Information – Part 2 – Privacy issues –
November 20, 2002
aspects of privacy to consider:
having freedom from intrusion; being left alone
- intrusion of “spamming”: unsolicited mass e-mailing
of commercially-oriented message)
having control of information about oneself
- private company example:
(“cookies” + offline database =DoubleClick
- political example of “Aristotle” – see Hunter
article)
- govt. example – “smart cards”
being subject to “dataveillance” at work
(monitoring of email, Web downloads, etc.)
****************
Overview of lecture:
1. Why do we need privacy?
2. What’s happened? From surveillance to dataveillance.
What is the scope of dataveillance?
McNealy (CEO of Sun Microsystems), “You already have
zero privacy—get over it.”)
3. What can we do to protect our privacy? (technological solutions
and legal approaches taken by nation-state)?
******************
1. Why do we Need Privacy?
need privacy on a psychological level:
- to develop as INDIVIDUALS - so that we have psychological
"space" to develop our unique personalities
- to "relax" from the pressures of conforming
need privacy on a political level:
- so that we can develop different ideas so that our community
doesn't suffer from a "herd-mind" (see Hunter article)
- democratic societies need to ensure privacy for their citizens
so that some information about its citizens remains outside
the hands of the government.
(When access to all information is in the hands of the government,
we are approaching 1984)
2. What is the scope of “dataveillance”?
(Is it as bad as McNealy says?: “You already have zero
privacy—get over it.”)
2.1. Case of DoubleClick:
Web “cookies” allow for consumer tracking:
“a cookie is just a code [like a] reference number that
the server assigns to the browser so as to recognize it when
the same person returns. . . . the cookie is automatically
stored on the consumer’s hard drive, with or without
his knowledge, depending on his preferences.” (Berners-Lee,
p. 145)
- the problem is not the cookie itself—the user has some
control (e.g., in Netscape go to Edit menu/preferences/advanced
and click off cookies or set up warning)—“but not
knowing what information the server will collect, and how
it will use that information…without that information
the user can make choices based only on fear and doubt: not
a stable basis for building [a] society [of trust] on the
Web.” (pp. 145-146)
What happened with DoubleClick? (see Hunter article http://www.firstmonday.org/issues/issue7_2/hunter/index.html
- company collected online information about anonymous users
using cookies; but then they bought an off line database company
–with details of 90 million U.S. shoppers.
- started to compile profiles linking individual’s
names with their off line and online purchases.
- anonymity was lost…
- question for citizenry: Is the danger of the gradual
erosion of individual liberties through automation, integration,
and interconnection of many separate record-keeping systems
worth it?
2.2. Case of “Aristotle” (see Hunter article)
2.3. Another HYPOTHETICAL Case of computer profiling (govt.
example): develop a profile of what you think are the
characteristics of a kind of criminal (say a person who grows
marijuana) and then search through relevant databases looking
for that “type”
a look at lists of all people who bought hydroponics equipment,
and lists of people who live in the country, and who have
low reported incomes, etc.
Once you match all these computer databases against one another,
a list of names will emerge.
But there will be people who match the profile but are not
marijuana growers (i.e., the false positive cases).
Question for citizenry: It is justified that a proportion
of the population will have their privacy invaded and have
to prove their innocence, in order to "catch" the
targeted group?
2.4. Case of govt. implementation of “smart” cards
cards containing a microprocessor and memory; the size of
a credit card--can collect, store and often process data.
What if info were encoded on the card: like personal i.d.,
photo, etc.?
+ cut down on fraud, but the tendency might be to consolidate
the cards from different govt. agencies so that there is just
one card.... (OHIP, SIN, etc.)
Issue for citizenry: If information resides only on smart
card then it’s a “technology of privacy”; if
info is transmitted to a central database then it’s a
“technology of surveillance [dataveillance]” Is
this what we want?
(One recent example shows that many of us fear collection
of extensive data about us in a govt. database:
Longitudinal Labour Force File Databank – data on 30
million Canadians – intent was to track employment, but
public outcry forced govt. to dismantle it).
2.5. Case of credit-rating companies:
They receive information daily about your spending habits:
data supplied by banks, stores, and other businesses (bill
paying history). + other aspects of your life related to your
financial stability/instability (insurance claims)
Since little / no error checking, what happens when false
information is entered or retrieved?
3. How Can Our (Canadians’) Privacy Be Protected?
3. 1. Establishment of govt. Privacy Commissioners both federal
and provincial…
and laws that can be enforced;
see latest Federal legislation that took effect 1 January
2001– “Personal Information Protection and Electronic
Documents Act”
- to force private data collectors to provide transparent
privacy policies (law applied to federally regulated businesses
such as banks and broadcasters, but many others will still
be bound by it since personal inforamation that travels across
provincial or national borders also falls under its jurisdiction).
Ideally governments would establish “Code of Fair
Information Practices” (basic principles):
1. Collection limitation: data should be obtained by
lawful means, and if possible, with consent from "data
subject."
2. Data Quality: Data collected should be accurate,
complete and kept up to date.
3. Purpose Specification: need to know specific purposes
for collection.
4. Use limitation: Subsequent use or disclosure should
be limited to those purposes (except with consent of individual
or as required by law). Personal information should be retained
only as long as necessary for fulfillment of purposes.
5. Security Safeguards: Personal data should be protected.
(confirmation of security precautions taken)
6. Openness: General policy of "openness"
to where data is, how it is being used.
7. Individual Access: "Data subject" should
have access to their data.
8. Accountability: A data controller should supervise
the compliance with these measures. An individual should be
able to challenge the organization’s compliance with
their practices.
(Cavoukian & Tapscott, 1995, pp. 28-30).
3.2. Technological approaches – to ensure security
of information (especially important in financial transactions
where the goal of financial interactions is authentication
BUT not data collection (go back to days of "cash")
According to Berrners-Lee, security must involve:
authenticity (the message comes from the person sending it
confidentiality (knowing that no one else can read the message)
integrity (making sure no one can alter a message without
being detected)
non-repudiatability (ensuring that if I send a message, I
can’t later claim I didn’t send it)
-Need public key cryptography (PFC)
encryption = "mathematical process that disguises the
content of the messages transmitted"
given the limitations of symmetrical encryption need asymmetric
encryption mathematically related keys:
-->everyone has a public key (widely distributed in directories)
+ a private key (kept secret)
To send a private, signed message
-->sender encrypts her message with her private key
-->then encrypts the ciphertext with the recipient’s
public key
--> recipient first applies his private key,
--> then the sender’s public key and recovers the
original plaintext message.
U.S. government’s attempts to limit encryption: the Clipper
Chip
National Security Agency (secret agency with little public
scrutiny) tried to keep cryptography to itself)
developed their own encryption scheme and encoded it on a
chip (“clipper chip”)
messages are encoded BUT the FBI or NSA has a back door in--they
can decode the messages (for law enforcement purposes); public
outrage at this power of the govt.
(shades of 1984)
Sources:
Berners-Lee, T. 1999. Weaving the web; The original design
and ultimate destiny of the World Wide Web. Harper Business.
Cavoukain, A. & Tapscott, D. 1995. Who Knows: Safeguarding
your privacy in a networked world. Random House Canada.
Hunter, C. (downloaded Nov. 2002). “Political privacy
and Online Politics: How E-Campaigning Threatens Voter Privacy.”
http://www.firstmonday.org/issues/issue7_2/hunter/index.html