CHAPTER 2: PRIVACY By: Logan Sealover, Bradley Green, Logan Kallop

Introduction… Privacy Risks & Principles The 4 th Amendment, Privacy Expectations, & Surveillance The Business and Social Sectors Government Systems Protecting Privacy: Technology, Markets, Rights, & Laws Communications 2 Case Studies

Privacy Risks & Principles What is privacy? Personal Information—SSN, Password, Cellphone #, Medical Info Personal Life Matters—Everyday life, Conversations on/off-line How is privacy invaded? Databases, Digital Cameras, the Web, Smartphones, GPS, etc. 3 Key Aspects of Privacy: Freedom from intrusion—being left alone Control of information about oneself Freedom from surveillance—being followed, tracked, watched, eavesdropped upon.

Privacy Risks & Principles cont… Privacy can be viewed in positive and negative ways Positive: Allows us to keep health, relationship and family issues, religious beliefs, and political views private. Negative: Gives cover to deception, hypocrisy, and wrongdoing. Allows fraud and protects the guilty. Types of privacy threats: Intentional/unintentional uses of personal information Unauthorized use or release by “insiders”, the ones holding the info Theft of information Accidental leakage of information through negligence Our own actions (some risks aren’t obvious)

Privacy Risks & Principles cont… Large increases in speed, storage space, and connectivity Collection, searching, analyzing, storage, access, and distribution of huge amounts of information and images has become much easier to handle Provides great benefits, but threatens privacy Large companies (Google) may provide video, , social network, and search services to its users Could combine this information to better define a person’s interests, opinions, relationships, habits, and activities

Privacy Risks & Principles cont… Search engines collect many terabytes of data daily Results looked at, how users refine searches, spelling errors, etc. Companies analyze the data to improve search services Stolen data may come from hacking, stealing computers and disks, buying or requesting record under false pretenses, or by bribing employees of search companies Accidental leakage is another risk to businesses and government agencies that hold sensitive personal data Personal information on the Web may have wrong access status

Privacy Risks & Principles cont… Invisible Information Gathering is the collection of personal information without the person’s knowledge. Cookies are files a website stores on a visitor’s computer containing info about their past activities Supercookies are used by websites and are a more evolved cookie that can recreate deleted cookies, making them harder to remove Secondary Use is the use of personal info for a purpose other than the one for which the person applied it Selling information to businesses

Privacy Risks & Principles cont… Data Mining is the searching and analyzing of masses of data to find patterns and develop new information Matching means combining and comparing information from different databases Often use an identifier to match records—SSN, IP Address Profiling means analyzing data to determine aspects of people most likely to engage in certain behaviors Businesses use this to find likely new customers Government agencies use them to detect fraud, enforce other laws, or find terrorists

Privacy Risks & Principles cont… Organizations typically have agreements that users must accept before using their product Opt-out policies are agreements one must check or click on a contract to request that they not use one’s info More people are likely to be “in” Opt-in policies are agreements one must accept so the collector of the info may use the info for secondary uses More people are likely to be “out”

Privacy Risks & Principles cont… FAIR INFORMATION PRINCIPLES: Inform people when you collect info about them, what you collect, and how you use it. Collect only the data needed. Offer a way for people to opt-out from mailing lists, ads, and other secondary uses of personal information. Keep data only as long as needed. Maintain accuracy of data. Where appropriate and reasonable, provide ways for users to access or correct data stored about them. Protect security of data. Provide stronger protection for sensitive data. Develop policies for responding to law enforcement requests for data.

The Fourth Amendment & Technology The Fourth Amendment protects against unreasonable search and seizures Technology has started to threaten the Fourth Amendment Currently, large quantities of personal data is stored in online databases Online data is not protected under the fourth amendment These databases do not require a warrant to search However, some technology is limited and controlled by the Fourth Amendment

Search & Seizure of Technology Computers and cell phones have specific qualifications and regulations in regards to search and seizure Certain information could breach privacy, liberty and free speech A computer or other technology with illegal content not related to the warrant will be void The Fourth Amendment requires search warrants be specific about object of search and seizure Example: Federal government seizing information on drug use of professional athletes In order to seize information from technology the warrant must be specific to the evidence being search and seized. No other evidence can be taken from the source.

Surveillance Technology Examples of surveillance technology Security cameras Face recognition Video surveillance is commonly used However, surveillance can breach privacy Monitoring random individuals and comparing the individuals face to a criminal database When and where is face recognition and random surveillance justified Many major cities have cameras that consistently take pictures of individual’s license plates Currently, face recognition and surveillance is not as effective as other means Many alternatives to allocate funding

Businesses and Social Sectors What do businesses do with our data? What kinds of data do businesses store about us? What rights do we have with businesses and data? How much privacy do we really have on social sites?

Business Business store data for a variety of reasons Businesses sometimes sell that data to other companies Data collection and advertisements Does the fact that almost every store you have ever been in has personal data about you, disturb you?

What rights we have with Businesses Some rights to protect us How companies get you to wave your privacy rights Giant Eagle, G-Mail, Facebook

Social Sites and loss of Privacy When we venture to social sites, we often forget our sense of privacy Just how private can someone be on Facebook or Twitter? What Facebook does that they don’t tell you Why do we stop the mail & newspaper when we go on vacation?

Tracking and GPS How GPS has changed privacy Who knows where you are at any given point? How future apps and inventions could violate your privacy

Government Systems: Databases Federal and local government agencies are responsible for thousands of databases Databases assist governments in functioning efficiently Privacy Act of 1974 Said to have many “loop holes” The E-Government Act of 2002 Added some privacy regulations on databases Government Accountability Office What is it? Information Security and Privacy Advisory Board

Public Records Public records are records that are available to the public Maintained by governments Were previously only stored on paper in government offices Now available over the web Malicious and innocent uses Increase in identity theft A vast amount of information that was once difficult to obtain can now by view in a matter of minutes What data should be available to the public and what should be secure? Should access to public records be anonymous?

National Identification Systems First implementation was the Social Security card 1936 Illegal immigration and terrorism Sparked want for more advanced national ID card Social Security Numbers became the standard for record systems IRS began using SSN as taxpayer identification number REAL ID Act Other national ID systems

Social Security Number: The first national ID system Federal agencies used SSN for record systems 1961, IRS began using SSN for taxpayer identification numbers Became a standard for many licenses Was on drive’s license briefly Credit and financial services Poses liability and threat of identity theft Governments and businesses are changing policies

New National ID System Many different proposals for new ID systems Many benefits to changing from a basic number system Protection against criminal activity There is opposition to national ID systems Consequences of a universal database system

REAL ID Act Develop a secure national identification card Affects driver’s license Maintained by the federal government Required for many different types of transactions Strict requirements for obtaining driver’s license or ID card Expensive and time consuming Currently in modification

Protecting Privacy Who/what helps protect our privacy Encryption Third-Party sources Right to be Forgotten

Encryption and You What is encryption? Government and encryption First amendment What is encrypted?

Third-Party Sources Why companies use third-party sources How third-party sources help us Car-salesman and your driving record Would you trust a third-party source to process your private information?

Right to be Forgotten What does this mean? Do we actually have this right? How do we become “forgotten”?

Communications With the Fourth Amendment in place, it puts restraints on law enforcement and government agencies People have been wiretapping since telegraph communications and before that No laws in place prohibiting people from doing so 1934, Congress passed the Communications Act Unless authorized by the sender, no person could intercept and divulge a message; there is no exception for law enforcement.

Communications cont… 1937, Supreme Court ruled that wiretapping violated this law; despite this, law enforcement continued wiretapping 1968, Supreme Court ruled that wiretapping without a court order violated the Fourth Amendment 1994, the Amendment was extended to include electronic communications, such as , cellphones, etc. 2001, The USA PATRIOT Act loosened restrictions on government surveillance and wiretapping activities

Communications cont… New technologies makes it harder for law enforcement to intercept certain types of communication Internet information is sent in packets; partial information 1994, The Communications Assistance for Law Enforcement Act (CALEA) requires that the design of telecommunications equipment allows the government to intercept telephone calls (with a court order) 2010, the government proposed that CALEA include social networking sites and Internet phone services to modify their systems so that law enforcement agents can monitor the communications of users

Communications cont… The National Security Agency (NSA) Collects and analyzes foreign intelligence information 1978, Foreign Intelligence Surveillance Act (FISA) 2006, secret room the NSA put in AT&T Database of AT&T user and telephone records 2008, FISA Amendments Act was passed Protected entities that assist the NSA from lawsuits The NSA itself is very controversial; there is an ongoing lawsuit challenging its constitutionality

Case Study: Tracking Mobile Phones Research team under the name of Nature tracked individuals Tracked the users by using records from an unidentified telecommunications company Phone users were not informed that they were being monitored Over a six month time period approximately 100,000 signals from users were tracked The researchers argued that informed consent was unnecessary

Analysis Stakeholders Nature Research Team Cellular Device users who were monitored Negative Rights Users have the negative right to privacy Nature research team has the negative right to free speech Positive Rights Users have the positive right to private records Nature research team has the positive right to research for education purposes

Possible Solutions 1. The research gathered is dismissed and the study becomes void 2. The research is deemed valid and is submitted to disease prevention 3. The users are compensated for the breach of privacy and the records of the users are deleted

ACM Codes 1.2 Avoid harm to others 1.3 Be honest and trustworthy 1.7 Respect the privacy of others

Discussion Was the tracking of individuals cell phone signals ethical? Can the monitoring of individuals be beneficial in studies? Do the individuals being tracked need to be informed? Has privacy been breached?

Case Study: Facebook auto-tag and Facebook Places In June of 2012 Facebook introduced the feature where it would automatically tag your friends, using facial recognition, in any picture that was uploaded after that point. Later that year, Facebook introduced the feature that let you state your location and tag who you are with

Problems with these Features With the auto-tag, users could be tagged in photos they didn’t want to be tagged in Someone might not know they were in a picture until they were tagged People could tag you at a location, but you aren’t at that location Not everyone wants all their friends to know where they are all day long

Stakeholders & Rights Facebook Positive: Allow users onto their site Negative: Deploy any feature they want Users Positive: To use Facebook or not Negative: To keep private what they want private, to post what you want to post, and be tagged in what you want to be tagged in Friends of Users Positive: To tag yourself or to not tag yourself Negative: To control what is posted about themselves

Possible Solutions 1. Facebook removes one or both features. 2. Facebook keeps features but asks the tagged user if they would like to be tagged. 3. Facebook keeps features and doesn’t ask users. Utilitarianism vs Consequentialism

ACM Codes 1.2 Avoid harm to others 1.3 Be honest and trustworthy 1.7 Respect the privacy of others

Solution At first, Facebook kept both features but provided “opt- out” buttons in the privacy tab. Facebook has changed the auto-tag to suggest the person, but doesn’t automatically tag them. Facebook has kept the Facebook Places feature as it originally was. Consequentialism

Conclusion… Privacy Risks & Principles The 4 th Amendment, Privacy Expectations, & Surveillance The Business and Social Sectors Government Systems Protecting Privacy: Technology, Markets, Rights, & Laws Communications Case Studies

References… Baase, Sara. "2 PRIVACY." A Gift of Fire: Social, Legal, and Ethical Issues for Computing Technology. Upper Saddle River, NJ: Pearson, Print. Kawamoto, Dawn. "Study Tracking People Via Cell Phone Raises Privacy Issues." CNET News. CBS Interactive, 05 June Web. 28 Apr "Association for Computing Machinery." Code of Ethics. ACM, 16 Oct Web. 28 Apr