Lecture 6 From Text Chapter 4 Privacy

1
Lecture 6From Text Chapter 4Privacy
2
Chapter 4 - Objectives

• Define the right of privacy.
• Describe two fundamental forms of data encryption
  and discuss their advantages/disadvantages.
• Identify several strategies of customer profiling
  and identify the associated privacy issues.
• Outline the key elements for treating consumer
  data responsibly.
• Discuss why and how employers are increasingly
  implementing workplace monitoring.
• Describe the capabilities of the Carnivore system
  and other advanced surveillance technologies.

3
Privacy Protection The Law

• The use of information technology in business
  requires the balancing of the needs of those who
  use information about individuals against the
  rights and desires of those individuals whose
  information may be used.
• The Open Society by David Brin

4
Constitution Amendment IV

• The right of people to be secure in their
  persons, houses, papers, and effects, against
  unreasonable searches and seizures, shall not be
  violated, and no Warrants shall issue, but upon
  probable cause, supported by Oath or affirmation,
  and particularly describing the place to be
  searched, and the persons or things to be seized.
  
• Is this an artifact of an earlier era?

5
The Right of Privacy

• Defined The right to be left alone the most
  comprehensive of rights, and the right most
  valued by a free people.
• Another definition The right of individuals to
  control the collection and use of information
  about themselves. (Is this practical?)

6
Aspects of Privacy

• Protection from unreasonable intrusion upon ones
  isolation.
• Protection from appropriation of ones name or
  likeness.
• Protection from unreasonable publicity given to
  ones private life.
• Protection from publicity which unreasonably
  places one in a false light before the public.

7
Legal Overview

• Freedom of Information Act
• Passed in 1966
• Amended in 1974
• Gives the public access to certain government
  records.
• Two parts
• Outlines the info that government agencies are
  required to publish.
• Outlines the process to review the records.

8
Freedom of Information

• Fair Credit Reporting Act 1970
• Regulates credit reporting bureaus.
• Privacy Act of 1974
• Limits how the U.S. government collects,
  maintains, uses, and disseminates personal
  information.

9
Freedom of Information

• Organization for Economic Cooperation and
  Development
• 30 member countries to set policies and make
  agreements in areas where multilateral agreement
  is necessary.
• Electronic Communication Privacy Act 1986
• Extends the prohibitions against the unauthorized
  interception of electronic communication.

10
Freedom of Information

• Communications Assistance for Law Enforcement Act
  - 1994
• Required telephone companies to provide a certain
  level of government access to data.
• Better Business Bureau Online TRUSTe are
  non-profit privacy initiatives that favor an
  industry-regulated approach to data privacy over
  a government regulated approach.
• Industry instead of the clumsier governmental
  approach

11
Key Policy Issues

• Opt-out assumes that the consumers approve of
  having companies collect and store their personal
  information.
• Opt-in requires the data collector to get
  specific permission from consumers before
  collecting any of their data.

12
Privacy Anonymity Issues

• Data Encryption (Cryptography) is the science of
  encoding messages so that only the sender and
  receiver can understand them.
• Public key system uses two keys to encode and
  decode messages.
• Private key system uses a single key to both
  encode and decode messages.

13
Customer Profiling

• Cookies text files that a Web site puts on your
  hard drive so that it can remember something
  about you at a later time.
• Three types of data collected
• GET data is the trail that you take when you
  browse the web.
• POST data is info you typed into blank fields.
• Click stream data is the history of the
  information of what the user sought and viewed.

14
Personalization Software

• Software used by marketers to optimize the
  number, frequency, and mixture of their ad
  placement.
• Rules-based ties business rules to
  customer-provided preferences.
• Collaborative filtering offers recommendations
  based on the types of products purchased.
• Demographic filtering collects click-stream data
  with personal demographical data.
• Contextual commerce associates product
  promotions with specific content a user may be
  receiving (pop-ups).

15
Platform for Privacy Preferences (P3P)

• Screening technology being proposed to shield
  users from sites that dont provide the level of
  security they desire.
• Browser will download the privacy policy from
  each site visited and check it against your
  personal policy settings.

16
Consumer Data

• Guidelines for treating consumer data responsibly
• Code of Fair Information Practices
• Organization for Economic Cooperation and
  Development privacy guidelines
• Chief Privacy Officers
• Establish corporate data privacy policies and
  initiatives

17
Workplace Monitoring

• Many organizations have set policies on the use
  of information technology.
• 78 of major U.S. firms record and review
  employee communications and activities.
• Phone calls
• E-mails
• Internet connections
• Computer files
• Videotaping

18
Spamming

• Spamming is the sending of many copies of the
  same messages in an attempt to force a large
  number of people to read a message they would
  otherwise choose not to receive.
• Losing the spamming battle.

19
Carnivore

• Highly controversial system used by the FBI to
  monitor selected e-mail messages and other
  computer traffic.
• Opponents insist that law officials should be
  required to get the same type of court order to
  intercept e-mail as they do with a wire-tap.

20
Advanced Surveillance Technology

• Thermal imaging
• Security cameras
• Global Positioning Systems in cell phones

21
Summary

• The right to privacy has four aspects
• Protection from unreasonable intrusion upon ones
  isolation.
• Protection from appropriation of ones name or
  likeness.
• Protection from unreasonable publicity given to
  ones private life.
• Protection from publicity which unreasonably
  places one in a false light before the public.

22
Summary

• Data encryption is a tool for ensuring
  confidentiality, integrity, and authenticity of
  messages and transactions.
• Marketing firms capture data from numerous
  sources to build databases detailing a large
  amount of consumer behavior.

23
Summary

• Marketing firms capture data from numerous
  sources to build detailed databases.
• The Code of Fair Information Practices and the
  OECD privacy guidelines provides approaches to
  handling consumer data responsibly.

24
Summary

• Employers are increasingly recording and
  reviewing employee communication and activities
  on the job.
• Carnivore is a controversial system used by the
  FBI to monitor e-mail messages.

25
Case 1 - HIPPA

• The Health Insurance Portability and
  Accountability Act of 1996 is to require health
  care organizations to implement cost-effective
  procedures for exchanging medical data.
  Compliance deadline is April, 2003.

26
Case 1 Posting Questions

• What do you see as the benefits from HIPAA? For
  both the health care organization and the
  patient?
• What down sides do you see from HIPAA?

27
Case 2 - Echelon

• Echelon is a top-secret electronic eavesdropping
  system managed by the National Security Agency of
  the U.S. and is capable of intercepting and
  decrypting almost any electronic message sent
  anywhere in the world via satellite, microwave,
  cellular, and fiber optic.

28
Case 2 Echelon

• Are you for or against Echelon for eavesdropping
  on electronic communications? Why or why not?
• What kinds of capabilities would you see Echelon
  having ten years from now as communications
  technology continues to evolve?