Impact of Computerson Society2. More about Privacy and Personal Information
An Immense Problem Where does all that information go?
DATABASES!
Quick retrieval Easy matching Easy sharing Data mining
What is a database? A list of items that are all of the same type and format. Imagine a table of rows and columns.
All of the items in a column are of the same type Each row contains the same data items
Databases existed long before the advent of computers. Domesday Book (1086) DB in the Bible
Data…datum… Modern databases are stored on powerful computers. Most modern databases are called “relational” databases.
Relational databases Each row is unique because of a value which is
called the primary key. It is possible for a table to have one or more possible
(candidate) keys. The primary key may be a combination of data elements
from the row. Relational databases usually comprise many tables
that refer to each other by way of key values. We do not always access a relational database via
the primary key. This has made data mining possible.
Data Mining Data mining is analyzing a database to identify
patterns or relationships in a way that was not envisioned by the original designer.
Data mining frequently analyzes the non-key elements of a database to draw inferences.
Data mining may match values in one table to like values in another table.
Inferences Some inferences are general
People earning > $100K/yr prefer expensive cars Millionaires, however, prefer Buicks and pick-up trucks. Active people who enjoy outdoor sports tend to purchase “performance-
enhancing” vitamins
Some inferences are specific Because John earns > $100K/yr, he’s in the market for a Mercedes, not a
Hyundai Because John drives a Ford F-200 pick-up, he’s worth at least $1,000,000 Because John buys Mega-Sportamins, he engages in active outdoor sports
Many inferences are dead wrong
Some inferences reveal concealed or previously unknown information
It only takes three … Much of the time, identity can be inferred from only
three data points Zip code Birth date Sex
These three data points can serve as an ad hoc primary key.
This means that an individual’s confidential information may be recoverable from supposedly “anonymized” data.
Protecting Privacy Many large databases already exist
Credit ratings Health care Public records Data are a valuable business asset
Privacy advocates Electronic Privacy Information Center (EPIC) Electronic Frontier Foundation (EFF)
Information is Valuable A business asset Some are “coerced” into giving up more privacy than they
wish (“free!” isn’t free) Against the law to request zip code in California Some people are not concerned Adware and spyware – a growing problem Web sites should have clearly posted privacy policies
But are those policies being followed? And what about the future?
Some Privacy-Enhancing Technologies Well-designed databases and interfaces
The non-subversion rule Encryption
Trusted third parties Mailing lists that are rented, not purchased Paying for information
Club cards Credit reports
A Right to Privacy A right to privacy is not stated in the
Constitution Privacy may be inferred from the 4th
Amendment, but it only applies to the federal government
Assumed by most Americans to be a right Eroded by laws such as the USA Patriot Act
Two Philosophical Views of Privacy Louis Brandeis – Supreme Court, 1890
Yes, an independent right exists A person may prohibit publication of facts and
photos Judith Jarvis Thompson – MIT, 1975
Based on property rights No invasion of privacy without violating some
other established right
Brandeis versus Thomson Brandeis focuses on how information is used
Thomson focuses on how information is obtained
Confidentiality In an encounter between two people, either of them might tell
what happened, except for a confidentiality agreement For example, the “undisclosed amount” in an out-of-court settlement But what about data that are revealed – for example a supermarket
keeps records of who buys what and then sells those records to the pharmaceutical company that makes Lipitor.
New York City plans to track all diabetics. NYC Diabetes Prevention and Control: A1C Registry
Maryland restricts credit searches for employment
Informed Consent The customer, patient, subscriber, member
should be able to find out how and where the data are being used
The customer etc. can then make an informed decision
There should be no leaking or sharing data without informed consent
How Informed are You? Free Market Philosophy – any legally obtained
information may be shared, with consent Consumer Protection – a caveat emptor view
The emptor may not be well informed enough to make a good decision, and therefore needs to be protected
For example, mutual funds, mortgages, credit cards, software licenses
The information may be presented in an ambiguous way The consumer may not have the leverage needed to
negotiate a reasonable contract A reasonable expectation of privacy
A Consumer Protection View Advocates of strong privacy regulation emphasize
all the unsettling business uses of personal information we have mentioned…. They argue for more stringent consent requirements, legal restrictions on consumer profiling, prohibitions on certain types of contracts or agreements to disclose data, and prohibitions on businesses collecting or storing certain kinds of data.
-- Sara Baase, p. 115
An Ideal World Businesses and Organizations must…
Clearly state policy for the use of information Provide for opt in Provide for opt out Obtain consent for each secondary use,
disclosure, or transfer of personal information
Who Owns Personal Data? Data cannot be copyrighted. Only creative
works can be copyright protected. Do you own your birthday? To what extent
would you own your personal data? What about negative information such as
arrests, serious health problems, or debts? How do we protect freedom of speech and at
the same time protect privacy?
Privacy in the European Union Personal data may be collected only for specific,
explicit purposes and may not be processed for incompatible purposes.
Data must be accurate and up to date. Data must not be kept longer than necessary.
Processing of data is permitted only if… The person consented unambiguously It is necessary to fulfill a contractual or legal obligation It is necessary in the public interest
More European Union Special categories of data must not be processed
without consent: ethnic, political, religious, health, sex life, etc.
People must be notified that data are being collected about them. They must have access and a way to correct errors.
Processing of data about criminal convictions is severely restricted.
-- Sara Baase, p. 117
Privacy in the U. S. No comprehensive laws although there are
specific laws regarding drivers licenses, etc. Laws may vary from state to state Is the US behind the EU, or is it just a cultural
difference? Google Earth Street View: invasion of
privacy?
An Example: Jane A few of the things in her medicine cabinet:
Darvocet Birth control pills OTC cold pills Centrum vitamins L’Oreal hair dye (a medium brunette shade) Sensodyne, dental floss, Sonicare toothbrush Neutrogena Sun-Block Immodium
Just Suppose… Most items came from the supermarket and
pharmacy
Jane uses her Val-U-Club discount card along with a credit card
Imagine a Break-In Someone breaks into Jane’s house Makes a list of the personal stuff in her
bathroom Does not steal anything Tries to sell the list to neighbors and
businesses If you were Jane, how would you feel?
What’s at Stake As Vaidhyanathan powerfully shows, what’s
at stake has ultimately little to do with things digital. We face a fundamental choice about the nature of cultural freedom. The Internet presents this choice.
-- Lawrence Lessig, reviewing The Anarchist in the Library by Siva Vaidhyanathan (ISBN 0-465-08985-2)
Nothing to hide? If you aren't doing anything wrong, what do you have to
hide? Some clever answers:
If I'm not doing anything wrong, then you have no cause to watch me.
Because the government gets to define what's wrong, and they keep changing the definition.
Because you might do something wrong with my information. My problem with quips like these -- as right as they are -- is
that they accept the premise that privacy is about hiding a wrong. It's not. Privacy is an inherent human right, and a requirement for maintaining the human condition with dignity and respect. -- Bruce Schneier