1. VassilevaCMPT 408 - Privacy 1 Privacy - Objectives 1.Define the right of privacy. 2.Why can IT be a threat? 3.Outline what information is collected by governments? 4.Outline strategies of customer profiling and identify the associated privacy issues. 5.Outline the key elements for safeguarding privacy and treating consumer data responsibly. Monday: overview of privacy issues: based on Chapter 2 of Baase Wednesday: (finish overview) + discuss several of the questions at the end of Chapter 2 of Baase: –look at general exercises - 13, 15, 16, 20, 21, 22, 24, 27, 28, 32; 42, 44 –be ready to discuss some of them Friday: discussion of articles accessible from the course web site Activities

2. VassilevaCMPT 408 - Privacy 2 Aspects of Privacy General Aspects Freedom from intrusion (being left alone) Control of personal information Freedom from surveillance Legal Aspects Protection from unreasonable intrusion upon one’s isolation. Protection from unreasonable publicity given to one’s private life. Protection from appropriation of one’s name or likeness. Protection from publicity which unreasonably places one in a false light before the public.

3. VassilevaCMPT 408 - Privacy 3 Factors to be balanced: 1.Safeguarding personal and group privacy 2.Collecting necessary personal information to allow for operation of business, government and society 3.Conducting surveillance necessary for public safety How much privacy are you entitled to? –Trade-offs between public and private rights: economic and social dimensions –Relationships to other rights: e.g. property rights, right not to be harmed etc. Typical arguments: -what have you got to hide? -why should you know?

4. VassilevaCMPT 408 - Privacy 4 The Right of Privacy Another definition: “The right of individuals to control the collection and use of information about themselves.” Not a constitutional right in US! Supreme Court Rulings. U.S. Constitution Amendment IV: The right of people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. Defined: “The right to be left alone – the most comprehensive of rights, and the right most valued by a free people.” L. Brandeis in Olmstead vs. U.S. (1928) Canadian Charter of Rights and Freedoms: Legal rights - Everyone has the right to be secure against unreasonable search or seizure. - Any person charged with an offence has the right not to be compelled to be a witness in proceedings against that person in respect of the offence; Various Views of Privacy –Property rights and privacy rights –Right to Privacy - various philosophical views –How personal info is obtained vs how it is used –Privacy and transactions

5. VassilevaCMPT 408 - Privacy 5 IT and Privacy: Privacy issues didn’t begin with computers Stasi kept files of 6 mln. East Germans But computers and networks magnify the effects! New technologies: ubiquitous/pervasive computing user modelling and profiling tools search engines data mining and knowledge discovery biometrics computer vision and imaging systems new tools in data and knowledge representation and reasoning Allow: Advanced wiretapping (voice, e-mail, chat) Monitoring all your on-line activities Monitoring your financial activities & purchases Monitoring your health records, drug purchases Identifying your current location (GPS, cell-phones, miniature web- cameras, satellite surveillance) Thermal imaging and electronic body searches Combining personal data: data mining, image processing, intelligent systems Risks of databases: Unauthorized use by insiders Accidental leakage Propagation of errors and their effects Ability to combine information in new ways Ability to distill individual information from group information by intersecting various tables wireless technology personal data devices cheap and small cameras satellite photos GPS cell phones thermal imaging DNA testing and other medical testing technology  Who has got your “picture”?

6. VassilevaCMPT 408 - Privacy 6 “Big-brother” watching Government organizations databases, including police, security agencies, census Purpose: Law-enforcement –Only with court order – or “when there are reasonable grounds to believe it could be useful in the investigation of a contravention of the laws of Canada” (PIPEDA) –How is a “reasonable expectation of privacy” defined? –Who guards the guards?

7. VassilevaCMPT 408 - Privacy 7 Examples of government databases include –tax records –arrest and criminal records –motor vehicle records –firearms registry –school and university records –medical records –welfare records Examples of private databases include –credit bureaus –drug purchase records –membership lists –travel records –supermarket purchase records –personal profiles (collected/inferred in many ways)

8. VassilevaCMPT 408 - Privacy 8 Databases kept by various federal agencies: –Revenue Canada –RCMP –CSIS –National Census –Statistics Canada –Employment Insurance Provincial and Municipal governments also have lots of information –Health –Social Welfare –Property Tax registries Social Insurance Number (SIN) –exclusive use by federal government (really??) –safeguards on integrity (check digit) –trade-off between service and privacy Privacy and Access to Information legislation –now applies to both public and private sector Privacy commissioner –guarding the guards –www.privcom.gc.ca Government Files in Canada

9. VassilevaCMPT 408 - Privacy 9 Private Sector: Consumer Information Databases and marketing –spamming and mass marketing, pop-up ads –group and individual targeting based on profiling –obviously pays off: utilitarian view suggests it is OK? –vulnerable audiences –consumer data (government vs private access) and risks Cross-fertilization between databases, government and private Key issues: –Invisible information gathering –Secondary use –Balancing risks and benefits Two special problem areas: credit bureaus and medical records –Intimate and possibly damaging information: what should these databases be able to keep? –Possible very high value, but also very high risk –Canadian medical system vs. U.S. system –Insurance issue: what factors should be allowed in determining insurance eligibility?

10. VassilevaCMPT 408 - Privacy 10 Safeguarding Privacy Technical safeguards –ID’s and passwords, Anonymizers, Digital Cash –Ability to limit access to parts of a database –Keeping an audit trail (double-edged, of course!) –Smart card: all data kept on card with person –Encryption (later) Management safeguards –Localize risk by keeping data in one place only (eg. stores do credit card authorization through credit card company so have no credit data on you) –Destroy records when done Legal safeguards –Access to information laws –Restrictions on multiple uses of information –Canadian Privacy commissioner –Canadian Privacy Act (1980 with subsequent amendments) http://laws.justice.gc.ca/en/P-21/index.html –Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) –01.01 2004 Social safeguards –Business policies and standards (TRUSTe, P3P, BBB) Informed consent on gathering/use of information Opt-in vs opt-out vs opt-in for each use –Consumer/rights advocacy: public opinion

11. VassilevaCMPT 408 - Privacy 11 Protections for Privacy Guidelines for information usage - Code for Fair Information Practices –No secret systems, no invisible data collection –Collect only the data that is needed –Keep data only as long as it is needed –A person should know what personal data exists and how it is used –Information obtained for one purpose should not be used for another without permission. –A person should be able to see their data and correct errors –A person should be able to opt-out from data collection and data spread –Any organization keeping personal data is responsible for its use and security and communicating its policies to users Ownership of personal data

12. VassilevaCMPT 408 - Privacy 12 Views on Privacy Protection Market view - Freedom of Information Use Guidelines –Truth in info gathering - people must know if info will NOT be kept confidential –Freedom in information contracting - people can contract to disclose personal information –Freedom of speech and commerce - people can disclose facts that have not been obtained illegally Consumer-Protection View: European Union Data Privacy Directive –Personal data may be collected only for specified, explicit purposes and must not be processed for incompatible purposes. –Data must be accurate and up to date. Data must not be kept longer than necessary. –Processing of data is permitted only if the person consented unambiguously, or if the processing is necessary for contractual or legal reasons, or for tasks in the public interest, or by official authorities. –Special categories of data, including ethnic and racial origin, political and religious beliefs, health and sex life, and union membership must not be processed without the subject’s explicit consent (if then - EU members are allowed to forbid this outright). –People must be notified of the collection and use of data about them. They must have access to the data stored about them and a way to correct incorrect data. –Processing of data about criminal convictions is severely limited.

13. VassilevaCMPT 408 - Privacy 13 European UnionUnited States Mandated set of privacy rules Adherence to privacy concerns is voluntary Government regulatedSelf-regulated Rules enforced by official commissioners Privacy rules have been overseen by a panel comprised of IS industry experts who prefer a self- governed approach. Clearly defined rules that must be followed and may result in an arrest and time in prison if you violate the rules. Agencies such as the Better Business Bureau Online and TRUSTe to monitor established guidelines. Personal data cannot be shared outside of the EU. Personal data is up for sale most likely to any company that is willing to pay. Personal data on customers, employees, members, etc. cannot be shared or sold for profit. Personal data on customer, employees, and members can be sold to other companies or shared. Julita Vassileva: Where does Canada fit here? Julita Vassileva: Where does Canada fit here?

14. VassilevaCMPT 408 - Privacy 14 Canadian Privacy Act Purpose: –“The purpose of this Act is to extend the present laws of Canada that protect the privacy of individuals with respect to personal information about themselves held by a government institution and that provide individuals with a right of access to that information.” Some relevant clauses: “No personal information shall be collected by a government institution unless it relates directly to an operating program or activity of the institution.” –“A government institution shall inform any individual from whom the institution collects personal information about the individual of the purpose for which the information is being collected.” –“Personal information that has been used by a government institution for an administrative purpose shall be retained by the institution for such period of time after it is so used as may be prescribed by regulation in order to ensure that the individual to whom it relates has a reasonable opportunity to obtain access to the information.” –“Accuracy of personal information: A government institution shall take all reasonable steps to ensure that personal information that is used for an administrative purpose by the institution is as accurate, up-to-date and complete as possible.” –“Personal information under the control of a government institution shall not, without the consent of the individual to whom it relates, be disclosed/used by the institution except in accordance with [certain exceptions].”

15. VassilevaCMPT 408 - Privacy 15 “An Act to support and promote electronic commerce by protecting personal information that is collected, used or disclosed in certain circumstances, by providing for the use of electronic means to communicate or record information or transactions and by amending the Evidence Act, the Statutory Instruments Act and the Statute Revision Act” “An organization may collect, use or disclose personal information only for purposes that a reasonable person would consider are appropriate in the circumstances.” Puts severe restrictions on collection, use, and dissemination of information without person’s consent, with some exceptions: –freedom of the press or artistic expression –information is publicly available –information is used for statistical or scholarly purposes The Privacy Commissioner has a role, both in appeals from individuals and organizations and in doing privacy audits Full Bill available at –http://www.parl.gc.ca/36/2/parlbus/chambus/house/bill s/government/C-6/C-6_3/C-6_cover-E.html Personal Information Protection and Electronic Documents Act (April 2000) Bill C-6 PROTECTION OF PERSONAL INFORMATION IN THE PRIVATE SECTOR

16. VassilevaCMPT 408 - Privacy 16 Sept 11, 2001 What has changed? The patriot act (U.S.) –Sweeping new powers to both domestic law enforcement and international anti-terrorist agencies –National security or police state? What has changed in Canada?