A Gift of Fire

voltaireblingData Management

Nov 20, 2013 (3 years and 6 months ago)

68 views

Original Slides prepared by Cyndi Chie and Sarah Frye

Adapted for
use in LSU course CSC
-
1200 “Ethics in Computing”

A Gift of Fire

Third edition

Sara
Baase

Chapter 2: Privacy

What We Will Cover


Privacy and Computer Technology


“Big Brother is Watching You”


Privacy Topics


Protecting Privacy


Communications



2

Privacy and Computer
Technology

Key Aspects of Privacy:


Freedom from intrusion (being left
alone)


Control of information about oneself


Freedom from surveillance (being
tracked, followed, watched)


3

Privacy and Computer
Technology (cont.)

Privacy Threats:


Intentional, institutional use


Law Enforcement, Tax collection


Unauthorized Release by Insiders


Theft of information


Leakage from negligence


Our own actions


Intentional or unintentional


4

Privacy and Computer
Technology (cont.)

New Technology, New Risks:


Government and private databases


Easier access of government documents


Sophisticated tools for surveillance and
data analysis


Cameras, GPS, cell phones


Vulnerability of data

5

Privacy and Computer
Technology (cont.)

Example: Search Query Data


Search engines store search histories


to improve their algorithms


for marketing



Possible to retrieve private information


Health and psychological problems


Addictions: gambling, alcoholism, drugs


Financial status: bankruptcy

6

Privacy and Computer
Technology (cont.)


Google Incident (2006)


federal government subpoena to provide 2 months
of user search queries, in response to court
challenges for Child Online Protection Act
(COPA)


finally provided only 50,000 URLs



AOL incident (2006)


Employee posted anonymous search queries to
improve search algorithms


20,000,000 searches from 650,000 people


Easy to identify people: searches for local sports
teams, their car model, etc

7

Privacy and Computer
Technology (cont.)

Terminology:


Invisible information gathering

-
collection of personal information about someone
without the person’s knowledge

-
unauthorized software, Cookies, ISP providers,
supermarket cards


Secondary use


use of personal information for a purpose other
than the one it was provided for


Examples: sell data to marketers, give data to IRS


8

Privacy and Computer
Technology (cont.)

Terminology (cont.):


Data mining


searching and analyzing masses of data to find
patterns and develop new information or
knowledge


Computer matching


combining and comparing information from
different databases (using social security number,
for example, to match records)

9

Privacy and Computer
Technology (cont.)

Terminology (cont.):


Computer profiling


analyzing data in computer files to determine
characteristics of people most likely to engage in
certain behavior


Businesses find new consumers


Government detects fraud and crime activities

10

Note: data mining, computer matching, and computer profiling are
secondary uses of information

Privacy and Computer
Technology (cont.)

Principles for Data Collection and Use:


Informed consent


Opt
-
in and opt
-
out policies


Fair Information Principles (or Practices)


Data retention

11

Privacy and Computer
Technology (cont.)

Fair Information Principles (or Practices):


Inform about personally identifiable information


Collect only data needed


Offer opt
-
out from email, advertising, etc


Stronger protection of sensitive data


Keep data only as long as needed


Maintain accuracy of data


Policies for responding to law enforcement


12

Privacy and Computer
Technology

Discussion Questions


Have you seen opt
-
in and opt
-
out
choices? Where? How were they
worded?


Were any of them deceptive?


What are some common elements of
privacy policies you have read?

13

"Big Brother is Watching
You"

George Orwell’s dystopian novel “1984”:


Written in 1949


Big Brother = Oceania government


Watches everyone via “telescreens” in
homes and public places


Little crime, little political dissent


No love, no freedom

Modern analog:


Dataveillance = “data surveilance”

14

"Big Brother is Watching
You" (Cont.)

Government Databases:


Government agencies collect many
types of information


Ask business to report about consumers


Buy personal information from sellers


Main publicized reason: data mining
and computer matching to fight
terrorism

15

"Big Brother is Watching
You" (Cont.)

Sample Government Data Records:


tax, medical (
medicare
,
medicaid
),
marriage/divorce, welfare, school,


motor vehicle, voter registration,


books checked out, firearm permits,


loan applications,
bankrupcy
,


arrests







16

"Big Brother is Watching
You" (Cont.)

Private information can be used to:


Arrest people


Jail people


Seize assets


Important: High standards for privacy
protection by government




17

"Big Brother is Watching
You" (Cont.)

Privacy Act of 1974:


Main law about federal
gov
. use of data


Restricts kept records to “relevant and
necessary”


Publish record systems


People can access and correct records


Procedures for database security


Prohibit disclosure of information
without consent



18

"Big Brother is Watching
You" (cont.)

Government Accountability Office (GAO):


Congress’s “watchdog agency”


Examines problems of Privacy Act


1996 study:


Whitehouse maintained secret database with
200,000 people records with ethnic and political
info


ChoicePoint
:


Private company that sells data to government


Owns billions of records (telephone, liens, deeds,
divorce, …)

19

"Big Brother is Watching
You" (cont.)

Burden of Proof and “fishing expeditions”


Millions of crime suspects are searched
in government databases


Shift from presumption of innocence to
presumption of guilt


Computer software characterizes
suspects

20

"Big Brother is Watching
You" (cont.)

Data mining and computer matching to
fight terrorism


After 9/11 people resisted privacy
intrusion by government


CAPPS (Computer Assisted Passenger
Prescreening)


implemented by airlines


Extreme CAPPS II and Total
Information Awareness


never
implemented

21

"Big Brother is Watching
You" (cont.)

The Fourth Amendment:

“The right of the people to be secure in their
persons, houses, papers, and effects, against
unreasonable searches and seizures, shall not be
violated, and no Warrants shall issue, but upon
probable cause, supported by Oath or affirmation,
and particularly describing the place to be
searched, and the persons or things to be seized.”


Protects right to privacy

22

"Big Brother is Watching
You" (cont.)

Weakening the Fourth Amendment:


Fourth amendment requires “probable
cause” to search private property


Two problems:


Personal information may not be at home and
private offices


Government can search our home from distance
without our knowledge


USA PATRIOT ACT eased collection of
private information

23

"Big Brother is Watching
You" (cont.)

“Noninvasive but deeply revealing”
searches:


Satellite imaging


Catch illegal crops


Catch property improvements for tax purposes


TSA (Transportation Security
Administration)


X
-
ray machines


response to ACLU complaints: blur body parts,
discard images

24

"Big Brother is Watching
You" (cont.)

Supreme court decisions (expectation of
privacy):


Olmstead v. United States (1928):


Allowed wiretaps on telephone lines


Fourth amendment applies only to physical
intrusions and material processions


Katz v. United States (1967):


Reversed wiretap decision


Fourth amendment “protects people, not places”
even in public locations

25

"Big Brother is Watching
You" (cont.)

USA Patriot Act (2001):


Antiterrorism law


National security letter (NSL)


Before 2001 FBI required a NSL to access private
records of foreign power (telephone, email, ISP);
NSLs issued by high authority FBI agents


After 2001 any FBI field agent can issue NSL on
anyone (foreign power or not)


2003
-
2005 report found "widespread and serious
misuse" of the FBIs national security letter
authorities (143,000 NSLs)

26

"Big Brother is Watching
You" (cont.)

Video Surveillance, Security cameras


Increased security


Decreased privacy

Examples:


2001 Super Bowl, Tampa, Florida: computer
system scanned faces of 100,000 fans; little
success


4,000,000 surveillance cameras in Britain;
helped identify terrorists in 2005 subway
attacks

27

"Big Brother is Watching
You" (cont.)


Discussion Questions


What data does the government have
about you?


Who has access to the data?


How is your data protected?

28

Diverse Privacy Topics

Marketing, Personalization and Consumer
Dossiers:


Targeted marketing


Data mining

credit cards, supermarkets


Paying for consumer information

Free
-
PC, Google Gmail


Data firms and consumer profiles


ChoicePoint
, Acxiom (have public records,
property, marriage, divorce, bankruptcy)

29


Credit records


Experian, Equifax,
Transunion


Bill
-
paying history, lawsuits, bankruptcies, liens


Problems: sold information, mailing lists, errors


Fair Credit Reporting Act (FCRA) 1970


First law to establish regulation


Flaw: allows legitimate business access
(involving consumers)


Amended 1996, 2003



30

Diverse Privacy Topics
(cont.)

Diverse Privacy Topics
(cont.)

Location Tracking:


Global Positioning Systems (GPS)
-
computer or communication services
that know exactly where a person is at a
particular time


Cell phones and other devices are used
for location tracking


RFID (Radio Frequency Identification)


Passports, credit cards, consumer products

31

Diverse Privacy Topics
(cont.)


Pros:


Navigation, stolen vehicle tracking,
accident emergency location


Cons:


Loss of privacy


Security problems (RFID)


Consumer moving patterns



32

Diverse Privacy Topics
(cont.)

Stolen and Lost Data:


Hackers, Spyware, Physical theft
(laptops, thumb
-
drives, etc.)


TJX lost 40 million consumer records


Time Warner 600,000 employee records


Millions of consumer records from Acxiom


UC 800,000 student records (SSN, address)


33

Diverse Privacy Topics
(cont.)


Requesting information under false
pretenses


Pretexting
: pretend to be a legitimate business


Usually from phone


Sell data to others


Bribery of employees who have access


34

Diverse Privacy Topics
(cont.)

What We Do Ourselves:


Personal information in blogs and online
profiles


Pictures of ourselves and our families


File sharing and storing


Is privacy old
-
fashioned?


Young people put less value on privacy
than previous generations


May not understand the risks

35

Diverse Privacy Topics
(cont.)

Public Records: Access vs. Privacy:


Public Records



records available to general public (bankruptcy,
property, and arrest records, salaries of
government employees, etc.)


Identity theft can arise when public records
are accessed


Arizona Maricopa County
-

first county to post
records online; Has highest rate of identity theft


Campaign donation records, flight plans, …


How should we control access to sensitive
public records?

36

Diverse Privacy Topics
(cont.)

National ID System:


Social Security Numbers (SSN)


Too widely used


Used until recently to identify students in
Universities


Easy to falsify


SSN cards are very unreliable


Easy to replicate

37

Diverse Privacy Topics
(cont.)

National ID System (Cont.):


A new national ID system
-

Pros


would require one card


harder to forge


REAL ID Act (2005): standards for driver licenses


A new national ID system
-

Cons


Threat to freedom and privacy


Increased potential for abuse

38

Diverse Privacy Topics
(cont.)

Children:


The Internet


Not able to make decisions on when to provide
information


Vulnerable to online predators


COPPA
-

Children’s Online Privacy Protection Act
(2000): rules for children under 13; requires
consent from parents to collect information


Parental monitoring


Software to monitor Web usage


Web cams to monitor children while parents are at
work


GPS tracking via cell phones or RFID

39

Diverse Privacy Topics

Discussion Questions


Is there information that you have
posted to the Web that you later
removed? Why did you remove it? Were
there consequences to posting the
information?


Have you seen information that others
have posted about themselves that you
would not reveal about yourself?

40

Protecting Privacy

Technology and Markets:


Privacy enhancing
-
technologies for
consumers


Encryption


Public
-
key cryptography


Business tools and policies for
protecting data

41

Protecting Privacy (cont.)

Rights and laws:


Theories


Warren and Brandeis


Privacy is a right by itself (not covered by other
rights)


E.g. exposure of personal information that does
not violate other laws (Libel, Slander,
Defamation) is a violation


Thomson


Privacy is protected by other rights


i.e. freedom from violence, freedom to form
contracts


Both agree that privacy is protected by consent
and agreements

42

Protecting Privacy (cont.)


Transactions


may reveal privacy


Simple example: Joe buys five pounds of
potatoes from Maria


Joe’s crop has failed


Joe is unpopular


Both have incentives to keep transaction
private


Ownership of personal data (copyright laws)


Regulation


Health Insurance Portability and
Accountability Act (HIPAA)


Protects privacy of medical insurers

43

Protecting Privacy (cont.)

Rights and laws: Contrasting Viewpoints:


Free Market View


Freedom of consumers to make voluntary
agreements


Diversity of individual tastes and values


Response of the market to consumer
preferences


Usefulness of contracts


Flaws of regulatory solutions

44

Protecting Privacy (cont.)

Rights and laws: Contrasting Viewpoints (cont.):


Consumer Protection View


Uses of personal information


Costly and disruptive results of errors in
databases


Ease with which personal information leaks
out


Consumers need protection from their own
lack of knowledge, judgment, or interest

45

Protecting Privacy (cont.)

Privacy Regulations in the European
Union (EU):


Data Protection Directive


More strict than U.S. regulations


Abuses still occur (more than USA)


Puts requirements on businesses
outside the EU

46

Protecting Privacy

Discussion Question


How would the free
-
market view and the
consumer protection view differ on
errors in Credit Bureau databases?


Who is the consumer in this situation?

47

Communication

Wiretapping and E
-
mail Protection:


Telephone


1934 Communications Act prohibited interception
of messages


1968 Omnibus Crime Control and Safe Streets Act
allowed wiretapping and electronic surveillance by
law
-
enforcement (with court order)


E
-
mail and other new communications


Electronic Communications Privacy Act of 1986
(ECPA) extended the 1968 wiretapping laws to
include electronic communications, restricts
government access to e
-
mail

48

Communication (cont.)

Secret Intelligence Gathering:


The National Security Agency (NSA)


Foreign Intelligence Surveillance Act
(FISA) established oversight rules for
the NSA


Secret access to communications
records


AT&T secret room of NSA (current issue)


Explores patterns of communications

49

Communication (cont.)

Designing Communications Systems for
Interception:


Communications Assistance for Law
Enforcement Act of 1994 (CALEA)


Telecommunications equipment must be
designed to ensure government can
intercept telephone calls


Rules and requirements written by
Federal Communications Commission
(FCC)

50

Communication (cont.)

Encryption Policy:


Government ban on export of strong
encryption software in the 1990s (removed
in 2000)


Initially restrictions for encryption software
and research publications


Federal court ruling: First Amendment
protects computer software (similar to speech
)

51

Communication (cont.)


Pretty Good Privacy (PGP)


Email encryption program (1990’s)


Zimmerman (creator) was under threat of
indictment


Irony: Government was using PGP


52

Communication

Discussion Questions


What types of communication exist
today that did not exist in 1968 when
wiretapping was finally approved for
law
-
enforcement agencies?


What type of electronic communications
do you use on a regular basis?

53