Transcript 2B_Privacy

Impact of Computers
on Society
2. More about Privacy and Personal
Information
An Immense Problem

Where does all that information go?

DATABASES!




Quick retrieval
Easy matching
Easy sharing
Data mining
What is a database?






A list of items that are all of the same type and format.
Imagine a table of rows and columns.
 All of the items in a column are of the same type
 Each row contains the same data items
Databases existed long before the advent of computers.
 Domesday Book (1086)
 DB in the Bible
Data…datum…
Modern databases are stored on powerful computers.
Most modern databases are called “relational” databases.
Relational databases

Each row is unique because of a value which is
called the primary key.





It is possible for a table to have one or more possible
(candidate) keys.
The primary key may be a combination of data elements
from the row.
Relational databases usually comprise many tables
that refer to each other by way of key values.
We do not always access a relational database via
the primary key.
This has made data mining possible.
Data Mining

Data mining is analyzing a database to identify
patterns or relationships in a way that was not
envisioned by the original designer.

Data mining frequently analyzes the non-key
elements of a database to draw inferences.

Data mining may match values in one table to like
values in another table.
Inferences

Some inferences are general




People earning > $100K/yr prefer expensive cars
Millionaires, however, prefer Buicks and pick-up trucks.
Active people who enjoy outdoor sports tend to purchase “performanceenhancing” vitamins
Some inferences are specific



Because John earns > $100K/yr, he’s in the market for a Mercedes, not a
Hyundai
Because John drives a Ford F-200 pick-up, he’s worth at least $1,000,000
Because John buys Mega-Sportamins, he engages in active outdoor sports

Many inferences are dead wrong

Some inferences reveal concealed or previously unknown information
It only takes three …

Much of the time, identity can be inferred from only
three data points





Zip code
Birth date
Sex
These three data points can serve as an ad hoc
primary key.
This means that an individual’s confidential
information may be recoverable from supposedly
“anonymized” data.
Protecting Privacy

Many large databases already exist





Credit ratings
Health care
Public records
Data are a valuable business asset
Privacy advocates


Electronic Privacy Information Center (EPIC)
Electronic Frontier Foundation (EFF)
Information is Valuable






A business asset
Some are “coerced” into giving up more privacy than they
wish (“free!” isn’t free)
Against the law to request zip code in California
Some people are not concerned
Adware and spyware – a growing problem
Web sites should have clearly posted privacy policies


But are those policies being followed?
And what about the future?
Some Privacy-Enhancing Technologies

Well-designed databases and interfaces



Trusted third parties




The non-subversion rule
Encryption
Mailing lists that are rented, not purchased
Paying for information
Club cards
Credit reports
A Right to Privacy




A right to privacy is not stated in the
Constitution
Privacy may be inferred from the 4th
Amendment, but it only applies to the federal
government
Assumed by most Americans to be a right
Eroded by laws such as the USA Patriot Act
Two Philosophical Views of Privacy

Louis Brandeis – Supreme Court, 1890



Yes, an independent right exists
A person may prohibit publication of facts and
photos
Judith Jarvis Thompson – MIT, 1975


Based on property rights
No invasion of privacy without violating some
other established right
Brandeis versus Thomson

Brandeis focuses on how information is used

Thomson focuses on how information is
obtained
Confidentiality

In an encounter between two people, either of them might tell
what happened, except for a confidentiality agreement



For example, the “undisclosed amount” in an out-of-court settlement
But what about data that are revealed – for example a supermarket
keeps records of who buys what and then sells those records to the
pharmaceutical company that makes Lipitor.
New York City plans to track all diabetics.


NYC Diabetes Prevention and Control: A1C Registry
Maryland restricts credit searches for employment
Informed Consent



The customer, patient, subscriber, member
should be able to find out how and where the
data are being used
The customer etc. can then make an informed
decision
There should be no leaking or sharing data
without informed consent
How Informed are You?


Free Market Philosophy – any legally obtained
information may be shared, with consent
Consumer Protection – a caveat emptor view





The emptor may not be well informed enough to make a
good decision, and therefore needs to be protected
For example, mutual funds, mortgages, credit cards,
software licenses
The information may be presented in an ambiguous way
The consumer may not have the leverage needed to
negotiate a reasonable contract
A reasonable expectation of privacy
A Consumer Protection View

Advocates of strong privacy regulation emphasize all
the unsettling business uses of personal information
we have mentioned…. They argue for more stringent
consent requirements, legal restrictions on consumer
profiling, prohibitions on certain types of contracts
or agreements to disclose data, and prohibitions on
businesses collecting or storing certain kinds of data.

-- Sara Baase, p. 115
An Ideal World

Businesses and Organizations must…




Clearly state policy for the use of information
Provide for opt in
Provide for opt out
Obtain consent for each secondary use,
disclosure, or transfer of personal information
Who Owns Personal Data?




Data cannot be copyrighted. Only creative
works can be copyright protected.
Do you own your birthday? To what extent
would you own your personal data?
What about negative information such as
arrests, serious health problems, or debts?
How do we protect freedom of speech and at
the same time protect privacy?
Privacy in the European Union



Personal data may be collected only for specific,
explicit purposes and may not be processed for
incompatible purposes.
Data must be accurate and up to date. Data must not
be kept longer than necessary.
Processing of data is permitted only if…



The person consented unambiguously
It is necessary to fulfill a contractual or legal obligation
It is necessary in the public interest
More European Union



Special categories of data must not be processed
without consent: ethnic, political, religious,
health, sex life, etc.
People must be notified that data are being
collected about them. They must have access and
a way to correct errors.
Processing of data about criminal convictions is
severely restricted.

-- Sara Baase, p. 117
Privacy in the U. S.




No comprehensive laws although there are
specific laws regarding drivers licenses, etc.
Laws may vary from state to state
Is the US behind the EU, or is it just a cultural
difference?
Google Earth Street View: invasion of
privacy?
An Example: Jane

A few of the things in her medicine cabinet:








Darvocet
Birth control pills
OTC cold pills
Centrum vitamins
L’Oreal hair dye (a medium brunette shade)
Sensodyne, dental floss, Sonicare toothbrush
Neutrogena Sun-Block
Immodium
Just Suppose…

Most items came from the supermarket and
pharmacy

Jane uses her Val-U-Club discount card along
with a credit card
Imagine a Break-In





Someone breaks into Jane’s house
Makes a list of the personal stuff in her
bathroom
Does not steal anything
Tries to sell the list to neighbors and
businesses
If you were Jane, how would you feel?
What’s at Stake

As Vaidhyanathan powerfully shows, what’s
at stake has ultimately little to do with things
digital. We face a fundamental choice about
the nature of cultural freedom. The Internet
presents this choice.

-- Lawrence Lessig, reviewing The Anarchist in the Library by Siva
Vaidhyanathan (ISBN 0-465-08985-2)
Nothing to hide?


If you aren't doing anything wrong, what do you have to
hide?
Some clever answers:




If I'm not doing anything wrong, then you have no cause to watch me.
Because the government gets to define what's wrong, and they keep
changing the definition.
Because you might do something wrong with my information.
My problem with quips like these -- as right as they are -- is
that they accept the premise that privacy is about hiding a
wrong. It's not. Privacy is an inherent human right, and a
requirement for maintaining the human condition with dignity
and respect. -- Bruce Schneier