J. Mouton, I. Diaz, and J. Balestresy

Download Report

Transcript J. Mouton, I. Diaz, and J. Balestresy

Privacy
Chapter 5
James Balestrery
Joshua Moulton
Inesa Diaz
Agenda
•
•
•
•
•
•
What Is Privacy ?
“Electronic Trail” of Information
New Technologies and the Law
Data Mining
Identity Theft Problem
How Do We Preserve Our Privacy in the
Information Age?
Definition
• Privacy as a notion of access, where access means
either physical proximity to a person or
knowledge about that person.
• Where to draw the line between what is private
and what is public ?
• In summary, privacy is a social arrangement that
allows individuals to have some level of control
over who is able to gain access to their physical
selves and their personal information.
Harms
• Privacy provides people with a way of
covering up actions that are immoral or
illegal.
• Too much privacy creates a closure around
a person or a family cell.
– Inability to receive support from outside.
– Inability to receive protection from outside.
Benefits
• Privacy as an indication of people’s
responsibility.
• Privacy allows people to develop as
individuals.
• An opportunity to shut out the world, be
creative.
• An opportunity to develop different kinds of
relationships with different people.
Is There a Natural Right to
Privacy?
•18th century. A natural right. Historically privacy is seen in terms of
control over personal territory, and privacy rights evolve out of
property rights.
• 19th century. Political, social and economic changes in modern
society demand recognition of new kinds of legal rights. Warren &
Brandeis.
•Every ‘privacy right’ violation is a violation of another right. There
are a cluster of rights associated with privacy. Thompson.
•Prudential right. Recognition of some privacy rights because
granting these rights is to the benefit of society. Rosenberg. Example:
telemarketing.
Privacy and Trust
• Modern technology creates a society of
strangers by increasing our privacy.
• Loss of trust.
• Society must get information out of people
to establish reputations.
– Ordeal
– Credentials
Disclosing Information
• Public information is information you
provide to an organization that has the right
to share it with other organizations.
– Telephone directory.
Disclosing Information
• Public record contains information about an
incident or action reported to a government
agency for the purpose of informing the
public.
– Birth certificate
– Motor vehicle record
– Criminal record
Disclosing Information
• Personal information is information that is
not public or part of a public record. It can
become public through
– Voluntary
– Involuntary
– Statutory
Public Information
•
•
•
•
•
•
•
•
•
Rewards or loyalty programs
Body scanners
Digital Video recorders (TiVo)
Automobile “Black Boxes”
Enhanced 911 service
RFID
Implanted chips
Cookies
Spyware
5.5 US Legislation
• Fair Credit Reporting Act 1970 (Revised 1996)
• Promote accuracy and privacy of credit information
• Ensures negative information does not stay on record
permanently (except criminal record)
• The Family Education Rights and Privacy Act 1974
• Students 18+ years can request changes be made to
educational records that contain errors
• Student records cannot be released without permission
of student
• Video Privacy Protection Act 1988
• Videotape service providers cannot disclose rental records
without customers consent
• Personally identifiable records must be destroyed after 1 year
• Financial Services Modernization Act 1999
• Requires financial institutions to prevent unauthorized
access to customer information
• Financial institutions must disclose privacy policy to
customers
• Children's Online Privacy Protection Act 2000
• Online services must obtain parental consent before
collecting information about web users < 12 years old
• Health Insurance Portability and Accountability Act
1996
• Health Insurance guidelines to protect privacy of patients
• Forbid Heath Care providers from giving info to life
insurance companies and banks
• Customers have a right to see their medical records upon
request, and can request corrections to errors within the
records.
5.6 Public Records
• US Government has thousands of databases containing
records on its citizens.
• Census Records
• Census performed every 10 years
• 1790-1850 Questions on census increase, government
requires more information (job class, school attendance,
illiteracy, occupations)
• 1940 statistical sample put to use using census information
• Federal law prohibits Census Bureau for revealing census
information except in times of emergency
• WWII Census Bureau provided US Gov with locations of
Japanese Americans
• Internal Revenue Service Records
• IRS collects ~$2 trillion in taxes each year
• IRS data contains personal information which has been
misused by employees
• IRS claims to have “misplaced” hundreds of diskettes and
tapes containing income tax data
• 2003 consumer protection groups complain that H&R
Block website was requiring people to consent to their
information to be used in cross-marketing. This act is
against the law
• FBI National Crime Info Center 2000
• This is a collection of databases containing information
activities of fed, state, local law enforcement agencies in the
US, US Virgin Islands, Puerto Rico, and Canada
• This currently consists of ~39 million records
• Databases contain information such as: wanted persons,
criminal history, people incarcerated in fed prisons,
convicted sex offenders, unidentified persons, people
believed to be a threat to the President, foreign fugitives,
gang members, suspected terrorists, etc...
• 80,000 Law enforcement agencies have access to these
records
• NCIC processes more then 2 million requests each day with
a average response time of 1 second
• NCIC privacy violations
• Erroneous Records lead to innocent arrests
• Innocent people are arrested because they have the same
name as a wanted person
• NCIC has records on people not accused of any crime
(opponents to the Vietnam war)
• Corrupt employees sell information, manipulate, and delete
records
• People with access to NCIC have used it illegally to screen
employees and acquaintances
• Privacy Act 1974 “bill of rights for the Information
Age”
• Prohibits the use of secretive data record systems
• Ensures there is a way for a person to find out what
information about them exists and how it is being used
• Prohibits the use of personal information to be used for
other purposes without the person's consent
• There must be a way for a person to correct or amend a
record of identifiable information
• Any organization creating or maintaining such records is
obligated to ensure the integrity, correctness, and protection
of such information
5.7 Government Surveillance
• Wire taps have been taking place since 1890s
• 1892-1920 New York Police use unlawful wiretaps to listen to
conversations at hotels, between lawyers and patients, doctors
and patients, and priests and penitents
• Wire taps used to catch bootleggers 1919-1933
• 1934 Congress pass Federal Communications Act making
wiretaps illegal
• FBI Continues secret wiretapping throughout WWII,
information they collected was considered confidential
• NSA 1952 – Operation Shamrock, monitoring of all messages
entering and leaving the country
5.8 Legislation Authorizing
Wiretapping
• Vietnam War era 1968 Congress pass Title III of Omnibus
Crime Control and Safe Streets Acts allowing court ordered
wiretaps for up to 30 days
• Digital Telephony Act 1994 requires phone companies to
provide law enforcement a means of tracing calls, listen to
calls, and intercept email messages.
• FBI uses ambiguities of this act to extract digital phone
numbers, credit card numbers, and bank account numbers
• 2005 FCC demands that broadband providers provide a
means of access to VoIP communications
• US Patriot Act 2001
• Designed to prevent future terrorist attacks against the US
• Provided law enforcement greater surveillance powers, police
can use pen registers on the net to track email addresses and
URLs without probably cause
• Extends court ordered wire taps to the entire country
• Roving surveillance performed for the purpose of intelligence.
Law enforcement is not required to report on its findings
• Secretary of Treasury increased powers to regulate banks and
prevent money laundering
• Made it more difficult for terrorists to enter the US
• Defined new crimes and penalties for terrorist activity
• Law enforcement can enter and search a person's premises
without a search warrant
• Patriot Act makes it easier for FBI to collect info on business,
medical, educational, library, church/mosque/synagogue
records
• 100s of cities and several states pass anti-Patriot Act resolutions
• 2003 Patriot Act II proposed but not passed by congress
Data Mining
• Lots of random data and
transactions. “Snapshots”
• Searching through one or more databases
to generate new information by combining
facts
• Information on people is valuable product
• Secondary use
Data Mining
• Commonly used technique
– IRS
– Banks
– Police agencies
• Syndromic Surveillance System (N.Y.C)
– 50,000 pieces of info a day
– Find patterns to use for early warning
TIA–Total Information Awareness
• Government program to capture “information
signature” of people
• Combine records with biometric identity
• 2003- Program defunded by Congress.
Changed name to Terrorist Information
Awareness
• Benefits = Could detect possible terrorist activity
• Criticisms = Too much centralized data, no citizen
access or review and Big Brother effect.
Transaction Data Ownership
• Who owns rights to data produced by
transactions?
– Seller/Buyer/Neither
– Transactions are public information
– Privacy can be purchased
• Opt-in Vs. Opt-out
– Hippocratic databases
Identity Theft
• Use of another persons identity to get access
to information or documents
• Leading form of Identity theft? Why?
- 15 million Americans were victims in
2006 (Gartner.com)
• Types = Shoulder surfing, dumpster diving,
phishing and skimmers. Mostly low-tech
Social Security Number
• S.S. Act of 1935. Created for sole use by
Social Security Administration
• Why it became so popular
• Problems with using S.S.N
– Not unique
– No error-detection capability
– Not a verified form or identification. Easily
copied
• National ID card
Encryption
• Definition = Transforming a message in
order to conceal its meaning.
• Why it is important
• Types
– Symmetric Encryption
– Pubic Key Cryptography (Diffie and Hellman)
• Asymmetric = 2 keys: Public/Private
• Mathematical relationship between keys makes
possible security breaches.
Other Instances of Encryption
• Pretty Good Privacy (PGP)
• Clinton’s “Clipper” Program (1993)
• Digital Cash
– Online or Off-line
– Safeguards
– Pros and Cons
THE END
Questions?