Information Rights - Privacy

Facilitated by Mary Komunte

 Learning Objectives
• Privacy Risks and Principles
• The expectation of Privacy, and Surveillance
Technologies
• The Business and Social Sectors
• Government Systems
• Violations of privacy
• Protecting Privacy.
 What do we mean by privacy?
• Louis Brandeis (1890)
– “right to be left alone”
– protection from institutional threat:
government, press

• Alan Westin (1967)

– “right to control, edit, manage,
and delete information about
themselves and decide when, how,
and to what extent information is
communicated to others”
 What Needs to be Kept Private?
• Personal info must remain confidential & must
not be distributed without consent
• Some personal information
– credit records, health or medical history, racial
or ethnic origin, political opinions, religious
beliefs, trade union membership, financial
information, personal habits,
• family,
• education,
• legal…. etc.
 What Needs To Be Kept Private?
• Commercial or Government Data
• This data is classified differently;
• Top Secret – exceptionally grave damage
• Secret – serious damage
• internal, most sensitive business information –
higher than normal level of protection (access
and integrity)
• Unclassified – may still require discretionary
access controls
 Privacy
Everything about you is in at least one
computer file.
– Where is my data?
– How is it used?
– Who sees it?
– Is anything private anymore?
 Privacy
How Did They Get My Data?
• Loans • Insurance claim
• Charge accounts • Hospital stay
• Orders via mail • Sending checks
• Magazine subscriptions
• Fund-raisers
• Advertisers
• Tax forms
• Warranties
• Applications for schools,
• Military draft registration
jobs, clubs
• Court petition
 Privacy
How Did They Get My Data?
 Privacy
Your Boss is Spying on You!
Monitoring software
– Screens
– E-mail
– Keystrokes per minute
– Length of breaks
– What computer files are used and for how long
Privacy groups want legislation requiring employers
to alert employees that they are being monitored.
 Privacy
Monitoring by Web Sites
Records:
• City
• Site you just left
• Everything you do while on the site
• Hardware and software you use
• Click stream
– Series of clicks that link from site to site
– History of what the user chooses to view
 Privacy
Monitoring by Web Sites
Cookie
• Stores information about you
• Located on your hard drive
• Beneficial uses
– Viewing preferences
– Online shopping
– Secure sites retain password in cookie
• Controversial use
– Tracking surfing habits for advertisers
• Can set browser to refuse cookies or warn before
storing
• Software available to manage cookies
 Privacy Risks and Principles
Key Aspects of Privacy:
• Freedom from intrusion (being left alone)
• Control of information about oneself
• Freedom from surveillance (from being tracked,
followed, watched)
 Privacy Risks and Principles
Privacy threats come in several categories:
• Intentional, institutional uses of personal
information
• Unauthorized use or release by “insiders”
• Theft of information
• Unintentional leakage of information
• Our own actions
 Privacy Risks and Principles
New Technology, New Risks:
• Government and private databases
• Sophisticated tools for surveillance and data
analysis
• Vulnerability of data
 Privacy Risks and Principles
New Technology, New Risks – Examples:
Search query data
– Search engines collect many terabytes of data daily.
– Data is analyzed to target advertising and develop
new services.
– Who gets to see this data? Why should we care?
 Privacy Risks and Principles
New Technology, New Risks – Examples:
Smartphones
– Location apps
– Data sometimes stored and sent without user’s
knowledge
 Privacy Risks and Principles
New Technology, New Risks – Summary of Risks:
• Anything we do in cyberspace is recorded.
• Huge amounts of data are stored.
• People are not aware of collection of data.
• Software is complex.
• Leaks happen and many others.
 Privacy Risks and Principles
Two common forms for providing informed consent
are opt out and opt in:
• opt out – Person must request (usually by
checking a box) that an organization not use
information.
• opt in – The collector of the information may use
information only if person explicitly permits use
(usually by checking a box).
 Privacy Risks and Principles
Discussion Questions
• Have you seen opt-in and opt-out choices?
Where? How were they worded?
• Were any of them deceptive?
• What are some common elements of privacy
policies you have read?
 Privacy Risks and Principles
Fair information principles
1. Inform people when you collect information.
2. Collect only the data needed.
3. Offer a way for people to opt out.
4. Keep data only as long as needed.
5. Maintain accuracy of data.
6. Protect security of data.
7. Develop policies for responding to law
enforcement requests for data
 New Technologies
• Make possible “noninvasive but deeply
revealing” searches
– particle sniffers, imaging systems, location trackers
• What restrictions should we place on their use?
When should we permit government agencies to
use them without a search warrant?
 Video Surveillance and Face Recognition
• Security cameras
– Increased security
– Decreased privacy
 Video Surveillance and Face Recognition
Discussion questions:
• Should organizers at events which are possible
terrorist targets use such systems?
• Should we allow them to screen for people with
unpaid parking tickets?
 Marketing and Personalization
• Data mining
• Targeted ads
 Marketing and Personalization
• Paying for consumer information.

Some businesses offer discounts to shoppers who

use cards that enable tracking of their purchases.
 Social Networks
 What we do
 Post opinions, gossip, pictures, “away from home”
status
 What they do
 New services with unexpected privacy settings
 Our Social and Personal Activity
Discussion Questions
 Is there information that you have posted to the
Web that you later removed? Why did you
remove it? Were there consequences to posting
the information?
 Have you seen information that others have
posted about themselves that you would not
reveal about yourself?
 Life in the Clouds
• Security of online data
• Convenience
 Location Tracking
• Global Positioning Systems (GPS) – computer or
communication services that know exactly where
a person is at a particular time
• Cell phones and other devices are used for
location tracking
• Pros and cons
 Location Tracking
• Tools for parents
– GPS tracking via cell phones or RFID

• Radio-frequency identification (RFID) uses

electromagnetic fields to automatically identify
and track tags attached to objects
 Government Systems
Databases:
• Government Accountability Office (GAO) -
monitors government's privacy policies
• Burden of proof and "fishing expeditions"
• Data mining and computer matching to fight
terrorism
 Government Systems
Public Records: Access vs. Privacy:

 Public Records – records available to general public

(bankruptcy, property, and arrest records, salaries of
government employees, etc.)
 Identity theft can arise when public records are accessed
 How should we control access to sensitive public
records?
 Government Systems
Discussion Questions:
• What data does the government have about
you?
• Who has access to the data?
• How is your data protected?
 National ID Systems
• Social Security Numbers
– Too widely used
– Easy to falsify
• Various new proposals would require citizenship,
employment, health, tax, financial, or other data,
as well as biometric information. In many
proposals, the cards would also access a variety
of databases for additional information.
 National ID Systems
 A new national ID system - Pros
 would require the card
 harder to forge
 have to carry only one card
 A new national ID system - Cons
 Threat to freedom and privacy
 Increased potential for abuse
 Violations of privacy
• 1. Intrusion;
• Intrusion is an invasion of privacy by
wrongful entry, seizing, or acquiring
possession of the property of others.
e.g. hackers.
 Violations of privacy
• 2. Misuse of information;
• People always give out information in exchange
for services.
• Information to gov’t, to business for their
services or products, seeking loans, etc
• The information got from individuals is kept in
big databases with adequate security.
• Suppose this information is used for unauthorized
purposes, then collecting this info becomes an
invasion to privacy.
 Violations of privacy
• 3. Interception of information;
• Interception is unauthorized access to private
information via eavesdropping.
• This occurs when a third-party gains
unauthorized access to a private communication
between two or more parties.
• Information can be gathered by eavesdropping in
the following areas;
 Violations of Privacy
• a) at the source and sink of information
where an individual can hide and listen
in or recording gadgets can be hidden
to collect information.
• b) between communication channels
by tapping into the communication
channels and then listening in.
 Violations of privacy
• Posting things on the Internet can be harmful to
individuals.
• The information posted on the Internet is permanent.
• This includes comments written on blogs, pictures,
and Internet sites, such as Facebook and Twitter.
• It is absorbed into cyberspace and once it is posted,
anyone can find it and read it.
• This action can come back and hurt people in the
long run when applying for jobs or having someone
find person information.
 Violations of privacy
• 4. Information Matching;
• Linking individual records in different databases.
• Hundreds of databases with individual records
are gathered from an individual over a lifetime.
Can you recall how many forms you have filled
since you were a child?
• erroneous information
• or stale information
• Erroneous & stale information are always used.
 Violations of Privacy…
• Face recognition technology can be used to gain
access to a person's private data, according to a
new study.
• Researchers at Carnegie Mellon University
combined image scanning, cloud computing and
public profiles from social network sites to
identify individuals in the offline world.
• Data captured even included a user's social
security number.
 Violations of privacy…
• Experts have warned of the privacy risks
faced by the increased merging of our
online and offline identities.
• The researchers have also developed an
'augmented reality' mobile app that can
display personal data over a person's image
captured on a Smartphone screen.
 Violations of privacy
• Today many people have digital cameras and post
their photographs online.
• The people depicted in these photos might not
want to have them appear on the Internet. Any
individual can be unwillingly tagged in a photo
and displayed in a manner that might violate
them personally in some way, and by the time
Face book gets to taking down the photo, many
people will have already had the chance to view,
share, or distribute it.
 Risks to Internet Privacy
• In the modern technological world, millions of
individuals are subject to privacy threats.
• Companies are hired to watch what individuals
visit online, and also to infiltrate the information
and send advertising based on one's browsing
history.
• People can set up accounts on Facebook as well
as enter bank and credit card information to
various websites.
 Privacy Protection
• As computer technology makes
massive strides better methods of
information gathering are appearing
everyday,
• Sadly with these methods and
techniques individual privacy is under
attack from corporations and businesses
that have the means.
 Privacy Protection
• Privacy measures are provided on
several social networking sites to try
to provide their users with protection
for their personal information.
• On Face book for example privacy
settings are available for all
registered users.
 Privacy Protection
• The settings available on Face book include the
ability to block certain individuals from seeing
one's profile, the ability to choose one's "friends",
and the ability to limit who has access to one's
pictures and videos.
• Privacy settings are also available on other social
networking sites such as Google Plus and Twitter.
It is the user's prerogative to apply such settings
when providing personal information on the
internet.
 Privacy Protection
• In summary, guidelines and structures that safeguard and
protect privacy rights fall under the following categories:

– Technical - through the use of software and other

technical based safeguards and also education of users
and consumers to carry out self-regulation.
– contractual –through which information like electronic
publication and how such information is disseminated
are given contractual and technological protection
against unauthorized reproduction or distribution.
– legal – through the enactment of laws by national
legislatures and enforcement of such laws by the law
enforcement agencies.
– Through individual efforts ( be vigilant)
Privacy in the Workplace
• Claims to privacy are also involved at the work places.
• Millions of employees are also subjected to electronic
and other forms of high-tech surveillance including;
• Employee electronic monitoring
• Email monitoring
• Document monitoring
• Internet activity monitoring
• Personally identifiable information
• Information technology and systems threaten
individual claims to privacy by making the invasion of
privacy cheap, profitable and effective.
 Internet challenges to Privacy
Internet challenges to privacy include:
• Information sent via the internet may pass
through many computer systems before it reaches
its final destination.

• Each of these systems is capable of monitoring ,

capturing, and storing communications that pass
through it.

• It is possible to record many online activities

including files a person has accessed, which
website he/she has visited and what items that
person has inspected or purchased over the web.
Internet Challenges to Privacy cont…
• Some organizations also monitor the internet
usage of their employees to see how they are
using company network resources.

• Web retailers now have access to software that

lets them watch the online shopping behavior of
individuals and groups while they are visiting the
web site and making purchases.

• The commercial demand for this personal

information is virtually unquenchable.
Facilitated by Mary Komunte

Thank you for your Attention