Privacy and Personal Information

1
CSCI 2150, Computer Ethics

• Chapter 2
• Privacy and Personal Information
• Instructor Dr. Ahmad Ghafarian

2
Objectives

• The impact of computer technology
• Big Brother is Watching You
• Consumer Information
• More Privacy Risks
• Protecting Privacy Education, Technology, and
  Markets
• Protecting Privacy Law and Regulation

3
The Impact of ComputerTechnology

• Computers are not needed for the invasion of
  privacy.
• Computers simply make new threats possible and
  old threats more potent.
• Key aspect of Privacy
• Freedom from intrusion (being left alone).
• Control of information about oneself.
• Freedom from surveillance (from being followed,
  watched, and eavesdropped upon)

4
Risks of the Technology

• Invisible information gathering
• Secondary use
• computer matching
• Profiling
• Monitoring and tracking

5
Invisible Information Gathering

• Describes collection of personal information
  about someone without the persons knowledge,
  examples include
• Satellite surveillance.
• Caller ID.
• 800- or 900-number calls.
• Loyalty cards.
• Web-tracking data cookies.
• Peer-to-peer monitoring.
• Others

Q Recall an example of invisible information
gathering about you.
6
Secondary Use

• Using information for a purpose other than the
  one for which it was obtained. A few examples
• Sale (or trade) of consumer information to other
  businesses.
• Credit check by a prospective employer.
• Government agency use of consumer database.

Q Recall an occasion when a secondary use of
your personal information was made.
7
Computer Matching

• Combining and comparing information from more
  than one database. Some examples
• Sharing of government agencies databases to
  detect fraud by recipients of government
  programs.
• Creating consumer dossiers from various business
  databases.

Q Recall an example of computer matching that
has appeared in the news.
8
Computer Profiling

• Using data in computer files to predict likely
  behaviors of people. Some examples
• Businesses engage in profiling to determine
  consumer propensity toward a product or service.
• Government agencies use profiling to create
  descriptions of possible terrorists.

Q How might profiling be used with your personal
information?
9
Monitoring and Tracking

• Examples
• GPS (global positioning system).
• Cell-phones.
• Blackboxes in automobiles.
• Other wireless appliances.
• Are all able to determine our movement and
  determine a persons current location

Q What is the impact of GPS-equipped childrens
wrist watches.
10
Big Brother is Watching You (1)

• Federal Government agencies maintain thousands of
  databases containing personal information
• In 1982 it was estimated that federal agencies
  had approximately 3.5 billion personal files. An
  average of 15 for every person in the country
• Purpose
• Determine eligibility for jobs and programs.
• Reduce waste.
• Detect fraud.
• Law enforcement.
• Regulations
• Privacy Act of 1974.
• Computer Matching and Privacy Protection Act of
  1988.

Q Which government databases contains your
personal information?
11
Big Brother is Watching You (2)

• 4th Amendment
• Expectation of Privacy
• Governments rights are limited.
• Government must have probable cause to search
  private premises or seize documents.
• Privacy Challenges
• New sensing and surveillance technologies enable
  the government access to private premises without
  physical entry.
• New technologies provide the government with
  access to huge amounts of personal data in
  business databases.
• Courts allow some searches and seizures of
  computers without search warrants.

Q Has technology strengthened or weakened the
spirit of the 4th Amendment?
12
Consumer Information (1)

• Consumer Databases
• Gathering Information
• Warranty cards.
• Purchasing records.
• Membership lists.
• Web activity.
• Change-of-address forms.
• Much more

Q Recall ways in which you have contributed to
consumer databases.
13
Consumer Information (2)

• Consumer Databases (contd)
• Limiting Collection, Use, Sharing, and Sale of
  Personal Data
• Consumers can take measures to restrict the use
  of their personal information.
• Some information sharing is prohibited by law.
• Some information sharing is prohibited by
  published, privacy policies.

Q What measures do you take to limit consumer
information gathered about you?
14
Consumer Information (3)

• Marketing Using Consumer Information
• Trading/buying customer lists.
• Telemarketing.
• Data Mining.
• Mass-marketing.
• Web ads.
• Spam (unsolicited e-mail).

Q How are children affected by marketers using
consumer information?
15
Consumer Information (4)

• Credit Bureaus
• Uses of consumer information
• Evaluate credit risk of applicant.
• Marketing.
• Regulation
• FCRA (Fair Credit Reporting Act)
• Self-regulated by privacy principles.

Q If you are denied credit, what are your rights
based on the FCRA?
16
More Privacy Risks (1)

• Social Security Numbers (SSNs)
• Appear in
• Employer records.
• Government databases.
• School records.
• Credit reports.
• Consumer applications.
• Many other databases.

Q What are the risks of using SSNs as
identifiers?
17
More Privacy Risks (2)

• National ID Card System
• If implemented, the card could contain your
• Name.
• Address.
• Telephone number (s).
• Photo.
• SSN.

Q What other personal information should a
national ID card contain?
18
More Privacy Risks (3)

• National ID Card System
• If implemented, the system could allow access to
  your
• Medical information.
• Tax records.
• Citizenship.
• Credit history.
• Much more

Q Are the benefits of a national ID system
greater than the risks?
19
More Privacy Risks (4)

• Personal Health and Medical Information
• Data can include
• History of substance abuse.
• Treatment for sexually transmitted disease.
• Extent of psychiatric help received.
• Any suicide attempt(s).
• Diagnosis of diseases (diabetes, angina, cancer,
  etc.).
• Use of prescribed medicines.
• Much more

Q Why would marketers want access to your
medical information?
20
More Privacy Risks (5)

• Public Records
• Available in paper form and/or online
• Bankruptcy.
• Arrest.
• Marriage-license application.
• Divorce proceedings.
• Property ownership.
• Salary (if employed by state or federal
  government).
• Wills and Trusts.
• Much more

Q How should access to public records be
controlled?
21
Protecting Privacy Education, Technology, and
Markets (1)

• Education
• Must include awareness of
• How the technology works.
• How the technology is being used.
• The risks brought on by the technology.
• How to limit unwanted use of personal
  information.
• Applicable state and federal laws and regulations.

Q How do you limit unwanted use of your personal
information?
22
Protecting Privacy Education, Technology, and
Markets (2)

• Technology
• Enhance privacy using
• Cookie disablers.
• Opt-in/opt-out options.
• Anonymous Web services.
• PPP (Platform for Privacy Preferences).
• Good passwords.
• Audit trails.

Q What privacy-enhancing technology do you use
regularly?
23
Protecting Privacy Education, Technology, and
Markets (3)

• Market Response
• Markets can protect your privacy by
• Using trusted third parties.
• Adhering to established privacy policies.
• Purchasing consumer information directly from the
  consumer.
• Developing and selling privacy-enhancing
  technologies and services.

Q Have you read the privacy policies at Web
sites you frequent?
24
Protecting Privacy Law andRegulation (1)

• Philosophical Views
• Samuel Warren Louis Brandeis
• Individuals have the right to prohibit
  publication of personal facts and photos.
• Judith Jarvis Thompson
• No distinct right to privacy.
• Privacy rights result from rights to our
  property, body, and contracts.
• Transactions
• Transactions have two parties, often with
  conflicting preferences about privacy.

Q How should rights to information about
transactions between two parties be assigned?
25
Protecting Privacy Law andRegulation (2)

• Contrasting Views
• Free-market View
• The parties of a transaction are viewed as equal.
• Truth in information gathering.
• Strong reliance on contracts.
• Freedom of speech and commerce.
• Consumer-Protection View
• The parties of a transaction are viewed
  differently.
• More stringent consent requirements required by
  law.
• Strong limitations on secondary uses of
  information required by law.
• Legal restrictions on consumer profiling.

Q How should the privacy of consumer
transactions be regulated?
26
Protecting Privacy Law andRegulation (3)

• Contracts and Regulations
• Basic Legal Framework
• Enforce agreements and contracts.
• Publish privacy policies.
• Set defaults for situations not in contract.
• Requiring Specific Consent policies
• Adhere to informed consumer consent.
• Use opt-in policies.
• Legal Regulations
• Determine effectiveness, direct and hidden costs,
  and any loss of services or inconvenience.

Q Recall a situation where you exchanged
personal information for some benefit.
27
Protecting Privacy Law andRegulation (4)

• Contracts and Regulations (contd)
• Ownership of personal data. Can an individual
  own
• Facts (e.g. marriage license in public records)?
• Personal information (e.g. your date of birth)?
• Freedom of speech
• Prohibiting communication of information may
  violate the 1st Amendment.

Q When does protecting privacy conflict with
freedom of speech?
28
Protecting Privacy Law andRegulation (5)

• EU (European Union) Privacy Regulation
• Key points
• Limited collection of personal data.
• Data must be up-to-date and destroyed when no
  longer needed.
• Consent for sharing data is required.
• Sensitive data (e.g. religion) can only be
  provided with consent.
• Notify consumers about the collection and
  intended purpose of data.
• Restricted access and sharing of criminal
  convictions.

Q Can the EUs privacy regulations work in the
US?