Baase_Henry_GoF5e_Ch2.pptx

Chapter 2: Privacy

Based on slides prepared by Cyndi Chie, Sarah Frye and Sharon Gray.

Fifth edition updated by Timothy Henry

Privacy Risks and Principles

The Fourth Amendment, Expectation of Privacy, and Surveillance Technologies

The Business and Social Sectors

Government Systems

Protecting Privacy: Technology, Markets, Rights, and Laws

Communications

Copyright © 2018, 2013, 2008 Pearson Education, Inc. All Rights Reserved

Key Aspects of Privacy:

Freedom from intrusion (being left alone)

Control of information about oneself

Freedom from surveillance (from being tracked, followed, watched)

Copyright © 2018, 2013, 2008 Pearson Education, Inc. All Rights Reserved

Privacy threats come in several categories:

Intentional, institutional uses of personal information

Unauthorized use or release by “insiders”

Theft of information

Inadvertent leakage of information

Our own actions

Copyright © 2018, 2013, 2008 Pearson Education, Inc. All Rights Reserved

Regarding our own actions, sometimes they are a result of intentional trade-offs (we give up some privacy in order to receive some benefit) and sometimes we are unaware of the risks.

4

New Technology, New Risks:

Government and private databases

Sophisticated tools for surveillance and data analysis

Vulnerability of data

Copyright © 2018, 2013, 2008 Pearson Education, Inc. All Rights Reserved

Government documents like divorce and bankruptcy records have long been in public records, but accessing such information took a lot of time and effort.

Tiny cameras are in millions of cellphones.

5

New Technology, New Risks – Examples:

Search query data

Search engines collect many terabytes of data daily.

Data is analyzed to target advertising and develop new services.

Who gets to see this data? Why should we care?

Copyright © 2018, 2013, 2008 Pearson Education, Inc. All Rights Reserved

A terabyte is a trillion bytes.

Search query data can be subpoenaed in court.

6

New Technology, New Risks – Examples:

Smartphones

Location apps

Data sometimes stored and sent without user’s knowledge

Copyright © 2018, 2013, 2008 Pearson Education, Inc. All Rights Reserved

Roughly half the apps in one test sent the smartphone’s ID number or location to other companies (in addition to the one that provided the app).

Various apps copy the user’s contact list to remote servers.

A major bank announced that its free mobile banking app inadvertently stored account numbers and security access codes in a hidden file on the user’s phone. Data in phones are vulnerable to loss, hacking, and misuse. This is a reminder that designers must regularly review and update security design decisions.

7

New Technology, New Risks – Summary of Risks:

Anything we do in cyberspace is recorded.

Huge amounts of data are stored.

People are not aware of collection of data.

Software is complex.

Leaks happen.

Copyright © 2018, 2013, 2008 Pearson Education, Inc. All Rights Reserved

8

New Technology, New Risks – Summary of Risks

(cont.):

A collection of small items can provide a detailed picture.

Re-identification has become much easier due to the quantity of information and power of data search and analysis tools.

If information is on a public Web site, it is available to everyone.

Copyright © 2018, 2013, 2008 Pearson Education, Inc. All Rights Reserved

9

New Technology, New Risks – Summary of Risks

(cont.):

Information on the Internet seems to last forever.

Data collected for one purpose will find other uses.

Government can request sensitive personal data held by businesses or organizations.

We cannot directly protect information about ourselves. We depend upon businesses and organizations to protect it.

Copyright © 2018, 2013, 2008 Pearson Education, Inc. All Rights Reserved

10

Terminology:

Personal information – any information relating to an individual person.

Informed consent – users being aware of what information is collected and how it is used.

Invisible information gathering - collection of personal information about a user without the user’s knowledge.

Copyright © 2018, 2013, 2008 Pearson Education, Inc. All Rights Reserved

Terminology:

Cookies – Files a Web site stores on a visitor’s computer.

Secondary use – Use of personal information for a purpose other than the purpose for which it was provided.

Data mining – Searching and analyzing masses of data to find patterns and develop new information or knowledge.

Copyright © 2018, 2013, 2008 Pearson Education, Inc. All Rights Reserved

Within the cookie, the site stores and then uses information about the visitor’s activity. Cookies help companies provide personalized customer service and target advertising to the interests of each visitor.

12

Terminology:

Computer matching – Combining and comparing information from different databases (using social security number, for example) to match records.

Computer profiling – Analyzing data to determine characteristics of people most likely to engage in a certain behavior.

Copyright © 2018, 2013, 2008 Pearson Education, Inc. All Rights Reserved

13

Two common forms for providing informed consent are opt out and opt in:

opt out – Person must request (usually by checking a box) that an organization not use information.

opt in – The collector of the information may use information only if person explicitly permits use (usually by checking a box).

Copyright © 2018, 2013, 2008 Pearson Education, Inc. All Rights Reserved

Under an opt out policy, more people are likely to be “in”.

Under an opt in policy, more people are likely to be “out”.

14

Discussion Questions

Have you seen opt-in and opt-out choices? Where? How were they worded?

Were any of them deceptive?

What are some common elements of privacy policies you have read?

Copyright © 2018, 2013, 2008 Pearson Education, Inc. All Rights Reserved

15

If the class doesn't mention it, make sure to mention that online opt-in choices may be pre-checked and require you un-checking the box to avoid opting in.

Be sure to mention the "subject to change without notice" clause found in most privacy policies.

Fair information principles

Inform people when you collect information.

Collect only the data needed.

Offer a way for people to opt out.

Keep data only as long as needed.

Maintain accuracy of data.

Protect security of data.

Develop policies for responding to law enforcement requests for data.

Copyright © 2018, 2013, 2008 Pearson Education, Inc. All Rights Reserved

16

The right of the people to be secure in their person, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

—4th Amendment, U.S. Constitution

Copyright © 2018, 2013, 2008 Pearson Education, Inc. All Rights Reserved

Sets limits on government’s rights to search our homes and businesses and seize documents and other personal effects. Requires government provide probable cause.

Two key problems arise from new technologies:

Much of our personal information is no longer safe in our homes; it resides in huge databases outside our control.

New technologies allow the government to search our homes without entering them and search our persons from a distance without our knowledge.

Copyright © 2018, 2013, 2008 Pearson Education, Inc. All Rights Reserved

All data on a cellphone (including deleted data and password protected data) can be extracted in less than two minutes at a traffic stop.

18

Make possible “noninvasive but deeply revealing” searches

particle sniffers, imaging systems, location trackers

What restrictions should we place on their use? When should we permit government agencies to use them without a search warrant?

Copyright © 2018, 2013, 2008 Pearson Education, Inc. All Rights Reserved

19

Olmstead v. United States (1928)

Supreme Court allowed the use of wiretaps on telephone lines without a court order.

Interpreted the Fourth Amendment to apply only to physical intrusion and only to the search or seizure of material things, not conversations.

Copyright © 2018, 2013, 2008 Pearson Education, Inc. All Rights Reserved

Justice Louis Brandeis dissented, arguing that the authors of the Fourth Amendment did all they could to protect liberty and privacy – including privacy of conversations – from intrusions by government based on the technology available at the time.

20

Katz v United States (1967)

Supreme Court reversed its position and ruled that the Fourth Amendment does apply to conversations.

Court said that the Fourth Amendment protects people, not places. To intrude in a place where reasonable person has a reasonable expectation of privacy requires a court order.

Copyright © 2018, 2013, 2008 Pearson Education, Inc. All Rights Reserved

In this case, law enforcement had attached a listening and recording device on the outside of a telephone booth to record a suspect’s conversation.

Although Katz v United States strengthened the Fourth Amendment in some ways, there is a significant risk in relying on reasonable “expectation of privacy” to define the areas where law enforcement needs a court order. The Court has interpreted “expectation of privacy” in a very restrictive way. For example, it ruled that if we share information with businesses such as our bank, then we have no reasonable expectation of privacy for that information (United States v Miller, 1976). We share many kinds of personal information at specific Web sites where we expect it to be private. Is it safe from warrantless search?

21

Kyllo v United States (2001)

Supreme Court ruled that police could not use thermal-imaging devices to search a home from the outside without a search warrant.

Court stated that where “government uses a device that is not in general public use, to explore details of the home that would previously have been unknowable without physical intrusion, the surveillance is a ‘search.’”

Copyright © 2018, 2013, 2008 Pearson Education, Inc. All Rights Reserved

This reasoning suggests that when a technology becomes more widely used, the government may use it for surveillance without a warrant.

22

How should we interpret “plain view” for search of computer or smartphone files?

Copyright © 2018, 2013, 2008 Pearson Education, Inc. All Rights Reserved

Ohio Supreme Court ruled that searching an arrested person’s phone without a search warrant is unconstitutional. But California Supreme Court ruled that search of cellphone was permitted because the phone was personal property found on the arrested person. Eventually, a case raising this issue will be heard by the U.S. Supreme Court.

23

Security cameras

Increased security

Decreased privacy

Copyright © 2018, 2013, 2008 Pearson Education, Inc. All Rights Reserved

Police in Tampa, Florida, scanned the faces of all 100,000 fans and employees who entered the 2001 Super Bowl (causing some reporters to dub it Snooper Bowl) to search for criminals. People were not told that their faces were scanned.

Some cities have increased their camera surveillance programs, while others gave up their systems because they did not significantly reduce crime. (Some favor better lighting and more police patrols – low tech and less invasive of privacy.)

England was the first country to set up a large number (millions) of cameras in public places to deter crime. A study by a British university found a number of abuses by operators of surveillance cameras, including collecting salacious footage and showing it to colleagues.

24

Discussion questions:

Should organizers at events which are possible terrorist targets use such systems?

Should we allow them to screen for people with unpaid parking tickets?

Copyright © 2018, 2013, 2008 Pearson Education, Inc. All Rights Reserved

25

Data mining

Targeted ads

Copyright © 2018, 2013, 2008 Pearson Education, Inc. All Rights Reserved

Companies say targeting reduces the number of ads overall that people will see and provides ads that people are more likely to want. Some targeting is quite reasonable: A clothing site does not display winter parkas on its home page for a shopper from Florida. Some targeting is less obvious.

Is the complex software that personalizes shopping online merely making up for the loss of information that would be available to sellers if we were shopping in person (such as a person’s gender and approximate age)?

Are some people uneasy mainly because they did not realize that their behavior affected what appears on their screen? Do people understand that if they see ads targeted to their interests, someone somewhere is storing information about them?

26

Informed consent

“Do Not Track” button in browsers

Copyright © 2018, 2013, 2008 Pearson Education, Inc. All Rights Reserved

Does a person’s decision to interact with a business or Web site constitute implicit consent to its posted data collection, marketing, and tracking policies?

How clear, obvious, and specific must an information-use policy be?

How often should a site that runs (or allows third parties to run) tracking software remind users?

27

Paying for consumer information

Copyright © 2018, 2013, 2008 Pearson Education, Inc. All Rights Reserved

Some businesses offer discounts to shoppers who use cards that enable tracking of their purchases. Lauren Weinstein, founder of Privacy Forum, argues that practice “coerces” less affluent customers into giving up their privacy.

28

What we do

Post opinions, gossip, pictures, “away from home” status

What they do

New services with unexpected privacy settings

Copyright © 2018, 2013, 2008 Pearson Education, Inc. All Rights Reserved

People trying to clean up their online personas before starting a job search find that it is hard to eliminate embarrassing material.

When Facebook began telling members about purchases their friends made, problems ranged from spoiling surprise gifts to embarrassing and worrisome disclosures. Should Facebook introduce such features turned “on” for everyone? Or should the company announce them and let members opt in with a click?

29

Discussion Questions

Is there information that you have posted to the Web that you later removed? Why did you remove it? Were there consequences to posting the information?

Have you seen information that others have posted about themselves that you would not reveal about yourself?

Copyright © 2018, 2013, 2008 Pearson Education, Inc. All Rights Reserved

Security of online data

Convenience

Copyright © 2018, 2013, 2008 Pearson Education, Inc. All Rights Reserved

Global Positioning Systems (GPS) – computer or communication services that know exactly where a person is at a particular time

Cell phones and other devices are used for location tracking

Pros and cons

Copyright © 2018, 2013, 2008 Pearson Education, Inc. All Rights Reserved

Tools for parents

GPS tracking via cell phones or RFID

Copyright © 2018, 2013, 2008 Pearson Education, Inc. All Rights Reserved

33

The right to have material removed.

negative right (a liberty)

positive right (a claim right)

Copyright © 2018, 2013, 2008 Pearson Education, Inc. All Rights Reserved

34

Databases:

Government Accountability Office (GAO) - monitors government's privacy policies

Burden of proof and "fishing expeditions"

Data mining and computer matching to fight terrorism

Copyright © 2018, 2013, 2008 Pearson Education, Inc. All Rights Reserved

Public Records: Access vs. Privacy:

Public Records – records available to general public (bankruptcy, property, and arrest records, salaries of government employees, etc.)

Identity theft can arise when public records are accessed

How should we control access to sensitive public records?

Copyright © 2018, 2013, 2008 Pearson Education, Inc. All Rights Reserved

Discussion Questions:

What data does the government have about you?

Who has access to the data?

How is your data protected?

Copyright © 2018, 2013, 2008 Pearson Education, Inc. All Rights Reserved

Social Security Numbers

Too widely used

Easy to falsify

Various new proposals would require citizenship, employment, health, tax, financial, or other data, as well as biometric information. In many proposals, the cards would also access a variety of databases for additional information.

Copyright © 2018, 2013, 2008 Pearson Education, Inc. All Rights Reserved

National ID systems began in U.S. with the Social Security card in 1936.

Opponents of national ID systems argue that they are profound threats to freedom and privacy. “Your papers, please” is a demand associated with police states and dictatorships.

38

A new national ID system - Pros

would require the card

harder to forge

have to carry only one card

A new national ID system - Cons

Threat to freedom and privacy

Increased potential for abuse

Copyright © 2018, 2013, 2008 Pearson Education, Inc. All Rights Reserved

39

The REAL ID Act, passed in 2005, requires that in order to get a federally approved driver’s license or ID card, each person must provide documentation of address, birth date, Social Security number, and legal status in the U.S.

Technology and Markets:

Privacy enhancing-technologies for consumers

Encryption

Public-key cryptography

Business tools and policies for protecting data

Copyright © 2018, 2013, 2008 Pearson Education, Inc. All Rights Reserved

Government ban on export of strong encryption software in the 1990s (removed in 2000)

Copyright © 2018, 2013, 2008 Pearson Education, Inc. All Rights Reserved

During the period of the government ban, courts considered legal challenges to the restrictions based on the First Amendment. The government argued that software is not speech and that control of cryptography was a national security issue, not a free-speech issue.

41

Warren and Brandeis: The inviolate personality

Judith Jarvis Thomson: Is there a right to privacy?

Copyright © 2018, 2013, 2008 Pearson Education, Inc. All Rights Reserved

Until the late 19th century, courts based legal decisions supporting privacy in social and business activities on property rights and contracts. There was no recognition of an independent right to privacy. In 1890, Samuel Warren and Louis Brandeis (later a Supreme Court Justice), wrote a crucial article in which they argued that privacy was distinct from other rights.

Judith Jarvis Thomson, and MIT philosopher, argued that the old view was more accurate, that in all cases where infringement of privacy is a violation of someone’s rights, that violation is of a right distinct from privacy.

42

Transactions

Ownership of personal data

A basic legal framework: Enforcement of agreements and contracts

Regulation

Copyright © 2018, 2013, 2008 Pearson Education, Inc. All Rights Reserved

43

Free Market View

Freedom of consumers to make voluntary agreements

Diversity of individual tastes and values

Response of the market to consumer preferences

Usefulness of contracts

Flaws of regulatory solutions

Copyright © 2018, 2013, 2008 Pearson Education, Inc. All Rights Reserved

When asked “If someone sues you and loses, should they have to pay your legal expenses?” more than 80% of people surveyed said “yes.” When asked the same question from the opposite perspective: “If you sue someone and lose, should you have to pay their legal expenses?” about 40% said “yes.”

44

Consumer Protection View

Uses of personal information

Costly and disruptive results of errors in databases

Ease with which personal information leaks out

Consumers need protection from their own lack of knowledge, judgment, or interest

Copyright © 2018, 2013, 2008 Pearson Education, Inc. All Rights Reserved

Discussion Questions

How would the free market view and the consumer protection view differ on errors in Credit Bureau databases?

Who is the consumer in this situation?

Copyright © 2018, 2013, 2008 Pearson Education, Inc. All Rights Reserved

EU’s rules are more strict than U.S. regulations

EU Data Privacy Directive

Prohibits transfer of personal information to countries outside the EU that do not have an adequate system of privacy protection.

“Safe Harbor” plan

Abuses still occur

Puts requirements on businesses outside the EU

Copyright © 2018, 2013, 2008 Pearson Education, Inc. All Rights Reserved

The EU agreed to a “Safe Harbor” plan, under which companies outside the EU that agree to abide by a set of privacy requirements similar to the principles in the Data Privacy Directive, may receive personal data from the EU.

Many privacy advocates describe U.S. privacy policy as “behind Europe” because the U.S. does not have comprehensive federal legislation regulating personal data collection and use.

47

Wiretapping and Email Protection:

Telephone

1934 Communications Act prohibited interception of messages

1968 Omnibus Crime Control and Safe Streets Act allowed wiretapping and electronic surveillance by law-enforcement (with court order)

Email and other new communications

Electronic Communications Privacy Act of 1986 (ECPA) extended the 1968 wiretapping laws to include electronic communications, restricts government access to email

Copyright © 2018, 2013, 2008 Pearson Education, Inc. All Rights Reserved

48

The meaning of pen register has changed over time. It originally referred to a device that recorded the numbers called from a phone. Now it also refers to logs phone companies keep of all numbers called, including time and duration.

The Communications Assistance for Law Enforcement Act (CALEA)

Passed in 1994

Requires telecommunications equipment be designed to ensure that the government can intercept telephone calls (with a court order or other authorization).

Rules and requirements written by Federal Communications Commission (FCC)

Copyright © 2018, 2013, 2008 Pearson Education, Inc. All Rights Reserved

49

The National Security Agency (NSA)

Foreign Intelligence Surveillance Act (FISA) established oversight rules for the NSA

Secret access to communications records

Copyright © 2018, 2013, 2008 Pearson Education, Inc. All Rights Reserved