Overview of Internet Privacy
Download
Report
Transcript Overview of Internet Privacy
Privacy
_____________________________________________
_____________________________________________
What is “Privacy”?
_____________________________________________
_____________________________________________
• Too many meanings?
• Constitutional
• Government surveillance
• Security/encryption
• Privacy in ecommerce
• transactional data collection and
processing
• Spam, identity theft etc.
• Specific technologies
• Cookies
• RFID
What is “Privacy”?
_____________________________________________
_____________________________________________
• Function: permit individuals to
control information flows about them
• What values are served by
preventing or limiting the flow of true
information?
What is “Privacy”?
_____________________________________________
_____________________________________________
• Function: permit individuals to
control information flows about them
• What values are served by
preventing or limiting the flow of true
information?
• Sphere of freedom from law
• Even legitimate law?
What is “Privacy”?
_____________________________________________
_____________________________________________
• Function: permit individuals to
control information flows about them
• What values are served by
preventing or limiting the flow of true
information?
• Sphere of freedom from law
• Sphere of freedom from social norms
• Regulation by gossip and censure
What is “Privacy”?
_____________________________________________
_____________________________________________
• Function: permit individuals to
control information flows about them
• What values are served by
preventing or limiting the flow of true
information?
• Sphere of freedom from law
• Sphere of freedom from social norms
• Sphere of freedom from regulation by
market decisions of others
• How constrained or efficient are market
behaviors constrained by competition and
rationality?
What is “Privacy”?
_____________________________________________
_____________________________________________
• Function: permit individuals to
control information flows about them
• What values are served by
preventing or limiting the flow of true
information?
•
•
•
•
Sphere of freedom from law
Sphere of freedom from social norms
Sphere of freedom from markets
Power of self-definition
• Profiling and data-mining: being construed
by another
• control over information received: being
limited by another
What is “Privacy”?
_____________________________________________
_____________________________________________
• The practical inefficiencies of older
information processing and
communications technologies
created a practical sphere of freedom
• “Internet privacy” represents a
cluster of problems that result from
increased efficiency of information
collection and processing that
shrinks that sphere
• Parallels to
• Photography & yellow journalism
• Wiretaps
Destabilizing Factors: Technology
_____________________________________________
_____________________________________________
• Ubiquitous communications capacity
• Walls evaporate for reading, viewing
• transactions can be observed anywhere
• Extensive processing capacity
• Inefficiency & cost protect privacy
• Aggregating and access
• Data-mining – analysis algorithms
• Communications + processing
• Transactional data collection
• Profiling
• Data mining
Destabilizing Factors: Business
_____________________________________________
_____________________________________________
• Information as competitive tool
• Customized preference formation:
advertising
• Customized service/goods delivered
• Customized price/price discrimination
• Customer’s life-long consumption as
primary asset of firm
• Proprietary information fends off
competitive pressures
Destabilizing Factors: Politics
_____________________________________________
_____________________________________________
• U.S. & other governments highly
sophisticated information gatherers
• 1990s saw the encryption wars, US
Government partially lost
• September 11th released the leash
• Government back into an explicit role
of extensive information collection
and processing
• Including by access to market-actor
collected information
Fair Information Practices
_____________________________________________
_____________________________________________
• Minimal standards imposed by law
with a supporting regulatory
framework
• As opposed to “privacy preferences”
• U.S.: Government & sector specific
• Privacy Act 1974
• Video rental, HIPPA, COPPA
• EU Data protection
• OECD Guidelines
Fair Information Practices
_____________________________________________
_____________________________________________
•
•
•
•
•
•
•
•
Collection Limitation
Data Quality
Purpose Specification
Use Limitation
Security Safeguards
Openness
Individual Participation
Accountability
Common Concerns
_____________________________________________
_____________________________________________
• Openness/Notice
•
•
•
•
•
precondition to subject’s control
act of collection
purposes of collection
intended disclosures to third parties
contacts and means of limiting use or
disclosure of the information
Common Concerns
_____________________________________________
_____________________________________________
• Permission
• opt-out or opt-in
• EU, opt-in for sensitive information
• COPPA; HIPPA Rule
• Reflects assumptions about knowledge,
consent, responsibility, collective action
• cost of exercising option
• cost of communication
• loss of service for refusal to give nonnecessary info
Common
Concerns
_____________________________________________
_____________________________________________
• Post-permission processing
• e.g., profiling
• must comply with permission
• must permission be given separately for each
later processing?
• Third-party disclosure
• part of initial or subsequent authorization
• re-purposing must be authorized
• Security, integrity, accuracy
• independent duty
• Access for subjects to correct information in
the database
Regulatory
approaches
_____________________________________________
_____________________________________________
• Mandatory law defines collection &
processing practices
• EU Directive
• U.S sector-specific laws like video
rental, HIPPA, COPPA
Regulatory
approaches
_____________________________________________
_____________________________________________
• Self-regulation with threat of
regulation if fails
• U.S. approach to e-commerce
• e.g., TRUSTe, BBBOnline
• will it ever graduate to NASD?
• Self-regulation with teeth
• US/EU safe harbor?
• FTC enforcement of company policies
adopted to come under safe harbor
Regulatory
approaches
_____________________________________________
_____________________________________________
• Technology
• Practice enforcing or preference
negotiating?
• Anonymizers & encryption (client- or
service-provider server-based)
• P3P, DRM-style models
• Who bears the burden, collectors or
subjects? What are the defaults?
• Is the default minimal collection necessary,
or whatever is possible?
• Limited use or multiple uses?
RFID
Story
_____________________________________________
_____________________________________________
• Clothing manufacturers sew RFID into
cloth. Include garment characteristics,
cloth batch etc for recalls & quality control
• Stores, malls, etc. install readers to limit
pilfering & for inventory management
RFID
Story
_____________________________________________
_____________________________________________
• Clothing manufacturers sew RFID into
cloth. Include garment characteristics,
cloth batch etc for recalls & quality control
• Stores, malls, etc. install readers to limit
pilfering & for inventory management
• Question
• Mall owners use the information to
dynamically change the advertisements
they project on billboards in the Mall
RFID
Story
_____________________________________________
_____________________________________________
• Clothing manufacturers sew RFID into
cloth. Include garment characteristics,
cloth batch etc for recalls & quality control
• Stores, malls, etc. install readers to limit
pilfering & for inventory management
• Questions
• Police officers use the information to
track the location of cloths that match
crime scene evidence
Hypothetical
Amazon
Story
_____________________________________________
_____________________________________________
• Collects information to tailor offerings
• Provides good recommendations for
books to read
• Suggests music you like
• Offers good advice when you seem to
need it, usually guesses right what you
need
• How far would you go with this?
• Buying a car or furniture
• Financing/loan services
• Physician referral service