Lecture November 20


Information – Part 2 – Privacy issues – November 20, 2002


aspects of privacy to consider:
having freedom from intrusion; being left alone

- intrusion of “spamming”: unsolicited mass e-mailing of commercially-oriented message)

having control of information about oneself

- private company example:
(“cookies” + offline database =DoubleClick
- political example of “Aristotle” – see Hunter article)
- govt. example – “smart cards”

being subject to “dataveillance” at work (monitoring of email, Web downloads, etc.)
****************

Overview of lecture:

1. Why do we need privacy?

2. What’s happened? From surveillance to dataveillance. What is the scope of dataveillance?

McNealy (CEO of Sun Microsystems), “You already have zero privacy—get over it.”)

3. What can we do to protect our privacy? (technological solutions and legal approaches taken by nation-state)?

******************
1. Why do we Need Privacy?

need privacy on a psychological level:

- to develop as INDIVIDUALS - so that we have psychological "space" to develop our unique personalities

- to "relax" from the pressures of conforming

need privacy on a political level:

- so that we can develop different ideas so that our community doesn't suffer from a "herd-mind" (see Hunter article)

- democratic societies need to ensure privacy for their citizens so that some information about its citizens remains outside the hands of the government.

(When access to all information is in the hands of the government, we are approaching 1984)

2. What is the scope of “dataveillance”?
(Is it as bad as McNealy says?: “You already have zero privacy—get over it.”)


2.1. Case of DoubleClick:

Web “cookies” allow for consumer tracking:
“a cookie is just a code [like a] reference number that the server assigns to the browser so as to recognize it when the same person returns. . . . the cookie is automatically stored on the consumer’s hard drive, with or without his knowledge, depending on his preferences.” (Berners-Lee, p. 145)

- the problem is not the cookie itself—the user has some control (e.g., in Netscape go to Edit menu/preferences/advanced and click off cookies or set up warning)—“but not knowing what information the server will collect, and how it will use that information…without that information the user can make choices based only on fear and doubt: not a stable basis for building [a] society [of trust] on the Web.” (pp. 145-146)

What happened with DoubleClick? (see Hunter article http://www.firstmonday.org/issues/issue7_2/hunter/index.html

- company collected online information about anonymous users using cookies; but then they bought an off line database company –with details of 90 million U.S. shoppers.
- started to compile profiles linking individual’s names with their off line and online purchases.
- anonymity was lost…
- question for citizenry: Is the danger of the gradual erosion of individual liberties through automation, integration, and interconnection of many separate record-keeping systems worth it?

2.2. Case of “Aristotle” (see Hunter article)

2.3. Another HYPOTHETICAL Case of computer profiling (govt. example): develop a profile of what you think are the characteristics of a kind of criminal (say a person who grows marijuana) and then search through relevant databases looking for that “type”

a look at lists of all people who bought hydroponics equipment, and lists of people who live in the country, and who have low reported incomes, etc.

Once you match all these computer databases against one another, a list of names will emerge.

But there will be people who match the profile but are not marijuana growers (i.e., the false positive cases).

Question for citizenry: It is justified that a proportion of the population will have their privacy invaded and have to prove their innocence, in order to "catch" the targeted group?

2.4. Case of govt. implementation of “smart” cards


cards containing a microprocessor and memory; the size of a credit card--can collect, store and often process data.

What if info were encoded on the card: like personal i.d., photo, etc.?

+ cut down on fraud, but the tendency might be to consolidate the cards from different govt. agencies so that there is just one card.... (OHIP, SIN, etc.)

Issue for citizenry: If information resides only on smart card then it’s a “technology of privacy”; if info is transmitted to a central database then it’s a “technology of surveillance [dataveillance]” Is this what we want?

(One recent example shows that many of us fear collection of extensive data about us in a govt. database:
Longitudinal Labour Force File Databank – data on 30 million Canadians – intent was to track employment, but public outcry forced govt. to dismantle it).

2.5. Case of credit-rating companies:

They receive information daily about your spending habits: data supplied by banks, stores, and other businesses (bill paying history). + other aspects of your life related to your financial stability/instability (insurance claims)

Since little / no error checking, what happens when false information is entered or retrieved?

3. How Can Our (Canadians’) Privacy Be Protected?

3. 1. Establishment of govt. Privacy Commissioners both federal and provincial…
and laws that can be enforced;

see latest Federal legislation that took effect 1 January 2001– “Personal Information Protection and Electronic Documents Act”

- to force private data collectors to provide transparent privacy policies (law applied to federally regulated businesses such as banks and broadcasters, but many others will still be bound by it since personal inforamation that travels across provincial or national borders also falls under its jurisdiction).

Ideally governments would establish “Code of Fair Information Practices” (basic principles):

1. Collection limitation: data should be obtained by lawful means, and if possible, with consent from "data subject."

2. Data Quality: Data collected should be accurate, complete and kept up to date.

3. Purpose Specification: need to know specific purposes for collection.

4. Use limitation: Subsequent use or disclosure should be limited to those purposes (except with consent of individual or as required by law). Personal information should be retained only as long as necessary for fulfillment of purposes.

5. Security Safeguards: Personal data should be protected. (confirmation of security precautions taken)

6. Openness: General policy of "openness" to where data is, how it is being used.

7. Individual Access: "Data subject" should have access to their data.

8. Accountability: A data controller should supervise the compliance with these measures. An individual should be able to challenge the organization’s compliance with their practices.

(Cavoukian & Tapscott, 1995, pp. 28-30).

3.2. Technological approaches – to ensure security of information (especially important in financial transactions where the goal of financial interactions is authentication BUT not data collection (go back to days of "cash")

According to Berrners-Lee, security must involve:

authenticity (the message comes from the person sending it

confidentiality (knowing that no one else can read the message)

integrity (making sure no one can alter a message without being detected)

non-repudiatability (ensuring that if I send a message, I can’t later claim I didn’t send it)

-Need public key cryptography (PFC)

encryption = "mathematical process that disguises the content of the messages transmitted"

given the limitations of symmetrical encryption need asymmetric encryption mathematically related keys:

-->everyone has a public key (widely distributed in directories) + a private key (kept secret)

To send a private, signed message

-->sender encrypts her message with her private key
-->then encrypts the ciphertext with the recipient’s public key

--> recipient first applies his private key,
--> then the sender’s public key and recovers the original plaintext message.

U.S. government’s attempts to limit encryption: the Clipper Chip

National Security Agency (secret agency with little public scrutiny) tried to keep cryptography to itself)
developed their own encryption scheme and encoded it on a chip (“clipper chip”)

messages are encoded BUT the FBI or NSA has a back door in--they can decode the messages (for law enforcement purposes); public outrage at this power of the govt.
(shades of 1984)

Sources:

Berners-Lee, T. 1999. Weaving the web; The original design and ultimate destiny of the World Wide Web. Harper Business.

Cavoukain, A. & Tapscott, D. 1995. Who Knows: Safeguarding your privacy in a networked world. Random House Canada.

Hunter, C. (downloaded Nov. 2002). “Political privacy and Online Politics: How E-Campaigning Threatens Voter Privacy.” http://www.firstmonday.org/issues/issue7_2/hunter/index.html

This page last revised 9/17/02