge,
judgment, or interest
• May avoid costly and disruptive results of errors in databases
• May decrease ease with which personal information leaks out
Protecting Privacy (cont.)
Privacy Regulations in the European
Union (EU):
• Data Protection Directive (called the Directive 95/46/EC
on the protection of individuals with regard to the processing of personal data and on
the free movement of such data)
– More strict than U.S. regulations
– Abuses still occur
– Puts requirements on businesses outside the EU
Protecting Privacy
Discussion Question
• Priv.9) How would the free-market view
and the consumer protection view differ
on errors in Credit Bureau databases?
• Priv.10) Who is the consumer in this
situation?
• POST your solutions on blackboard
Communication & Privacy
Wiretapping and E-mail Protection:
• Telephone
• 1934 Communications Act prohibited interception of
messages
• 1968 Omnibus Crime Control and Safe Streets Act
allowed wiretapping and electronic surveillance by lawenforcement (with court order)
• E-mail and other new communications
• Electronic Communications Privacy Act of 1986 (ECPA)
extended the 1968 wiretapping laws to include electronic
communications, restricts government access to e-mail
Communication (cont.)
Designing Communications Systems for
Interception:
•
Communications Assistance for Law
Enforcement Act of 1994 (CALEA)
•
Telecommunications equipment must be designed to
ensure government can intercept telephone calls
•
Rules and requirements written by Federal
Communications Commission (FCC)
Communication (cont.)
Secret Intelligence Gathering:
• The National Security Agency (NSA)
• Agency involved in US national security issues and policies.
• Foreign Intelligence Surveillance Act (FISA) established
oversight rules for the NSA
• prescribing procedures for the physical and electronic surveillance and
collection of "foreign intelligence information" between "foreign
powers" and "agents of foreign powers" (which may include American
citizens and permanent residents engaged in espionage and violating
U.S. law:
• Secret access to communications
records
Communication (cont.)
More Government Regulations
……Encryption Policy:
– Government ban on export of strong
encryption software in the 1990s
(removed in 2000)
– Pretty Good Privacy (PGP)
Communication
Discussion Questions
• Priv.11) What types of communication
exist today that did not exist in 1968
when wiretapping was finally approved
for law-enforcement agencies?
• Priv.12) What type of electronic
communications do you use on a
regular basis?
• Post your answers on blackboard.
Download