430 likes | 555 Vues
Tension Between Privacy and the Social Benefits of Government Databases. George T. Duncan 2004 January 14. Security, Technology, and Privacy: Shaping a 21st Century Public Information Policy, 2003 April 24-25, Georgetown University Law Center, Washington, DC. Manchester Computing
E N D
Tension Between Privacy and the Social Benefits of Government Databases George T. Duncan 2004 January 14 Security, Technology, and Privacy: Shaping a 21st Century Public Information Policy, 2003 April 24-25, Georgetown University Law Center, Washington, DC
Manchester Computing UK Joint Information Systems Committee ESRC Research Methods Programme Angela Dale Mike Daw UK Access Grid
Themes • Technology driving costs of information process down, increasing tensions between privacy and data access • Analysis through the CSID framework • Private Lives and Public Policies vs. Public Lives and Private Policies • R-U Confidentiality Map • Information Ethics
DATA CAPTURE DISSEMINTION Respondent Policy Analyst Data Snooper Information Organization Decision Maker Respondent Researcher Media Brokering Role of the Information Organization
Technology Driving Costs Down • Data Capture • Data Storage • Data Integration • Data Dissemination
Data Capture Widens • Radio frequency identification (RFID) • Bar code • Card technologies (magnetic stripe, smart card, contactless card, optical card) • Biometrics • Electronic article surveillance (EAS).
Costs of Data Storage Plummet Source: Scientific American In 2003, Plasmon Juke Boxes priced at less than $4/gigabyte
Data Dissemination via Web Access Census Tract 1001, Salt Lake County, Utah U.S. Census Bureau, American FactFinder PCT3. SEX BY AGE [209] - Universe: Total populationRace or Ethnic Group: Total populationData Set: Census 2000 Summary File 2 (SF 2) 100-Percent Data
Low Cost of Information Raises… • Expectations about access to quality data • Fears about privacy invasions and confidentiality breeches
Europe votes to end data privacyLaw will allow police to spy on phone and net traffic Stuart MillarFriday May 31, 2002The Guardian
FIGHTING CRIME AND PROTECTING PRIVACY - PLANS UNVEILED TO REGULATE DATA ACCESS • Reference: 248/2003 - Date: 12 Sep 2003 10:10 • New measures announced today will ensure tight regulation of phone and internet records used to fight crime, striking the right balance between protecting privacy and protecting the public, said Home Office minister Caroline Flint.
“Balance” is a value tradeoff, which begs… • An analytical framework for the information process • An information ethics
Analytic Framework: the CSID Data Process • Capture • Storage • Integration • Dissemination
The Beginning of the CSID Data Process Data Capture
Private Lives and Public Policies • Private Lives—Requisite for a free society • Public Policies—Data are the factual base need for informed public discussion
Easy Slide to the Quagmire of Public Lives and Private Policies • Public Lives—Surveillance, required registration, divulgence of information • Private Policies—Secret, screened, restricted input
Today’s Databases—Not just a System of Records • System of records • Flat file • Autonomous collection • Durable collection • Controlled collection • Today’s databases • Heterogeneous • Complex structure • Difficulties in semantic interoperability • Managed by multiple sites
Governmental Databases • Survey • National Longitudinal Surveys of Young Women • Administrative Transactions • FAA Commercial Pilot Certificate • Required Private-Sector Data • SSA earnings records • Birth certificate information • ISP provision of subscriber information under the USA Patriot Act
Why Confidentiality Matters • Ethical: Keeping promises; basic value tied to privacy concerns of solitude, autonomy and individuality • Pragmatic: Without confidentiality, respondent may not provide data; worse, may provide inaccurate data • Legal: Required under law
Confidentiality Audit • Sensitive objects • Numeric values • Instances of relationships • Susceptible data • Geographical detail • Longitudinal or panel structure • Outliers • Many attribute variables • Census versus survey/sample • Existence of linkable external databases
Restricted Access Restricted Data
RESTRICTED ACCESS • U.S. Census Research Data Centers • National Center for Health Statistics Research Data Center • National Archive of Criminal Justice Data • Netherlands Center for Research of Economic Microdata (CEREM) • Luxembourg Integrated Research Infrastructurein the Socio-Economic Sciences(IRISS)
RESTRICTED DATA • Transform data using disclosure limitation procedures • Lower disclosure risk • Maintain data utility
Masked Data Model Estimation Virtual Data STATISTICAL DISCLOSURE LIMITATION Original Data
Matrix Masking Y=AXB + C Disclosure Limitation: Transforming the original data (X)to the disseminated data (Y) • Local suppression • Adding noise • Sampling • Data swapping • Global recoding (coarsening) • Micro-aggregation
Original Data Maximum Tolerable Risk Released Data No Data Data Utility U R-U Confidentiality Map Disclosure Risk R
Democratic Accountability Constitutional Empowerment Information Ethics Information Justice Individual Autonomy
Democratic Accountability • Organizations empowered by the people are accountable to the people • Access to information promotes accountability
Constitutional Empowerment • Knowledge is power” • Capability of citizens to make informed decisions about political, economic and social questions • Constitutional practice emphasizes broad access to the political process
Individual Autonomy • Capacity to function as individuals, uncoerced and cloaked with privacy • Compromised by • excessive surveillance to build data bases • irresponsible dissemination of personally identifiable data
Information Justice • “My” group getting what they want • Fairness • Equal treatment for all • Social justice?
Responsive to Changes in Societal Reality • Terrorist attacks of 9/11 prompts • USA Patriot Act • UK Anti-terrorism, Crime and Security Act • Overreaction?
Whoever fights monsters should see to it that in the process he does not become a monster. And when you look long into an abyss, the abyss also looks into you. --Friedrich Nietzsche, Beyond Good and Evil
Responsive to Changes in Technology • Information Management • XML • Data mining and search • Human-Computer Interaction • Accessible to broad range of public • “Every-citizen” usability • Network infrastructure • Encryption methods • E-commerce
Our Path … • Seek Private Lives and Public Policies • Avoid Public Lives and Private Policies