IS 376: Information Privacy Dr. Kapatamoyo October 23, 2014
Contemporary Major Factors Amount : of personal information that can be gathered. Speed: at which personal information can be transmitted. Duration: of time that the information can be retained. Kind: of information that can be acquired and exchanged. 2
Aspects of Privacy Dictionary definition: Seclusion Freedom from surveillance Concealment Control of personal information Freedom from intrusion (origins with Samuel Warren and Louis Brandeis) Leave me alone 3
Perspectives on Privacy Discussions of privacy revolve around the notion of ACCESS, where access means either physical proximity to a person or knowledge about that person. There is conflict between a person that wants to restrict ACCESS to them by creating a “a zone of inaccessibility” (Edmund Byrne) and outsider who wants to gain access. Privacy is a social arrangement that allows individuals to have some level of control over who is able to gain access to their physical selves and their personal information. 4
Harms and Benefits of Privacy Harms. Most wrong doing takes place under cover of privacy (Ferdinand Shoeman). Nuclear families cannot share personal issues hence too much pressure on some (Edmund Leach). Outsiders fail to acknowledge a dysfunctional family or abuse until someone is injured. Benefits. Socialization and individuation are both necessary steps for a person to reach maturity/blossom (Morton Levine). Privacy is recognition of each person's freedom (Jeffry Reiman, Stanley Benn). Privacy lets us be ourselves (Charles Sykes). Privacy lets us remove our public persona (Gini Graham). 5
Is There a Natural Right to Privacy? Born out English Common Law tradition: “a man’s home is his castle.” No one – not even the King – can enter without permission, unless there is PROBABLE CAUSE of criminal activity. 6
Listen to Posner Posner’s view Not a fundamental right Pre-modern people didn’t need it; modern people don't care if they benefit Only criminals care because they are doing something bad 7
Posner’s arguments Judge Posner’s argument at its core is privacy as “concealment.” However, Premodern peoples (living in small villages or tribal cultures) had no real ability to conceal anything about themselves, therefore no privacy. It is perfectly natural for people to live with little or no privacy. Contemporary people are willing to give up their private information, and become transparent, in return for very small financial incentives or improvements in convenience. This proves that we do not need value individual privacy. Concealment is mot useful to criminals, and least useful to honest people. Therefore privacy is mostly a social harm that reduces safety, not a social good. 8
“The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.” 9 The Fourth Amendment
So What is “Information Privacy”? The rights and responsibilities that govern the ACQUISITION, DISCLOSURE, and USE OF PERSONAL INFORMATION. Acquisition - from the individual, third party, legally or illegally, with or without the individual’s awareness. Dataveillance (Roger Clarke): surveillance, data monitoring and data recording techniques by use of computer technologies. Disclosure - to other people or entities Use - storing, manipulating or evaluating personal information 10
Kinds of Information Privacy Different aspects: Information privacy: collection, use and disclosure of personally identifiable information (PII). Communications privacy: private information should be safely delivered to the intended party. Privacy in public (and work) places: electronic profiling (i.e., collecting a variety of in-depth information about an individual electronically) Critical question: Is there Home/work distinction & public space/private space distinction? 11
Describe Personal Information Any type of information that is related to a person’s private life or concerns, recorded in any form. Can also be personally identifiable information (PII), which can be used to uniquely identify, locate or contact a person. Not just content - but also events (a transaction) that may implicate a person’s privacy. 12
Privacy-implicating Activities: An Incomplete List Health and Medical Records Financial transactions of all types - tax, banking, etc. Subscriber Information - Telephones, Cable TV, Video Rentals, etc. Communications of all kinds - Telephone Calls, s, etc. Credit History Purchasing History – Direct, Phone, Internet Records Student Insurance Employment Records “Judicial History” - Driving record, civil and criminal cases, etc. Internet Activities 13
Reasonable Expectation of Privacy Over the years, court rulings has set the precedent that the key to understanding privacy issues is reasonable “ Expectation of Privacy.” These are the general criteria: General legal principles : no privacy if behaviors or communications are knowingly exposed to public view. Vantage point : a point where anyone can see or hear what is going on. Certain buildings or pieces of land : so most public places come with no expectation of privacy (some exceptions are public phone booths and restrooms). Technological sophistication : laws are constantly updated to adapt to new technological innovations. 14
Informed Consent A process in which an individual agrees to participate after being given detailed information about the benefits and potential risks of his or her action. The person must be advised about: Nature of information collected Why and how it is going to be used Risks Freedom to withdraw 15
Opt-in vs. Opt-out Opt-in: Potential customer to self-select the information (services) they wish to subscribe to, and how the information can be used. Opt-out: Information can be sent to customers without prior permission. But customers must be provided with the option to ask to be removed from the list. 16
Some Important Federal Privacy Laws 2004: Fair Education Rights and Privacy Act 2001: USA Patriot Act (USAPA) [reauthorized in 2006 with amendments] Authorizes Feds to subpoena records from providers. 2000: Children’s Online Privacy Protection Act 1998: Children’s Online Privacy Protection Act 1998: Telephone Anti-Spamming Amendments Act 1994: Communications Assistance for Law Enforcement (CALEA) 1974: Privacy Act 17
Privacy Act of 1974 “No AGENCY shall disclose any record which is contained in a system of records by any means of communication to any person, or to another agency, except pursuant to a written request by, or with the prior written consent of, the individual to whom the record pertains....” Data records should be “relevant and necessary” to the purpose for which they are collected Establish procedures to allow individuals to see, copy and amend records about themselves Requires publishing notices describing all systems of records (no secret records) Agency is required to make reasonable efforts to maintain accurate, relevant, timely and complete records about individuals Information collected for one purpose MAY NOT be used for another purpose without notice to or the consent of the subject of record 18
USA Patriot Act 2001 Four principal categories: Provides feds. and Intel. agencies greater authority to monitor communications. Gives Sec. of Treasury greater powers to regulate banks, preventing money laundering. Makes it more difficult for terrorists to enter USA. Defines new crimes and penalties for terrorist activity. Does this by: Extends jurisdiction of court-ordered “wiretaps” to entire country. Allows for roving surveillance/dataveillance. Law enforcement do not need a warranty to intercept communications if they have permission from owner of computer systems (e.g. ISP). 19