Transcript Document 7169449
Privacy and Personal Information
A supplementary guide to a complex and controversial social phenomenon.
http://www.youtube.com/watch?v=dfZhCB457Gs
Three Key Aspects of Privacy
Freedom from intrusion-being left alone Control of information about oneself Freedom from surveillance (from being followed, watched, and eavesdropped upon)
Personal Information
Any information relating to, or traceable to an individual person Any information associated to a particular person’s “handle”, user name, online nickname, ID number or email address Not restricted to text data, also includes images
Invisible Information Gathering
ISP Logs Cookies Data Spillage
ISP Logs
Where we went What we did How long we stayed
Cookies
At first controversial Shopping carts A site with name/address can link information in cookies with us
Data Spillage
DoubleClick – received financial information from Quicken E-Loan had partners collecting its customer information
Secondary Use of Personal Information
Computer Matching Combining and comparing information from different databases (usually using a person’s SSN to match records) Computer Profiling Using data in computer files to determine characteristics of people most likely to engage in certain behavior Used by businesses to determine what people are likely to buy Used by federal agencies to identify people to watch – people who have committed no crime but have the propensity to do so
Databases
1982 – Government agencies had an estimated 3.5 billion personal files, roughly 15 per person in the country Computer Matching and Privacy Protection Act of 1988 Requires government agencies to follow a review process before doing computer matching for various purposes
The Fourth Amendment
The right of the people to be secure in their persons, houses, papers and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
Satellite Surveillance and Thermal Imaging
Satellite Surveillance Satellite imaging to view a person’s property for the growth of marijuana or cotton not illegal Used by local governments to see non-permitted housing additions that could raise taxes Thermal Imaging Not permitted without a warrant
The Fourth Amendment
“Government uses a device that is not in general public use, to explore details of the home that would previously have been unknowable without physical intrusion, the surveillance is a ‘search’” and requires a warrant.
Consumer Information
The following issues are relevant to the collection and use of consumer information.
Databases and Marketing Children on the Web Principles for Data Collection
Databases and Marketing
Besides the Government, many corporate database systems track the personal information of consumers. Used for unsolicited mailing lists, targeting internet advertising (by location or user), internal customer reliability evaluations, identifying potential members for an organization based on common interest, and so on.
Benefits of Corporate Databases
Many users respond to targeted advertisements 92,000,000 Americans respond by purchasing products or sending contributions.
Corporations send out fewer catalogs with targeting – fewer disinterested recipients.
Targeted web offers are clicked 16 times as probably as untargeted ads. Up to 50 times as likely to be used as newspaper printed offers.
Problems with Corporate Databases
Privileged information and unwanted contact.
Tracking purchases of alcohol, cigarettes, contraceptives Creating lists of likely sufferers of infertility or EDS Lists of hacking enthusiasts, neo-nazi searches, etc.
Difficult to undo the damage Expecting mother has miscarraige Dissemination of personal data to prisoners (Metromail) Change-of-address notice provided to mass mailers
Children on the Web
Children cannot make informed decisions about providing personal information on the web.
In 1998, 89% of child targeted sites collected information.
In 2000 sites were banned from collecting information on children under 13 without verified parental consent.
Children can also be victimized by net-savvy child predators.
Principles For Data Collection
The main tenet of appropriate data collection is that a consumer must give informed consent.
1.
Collect only the data needed 2.
3.
4.
5.
6.
7.
Explain your policy Offer an opt-out Protect Sensitive Data Do not keep unneeded data Maintain accuracy and security Let people access their data
Privacy Risks
As it becomes easier to identify and coordinate an individual’s information, it becomes easier to abuse this nexus of information.
Social Security Numbers enabled Identity Thief's A National ID system could aggravate the situation
Benefits of National ID Cards
As a physical object, the ID card offers security.
As a technologically advanced card (microchip, magnetic strip, hologram, etc.) forgery is harder.
Regulated national ID would encourage heightened security – illegal immigrants and wanted criminals would not easily get around.
Detriments of ID Cards
Police States and unwarranted government involvement.
Encourages dissemination of personal information – damages personal privacy.
Mistakes in the system would cause wide-spread consequences for all affected.
Woman mistakenly marked dead by IRS – with national ID would have been denied access to many more necessities of society.
Personal Health and Medical Information
Paper records allowed numerous people to see information they don’t necessarily require Database-based computerized records allow for control over information released to protect patient privacy For medical insurance, we give up a lot of private information to verify visits, which allows insurance companies to detect or prevent fraud
Public Records
1994 – Driver’s Privacy Protection Act Prohibits unauthorized disclosure of state motor vehicle-department records Allows disclosure to any government agency and to private investigators Long available on paper, when filed for – allowed identity of anyone viewing it Now available online – allows anonymity
Legal Precedents
We’ve shown you how the world works, and given examples where policy changes have been effected.
Now, let us consider what precedents have guided the development of these policies. You will find that many policies seem to violate passed legislation. Are these laws outdated, or under-enforced?
1970 - Fair Credit Reporting Act
From 1970, this act is considered to be the first law, anywhere in the world, to regulating use of consumer information.
Credit Bureaus may only disclose information to employers, the government, and insurance agencies.
A clause made an exception for “others who need [the information] for legitimate business purposes involving the consumer.”
Further Acts
These issues extend far further than was presented in the text, and many of the following laws exemplify the complex and ever-changing nature of privacy litigation.
1974 - Privacy Act of 1974
http://www.usdoj.gov/oip/privstat.htm
“No agency shall disclose any record which is contained in a system of records by any means of communication to any person, or to another agency, except pursuant to a written request by, or with the prior written consent of, the individual to whom the record pertains…”
1974 – Privacy Act of 1974
Exceptions: For statistical purposes by the Census Bureau and the Bureau of Labor Statistics For routine uses within a U.S. government agency For archival purposes “as a record which has sufficient historical or other value to warrant its continued preservation by the United States Government" For law enforcement purposes For congressional investigations Other administrative purposes Each U.S. Government agency must have in place an administrative and physical security system to prevent the unauthorized release of personal records
1986 – Computer Fraud and Abuse Act
http://www.law.cornell.edu/uscode/18/1030.ht
ml Criminal Offenses: Intentionally accessing a computer without authorization to obtain information contained in a financial record of a financial institution, or contained in a file of a consumer reporting agency on a consumer
1986 – Electronic Communications Privacy Act
Extended the government’s restrictions on wire taps to include transmissions of electronic data by computers Designed to prevent unauthorized government access to private electronic communications
1986 – Electronic Communications Privacy Act
Title I – protects electronic communication while in transit Title II – Stored Communications Act – protects messages stored on computers, slightly weaker than Title I Title III – prohibits the use of pen register and/or trap and trace devices to record dialing, routing, addressing and signaling information used in the process of transmitting wire or electronic communications
1988 – Video Privacy Protection Act
Prevents “wrongful disclosure of video tape rental or sale records” Any “video tape service provider” that discloses rental information outside the ordinary course of business liable for up to $2500 in actual damages
1994 – Communications Assistance for Law Enforcement Act
“To amend Title 18, United States Code, to make clear a telecommunications carrier’s duty to cooperate in the interception of communications for Law Enforcement purposes, and for other purposes.”
Obliges telecommunication companies to make it possible for law enforcement agencies to tap any phone conversations made on its networks, as well as made call detail records available The “tap” on the lines must not be possible for the user to detect by a government agency
1996 – Health Insurance Portability and Accountability Act
Establishes regulations for the use and disclosure of Protected Health Information (PHI) Relates to any part of a patient’s medical record or payment history “Covered entities” (health plans, billing services, etc) may only release the minimum required information to facilitate treatment Must disclose PHI when required by law
2001 – PATRIOT Act
Provide Appropriate Tools Required to Intercept and Obstruct Terrorism One of the largest anti-privacy acts passed to date Federal courts have ruled that some provisions are unconstitutional infringements on civil liberties
Courtroom Examples
Jessup-Morgan v. America Online, Inc.
Raytheon, Inc. v. John Does, 1-21 Your ISP can reveal information about you if they want to Itex Corp. v. John Does 1-100 You need not have actually committed a crime to have information released your isp. It can simply be insulting someone with enough money, such as corporate management
In The Matter of Geocities.
Companies are required to inform you of how they use your information McVeigh v. Cohen What you say online in chartrooms is your business, and is protected because of the virtual aspect of the internet.
Liu v. DeFelice Zeran v. America Online Impersonating someone on the internet to obtain information is the same as impersonating them in real life.
ToySmart bankruptcy case If a company tells you that they will not release you information, they are required to uphold the agreement even if it is not signed by the customers.
European Union Privacy
Personal Data must be collected for specific purposes Data must be removed once it is no longer needed You need explicit consent to process personal data Your criminal conviction data is private
Class Discussion
Are businesses that provide free Internet services or PCs in exchange for tracking Web activities offering a fair option for consumers, or are they unfairly taking advantage of low-income people who must give up some privacy for these services? Should it be illegal for one to secretly hide one’s identity from public observation methods, such as video cameras through the use of concealed technology?
Should the government be allowed to make illegal the encryption of phone calls that they have made explicit steps to gain access to?