PRIVACY AND

FREEDOM OF EXPRESSION
3
 LEARNING OBJECTIVES

• What is the right of privacy, and what is the basis for

protecting personal privacy under the law?
• What are some of the laws that provide protection for
the privacy of personal data, and what are some of
the associated ethical issues?
• What are the various strategies for consumer profiling,
and what are the associated ethical issues?
• Why and how are employers increasingly using
workplace monitoring?
• What are the capabilities of advanced surveillance
technologies, and what ethical issues do they raise?
 PRIVACY PROTECTION AND THE LAW

The use of information technology in both government

and business requires
• Balancing the needs of those who use the information
that is collected against the rights and desires of the
people whose information is being used.
• Information about people is gathered, stored,
analyzed, and reported because organizations can
use it to make better decisions.
• The global marketplace and intensified competition
have increased the importance of knowing consumers’
purchasing habits and financial condition.
 CONTINUE

Many people object to the data collection policies. For

these peoples it is requires to balance scales
• A combination of approaches—new laws, technical
solutions, and privacy policies.
• Reasonable limits must be set on government and
business access to personal information
• New information and communication technologies
must be designed to protect rather than diminish
privacy
• Appropriate corporate policies must be developed to
set baseline standards for people’s privacy.
• Education and communication are also essential.
 CONTINUE

• Today, in addition to protection from government

intrusion, people want and need privacy protection
from private industry.
• Few laws provide such protection, and most people
assume that they have greater privacy rights than the
law actually provides.
• A broad definition of the right of privacy is

“the right to be left alone—the most comprehensive of

rights, and the right most valued by a free people.”
 INFORMATION PRIVACY

Information privacy is the combination of

• Communications Privacy:
• The ability to communicate with others without those
communications being monitored by other persons or
organizations.
• Data Privacy:
• the ability to limit access to one’s personal data by other
individuals and organizations in order to exercise a substantial
degree of control over that data and its use.
 PRIVACY LAWS, APPLICATIONS, AND
COURT RULINGS

A number of independent laws and acts have been

implemented over time based on the following:
• Financial Data
• Health Information
• Children’s Personal Data
• Electronic Surveillance
• Fair Information Practices
• Access to Government Records.
 FINANCIAL DATA

• Individuals has to reveal much of their personal financial

data in order to take advantage of the wide range of
financial products and services available, including credit
cards, checking and savings accounts, loans, payroll direct
deposit, and brokerage accounts.
• To access many of these financial products and services,
individuals must use a personal logon name, password,
account number, or PIN.
• The inadvertent loss or disclosure of this personal financial
data carries a high risk of loss of privacy and potential
financial loss.
• Individuals should be concerned about how this personal
data is protected by businesses and other organizations and
whether or not it is shared with other people or companies.
 FINANCIAL ACTS

• Fair Credit Reporting Act

• Regulates the operations of credit-reporting bureaus, including
how they collect, store, and use credit information.
• Right to Financial Privacy Act
• Protects the records of financial institution customers from
unauthorized scrutiny by the federal government.
• To gain access to a customer’s financial records, the
government must obtain one of the following:
• an authorization document signed by the customer that identifies
the records, the reasons the records are requested, and the
customer’s rights under the act
• an appropriate administrative or judicial summons
• a qualified search warrant
• a formal written request by a government agency
 CONTINUE
• Gramm-Leach-Bliley Act
• prohibited any one institution from offering investment,
commercial banking, and insurance services;
• individual companies were only allowed to offer one of those
types of financial service products.
• GLBA also included three key rules that affect personal privacy:
• Financial Privacy Rule: This rule established mandatory guidelines for
the collection and disclosure of personal financial information by
financial organizations.
• Safeguards Rule: This rule requires each financial institution to
document a data security plan describing the company’s
preparation and plans for the on going protection of clients’
personal data.
• Pretexting Rule: This rule addresses attempts by people to access
personal information without proper authority by such means as
impersonating an account holder or phishing.
 CONTINUE

• Fair and Accurate Credit Transactions Act

• It allows consumers to request and obtain a free credit
report once each year from each of the three primary
consumer credit reporting companies (Equifax, Experian,
and TransUnion).
• The act also helped establish the National Fraud Alert
system to help prevent identity theft.
• Consumers who suspect that they have been or may
become a victim of identity theft can place an alert on
their credit files.
 HEALTH INFORMATION

• The use of electronic medical records and the

subsequent interlinking and transferring of this
electronic information among different organizations
has become widespread.
• Individuals are rightly concerned about the erosion of
privacy of data concerning their health.
• They fear intrusions into their health data by employers,
schools, insurance firms, law enforcement agencies,
and even marketing firms looking to promote their
products and services.
 HEALTH INFORMATION ACT

• Health Insurance Portability and Accountability Act

• This act was designed
• to improve the portability and continuity of health insurance
coverage; to reduce fraud, waste, and abuse in health
insurance and healthcare delivery.
• to simplify the administration of health insurance.
• Under the HIPAA provisions, healthcare providers must obtain
written consent from patients prior to disclosing any information
in their medical records.
• healthcare companies must appoint a privacy officer to
develop privacy policies and procedures as well as train
employees on how to handle sensitive patient data.
 CONTINUE

• The American Recovery and Reinvestment Act

• Title XIII, Subtitle D of this act (known as the Health
Information Technology for Economic and Clinical
Health Act, or HITECH) included strong privacy
provisions for electronic health records, including
• banning the sale of health information,
• promoting the use of audit trails and encryption,
• providing rights of access for patients.
• Within 60 days after discovery of data breach,each
individual whose health info. has been exposed must
be notified and if a breach involves 500 or more
people,notice must be provided to media outlets.
 CHILDREN’S PERSONAL DATA

There is a need to protect children from being

exposed to
• Inappropriate material and online predators
• Becoming the target of harassment
• Divulging personal data
• Becoming involved in gambling or other
inappropriate behaviour. (e.g. Blue Whale Game)
 CONTINUE

• Family Educational Rights and Privacy Act

• Assigns certain rights to parents regarding their children’s
educational records.
• These rights transfer to the student once the student reaches the
age of 18 or if he or she attends a school beyond the high
school level.
• These rights include:
• the right to access educational records maintained by a school
• the right to demand that educational records be disclosed only with
student consent
• the right to amend educational records
• the right to file complaints against a school for disclosing educational
records in violation of FERPA
 CONTINUE

• Children’s Online Privacy Protection Act

• Any Web site that caters to children must offer
comprehensive privacy policies, notify parents or guardians
about its data collection practices, and receive parental
consent before collecting any personal information from
children under 13 years of age.
 ELECTRONIC SURVEILLANCE

• Communications Act
• regulating all non-federal-government use of radio and
television broadcasting and all interstate telecommunications as
well as all international communications that originate or
terminate in the United States.
• The act also restricted the government’s ability to secretly
intercept communications.
• The Foreign Intelligence Surveillance Act (FISA)
• describes procedures for the electronic surveillance and
collection of foreign intelligence information in communications
between foreign powers and the agents of foreign powers.
• The act allows surveillance, without court order, within the United
States for up to a year unless the “surveillance will acquire the
contents of any communication to which a U.S. person is a
party.
 CONTINUE

• Electronic Communications Privacy Act

• This act deals with three main issues:
1. The protection of communications while in transfer from
sender to receiver
2. The protection of communications held in electronic storage
3. the prohibition of devices from recording dialling, routing,
addressing, and signalling information without a search
warrant.
 CONTINUE

• Communications Assistance for Law Enforcement Act

• This act required the telecommunications industry to
build tools into its products that federal investigators
could use after obtaining a court order to eavesdrop
on conversations and intercept electronic
communications.
• This act covers radio-based data communication
emerging technologies, such as wireless modems,
radio-based electronic mail, and cellular data
networks.
 CONTINUE

• USA PATRIOT Act

• Uniting and Strengthening America by Providing
Appropriate Tools Required to Intercept and
Obstruct Terrorism Act
• Increasing the ability of law enforcement agencies
to search telephone, email, medical, financial, and
other records.
• It also eased restrictions on foreign intelligence
gathering in the United States.
 FAIR INFORMATION PRACTICES

• It is a term for a set of guidelines that govern the

collection and use of personal data.
• The overall goal of such guidelines is to stop the
• unlawful storage of personal data
• eliminate the storage of inaccurate personal data
• prevent the abuse or unauthorized disclosure of such data.
 CONTINUE

• Organisation for Economic Co-operation and

Development Guidelines for the Protection of Privacy
and Transborder Flows of Personal Data
• The Organisation for Economic Co-operation and Development
(OECD) is an international organization currently consisting of 34
member countries, including Australia, Canada, France,
Germany, Italy, Japan, Mexico, New Zealand, the United
Kingdom, and the United States.
• Its goals are to set policy and to come to agreement on topics
for which multilateral consensus is necessary in order for
individual countries to make progress in a global economy.
 CONTINUE

• European Union Data Protection Directive

• It requires any company doing business within the
borders of the countries comprising the European
Union to implement a set of privacy directives on
the fair and appropriate use of information.
• Basically, this directive requires member countries to
ensure that data transferred to non-European Union
(EU) countries is protected.
 CONTINUE

The following list summarizes the basic tenets (principles) of the

directive:
1. Notice: An individual has the right to know if his or her personal
data is being collected, and any data must be collected for
clearly stated, legitimate purposes.
2. Choice: An individual has the right to elect not to have his or her
personal data collected.
3. Use: An individual has the right to know how personal data will
be used and the right to restrict its use.
4. Security: Organizations must “implement appropriate technical
and organizations measures” to protect personal data, and the
individual has the right to know what these measures are.
5. Correction: An individual has the right to challenge the
accuracy of the data and to provide corrected data.
6. Enforcement: An individual has the right to seek legal relief
through appropriate channels to protect privacy rights
ACCESS TO GOVERNMENT RECORDS

The government has a great capacity to store data

about each and every one of us and about the
proceedings of its various organizations.
• Freedom of Information Act
• Grants citizens the right to access certain information and
records of federal, state, and local governments upon request.
(e.g. Right to Information Act of India)
• There are two basic requirements for filing a FOIA request:
1. the request must not require wide-ranging, unreasonable, or
burdensome searches for records
2. the request must be made according to agency procedural
regulations published in the Federal Register.
 CONTINUE

• Privacy Act
• Establishes a code of fair information practices that
sets rules for the collection, maintenance, use, and
dissemination of personal data that is kept in systems
of records by federal agencies.
• It also prohibits U.S. government agencies from
concealing the existence of any personal data
record-keeping system.
• Under this law, any agency that maintains such a
system must publicly describe both the kinds of
information in it and the manner in which the
information will be used.
 PRIVACY AND ANONYMITY ISSUES

• Data Breaches
• Data breaches are sometimes caused by hackers
breaking into a database, but more often than one
might suspect, they are caused by carelessness or
failure to follow proper security procedures.
• Electronic Discovery
• Electronic discovery (e-discovery) is the collection,
preparation, review, and production of electronically
stored information for use in criminal and civil actions
and proceedings.
• Electronically stored information (ESI) includes any form of digital information,
including emails, drawings, graphs, Web pages, photographs, word-processing files,
sound recordings, and databases stored on any form of electronic storage device,
including hard drives, CDs, and flash drives.
 CONTINUE

• Consumer Profiling
• Companies openly collect personal information about users
when they register at Web sites, complete surveys, fill out forms,
or enter contests online.
• Many companies also obtain information about Web surfers
through the use of cookies—text files that can be downloaded
to the hard drives of users who visit a Web site, so that the Web
site is able to identify visitors on subsequent visits.
• Companies also use tracking software to allow their Web sites to
analyze browsing habits and deduce personal interests and
preferences.
• The use of cookies and tracking software is controversial
because companies can collect information about consumers
without their explicit permission.
 CONTINUE

• Workplace Monitoring
• Many organizations have developed policies on the
use of IT in the workplace in order to protect against
employee abuses that reduce worker productivity or
that expose the employer to harassment lawsuits.
• Many U.S. firms find it necessary to record and
review employee communications and activities on
the job, including phone calls, email, and Web
surfing. Some are even videotaping employees on
the job.
 CONTINUE

• Advanced Surveillance Technology

• A number of advances in information technology—such as
surveillance cameras and satellite-based systems that can
pinpoint a person’s physical location—provide amazing new
data-gathering capabilities.
• These advances can also diminish individual privacy and
complicate the issue of how much information should be
captured about people’s private lives.
• Some of the Technologies used for surveillance
• Camera Surveillance
• Vehicle Event Data Recorders
• Stalking Apps (e.g. Mobile Spy, ePhoneTracker, FlexiSPY, and Mobile
Nanny)
 FREEDOM OF EXPRESSION

OBJECTIVES
• What is the basis for the protection of freedom of
expression in the United States, and what types of
expression are not protected under the law?
• What are some of the key federal laws that affect
online freedom of expression, and how do they
impact organizations?
• What important freedom of expression issues relate
to the use of information technology?
 CONTINUE

The right to freedom of expression is one of the most

important rights for free people everywhere.
• The First Amendment to the U.S. Constitution was adopted
to guarantee this right and others.

“Congress shall make no law respecting an establishment of

religion, or prohibiting the free exercise thereof; or abridging
the freedom of speech, or of the press; or the right of the
people peaceably to assemble, and to petition the
government for a redress of grievances”

• Over the years, a number of federal, state, and local laws

have been found unconstitutional because they violated
one of the tenets of this amendment.
 SPEECH

The definition of speech to include nonverbal, visual,

and symbolic forms of expression, such as flag burning,
dance movements, and hand gestures.
Types of speech not protected in the First Amendment:
• perjury
• fraud
• defamation
• obscene speech
• incitement of panic
• incitement to crime
• fighting words
• sedition
 INFORMATION TECHNOLOGY
RELATED SPEECH
Two of these types of speech—obscene speech and
defamation—are particularly relevant to information
technology.
• Obscene Speech:
Speech can be considered obscene on the basis of following
questions:
1. Would the average person, applying contemporary
community standards, find that the work, taken as a whole,
appeals to the prurient interest?
2. Does the work depict or describe, in a patently offensive way,
sexual conduct specifically defined by the applicable state
law?
3. Does the work, taken as a whole, lack serious literary, artistic,
political, or scientific value?
 CONTINUE

• Defamation
• Making either an oral or a written statement of alleged
fact that is false and that harms another person is
defamation.
• The right to freedom of expression is restricted when
the expressions, whether spoken or written, are untrue
and cause harm to another person.
• An oral defamatory statement is slander.
• A written defamatory statement is libel.
 FREEDOM OF EXPRESSION : KEY ISSUES

The key issues related to the freedom of expression

are:
1. Controlling Access to Information on the Internet
2. Strategic Lawsuit Against Public Participation
(SLAPP)
3. Anonymity on the Internet
4. Hate Speech
5. Pornography
 CONTROLLING ACCESS TO
INFORMATION ON THE INTERNET
Many laws were passed by the government and many
software were developed by the software
manufacturers to block access to objectionable
material. The following are these approaches:
• Communications Decency Act (CDA)
• The primary purpose of this law was to allow freer competition
among phone, cable, and TV companies.
• There is a section of this law aimed at protecting children from
accessing pornography.
• The CDA imposed fines and prison terms for the transmission of
“indecent” material over the Internet.
• CDA provides immunity to an Internet service provider (ISP) that
publishes user-generated content, as long as its actions do not
rise to the level of a content provider.
 CONTINUE

• Child Online Protection Act (COPA)

• COPA states that “Whoever knowingly and with knowledge
of the character of the material, in interstate or foreign
commerce by means of the World Wide Web, makes any
communication for commercial purposes that is available to
any minor and that includes any material that is harmful to
minors shall be fined not more than $50,000, imprisoned not
more than 6 months, or both.”
• The law became a rallying point for proponents of free
speech. Not only could it affect sellers of explicit material
online and their potential customers, but it could ultimately
set standards for Internet free speech.
 CONTINUE

• Internet Filtering
• An Internet filter is software that can be used to block access to
certain Web sites that contain material deemed inappropriate
or offensive.
• The best Internet filters use a combination of URL, keyword, and
dynamic content filtering. With URL filtering, a particular URL or
domain name is identified as belonging to an objectionable
site, and the user is not allowed access to it.
• Keyword filtering uses keywords or phrases—such as sex, Satan,
and gambling—to block Web sites.
• With dynamic content filtering, each Web site’s content is
evaluated immediately before it is displayed, using techniques
such as object analysis and image recognition.
 CONTINUE

• Children’s Internet Protection Act (CIPA)

• The act required schools and libraries to use some form of
technological protection (such as an Internet filter) to block
computer access to obscene material, pornography, and
anything else considered harmful to minors.
• Internet Censorship
• Internet censorship is the control or suppression of the publishing
or accessing of information on the Internet. Censorship can
take many forms—such as
1. Limiting access to certain Web sites
2. Allowing access to only some content or modified content at
certain Web sites
3. Rejecting the use of certain keywords in search engine searches
4. Tracking and monitoring the Internet activities of individuals
5. Harassing or even jailing individuals for their Internet use.
STRATEGIC LAWSUIT AGAINST PUBLIC
PARTICIPATION (SLAPP)
• A strategic lawsuit against public participation
(SLAPP) is a strategy employed by corporations,
government officials, and others against citizens
and community groups who oppose them on
matters of public interest.
• A SLAPP is typically without merit and is used to
intimidate critics out of fear of the cost and effort
associated with a major legal battle.
• Many would question the ethics and legality of
using a SLAPP; others would claim that all is fair
when it comes to politics and political issues.
 ANONYMITY ON THE INTERNET

• Anonymous expression is the expression of opinions by

people who do not reveal their identity.
• The freedom to express an opinion without fear of
reprisal is an important right of a democratic society.
• Anonymity is even more important in countries that
don’t allow free speech.
• However, in the wrong hands, anonymous
communication can be used as a tool to commit
illegal or unethical activities.
• Doxing involves the examination of Internet records in
an attempt to reveal the identity of an anonymous
poster.
 HATE SPEECH

• Persistent or malicious harassment aimed at a specific

person is hate speech, which can be prosecuted
under the law, but general, broad statements
expressing hatred of an ethnic, racial, or religious
group cannot.
• A threatening private message sent over the Internet to a
person.
• A public message displayed on a Web site describing intent to
commit acts of hate-motivated violence against specific
individuals,
• Libel directed at a particular person are all actions that can be
prosecuted.
 PORNOGRAPHY

• The Internet has been a boon to the pornography

industry
• More than 4.2 million porn Web sites are accessible
• The sites generate an estimated $1 to $7 billion a year in
revenue
• 72 million estimated visitors to porn Web sites monthly
• Individuals free to produce and publish what they
want; however, if what they distribute is judged
obscene, they are subject to prosecution.
 CONTINUE
• Controlling the Assault of Non-Solicited Pornography and
Marketing (CAN-SPAM) Act
• This act requires that commercial emailers must follow when
sending messages that have a primary purpose to advertise or
promote a commercial product or service.
• The key requirements of the law include:
• The From and To fields in the email, as well as the originating domain
name and email address, must be accurate and identify the person
who initiated the email.
• The subject line of the email cannot mislead the recipient as to the
contents or subject matter of the message.
• The email must be identified as an advertisement and include a valid
physical postal address for the sender.
• The emailer must provide a return email address or some other Internet
based response procedure to enable the recipient to request no future
emails, and the emailer must honor such requests to opt out.
• The emailer has 10 days to honor the opt-out request.
• Additional rules prohibit the harvesting of email addresses from Web
sites, using automated methods to register for multiple email accounts,
or relaying email through another computer without the owner’s
permission.