What We Will Cover Privacy and Computer Technology “Big Brother is Watching You” Privacy Topics...
-
Upload
teresa-conley -
Category
Documents
-
view
219 -
download
1
Transcript of What We Will Cover Privacy and Computer Technology “Big Brother is Watching You” Privacy Topics...
What We Will CoverPrivacy and Computer Technology“Big Brother is Watching You”Privacy TopicsProtecting Privacy
1-3
USA PATRIOT ActProvisions
Greater authority to monitor communicationsGreater powers to regulate banksGreater border controlsNew crimes and penalties for terrorist activityTighter Internet surveillanceSearches and seizures without warrantsWarrants issued without need for showing
probable cause
1-4
Dana Summers / Tribune Media Services TMS Reprints
1-5
Patriot Act Initial SuccessesCharges against 361 individuals
Guilty pleas or convictions for 191 peopleShoe-bomber Richard ReidJohn Walker Lindh
More than 500 people removed from United States
Terrorist cells broken up in Buffalo, Seattle, Tampa, and Portland (“the Portland Seven”)
1-6
Patriot Act FailureMarch 11, 2004 bombings in Madrid SpainFBI makes Brandon Mayfield a suspect
Claims partial fingerprint matchConducts electronic surveillanceEnters home without revealing search warrantCopies documents and computer hard drives
Spanish authorities match fingerprint with an AlgerianJudge orders Mayfield releasedFBI apologizes
U.S. government settled part of the lawsuit with Mayfield for a reported $2 million.
1-7
Syndromic Surveillance SystemCreated by New York CityAnalyzes more than 50,000 pieces of
information every day911 callsVisits to emergency roomsPurchases of prescription drugs
Looks for patterns that might indicate an epidemic, bioterrorism, or an environmental problem
In the fall of 2002, the system detected a surge in people seeking treatment for vomiting and diarrhea.
1-8
Telecommunications Records DatabaseCreated by National Security Agency after 9/11Contains phone call records of tens of millions of
AmericansNSA analyzing calling patterns to detect terrorist networksPhone records voluntarily provided by several major
telecommunications companiesUSA Today revealed existence of database in May 2006Several dozen class-action lawsuits filedAugust 2006: Federal judge in Detroit ruled program
illegal and unconstitutionalJuly 2007: U.S. Court of Appeals overturned ruling, saying
plaintiffs did not have standing to bring suit forward
Privacy and Computer TechnologyKey Aspects of Privacy:Freedom from intrusion (being left alone)Control of information about oneselfFreedom from surveillance (being tracked,
followed, watched)
Privacy and Computer Technology (cont.)New Technology, New Risks:Government and private databasesSophisticated tools for surveillance and data
analysisVulnerability of data
Privacy and Computer Technology (cont.)Terminology:Invisible information gathering - collection of
personal information about someone without the person’s knowledge
Secondary use - use of personal information for a purpose other than the one it was provided for
Privacy and Computer Technology (cont.)Terminology (cont.):Data mining - searching and analyzing
masses of data to find patterns and develop new information or knowledge
Computer matching - combining and comparing information from different databases (using social security number, for example, to match records)
Privacy and Computer Technology (cont.)Terminology (cont.):Computer profiling - analyzing data in
computer files to determine characteristics of people most likely to engage in certain behavior
Businesses use these techniques to find likely new customers. Government agencies use them to detect fraud, to enforce other laws, and to find terrorist suspects or evidence of terrorist activity.
Privacy and Computer Technology (cont.)Principles for Data Collection and Use:Informed consent: When people are informed about the
data collection and use policies of a business or organization, they can decide whether or not to interact with that business or organization.
Opt-in and opt-out policiesOpt-in: consumer must explicitly give permission for
the organization to share infoOpt-out: consumer must explicitly forbid an
organization from sharing info
Fair Information Principles (or Practices)Data retention policies
Federal Trade Commission’s (FTC)Fair Information Policies
Inform people when personally identifiable information about them is collected, what is collected, and how it will be used. .
Collect only the data needed. . Offer a way for people to opt out from mailing lists, advertising,
transfer of their data to other parties, and other secondary uses. . Provide stronger protection for sensitive data, for example, an
opt- in policy for disclosure of medical data. . Keep data only as long as needed. . Maintain accuracy of data. Where appropriate and reasonable,
provide a way for people to access and correct data stored about them. . Protect security of data ( from theft and from accidental leaks). .
Develop policies for responding to law enforcement requests for data.
Facebook BeaconFandango, eBay, and 42 other online businesses
paid Facebook to do “word of mouth” advertisingFacebook users surprised to learn information
about their purchases was shared with friendsBeacon was based on an opt-out policyBeacon strongly criticized by various groupsFacebook switched to an opt-in policy regarding
BeaconTerminated this initiative and paid $9.5 million in
lawsuit
1-16
Privacy and Computer TechnologyDiscussion Questions
Have you seen opt-in and opt-out choices? Where? How were they worded?
Were any of them deceptive?What are some common elements of
privacy policies you have read?
"Big Brother is Watching You"Databases:Government Accountability Office (GAO) -
monitors government's privacy policiesData mining and computer matching to fight
terrorismIs the information it uses or collects accurate
and useful? Will less intrusive means accomplish a similar result? Will the system inconvenience ordinary people while being easy for criminals and terrorists to thwart? How significant are the risks to innocent people?
Sample Government Database
Privacy Act of 1974
US constitution – 4th amendment“The right of the people to be secure in their
persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”
"Big Brother is Watching You" (cont.)The Fourth Amendment, Expectation of Privacy
and Surveillance Technologies:Weakening the Fourth Amendment
Patriot ActModern surveillance techniques are redefining
expectation of privacy
"Big Brother is Watching You" (cont.)Video Surveillance:Security cameras
Increased securityDecreased privacyIt is estimated that there are four million
surveillance cameras in Britain, many outdoors in public places to deter crime. A Londoner is likely to be recorded dozens of times a day.
In 2005, photos taken by the surveillance cameras helped identify terrorists who planted bombs in the London subway.
"Big Brother is Watching You" (cont.) Discussion Questions
What data does the government have about you?
Who has access to the data? How is your data protected?Is Privacy a fundamental right in Pakistan
as per constitution?What are the Privacy Issues in Pakistan
from legal, social and cultural perspective?
Diverse Privacy TopicsMarketing, Personalization and Consumer Dossiers:Targeted marketing
Data miningPaying for consumer informationData firms and consumer profilesPersonalization of data to attract customers
When someone consents to a company’s use of his or her consumer information, the person probably has no idea how extensive the company is and how far the data could travel. Many companies that maintain huge consumer databases buy ( or merge with) other companies, combining data to build more detailed databases and dossiers.
Diverse Privacy Topics (cont.)Location Tracking:Global Positioning Systems (GPS) -computer
or communication services that know exactly where a person is at a particular time
Cell phones and other devices are used for location tracking
Pros and cons
Examples of Location Based ServicesProviding information about nearby restaurants of a
particular kind, the nearest automated teller machine, hospital, or dry cleaners, based on the location of your cell phone or laptop.
Navigation aids for blind people on foot. Devices that enable locating a stolen vehicle.Navigation systems for cars. Alerting you ( by cell phone) if any of your friends are
nearby. Locating people, possibly injured or unconscious and
buried in rubble, after an earthquake or bombing. .Tracking children on a school outing at a park or museum.
Diverse Privacy Topics (cont.)Stolen and Lost Data:HackersPhysical theft (laptops, thumb-drives, etc.)Requesting information under false pretensesBribery of employees who have access
Examples of stolen/lost data Student and/ or alumni files from the University of California, Georgia
Tech, Kent State, and several other universities, some with SSNs and birth dates. ( Hackers accessed a University of California, Los Angeles, database with personal data on roughly 800,000 current and former students, faculty, and staff members.) . \
Records of almost 200,000 current and former employees of Hewlett- Packard ( on a laptop stolen from Fidelity Investments) .
Medical data on more than 20,000 patients in MediCal, Californias state health insurance system .
Confidential contact information for more than one million job seekers ( stolen from Monster. com by hackers using servers in Ukraine)
A survey of taxi drivers in London found that passengers left almost 5,000 laptops in taxicabs within a six- month period. Many, perhaps, contained only the personal information of the owner ( and friends, family, and e-mail correspondents). Most likely were business laptops containing personal and business information
Diverse Privacy Topics (cont.)What We Do Ourselves: “Broadcast Yourself”Personal information in blogs and online
profilesPictures of ourselves and our familiesFile sharing and storingIs privacy old-fashioned?
Young people put less value on privacy than previous generations
May not understand the risks or you are ok with it.
Diverse Privacy Topics (cont.)Public Records: Access vs. Privacy:Public Records - records available to
general public (bankruptcy, property, and arrest records, salaries of government employees, etc.)
Identity theft can arise when public records are accessed
How should we control access to sensitive public records?
Diverse Privacy Topics (cont.)Children:The Internet
Not able to make decisions on when to provide information
Vulnerable to online predatorsParental monitoring
Software to monitor Web usageWeb cams to monitor children while
parents are at workGPS tracking via cell phones or RFID
Diverse Privacy TopicsDiscussion QuestionsIs there information that you have posted to
the Web that you later removed? Why did you remove it? Were there consequences to posting the information?
Have you seen information that others have posted about themselves that you would not reveal about yourself?
Protecting PrivacyTechnology and Markets:Privacy enhancing-technologies for
consumersEncryption
Public-key cryptographyBusiness tools and policies for protecting
data
Protecting Privacy (cont.)Rights and laws:Theories
Warren and BrandeisThomson
TransactionsOwnership of personal dataRegulation
Health Insurance Portability and Accountability Act (HIPAA)
HIPAALimits how doctors, hospitals, pharmacies,
and insurance companies can use medical information
Health care providers need signed authorization to release information
Health care providers must provide patients with notice describing how they use medical information
Protecting Privacy (cont.)Privacy Regulations in the European Union
(EU):Data Protection Directive
More strict than U.S. regulationsAbuses still occurPuts requirements on businesses outside the
EU
1. Personal data may be collected only for specified, explicit purposes and must not be processed for incompatible purposes.
2. Data must be accurate and up to date. Data must not be kept longer than necessary.
3. Processing of data is permitted only if the person consented unambiguously, or if the processing is necessary to fulfill contractual or legal obligations, or if the processing is needed for tasks in the public interest or by official authorities to accomplish their tasks ( or a few other reasons).
4. Special categories of data, including ethnic and racial origin, political and religious beliefs, health and sex life, and union membership, must not be processed without the subjects explicit consent. Member nations may outlaw processing of such data even if the subject does consent.
5. People must be notified of the collection and use of data about them. They must have access to the data stored about them and a way to correct incorrect data.
6. Processing of data about criminal convictions is severely restricted.
Protecting PrivacyDiscussion QuestionHow would the free-market view and the
consumer protection view differ on errors in Credit Bureau databases?
Who is the consumer in this situation?
CommunicationWiretapping and E-mail Protection:Telephone
1934 Communications Act prohibited interception of messages
1968 Omnibus Crime Control and Safe Streets Act allowed wiretapping and electronic surveillance by law-enforcement (with court order)
E-mail and other new communicationsElectronic Communications Privacy Act of
1986 (ECPA) extended the 1968 wiretapping laws to include electronic communications, restricts government access to e-mail
Communication (cont.)Designing Communications Systems for
Interception: Communications Assistance for Law
Enforcement Act of 1994 (CALEA) Telecommunications equipment must
be designed to ensure government can intercept telephone calls
Rules and requirements written by Federal Communications Commission (FCC)
Communication (cont.)EncryptionProcess of transforming a message in order to
conceal its meaningValuable tool for maintaining privacy
Encryption Policy:
Government ban on export of strong encryption software in the 1990s (removed in 2000)
Pretty Good Privacy (PGP)
1-43
Identity TheftIdentity theft: misuse of another person’s
identity to take actions permitted the ownerCredit card fraud #1 type of identity theftEase of opening accounts online
contributes to problemAbout 10 million U.S. victims in 2008Typical for a victim to spend hundreds of
hours cleaning up problem
1-44
Gaining Access to Information43% of cases involve stolen wallet, credit
card, checkbook, or other physical document13% of cases are “friendly thefts”Dumpster divingShoulder surfing
Phishing and PharmingPhishing: gathering personal information via
a fraudulent spam messagePharming: creation of an authentic-looking
Web site to fool people into revealing personal information
Phishing and pharming often linked; spam message contains link to fraudulent Web site
1-45