A Gift of Fire

Fourth edition

PRIVACY
 What We Will Cover
• Privacy and Computer Technology
• Privacy Topics
• Protecting Privacy
• Communications
 Privacy and Computer Technology
• Computer technology is not necessary for the invasion of
privacy. However, the use of digital technology has made
new threats possible and old threats more potent.
• Computer technologies—databases, digital cameras, the
Web, smartphones, and global positioning system (GPS)
devices, among others—have profoundly changed what
people can know about us and how they can use that
information.
• Understanding the risks and problems is a first step towards
protecting privacy.
• For computer professionals, understanding the risks and
problems is a step towards designing systems with built-in
privacy protections and less risk.
 Privacy and Computer Technology
Key Aspects of Privacy:
• Freedom from disturbance (being left alone)
• Control of information about oneself
• Freedom from surveillance (being tracked,
followed, watched)
 Information Privacy
• Definition of privacy
– “The right to be left alone—the most comprehensive
of rights, and the right most valued by a free people”
• Information privacy is a combination of:
– Communications privacy
• Ability to communicate with others without being
monitored by other persons or organizations
– Data privacy
• Ability to limit access to one’s personal data by other
individuals and organizations in order to exercise a
substantial degree of control over that data and its use
 Privacy threats come in several
categories
• Intentional, institutional uses of personal information
(in the government sector primarily for law
enforcement and tax collection, and in the private
sector primarily for marketing and decision making)
• Unauthorized use or release by “insiders,” the people
who maintain the information
• Theft of information
• Inadvertent leakage of information through negligence
or carelessness
• Our own actions (sometimes intentional trade-offs and
sometimes when we are unaware of the risks)
 Privacy and Computer Technology
(cont.)
New Technology, New Risks:
• Government and private databases
• Sophisticated tools for surveillance and data
analysis
• Vulnerability of data
Government and private databases
• Today there are thousands (probably millions) of databases, both
government and private, containing personal information about us.
• In the past, there was simply no record of some of this information,
such as our specific purchases of groceries and books.
• Government documents like divorce and bankruptcy records have
long been in public records, but accessing such information took a
lot of time and effort.
• When we browsed in a library or store, no one knew what we read
or looked at. It was not easy to link together our financial, work,
and family records.
Government and private databases
• Now, large companies that operate video, email, social network,
and search services can combine information from a member’s
use of all of them to obtain a detailed picture of the person’s
interests, opinions, relationships, habits, and activities.
• Even if we do not log in as members, software tracks our activity
on the Web. In the past, conversations disappeared when people
finished speaking, and only the sender and the recipient normally
read personal communications.
• Now, when we communicate by texting, email, social networks,
and so on, there is a record of our words that others can copy,
forward, distribute widely, and read years later.
 Sophisticated tools for surveillance
and data analysis
• Miniaturization of processors and sensors put tiny cameras
in cellphones that millions of people carry everywhere.
Cameras in some 3-D television sets warn children if they
are sitting too close. What else might such cameras record,
and who might see it?
• The wireless appliances we carry contain GPS and other
location devices. They enable others to determine our
location and track our movements.
• Patients refill prescriptions and check the results of
medical tests on the Web. They correspond with doctors by
email.
 Sophisticated tools for surveillance
and data analysis
• We store our photos and videos, do our taxes, and
create and store documents and financial spreadsheets
in a cloud of remote servers instead of on our own
computer.
• Law enforcement agencies have very sophisticated
tools for eavesdropping, surveillance, and collecting
and analyzing data about people’s activities, tools that
can help reduce crime and increase security—or
threaten privacy and liberty.
 Vulnerability of data
• Combining powerful new tools and applications can have
astonishing results. It is possible to snap a photo of
someone on the street, match the photo to one on a social
network, and use a trove of publicly accessible information
to guess, with high probability of accuracy, the person’s
name, birth date, and most of his or her Social Security
number.
• This does not require a supercomputer; it is done with a
smartphone app. We see such systems in television shows
and movies, but to most people they seem exaggerated or
way off in the future. All these gadgets, services, and
activities have benefits, of course, but they expose us to
new risks. The implications for privacy are profound.
Privacy and Computer Technology (cont.)
Personal information
• In the context of privacy issues, it includes any
information relating to, or traceable to, an individual
person.
• The term does not apply solely to what we might
think of as sensitive information, although it includes
that.
• It also includes information associated with a
particular person’s user name, online nickname,
identification number, email address, or phone
number.
• Nor does it refers to text . It extends to any
information, including images, from which someone
can identify a living individual.
 Privacy and Computer Technology (cont.)
Invisible information gathering

• Collection of personal information about someone

without the person’s knowledge

• The important ethical issue is that if someone is

not aware of the collection and use, he or she has
no opportunity to consent or withhold consent.
 Invisible information gathering
• Cookies are files a website stores on a visitor’s
computer. Within the cookie, the site stores and then
uses information about the visitor’s activity.
• For example, a retail site might store information about
products we looked at and the contents of our virtual
“shopping cart.”
• On subsequent visits, the site retrieves information
from the cookie.
• Cookies help companies provide personalized customer
service and target advertising to the interests of each
visitor.
• They can also track our activities on many sites and
combine the information.
 Privacy and Computer Technology
(cont.)
Secondary use - use of personal information for a
purpose other than the one it was provided for
• Examples include sale of consumer information
to marketers or other businesses, use of
information in various databases to deny
someone a job, the Internal Revenue Service
searching vehicle registration records for people
who own expensive cars and boats (to find
people with high incomes), use of text messages
by police to prosecute someone for a crime, and
the use of a supermarket’s customer database to
show alcohol purchases by a man who sued the
store because he fell down.
 Privacy and Computer Technology
(cont.)

Data mining - searching and analyzing masses of

data to find patterns and develop new
information or knowledge
Computer matching - combining and comparing
information from different databases (using
social security number, for example, to match
records)
 Privacy and Computer Technology
(cont.)
• Computer profiling - analyzing data in computer
files to determine characteristics of people most likely
to engage in certain behaviour
– Businesses use these techniques to find likely new
customers.
– Government agencies use them to detect fraud, to enforce
other laws, and to find terrorists.
• Data mining, computer matching, and profiling
are, in most cases, examples of secondary use of
personal information.
 Privacy and Computer Technology
(cont.)
Principles for Data Collection and Use:
• Informed consent
• Opt-in and opt-out policies
• Fair Information Principles (or Practices)
• Data retention
Principles for Data Collection and Use:
Informed consent
• There is an extraordinary range to the amount of privacy
different people want.
• Some blog about their divorce or illnesses. Some pour out
details of their romantic relationships on television shows or
to hundreds of social network friends.
• Others use cash to avoid leaving a record of their purchases,
encrypt all their email, and are angry when someone collects
information about them.
• When a business or organization informs people about its
data collection and use policies or about the data that a
particular device or application collects, each person can
decide, according to his or her own values, whether or not to
interact with that business or organization.
 Principles for Data Collection and Use
Opt in- opt out policies
• Under an opt-out policy, one must check or click a box on a
contract, membership form, or agreement or contact the
organization to request that they not use one’s information in a
particular way.
• If the person does not take action, the presumption is that the
organization may use the information.
• Under an opt-in policy, the collector of the information may not
use it for secondary uses unless the person explicitly checks or
clicks a box or signs a form permitting the use. (Be careful not to
confuse the two.
• Under an opt-out policy, more people are likely to be “in,” and
under an opt-in policy, more people are likely to be “out,” because
the default presumption is the opposite of the policy name.)
 Principles for Data Collection and Use
Opt in- opt out policies
• Opt-out options are now common.
• Responsible, consumer-friendly companies and
organizations often set the default so that they do not
share personal information and do not send marketing
emails unless the person explicitly allows it— that is, they
use the opt-in policy.
• Particularly in situations where disclosing personal
information can have negative consequences and it is not
obvious to a customer that the organization might disclose
it, a default of nondisclosure without explicit permission
(that is, an opt-in policy) is the responsible policy.
 Principles for Data Collection and Use
Fair Information Principles (or Practices)
• Inform people when you collect information
about them, what you collect, and how you use
it. Some important points are :-
• Collect only the data needed.
• Offer a way for people to opt out from mailing
lists, advertising, and other secondary uses. Offer
a way for people to opt out from features and
services that expose personal information.
Principles for Data Collection and Use:
Fair Information Principles (or Practices)
• Keep data only as long as needed.
• Maintain accuracy of data. Where appropriate
and reasonable, provide a way for people to
access and correct data stored about them.
• Protect security of data (from theft and from
accidental leaks). Provide stronger protection for
sensitive data.
• Develop policies for responding to law
enforcement requests for data.
 Fair Information Principles (or
Practices)
• It can be difficult to apply the fair information principles to
some new technologies and applications.
• They do not fully address privacy issues that have arisen with
the increase of cameras in public places (such as police
camera systems and Google’s Street View), the enormous
amount of personal information people share in social
networks, and the power of smartphones.
• For example, when someone puts personal information in a
tweet to thousands of people, how do we determine the
purpose for which he or she supplied the information? Can
any recipient use the information in any way? How widely
distributed must information be before it is public in the sense
that anyone can see or use it?
 Privacy Laws, Applications,
and Court Rulings (cont’d.)
• Opt-out policy
– Assumes that consumers approve of companies
collecting and storing their personal information
– Requires consumers to actively opt out
– Favored by data collectors
• Opt-in policy
– Must obtain specific permission from consumers
before collecting any data
– Favored by consumers
 Key Privacy and Anonymity Issues
• Identity theft
• Electronic discovery
• Consumer profiling
• Treating customer data responsibly
• Workplace monitoring
• Advanced surveillance technology

27