Learning Objectives • Privacy Risks and Principles • The expectation of Privacy, and Surveillance Technologies • The Business and Social Sectors • Government Systems • Violations of privacy • Protecting Privacy. What do we mean by privacy? • Louis Brandeis (1890) – “right to be left alone” – protection from institutional threat: government, press
• Alan Westin (1967)
– “right to control, edit, manage, and delete information about themselves and decide when, how, and to what extent information is communicated to others” What Needs to be Kept Private? • Personal info must remain confidential & must not be distributed without consent • Some personal information – credit records, health or medical history, racial or ethnic origin, political opinions, religious beliefs, trade union membership, financial information, personal habits, • family, • education, • legal…. etc. What Needs To Be Kept Private? • Commercial or Government Data • This data is classified differently; • Top Secret – exceptionally grave damage • Secret – serious damage • internal, most sensitive business information – higher than normal level of protection (access and integrity) • Unclassified – may still require discretionary access controls Privacy Everything about you is in at least one computer file. – Where is my data? – How is it used? – Who sees it? – Is anything private anymore? Privacy How Did They Get My Data? • Loans • Insurance claim • Charge accounts • Hospital stay • Orders via mail • Sending checks • Magazine subscriptions • Fund-raisers • Advertisers • Tax forms • Warranties • Applications for schools, • Military draft registration jobs, clubs • Court petition Privacy How Did They Get My Data? Privacy Your Boss is Spying on You! Monitoring software – Screens – E-mail – Keystrokes per minute – Length of breaks – What computer files are used and for how long Privacy groups want legislation requiring employers to alert employees that they are being monitored. Privacy Monitoring by Web Sites Records: • City • Site you just left • Everything you do while on the site • Hardware and software you use • Click stream – Series of clicks that link from site to site – History of what the user chooses to view Privacy Monitoring by Web Sites Cookie • Stores information about you • Located on your hard drive • Beneficial uses – Viewing preferences – Online shopping – Secure sites retain password in cookie • Controversial use – Tracking surfing habits for advertisers • Can set browser to refuse cookies or warn before storing • Software available to manage cookies Privacy Risks and Principles Key Aspects of Privacy: • Freedom from intrusion (being left alone) • Control of information about oneself • Freedom from surveillance (from being tracked, followed, watched) Privacy Risks and Principles Privacy threats come in several categories: • Intentional, institutional uses of personal information • Unauthorized use or release by “insiders” • Theft of information • Unintentional leakage of information • Our own actions Privacy Risks and Principles New Technology, New Risks: • Government and private databases • Sophisticated tools for surveillance and data analysis • Vulnerability of data Privacy Risks and Principles New Technology, New Risks – Examples: Search query data – Search engines collect many terabytes of data daily. – Data is analyzed to target advertising and develop new services. – Who gets to see this data? Why should we care? Privacy Risks and Principles New Technology, New Risks – Examples: Smartphones – Location apps – Data sometimes stored and sent without user’s knowledge Privacy Risks and Principles New Technology, New Risks – Summary of Risks: • Anything we do in cyberspace is recorded. • Huge amounts of data are stored. • People are not aware of collection of data. • Software is complex. • Leaks happen and many others. Privacy Risks and Principles Two common forms for providing informed consent are opt out and opt in: • opt out – Person must request (usually by checking a box) that an organization not use information. • opt in – The collector of the information may use information only if person explicitly permits use (usually by checking a box). Privacy Risks and Principles Discussion Questions • Have you seen opt-in and opt-out choices? Where? How were they worded? • Were any of them deceptive? • What are some common elements of privacy policies you have read? Privacy Risks and Principles Fair information principles 1. Inform people when you collect information. 2. Collect only the data needed. 3. Offer a way for people to opt out. 4. Keep data only as long as needed. 5. Maintain accuracy of data. 6. Protect security of data. 7. Develop policies for responding to law enforcement requests for data New Technologies • Make possible “noninvasive but deeply revealing” searches – particle sniffers, imaging systems, location trackers • What restrictions should we place on their use? When should we permit government agencies to use them without a search warrant? Video Surveillance and Face Recognition • Security cameras – Increased security – Decreased privacy Video Surveillance and Face Recognition Discussion questions: • Should organizers at events which are possible terrorist targets use such systems? • Should we allow them to screen for people with unpaid parking tickets? Marketing and Personalization • Data mining • Targeted ads Marketing and Personalization • Paying for consumer information.
Some businesses offer discounts to shoppers who
use cards that enable tracking of their purchases. Social Networks What we do Post opinions, gossip, pictures, “away from home” status What they do New services with unexpected privacy settings Our Social and Personal Activity Discussion Questions Is there information that you have posted to the Web that you later removed? Why did you remove it? Were there consequences to posting the information? Have you seen information that others have posted about themselves that you would not reveal about yourself? Life in the Clouds • Security of online data • Convenience Location Tracking • Global Positioning Systems (GPS) – computer or communication services that know exactly where a person is at a particular time • Cell phones and other devices are used for location tracking • Pros and cons Location Tracking • Tools for parents – GPS tracking via cell phones or RFID
• Radio-frequency identification (RFID) uses
electromagnetic fields to automatically identify and track tags attached to objects Government Systems Databases: • Government Accountability Office (GAO) - monitors government's privacy policies • Burden of proof and "fishing expeditions" • Data mining and computer matching to fight terrorism Government Systems Public Records: Access vs. Privacy:
Public Records – records available to general public
(bankruptcy, property, and arrest records, salaries of government employees, etc.) Identity theft can arise when public records are accessed How should we control access to sensitive public records? Government Systems Discussion Questions: • What data does the government have about you? • Who has access to the data? • How is your data protected? National ID Systems • Social Security Numbers – Too widely used – Easy to falsify • Various new proposals would require citizenship, employment, health, tax, financial, or other data, as well as biometric information. In many proposals, the cards would also access a variety of databases for additional information. National ID Systems A new national ID system - Pros would require the card harder to forge have to carry only one card A new national ID system - Cons Threat to freedom and privacy Increased potential for abuse Violations of privacy • 1. Intrusion; • Intrusion is an invasion of privacy by wrongful entry, seizing, or acquiring possession of the property of others. e.g. hackers. Violations of privacy • 2. Misuse of information; • People always give out information in exchange for services. • Information to gov’t, to business for their services or products, seeking loans, etc • The information got from individuals is kept in big databases with adequate security. • Suppose this information is used for unauthorized purposes, then collecting this info becomes an invasion to privacy. Violations of privacy • 3. Interception of information; • Interception is unauthorized access to private information via eavesdropping. • This occurs when a third-party gains unauthorized access to a private communication between two or more parties. • Information can be gathered by eavesdropping in the following areas; Violations of Privacy • a) at the source and sink of information where an individual can hide and listen in or recording gadgets can be hidden to collect information. • b) between communication channels by tapping into the communication channels and then listening in. Violations of privacy • Posting things on the Internet can be harmful to individuals. • The information posted on the Internet is permanent. • This includes comments written on blogs, pictures, and Internet sites, such as Facebook and Twitter. • It is absorbed into cyberspace and once it is posted, anyone can find it and read it. • This action can come back and hurt people in the long run when applying for jobs or having someone find person information. Violations of privacy • 4. Information Matching; • Linking individual records in different databases. • Hundreds of databases with individual records are gathered from an individual over a lifetime. Can you recall how many forms you have filled since you were a child? • erroneous information • or stale information • Erroneous & stale information are always used. Violations of Privacy… • Face recognition technology can be used to gain access to a person's private data, according to a new study. • Researchers at Carnegie Mellon University combined image scanning, cloud computing and public profiles from social network sites to identify individuals in the offline world. • Data captured even included a user's social security number. Violations of privacy… • Experts have warned of the privacy risks faced by the increased merging of our online and offline identities. • The researchers have also developed an 'augmented reality' mobile app that can display personal data over a person's image captured on a Smartphone screen. Violations of privacy • Today many people have digital cameras and post their photographs online. • The people depicted in these photos might not want to have them appear on the Internet. Any individual can be unwillingly tagged in a photo and displayed in a manner that might violate them personally in some way, and by the time Face book gets to taking down the photo, many people will have already had the chance to view, share, or distribute it. Risks to Internet Privacy • In the modern technological world, millions of individuals are subject to privacy threats. • Companies are hired to watch what individuals visit online, and also to infiltrate the information and send advertising based on one's browsing history. • People can set up accounts on Facebook as well as enter bank and credit card information to various websites. Privacy Protection • As computer technology makes massive strides better methods of information gathering are appearing everyday, • Sadly with these methods and techniques individual privacy is under attack from corporations and businesses that have the means. Privacy Protection • Privacy measures are provided on several social networking sites to try to provide their users with protection for their personal information. • On Face book for example privacy settings are available for all registered users. Privacy Protection • The settings available on Face book include the ability to block certain individuals from seeing one's profile, the ability to choose one's "friends", and the ability to limit who has access to one's pictures and videos. • Privacy settings are also available on other social networking sites such as Google Plus and Twitter. It is the user's prerogative to apply such settings when providing personal information on the internet. Privacy Protection • In summary, guidelines and structures that safeguard and protect privacy rights fall under the following categories:
– Technical - through the use of software and other
technical based safeguards and also education of users and consumers to carry out self-regulation. – contractual –through which information like electronic publication and how such information is disseminated are given contractual and technological protection against unauthorized reproduction or distribution. – legal – through the enactment of laws by national legislatures and enforcement of such laws by the law enforcement agencies. – Through individual efforts ( be vigilant) Privacy in the Workplace • Claims to privacy are also involved at the work places. • Millions of employees are also subjected to electronic and other forms of high-tech surveillance including; • Employee electronic monitoring • Email monitoring • Document monitoring • Internet activity monitoring • Personally identifiable information • Information technology and systems threaten individual claims to privacy by making the invasion of privacy cheap, profitable and effective. Internet challenges to Privacy Internet challenges to privacy include: • Information sent via the internet may pass through many computer systems before it reaches its final destination.
• Each of these systems is capable of monitoring ,
capturing, and storing communications that pass through it.
• It is possible to record many online activities
including files a person has accessed, which website he/she has visited and what items that person has inspected or purchased over the web. Internet Challenges to Privacy cont… • Some organizations also monitor the internet usage of their employees to see how they are using company network resources.
• Web retailers now have access to software that
lets them watch the online shopping behavior of individuals and groups while they are visiting the web site and making purchases.
• The commercial demand for this personal
information is virtually unquenchable. Facilitated by Mary Komunte