Title: Privacy What Is It
1Privacy What Is It?
- The rights and responsibilities that govern the
acquisition, disclosure, and use of personal
information. - Acquisition - from the individual, third party,
legally or illegally, with or without the
individuals awareness - Disclosure - to other people or entities
- Use - storing, manipulating or evaluating
personal information
2Personal Information
- Any type of information that is related to a
persons private life or concerns, recorded in
any form. - Can also be personally identifiable information
(PII), which can be used to uniquely identify,
locate or contact a person. - Not just content - but also events (a
transaction) that may implicate a persons
privacy.
3Privacy-implicating Activities An Incomplete
List
- Health Records and Medical Records
- Financial transactions of all types - tax,
banking, etc. - Subscriber Information -Telephones, Cable TV,
Video Rentals, etc. - Communications of all kinds - Telephone Calls,
emails, etc. - Credit History
- Purchasing History - Direct, Phone, Internet
- Student Records
- Insurance Records
- Employment Records
- Judicial History - Driving record, civil and
criminal cases, etc. - Internet Activities
4We the Network
- If our identity is simply reduced to a magstripe,
what is the real me or the card? - The Net (1995) starring Sandra Bullock
- We are all living under the big net!
5The right of the people to be secure in their
persons, houses, papers, and effects, against
unreasonable searches and seizures, shall not be
violated, and no Warrants shall issue, but upon
probable cause, supported by Oath or affirmation,
and particularly describing the place to be
searched, and the persons or things to be seized.
- Fourth Amendment to the United States
Constitution
6Privacy The Two-Part Test
- ...the Fourth Amendment protects people, not
places... Katz v. United States, 389 U.S. 347 - Courts have used a two-part test to determine
whether, at the time of the search, a defendant
had a legitimate expectation of privacy in the
place or things searched - Did the person actually expect some degree of
privacy? - Is the person's expectation objectively
reasonable -- that is, one that society is
willing to recognize? - Katz v. United States, 389 U.S. 347 (1967)
(Harlan, J., concurring)
7Reasonable Expectation of Privacy
- Over the years, court rulings has set the
precedent that the key to understanding privacy
issues is reasonable Expectation of Privacy. - These are the general criteria
- General legal principles no privacy if behaviors
or communications are knowingly exposed to public
view. - Vantage point a point where anyone can see or
hear what is going on - Certain buildings or pieces of land so most
public places come with no expectation of privacy
(some exceptions are public phone booths and
restrooms) - Technological sophistication laws are constantly
updated to adapt to new technological
innovations.
8Informed Consent
- A process in which an individual agrees to
participate after being given detailed
information about the benefits and potential
risks of his or her action. - The person must be advised about
- Nature (and type) of information collected
- Why and how it is going to be used
- Risks
- Freedom to withdraw
9Opt-in vs. Opt-out
- An opt-in policy requires a potential customer to
self-select the information (services) they wish
to subscribe to, and how the information can be
used. - An opt-out policy specifies that information can
be sent to customers without prior permission.
But customers must be provided with the option to
ask to be removed from the list. - In actual designing, an opt-in approach allows
the users to select some empty boxes of actions
to decide which type of information they want to
receive, while an opt-out approach leaves all the
boxes checked by default, and the users have to
de-select them if they do not want to receive
that particular type of communication. - The European Union is more inclined toward opt-in
in its policy initiatives, while the United
States is more toward opt-out.
10Aspects of Privacy
- Three Key Components
- Autonomy/dignity
- Ability to exercise control
- Absence of surveillance
- Different aspects
- Information privacy collection, use and
disclosure of identifiable personal information. - Communications privacy private information
should be safely delivered to the intended party. - Privacy in public (and work) places electronic
profiling (i.e., collecting a variety of in-depth
information about an individual electronically) - Home/work distinction public space/private
space distinction
11Some Important Federal Privacy Laws
- 2001 USA Patriot Act (USAPA)
- 1999 Financial Modernization (Gramm-Leach-Bliley)
Act - 1998 Childrens Online Privacy Protection Act
- 1998 Telephone Anti-Spamming Amendments Act
- 1992 Cable Act
- 1991 Telephone Consumer Protection Act
- 1988 Computer Matching and Privacy Act
- 1988 Video Privacy Protection Act
- 1986 Electronic Communications Privacy Act
- 1984 Cable Communications Policy Act
- 1978 Right to Financial Privacy Act
- 1974 Education Privacy Act
- 1974 Privacy Act
- 1970 Fair Credit Reporting Act
- 1970 Freedom of Information Act
12Privacy Act of 1974
- No agency shall disclose any record which is
contained in a system of records by any means of
communication to any person, or to another
agency, except pursuant to a written request by,
or with the prior written consent of, the
individual to whom the record pertains.... - Data records should be relevant and necessary
to the purpose for which they are collected - Establish procedures to allow individuals to see,
copy and amend records about themselves - Requires publishing notices describing all
systems of records (no secret records) - Agency is required to make reasonable efforts to
maintain accurate, relevant, timely and complete
records about individuals - Information collected for one purpose MAY NOT be
used for another purpose without notice to or the
consent of the subject of record
13The Computer Matching and Privacy Protection Act
of 1988
- Federal agencies involved in computer matching
programs are required to - Negotiate written agreements with the other
agency or agencies participating in the matching
programs - Obtain the relevant Data Integrity Boards'
approval of the match agreements - Furnish detailed reports about matching programs
to Congress and OMB (Office of Management and
Budget) - Notify applicants and beneficiaries that their
records are subject to matching and - Verify match findings before reducing,
suspending, terminating, or denying an
individual's benefits or payments.
14Online Privacy Breaches
- Online privacy can be compromised in three ways
- When personal data is saved on a local computer
- When the data is transported over the network
- When the data is stored by a third party.
15Web Browsing Privacy
- Cookies
- Many Web pages use cookiessmall text files that
are stored on your hard drive by the Web server,
typically the one hosting the Web page being
viewedto identify return visitors and their
preferences. - Web bugs
- A Web bug is a very small (often 1 pixel by 1
pixel) image on a Web page that transmits data
about a Web page visitor back to the Web pages
server. Web bugs are used extensively by
DoubleClick and other Internet advertising
companies. - Spyware
- Any software installed without the users
knowledge that secretly gathers information about
the user and transmits it to advertisers.
16Other Privacy Concerns
- E-mail
- Many people mistakenly believe that the e-mail
they send and receive is private. Since it is
transmitted over public networks, however,
non-encrypted e-mail can be intercepted and read
by someone else - easily. - Spams and Other Online Marketing Activities
- More in later lectures.
- Electronic Surveillance and Monitoring
- This can happen in public places or the work
place. We will come back to this later.
17More Privacy Concerns
- Invisible information gathering
- Collection of personal information without the
subjects knowledge - Data spillage
- Inadvertent disclosure of personal information
because of software design glitches or accidental
operations. - Secondary use of personal information
- Use of personal information for purposes other
than that was originally intended. - Computer matching computer profiling.
18Network Insecurity and Privacy Implications
- There are programs that can track the keyboard
movements at a remote PC. - Other programs can keep track of every type of
log-on activity over the network. - A UC Berkeley study in 2005 found that an
algorithm can successfully decipher up to 96
percent of the characters typed by feeding the
audio recording of key board typing. This can be
a form of acoustical spying over the network.
19Cell Phones Are Ubiquitous
- More and more cell phone models have built-in
Global Positioning System (GPS) capabilities. - So this makes tracking in real time a cell phone
as easy as point and click. - ULocate is one of the commercial providers to
offer tracking services. - The Federal Communications Commission (FCC) has
released its E911 (Enhanced 911) standard to
require that emergency callers be located within
50 meters. - The National Emergency Number Association (NENA)
recently approved the technical standard for VoIP
E911 specifically targeting Internet phones.
20Top Ten Ways to Protect Privacy Online
- Look for privacy policies on the Web
- Get a separate email account for personal email
- Teach your kids that giving out personal
information online means giving it to strangers - Clear your memory cache after browsing
- Make sure that online forms are secure
- Reject unnecessary cookies
- Use anonymous remailers
- Encrypt your email
- Use anonymizers while browsing
- Opt-out of third party information sharing
- Extra! Use common sense
- Source Center for Democracy and Technology
21Identity Theft
- Unauthorized access to a persons
- Social Security Number (SSN)
- Drivers License
- Credit Card Number
- Credit Reports
- Passport Numbers
- Birth Certificate
- Resume
22Identity Theft Consequences
- Unauthorized access may affect you by
- Accessing/Opening bank accounts
- Using your credit cards
- Limiting your ability to do commercial
transactions - Impersonating you at the professional level
- Committing criminal acts in your name
- Stalking you
- And worse yet, ruining your life!