Transcript 2B_Privacy
Impact of Computers on Society 2. More about Privacy and Personal Information An Immense Problem Where does all that information go? DATABASES! Quick retrieval Easy matching Easy sharing Data mining What is a database? A list of items that are all of the same type and format. Imagine a table of rows and columns. All of the items in a column are of the same type Each row contains the same data items Databases existed long before the advent of computers. Domesday Book (1086) DB in the Bible Data…datum… Modern databases are stored on powerful computers. Most modern databases are called “relational” databases. Relational databases Each row is unique because of a value which is called the primary key. It is possible for a table to have one or more possible (candidate) keys. The primary key may be a combination of data elements from the row. Relational databases usually comprise many tables that refer to each other by way of key values. We do not always access a relational database via the primary key. This has made data mining possible. Data Mining Data mining is analyzing a database to identify patterns or relationships in a way that was not envisioned by the original designer. Data mining frequently analyzes the non-key elements of a database to draw inferences. Data mining may match values in one table to like values in another table. Inferences Some inferences are general People earning > $100K/yr prefer expensive cars Millionaires, however, prefer Buicks and pick-up trucks. Active people who enjoy outdoor sports tend to purchase “performanceenhancing” vitamins Some inferences are specific Because John earns > $100K/yr, he’s in the market for a Mercedes, not a Hyundai Because John drives a Ford F-200 pick-up, he’s worth at least $1,000,000 Because John buys Mega-Sportamins, he engages in active outdoor sports Many inferences are dead wrong Some inferences reveal concealed or previously unknown information It only takes three … Much of the time, identity can be inferred from only three data points Zip code Birth date Sex These three data points can serve as an ad hoc primary key. This means that an individual’s confidential information may be recoverable from supposedly “anonymized” data. Protecting Privacy Many large databases already exist Credit ratings Health care Public records Data are a valuable business asset Privacy advocates Electronic Privacy Information Center (EPIC) Electronic Frontier Foundation (EFF) Information is Valuable A business asset Some are “coerced” into giving up more privacy than they wish (“free!” isn’t free) Against the law to request zip code in California Some people are not concerned Adware and spyware – a growing problem Web sites should have clearly posted privacy policies But are those policies being followed? And what about the future? Some Privacy-Enhancing Technologies Well-designed databases and interfaces Trusted third parties The non-subversion rule Encryption Mailing lists that are rented, not purchased Paying for information Club cards Credit reports A Right to Privacy A right to privacy is not stated in the Constitution Privacy may be inferred from the 4th Amendment, but it only applies to the federal government Assumed by most Americans to be a right Eroded by laws such as the USA Patriot Act Two Philosophical Views of Privacy Louis Brandeis – Supreme Court, 1890 Yes, an independent right exists A person may prohibit publication of facts and photos Judith Jarvis Thompson – MIT, 1975 Based on property rights No invasion of privacy without violating some other established right Brandeis versus Thomson Brandeis focuses on how information is used Thomson focuses on how information is obtained Confidentiality In an encounter between two people, either of them might tell what happened, except for a confidentiality agreement For example, the “undisclosed amount” in an out-of-court settlement But what about data that are revealed – for example a supermarket keeps records of who buys what and then sells those records to the pharmaceutical company that makes Lipitor. New York City plans to track all diabetics. NYC Diabetes Prevention and Control: A1C Registry Maryland restricts credit searches for employment Informed Consent The customer, patient, subscriber, member should be able to find out how and where the data are being used The customer etc. can then make an informed decision There should be no leaking or sharing data without informed consent How Informed are You? Free Market Philosophy – any legally obtained information may be shared, with consent Consumer Protection – a caveat emptor view The emptor may not be well informed enough to make a good decision, and therefore needs to be protected For example, mutual funds, mortgages, credit cards, software licenses The information may be presented in an ambiguous way The consumer may not have the leverage needed to negotiate a reasonable contract A reasonable expectation of privacy A Consumer Protection View Advocates of strong privacy regulation emphasize all the unsettling business uses of personal information we have mentioned…. They argue for more stringent consent requirements, legal restrictions on consumer profiling, prohibitions on certain types of contracts or agreements to disclose data, and prohibitions on businesses collecting or storing certain kinds of data. -- Sara Baase, p. 115 An Ideal World Businesses and Organizations must… Clearly state policy for the use of information Provide for opt in Provide for opt out Obtain consent for each secondary use, disclosure, or transfer of personal information Who Owns Personal Data? Data cannot be copyrighted. Only creative works can be copyright protected. Do you own your birthday? To what extent would you own your personal data? What about negative information such as arrests, serious health problems, or debts? How do we protect freedom of speech and at the same time protect privacy? Privacy in the European Union Personal data may be collected only for specific, explicit purposes and may not be processed for incompatible purposes. Data must be accurate and up to date. Data must not be kept longer than necessary. Processing of data is permitted only if… The person consented unambiguously It is necessary to fulfill a contractual or legal obligation It is necessary in the public interest More European Union Special categories of data must not be processed without consent: ethnic, political, religious, health, sex life, etc. People must be notified that data are being collected about them. They must have access and a way to correct errors. Processing of data about criminal convictions is severely restricted. -- Sara Baase, p. 117 Privacy in the U. S. No comprehensive laws although there are specific laws regarding drivers licenses, etc. Laws may vary from state to state Is the US behind the EU, or is it just a cultural difference? Google Earth Street View: invasion of privacy? An Example: Jane A few of the things in her medicine cabinet: Darvocet Birth control pills OTC cold pills Centrum vitamins L’Oreal hair dye (a medium brunette shade) Sensodyne, dental floss, Sonicare toothbrush Neutrogena Sun-Block Immodium Just Suppose… Most items came from the supermarket and pharmacy Jane uses her Val-U-Club discount card along with a credit card Imagine a Break-In Someone breaks into Jane’s house Makes a list of the personal stuff in her bathroom Does not steal anything Tries to sell the list to neighbors and businesses If you were Jane, how would you feel? What’s at Stake As Vaidhyanathan powerfully shows, what’s at stake has ultimately little to do with things digital. We face a fundamental choice about the nature of cultural freedom. The Internet presents this choice. -- Lawrence Lessig, reviewing The Anarchist in the Library by Siva Vaidhyanathan (ISBN 0-465-08985-2) Nothing to hide? If you aren't doing anything wrong, what do you have to hide? Some clever answers: If I'm not doing anything wrong, then you have no cause to watch me. Because the government gets to define what's wrong, and they keep changing the definition. Because you might do something wrong with my information. My problem with quips like these -- as right as they are -- is that they accept the premise that privacy is about hiding a wrong. It's not. Privacy is an inherent human right, and a requirement for maintaining the human condition with dignity and respect. -- Bruce Schneier