Impact of Computerson Society2. More about Privacy and Personal Information

An Immense Problem Where does all that information go?

DATABASES!

Quick retrieval Easy matching Easy sharing Data mining

What is a database? A list of items that are all of the same type and format. Imagine a table of rows and columns.

All of the items in a column are of the same type Each row contains the same data items

Databases existed long before the advent of computers. Domesday Book (1086) DB in the Bible

Data…datum… Modern databases are stored on powerful computers. Most modern databases are called “relational” databases.

Relational databases Each row is unique because of a value which is

called the primary key. It is possible for a table to have one or more possible

(candidate) keys. The primary key may be a combination of data elements

from the row. Relational databases usually comprise many tables

that refer to each other by way of key values. We do not always access a relational database via

the primary key. This has made data mining possible.

Data Mining Data mining is analyzing a database to identify

patterns or relationships in a way that was not envisioned by the original designer.

Data mining frequently analyzes the non-key elements of a database to draw inferences.

Data mining may match values in one table to like values in another table.

Inferences Some inferences are general

People earning > $100K/yr prefer expensive cars Millionaires, however, prefer Buicks and pick-up trucks. Active people who enjoy outdoor sports tend to purchase “performance-

enhancing” vitamins

Some inferences are specific Because John earns > $100K/yr, he’s in the market for a Mercedes, not a

Hyundai Because John drives a Ford F-200 pick-up, he’s worth at least $1,000,000 Because John buys Mega-Sportamins, he engages in active outdoor sports

Many inferences are dead wrong

Some inferences reveal concealed or previously unknown information

It only takes three … Much of the time, identity can be inferred from only

three data points Zip code Birth date Sex

These three data points can serve as an ad hoc primary key.

This means that an individual’s confidential information may be recoverable from supposedly “anonymized” data.

Protecting Privacy Many large databases already exist

Credit ratings Health care Public records Data are a valuable business asset

Privacy advocates Electronic Privacy Information Center (EPIC) Electronic Frontier Foundation (EFF)

Information is Valuable A business asset Some are “coerced” into giving up more privacy than they

wish (“free!” isn’t free) Against the law to request zip code in California Some people are not concerned Adware and spyware – a growing problem Web sites should have clearly posted privacy policies

But are those policies being followed? And what about the future?

Some Privacy-Enhancing Technologies Well-designed databases and interfaces

The non-subversion rule Encryption

Trusted third parties Mailing lists that are rented, not purchased Paying for information

Club cards Credit reports

A Right to Privacy A right to privacy is not stated in the

Constitution Privacy may be inferred from the 4th

Amendment, but it only applies to the federal government

Assumed by most Americans to be a right Eroded by laws such as the USA Patriot Act

Two Philosophical Views of Privacy Louis Brandeis – Supreme Court, 1890

Yes, an independent right exists A person may prohibit publication of facts and

photos Judith Jarvis Thompson – MIT, 1975

Based on property rights No invasion of privacy without violating some

other established right

Brandeis versus Thomson Brandeis focuses on how information is used

Thomson focuses on how information is obtained

Confidentiality In an encounter between two people, either of them might tell

what happened, except for a confidentiality agreement For example, the “undisclosed amount” in an out-of-court settlement But what about data that are revealed – for example a supermarket

keeps records of who buys what and then sells those records to the pharmaceutical company that makes Lipitor.

New York City plans to track all diabetics. NYC Diabetes Prevention and Control: A1C Registry

Maryland restricts credit searches for employment

Informed Consent The customer, patient, subscriber, member

should be able to find out how and where the data are being used

The customer etc. can then make an informed decision

There should be no leaking or sharing data without informed consent

How Informed are You? Free Market Philosophy – any legally obtained

information may be shared, with consent Consumer Protection – a caveat emptor view

The emptor may not be well informed enough to make a good decision, and therefore needs to be protected

For example, mutual funds, mortgages, credit cards, software licenses

The information may be presented in an ambiguous way The consumer may not have the leverage needed to

negotiate a reasonable contract A reasonable expectation of privacy

A Consumer Protection View Advocates of strong privacy regulation emphasize

all the unsettling business uses of personal information we have mentioned…. They argue for more stringent consent requirements, legal restrictions on consumer profiling, prohibitions on certain types of contracts or agreements to disclose data, and prohibitions on businesses collecting or storing certain kinds of data.

-- Sara Baase, p. 115

An Ideal World Businesses and Organizations must…

Clearly state policy for the use of information Provide for opt in Provide for opt out Obtain consent for each secondary use,

disclosure, or transfer of personal information

Who Owns Personal Data? Data cannot be copyrighted. Only creative

works can be copyright protected. Do you own your birthday? To what extent

would you own your personal data? What about negative information such as

arrests, serious health problems, or debts? How do we protect freedom of speech and at

the same time protect privacy?

Privacy in the European Union Personal data may be collected only for specific,

explicit purposes and may not be processed for incompatible purposes.

Data must be accurate and up to date. Data must not be kept longer than necessary.

Processing of data is permitted only if… The person consented unambiguously It is necessary to fulfill a contractual or legal obligation It is necessary in the public interest

More European Union Special categories of data must not be processed

without consent: ethnic, political, religious, health, sex life, etc.

People must be notified that data are being collected about them. They must have access and a way to correct errors.

Processing of data about criminal convictions is severely restricted.

-- Sara Baase, p. 117

Privacy in the U. S. No comprehensive laws although there are

specific laws regarding drivers licenses, etc. Laws may vary from state to state Is the US behind the EU, or is it just a cultural

difference? Google Earth Street View: invasion of

privacy?

An Example: Jane A few of the things in her medicine cabinet:

Darvocet Birth control pills OTC cold pills Centrum vitamins L’Oreal hair dye (a medium brunette shade) Sensodyne, dental floss, Sonicare toothbrush Neutrogena Sun-Block Immodium

Just Suppose… Most items came from the supermarket and

pharmacy

Jane uses her Val-U-Club discount card along with a credit card

Imagine a Break-In Someone breaks into Jane’s house Makes a list of the personal stuff in her

bathroom Does not steal anything Tries to sell the list to neighbors and

businesses If you were Jane, how would you feel?

What’s at Stake As Vaidhyanathan powerfully shows, what’s

at stake has ultimately little to do with things digital. We face a fundamental choice about the nature of cultural freedom. The Internet presents this choice.

-- Lawrence Lessig, reviewing The Anarchist in the Library by Siva Vaidhyanathan (ISBN 0-465-08985-2)

Nothing to hide? If you aren't doing anything wrong, what do you have to

hide? Some clever answers:

If I'm not doing anything wrong, then you have no cause to watch me.

Because the government gets to define what's wrong, and they keep changing the definition.

Because you might do something wrong with my information. My problem with quips like these -- as right as they are -- is

that they accept the premise that privacy is about hiding a wrong. It's not. Privacy is an inherent human right, and a requirement for maintaining the human condition with dignity and respect. -- Bruce Schneier