Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy L. Grewe CS4020.

Published byBethany Garrett Modified over 6 years ago

Similar presentations

Presentation on theme: "Privacy L. Grewe CS4020."— Presentation transcript:

1 Privacy L. Grewe CS4020

2 What We Will Cover Privacy and Computer Technology
The Fourth Amendment, Expectation of Privacy, and Surveillance Technologies The Business and Social Sectors Government Systems Protecting Privacy: Technology, Markets, Rights, and Laws Communications

3 Privacy and Computer Technology
Key Aspects of Privacy: Freedom from intrusion (being left alone) Control of information about oneself Freedom from surveillance (being tracked, followed, watched)

4 Privacy Risks & Principles
Privacy threats come in several categories: Intentional, institutional uses of personal information Unauthorized use or release by “insiders” Theft of information Inadvertent leakage of information Our own actions Regarding our own actions, sometimes they are a result of intentional trade-offs (we give up some privacy in order to receive some benefit) and sometimes we are unaware of the risks.

5 Technology creates Risk
New Technology, New Risks: Government and private databases Sophisticated tools for surveillance and data analysis Vulnerability of data

6 Invisible Information Gathering
collection of personal information about someone without the person’s knowledge Google tracking searches

7 Secondary Use of Info use of personal information for a purpose other than the one it was provided for Consider a site that might sell your info

8 Sensor Device Capture Tracking Location
Gathering sensor data –video, audio, more

9 Video Surveillance & Face recognition
Security cameras Increased security Decreased privacy Police in Tampa, Florida, scanned the faces of all 100,000 fans and employees who entered the 2001 Super Bowl (causing some reporters to dub it Snooper Bowl) to search for criminals. People were not told that their faces were scanned. Some cities have increased their camera surveillance programs, while others gave up their systems because they did not significantly reduce crime. (Some favor better lighting and more police patrols – low tech and less invasive of privacy.) England was the first country to set up a large number (millions) of cameras in public places to deter crime. A study by a British university found a number of abuses by operators of surveillance cameras, including collecting salacious footage and showing it to colleagues. Police in Tampa, Florida, scanned the faces of all 100,000 fans and employees who entered the 2001 Super Bowl (causing some reporters to dub it Snooper Bowl) to search for criminals. People were not told that their faces were scanned. Some cities have increased their camera surveillance programs, while others gave up their systems because they did not significantly reduce crime. (Some favor better lighting and more police patrols – low tech and less invasive of privacy.) England was the first country to set up a large number (millions) of cameras in public places to deter crime. A study by a British university found a number of abuses by operators of surveillance cameras, including collecting salacious footage and showing it to colleagues.

10 In Canada

11 Video from mobile?

12 Data Mining searching and analyzing masses of data to find patterns and develop new information or knowledge Computer matching - combining and comparing information from different databases (using social security number, for example, to match records)

13 The results of always being connected
Anything we do in cyberspace is recorded. Huge amounts of data are stored. People are not aware of collection of data. Software is complex. Leaks happen.

14 Does it really matter a little info is collected?
A collection of small items can provide a detailed picture. Re-identification has become much easier due to the quantity of information and power of data search and analysis tools. If information is on a public Web site, it is available to everyone.

15 Information around a LONG time…implications
Information on the Internet seems to last forever. Data collected for one purpose will find other uses. Government can request sensitive personal data held by businesses or organizations. We cannot directly protect information about ourselves. We depend upon businesses and organizations to protect it.

16 Computer Matching & Profiling
Computer matching – Combining and comparing information from different databases (using social security number, for example) to match records. Computer profiling – Analyzing data to determine characteristics of people most likely to engage in a certain behavior.

17 Crime & Privacy: Stolen data
Hackers Physical theft (laptops, thumb-drives, etc.) Requesting information under false pretenses Bribery of employees who have access Identity theft - this is a “kind” of privacy invasion that has serious impacts. Except for hackers, these are not new to computer technology. Before computers, files were stolen, receipts were stolen, information was requested under false pretenses and employees were bribed. But, with computers, the extent and impact have grown.

18 Data and Viewpoints

19 Types of Data Do we treat privacy differently for different types of data?

20 Free Market View Freedom of consumers to make voluntary agreements
Diversity of individual tastes and values Response of the market to consumer preferences Usefulness of contracts Flaws of regulatory solutions When asked “If someone sues you and loses, should they have to pay your legal expenses?” more than 80% of people surveyed said “yes.” When asked the same question from the opposite perspective: “If you sue someone and lose, should you have to pay their legal expenses?” about 40% said “yes.”

21 Consumer ProtectuonViewpoint
Consumer Protection View Uses of personal information Costly and disruptive results of errors in databases Ease with which personal information leaks out Consumers need protection from their own lack of knowledge, judgment, or interest

22 Some cases and the 4th amendment and MORE
Law and Privacy

23 US 4th Amendment The right of the people to be secure in their person, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. —4th Amendment, U.S. Constitution

24 4th amendment ---What it means
Sets limits on government’s rights to search our homes and businesses and seize documents and other personal effects. Requires government provide probable cause. Two key problems arise from new technologies: Much of our personal information is no longer safe in our homes; it resides in huge databases outside our control. New technologies allow the government to search our homes without entering them and search our persons from a distance without our knowledge. All data on a cellphone (including deleted data and password protected data) can be extracted in less than two minutes at a traffic stop.

25 Supreme Court Decisions & Expectation of Privacy
Olmstead v. United States (1928) Supreme Court allowed the use of wiretaps on telephone lines without a court order. Interpreted the Fourth Amendment to apply only to physical intrusion and only to the search or seizure of material things, not conversations. Justice Louis Brandeis dissented, arguing that the authors of the Fourth Amendment did all they could to protect liberty and privacy – including privacy of conversations – from intrusions by government based on the technology available at the time.

26 Supreme Court Decisions & Expectation of Privacy
Katz v United States (1967) Supreme Court reversed its position and ruled that the Fourth Amendment does apply to conversations. Court said that the Fourth Amendment protects people, not places. To intrude in a place where reasonable person has a reasonable expectation of privacy requires a court order. law enforcement had attached a listening and recording device on the outside of telephone booth to record a suspect’s conversation. Katz v United States strengthened the Fourth Amendment in some ways, BUT there is a significant risk in relying on reasonable “expectation of privacy” to define areas where law enforcement needs a court order. The Court has interpreted “expectation of privacy” in a very restrictive way. It ruled that if we share information with businesses such as our bank, then we have no reasonable expectation of privacy for that information (United States v Miller, 1976). We share many kinds of personal information at specific Web sites where we expect it to be private. Is it safe from warrantless search? In this case, law enforcement had attached a listening and recording device on the outside of a telephone booth to record a suspect’s conversation. Although Katz v United States strengthened the Fourth Amendment in some ways, there is a significant risk in relying on reasonable “expectation of privacy” to define the areas where law enforcement needs a court order. The Court has interpreted “expectation of privacy” in a very restrictive way. For example, it ruled that if we share information with businesses such as our bank, then we have no reasonable expectation of privacy for that information (United States v Miller, 1976). We share many kinds of personal information at specific Web sites where we expect it to be private. Is it safe from warrantless search?

27 Supreme Court Decisions & Expectation of Privacy
Kyllo v United States (2001) Supreme Court ruled that police could not use thermal-imaging devices to search a home from the outside without a search warrant. Court stated that where “government uses a device that is not in general public use, to explore details of the home that would previously have been unknowable without physical intrusion, the surveillance is a ‘search.’” This reasoning suggests that when a technology becomes more widely used, the government may use it for surveillance without a warrant. This reasoning suggests that when a technology becomes more widely used, the government may use it for surveillance without a warrant.

28 Wiretapping & Email Protection
Telephone 1934 Communications Act prohibited interception of messages 1968 Omnibus Crime Control and Safe Streets Act allowed wiretapping and electronic surveillance by law-enforcement (with court order) and other new communications Electronic Communications Privacy Act of 1986 (ECPA) extended the 1968 wiretapping laws to include electronic communications, restricts government access to The meaning of pen register has changed over time. It originally referred to a device that recorded the numbers called from a phone. Now it also refers to logs phone companies keep of all numbers called, including time and duration.

29 CALEA= Communications Assistance for Law Enforcement Act
Passed in 1994 Requires telecommunications equipment be designed to ensure that the government can intercept telephone calls (with a court order or other authorization). Rules and requirements written by Federal Communications Commission (FCC)

30 FISA = Foreign Intelligence Surveillance Act
The National Security Agency (NSA) (FISA) established oversight rules for the NSA Secret access to communications records More in Patriot Act (2001) and Homeland Security Act Cell phone data, web data, companies must comply

31 Regulations on Industry –an example HIPPA
The Medical Field is regulated by the government passed “Health Insurance Portability and Accountability Act (HIPAA)” Regulates who has access to medical records/info. HIPPA.org HIPPA regulations

32 National ID Systems Social Security Numbers Too widely used
Easy to falsify new proposals require citizenship, employment, health, tax, financial, or other data, as well as biometric information. In many proposals, the cards would also access a variety of databases for additional information. National ID systems began in U.S. with the Social Security card in 1936. Opponents of national ID systems argue that they are profound threats to freedom and privacy. “Your papers, please” is a demand associated with police states and dictatorships. National ID systems began in U.S. with the Social Security card in 1936. Opponents of national ID systems argue that they are profound threats to freedom and privacy. “Your papers, please” is a demand associated with police states and dictatorships.

33 Government banning exportation of encryption technology
Government ban on export of strong encryption software in the 1990s (removed in 2000) During the period of the government ban, courts considered legal challenges to the restrictions based on the First Amendment. The government argued that software is not speech and that control of cryptography was a national security issue, not a free-speech issue. During the period of the government ban, courts considered legal challenges to the restrictions based on the First Amendment. The government argued that software is not speech and that control of cryptography was a national security issue, not a free-speech issue.

34 Right to be forgotten Electronic Frontier Foundation
leading nonprofit defending digital privacy, free speech, and innovation. The right to have material removed. negative right (a liberty) positive right (a claim right)

35 EU Privacy Regulations
more strict than U.S. regulations EU Data Privacy Directive Prohibits transfer of personal information to countries outside the EU that do not have an adequate system of privacy protection. “Safe Harbor” plan Abuses still occur Puts requirements on businesses outside the EU The EU agreed to a “Safe Harbor” plan, under which companies outside the EU that agree to abide by a set of privacy requirements similar to the principles in the Data Privacy Directive, may receive personal data from the EU. Many privacy advocates describe U.S. privacy policy as “behind Europe” because the U.S. does not have comprehensive federal legislation regulating personal data collection and use. “Safe Harbor” plan, companies outside the EU agree to abide by a set of privacy requirements similar to the principles in the Data Privacy Directive, may receive personal data from the EU. Many privacy advocates describe U.S. privacy policy as “behind Europe” because the U.S. does not have comprehensive federal legislation regulating personal data collection and use.

36 Right to be forgotten --- in EU

37 Right to be forgotten –in EU

38 Right to be forgotten –in EU

39 Theories of Rights Warren and Brandeis published famous law review article The Right to Privacy. People often quote this work in reference to privacy rights. Judith Jarvis Thomson, "The Right to Privacy," Philosophy & Public Affairs, 4.4 (1975): Discusses problems with Warren and Brandeis publication. First, it appears to be too broad. This means that it counts as violations of privacy things that intuitively are not. As Judith Thomson observes: If I hit Jones on the head with a brick I have not let him alone. Yet, while hitting Jones on the head with a brick is surely violating some right of Jones's, doing it should surely not turn out to violate his right to privacy. Else, where is this to end? Is every violation of a right a violation of the right to privacy? In other respects, however, the theory appears to be too narrow. This means that it fails to count as violations of privacy things that intuitively are. Thomson again writes: The police might say, "We grant that we used a special X-ray device on Smith, we grant we trained an amplifying device on him so as to be able to hear everything he said; but we let him strictly alone, we didn't even go near him- our devices operate at a distance."

40 Companies need to ask the question –what should be private
Proactive responsibility --- making corporate policies Companies need to ask the question –what should be private

41 Have policies –some things to consider
Fair information principles Inform people when you collect information. Collect only the data needed. Offer a way for people to opt out. Keep data only as long as needed. Maintain accuracy of data. Protect security of data. Develop policies for responding to law enforcement requests for data.

42 Privacy Sharing Data test

43 Solutions to keeping data Private
Transparency and responsibility Solutions to keeping data Private

44 SOLUTIONS = Both tech and Market practices
Privacy enhancing-technologies for consumers Encryption Technology to “disguise” the information during transmission Public-key cryptography Privacy in the Market: Company tools and policies for protecting data

45 Opt in/out Transparency – tell user
opt out – Person must request (usually by checking a box) that an organization not use information. opt in – The collector of the information may use information only if person explicitly permits use (usually by checking a box).

46 Incognito for private? browsing
incognito mode" is a privacy feature in some web browsers to disable browsing history and the web cache. This allows a person to browse the Web without storing local data that could be retrieved at a later date. 'Your activity isn’t hidden from websites you visit, your employer or school, or your internet service provider'

47 Video –some solutions Encryption Hiding/obfuscation/bluring

48 Privacy and Computer Technology Discussion Questions
Priv.1) Have you seen opt-in and opt-out choices? Where? How were they worded? Priv.2) Were any of them deceptive? Priv.3) What are some common elements of privacy policies you have read? POST answers on blackboard If the class doesn't mention it, make sure to mention that online opt-in choices may be pre-checked and require you un-checking the box to avoid opting in. Be sure to mention the "subject to change without notice" clause found in most privacy policies.

49 "Big Brother is Watching You" (cont.) Discussion Questions
Priv.4) What data does the government have about you? Priv.5) Who has access to the data? Priv.6) How is your data protected? POST your answers on blackboard. Use the list in Fig. 2.2 (page 58) to start the conversation. Probe for what concerns the class may have about the data that is collected.

50 What should you do? Some DeciSions for YOU

51 Decisions – to post or not?
Personal information in blogs and online profiles Is this private or in public – domain to use this information Who can use this…can an employer look at this information and reject an applicant …how about a university? Pictures of ourselves and our families File sharing and storing Is privacy old-fashioned? Young people put less value on privacy than previous generations. Is this a generational idea? May not understand the risks

52 The special topic of Children
Internet and Children: Not able to make decisions on when to provide information Vulnerable to online predators A Solution: Parental monitoring Software to monitor Web usage Web cams to monitor children while parents are at work GPS tracking via cell phones or RFID

53 Diverse Privacy Topics Discussion Questions
Priv.7) Is there information that you have posted to the Web that you later removed? Why did you remove it? Were there consequences to posting the information? Priv.8) Have you seen information that others have posted about themselves that you would not reveal about yourself? POST answers on blackboard

54 Protecting Privacy (cont.)
Contrasting Viewpoints: Free Market View Let the market (companies, etc) determine privacy rights Advantages: Freedom of consumers to make voluntary agreements Diversity of individual tastes and values Response of the market to consumer preferences Usefulness of contracts Flaws of regulatory solutions

55 Protecting Privacy (cont.)
Contrasting Viewpoints (cont.): Consumer Protection View Consumers should be protected by given rights. Advantages: Uses of personal information clearly understood and pre-determined. Consumers need protection from their own lack of knowledge, judgment, or interest May avoid costly and disruptive results of errors in databases May decrease ease with which personal information leaks out

56 Protecting Privacy (cont.)
Privacy Regulations in the European Union (EU): Data Protection Directive (called the Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data) More strict than U.S. regulations Abuses still occur Puts requirements on businesses outside the EU

57 Protecting Privacy Discussion Question
Priv.9) How would the free-market view and the consumer protection view differ on errors in Credit Bureau databases? Priv.10) Who is the consumer in this situation? POST your solutions on blackboard

58 Communication & Privacy
Wiretapping and Protection: Telephone 1934 Communications Act prohibited interception of messages 1968 Omnibus Crime Control and Safe Streets Act allowed wiretapping and electronic surveillance by law-enforcement (with court order) and other new communications Electronic Communications Privacy Act of 1986 (ECPA) extended the 1968 wiretapping laws to include electronic communications, restricts government access to The meaning of pen register has changed over time. It originally referred to a device that recorded the numbers called from a phone. Now it also refers to logs phone companies keep of all numbers called, including time and duration.

59 Communication (cont.) Designing Communications Systems for Interception: Communications Assistance for Law Enforcement Act of 1994 (CALEA) Telecommunications equipment must be designed to ensure government can intercept telephone calls Rules and requirements written by Federal Communications Commission (FCC)

60 Communication (cont.) Secret Intelligence Gathering:
The National Security Agency (NSA) Agency involved in US national security issues and policies. Foreign Intelligence Surveillance Act (FISA) established oversight rules for the NSA prescribing procedures for the physical and electronic surveillance and collection of "foreign intelligence information" between "foreign powers" and "agents of foreign powers" (which may include American citizens and permanent residents engaged in espionage and violating U.S. law: Secret access to communications records

61 Communication (cont.) More Government Regulations ……Encryption Policy:
Government ban on export of strong encryption software in the 1990s (removed in 2000) Pretty Good Privacy (PGP)

62 Communication Discussion Questions
Priv.11) What types of communication exist today that did not exist in 1968 when wiretapping was finally approved for law-enforcement agencies? Priv.12) What type of electronic communications do you use on a regular basis? Post your answers on blackboard.

63 Do people care about sharing their data

Download ppt "Privacy L. Grewe CS4020."

Similar presentations

Freedom of Speech (Part 3)

Freedom of Speech (Part 3)
SEARCH AND SEIZURE: COMPLICATED BY TECHNOLOGY

SEARCH AND SEIZURE: COMPLICATED BY TECHNOLOGY
US Constitution and Right to Privacy Generally only protects against government action Doesn’t obligate government to do something, but rather to refrain.

US Constitution and Right to Privacy Generally only protects against government action Doesn’t obligate government to do something, but rather to refrain.
Greg Lamb. Introduction It is clear that we as consumers and entrepreneurs cannot expect complete privacy when discussing business matters. However… There.

Greg Lamb. Introduction It is clear that we as consumers and entrepreneurs cannot expect complete privacy when discussing business matters. However… There.
Privacy No matter how exemplary your life is, there are things you want to keep to yourself © 2004, Lawrence Snyder.

Privacy No matter how exemplary your life is, there are things you want to keep to yourself © 2004, Lawrence Snyder.
Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.
Slides prepared by Cyndi Chie and Sarah Frye Modified for Auburn University by Cheryl Seals A Gift of Fire Third edition Sara Baase Chapter 2: Privacy.

Slides prepared by Cyndi Chie and Sarah Frye Modified for Auburn University by Cheryl Seals A Gift of Fire Third edition Sara Baase Chapter 2: Privacy.
Slides prepared by Cyndi Chie and Sarah Frye A Gift of Fire Third edition Sara Baase Chapter 2: Privacy.

Slides prepared by Cyndi Chie and Sarah Frye A Gift of Fire Third edition Sara Baase Chapter 2: Privacy.
A Gift of Fire Fourth edition Sara Baase

A Gift of Fire Fourth edition Sara Baase
Privacy & Personal Information -- Why do we care or do we?

Privacy & Personal Information -- Why do we care or do we?
CS4020 Privacy L. Grewe What We Will Cover Privacy and Computer Technology “Big Brother is Watching You” Privacy Topics Protecting Privacy Communications.

CS4020 Privacy L. Grewe What We Will Cover Privacy and Computer Technology “Big Brother is Watching You” Privacy Topics Protecting Privacy Communications.
Slides prepared by Cyndi Chie and Sarah Frye A Gift of Fire Third edition Sara Baase Chapter 2: Privacy.

Slides prepared by Cyndi Chie and Sarah Frye A Gift of Fire Third edition Sara Baase Chapter 2: Privacy.
IS 490 Notes for Baase Textbook, Chapter 2. Check the Homework Page for the weekly assignment (it's due next Monday). Go to the Angel Page for this course,

IS 490 Notes for Baase Textbook, Chapter 2. Check the Homework Page for the weekly assignment (it's due next Monday). Go to the Angel Page for this course,
Privacy Understanding risks & problems is a 1st step toward protecting privacy.

Privacy Understanding risks & problems is a 1st step toward protecting privacy.
A Gift of Fire Third edition Sara Baase

A Gift of Fire Third edition Sara Baase
CS 4001Mary Jean Harrold1 Class 8 ŸQuestions about term paper—list of possible topics available later today ŸCommunications discussion ŸCommunications.

CS 4001Mary Jean Harrold1 Class 8 ŸQuestions about term paper—list of possible topics available later today ŸCommunications discussion ŸCommunications.
Computer and Internet privacy University of Palestine University of Palestine Eng. Wisam Zaqoot Eng. Wisam Zaqoot Feb 2010 Feb 2010 ITSS 4201 Internet.

Computer and Internet privacy University of Palestine University of Palestine Eng. Wisam Zaqoot Eng. Wisam Zaqoot Feb 2010 Feb 2010 ITSS 4201 Internet.
Privacy and Personal Information

Privacy and Personal Information
Slides prepared by Cyndi Chie and Sarah Frye1 A Gift of Fire Third edition Sara Baase Chapter 2: Privacy.

Slides prepared by Cyndi Chie and Sarah Frye1 A Gift of Fire Third edition Sara Baase Chapter 2: Privacy.
Slides prepared by Cyndi Chie and Sarah Frye1 A Gift of Fire Third edition Sara Baase Chapter 2: Privacy.

Slides prepared by Cyndi Chie and Sarah Frye1 A Gift of Fire Third edition Sara Baase Chapter 2: Privacy.

Similar presentations

Ads by Google