Privacy - PowerPoint PPT Presentation

1 / 20
About This Presentation
Title:

Privacy

Description:

The US Constitution recognizes no explicit right to privacy, but ... in order to protect individuality and freedom against unjustified intrusions by authorities ... – PowerPoint PPT presentation

Number of Views:143
Avg rating:3.0/5.0
Slides: 21
Provided by: georgeb57
Category:

less

Transcript and Presenter's Notes

Title: Privacy


1
Privacy
  • September 27, 2004
  • CS 4001B
  • Fall 2004

2
A Broader View
  • The US Constitution recognizes no explicit right
    to privacy, but history of court rulings
    recognizes implicit right to be let alone by the
    Government in the 4th Amendment. (Which is that?)
    Thus Roe v. Wade is a privacy-related ruling.
    Laws protecting people from others attentions
    are usually justified on other grounds (e.g.
    anti-stalking, anti-telemarketing).

3
What are the key aspects of privacy?
  • The rights to keep ones personal information
    secret or to expect personal information, when
    disclosed, to be held in confidence and to be
    used only for permitted purposes.
  • The right to be left alone from unwanted
    attention, etc.
  • The right to be free from surveillance (being
    followed, watched, and eavesdropped upon)
  • The phrase comes from a famous 19th Century legal
    essay by Warren and Brandeis prompted by
    technology developments (growing intrusions by
    newspaper photographers on public).

4
Privacy
  • What is it that these three views have in common?
    Are they just a case of a word being used in
    different senses?
  • All three have to do with a persons rights to
    control or have a say in how they are represented
    to the world. This is very culturally specific!
  • All three have to do with people rather than
    simply information subjects. Companies can claim
    confidentiality, but not privacy.

5
Dealing With Privacy
  • Safeguarding personal and group privacy, in order
    to protect individuality and freedom against
    unjustified intrusions by authorities
  • Collecting relevant personal information
    essential for rational decision-making in social,
    commericial, and governmental life
  • Conducting the constitutionally limited
    government surveillance of people and activities
    to protect public order and safety

6
Risks of New Technology
  • Invisible Information Gathering
  • Supermarket club cards
  • Cookies
  • Data collected by advertisers (data spillage)
  • Peer-to-peer systems to trade music and other
    files
  • Computer Matching and Profiling
  • Location, Location, Location
  • GPS
  • Cell phones
  • Tracking devices in cars

7
Databases
  • Personal information is out there in tons of
    databases
  • Lots of complaints about the governments use of
    computer technology to invade citizens privacy
    so
  • Privacy Act of 1974
  • Computer Matching and Privacy Protection Act of
    1988

8
Privacy Act of 1974
  • Restricts the data in federal government records
    to what is relevant and necessary to the legal
    purpose for which it is collected
  • Requires federal agencies to publish a notice of
    their record systems in the Federal Register so
    that the public may learn about what databases
    exist.
  • Allows people to access their records and correct
    inaccurate information.
  • Requires procedures to protect the security of
    the information in databases
  • Prohibits disclosure of information about a
    person without his or her consent (with several
    exceptions.)

9
Computer Matching and Privacy Protection Act of
1988
  • Requires the government to follow a review
    process before doing computer matching for
    various purposes
  • The Government is careless about following the
    provisions of this law.

10
Obeying the Rules
  • General Accounting Office is Congress watchdog
    agency
  • Monitor the governments privacy policies
  • 1997 study showed that 80 of the federal
    government web sites linked from the White House
    web page violated provisions of the Privacy Act
  • Some stopped using cookies, others didnt
  • In 2000, only 3 of the sites fully complied with
    the fair information standards for notice,
    choice, access, and security established by the
    Federal Trade Commission for commercial web sites
    (The FTC itself did not comply!)
  • Employee leaks

11
US Constitution 4th Ammendment
  • Part of the Bill of Rights (10 amendments that
    define rights of individual citizens)
  • The right of the people to be secure in their
    persons, houses, papers, and effects, against
    unreasonable searches and seizures, shall not be
    violated, and no Warrants shall issue, but upon
    probable cause, supported by oath or affirmation,
    and particularly describing the place to be
    searched and the persons or things to be seized.

12
Weakening the 4th Ammendment
  • USA Patriot Act of 2001 lets the government
    collect information from financial institutions
    on any transactions that differ from a customers
    usual pattern and eased government access to many
    other kinds of personal information without a
    court order
  • Automated Toll Collection and Itemized Purchase
    Records
  • Satellite surveillance and thermal imaging
  • Issue still open, Supreme Court says maybe an
    intrusion no rulings made, so government
    agencies continue to use images

13
Weakening the 4th Ammendment
  • Olmstead v. United States (1928)
  • Use of wiretaps on telephone lines without a
    court order
  • Katz v. United States (1967)
  • Wiretaps reversed
  • United States v. Miller (1976)
  • Law-enforcement agents do not need a court order
    to get bank records

14
Search and Surveillance Tools
  • Electronic Body Searches
  • Face-recognition
  • What else??

15
Privacy and Personal Information
  • If some forms of privacy are sometimes right,
    what are the implications for system designers?
  • If personal information is subject to privacy,
    then personal information has to be
    distinguishable from other kinds of information.
    For example, there could be different
    requirements for securing or exchanging personal
    information, or for auditing a system to
    demonstrate that personal information has been
    obtained and used properly.
  • These are difficult requirements to satisfy. A
    persons mothers maiden name (for example) is
    usually just a field associated with a data
    object. But to satisfy these requirements,
    meta-information (information about the
    information) may also have to be stored about
    where the information came from, what it can be
    used for, etc.

16
Privacy and Personal Information
  • If personal information should be held in
    confidence, it should be clear who can
    legitimately view it, and who requires special
    authorization.
  • Which, in turn, suggests that policies governing
    use restrictions (which are often legal documents
    written to contain a companys liability or
    customer-service documents written to reassure
    consumers) have technical consequences.
  • And things change. Companies merge, the laws
    under which they operate change, the significance
    of information changes, etc. What if policies
    change or change in meaning? Should authorization
    be sought again? (This suggests the need for
    meta-meta-information that associates
    meta-information with the versions of policies
    that they were gained under.)

17
Fair Information Practices
  • In 1998, the Organization for Economic
    Co-operation and Development (OECD), comprising
    30 countries, concluded that the role of the
    private sector is to adopt clear privacy policies
    for disclosure on the Internet.
  • In 1998, the FTC suggested that privacy policies
    follow a code for fair information practices,
    which overlaps with the OECD Privacy Guidelines.
  • These policies are not followed uniformly by
    companies.

18
Fair Information Practices
  • Notice / awareness
  • E.g. when policy changes no invisible collection
  • Choice / consent
  • ?E.g. opt-in rather than opt-out or no consent
    requirement
  • Access / participation
  • ?E.g. right to access and challenge personal
    information
  • Integrity / security
  • ?E.g. expectation that personal information is
    not vulnerable to leaks
  • Enforcement / redress.
  • ?E.g. procedure for dealing with
    disagreements/dissatisfaction

19
Additional Best Practices
  • Collect only the data needed (for specific
    purposes by authorized personnel).
  • Keep data only as long as needed.
  • Record keepers must be accountable for
    compliance.

20
Things to Think About
  • Concepts arent clear (whats private information
    and why?)
  • Privacy isnt just security
  • Rights over information use, accuracy, personal
    representation, freedom from intrusion
  • Privacy conflicts with other rights
  • Privacy by design (designed into a system)
    imposes big information management requirements
    on systems
  • Spam, Spam, Spam, Spam
Write a Comment
User Comments (0)
About PowerShow.com