1 / 15

Dangerous Access: database technology and privacy

Dangerous Access: database technology and privacy. What does privacy mean? -similar to other values (such as liberty and freedom), there’s no universal definition “the right to be let alone” “right to restrict access to person, property, or information “ Why do we value privacy?

kass
Télécharger la présentation

Dangerous Access: database technology and privacy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Dangerous Access: database technology and privacy What does privacy mean? -similar to other values (such as liberty and freedom), there’s no universal definition “the right to be let alone” “right to restrict access to person, property, or information “ Why do we value privacy? Some people value privacy for its own sake Some because it enables other values, such as: The ability to have intimate relationships, to form independent and informed opinions, or to form a sense of personhood.

  2. The situation today • Hundreds of commercial companies, and government agencies gather the personal information of individuals. • Historically • Information was never collected on this scale • Records weren’t as permanent as digital records • Information was harder to share • Today • An incredible amount of information is collected • Distribution of information is quick and easy • Digital records and massive storage capability means permanent storage of all collected information.

  3. How is this information collected? • Traditional methods- • Government coercion of information • Census records, court records, motor vehicle registration etc • Companies solicit information from their customers. • Registration cards • Discount Shopping programs (example: the price chopper card) • Surveys • New methods of collection • Internet technology • Clickstream tracking: websites track where you travel, and how long you spend on each page • Cookies • Spyware • keyloggers • Web bugs: 1 pixel photos send back information when they are viewed • Digital rights technology

  4. Where does the information go after it is collected? • After initial collection- the information is traded • Between the government and commercial entities • Between separate commercial entities • Sold back to the government and to law enforcement • The availability of this information is beneficial. Companies and the government can run more efficiently, public safety is improved, and consumers receive marketing that is more directed towards their wants and needs.

  5. The Dangers • Decisionmaking • Background checks, employment, credit, rental decisions are made based upon information in these databases. • The information cannot contain a complete picture of the individual. • Moreover if the information is incorrect, whether by mistake or by identity theft, there are severe consequences to individuals • Vulnerability • According to the chairman of the FTC, the most serious threats: • Safety of women and children (from stalking activity) • Identity theft • Fear of Abuse • The knowledge that so much information is going to be collected may have a “chilling” effect on speech. • Profiling: the consequences of having the information in your file incorrectly cast you as a threat to national security are immense.

  6. Bureaucracy and Aggregation • Most pieces of information in the databases would not, by themselves be considered highly private, such as names, addresses, or phone numbers. • When combined, the information can paint a portrait of where you go, who you see and talk to, your health, where you live, what you buy, your family, and your job. • These databases do not release dangerous information into the hands of stalkers or identity thieves with any malicious intent, but instead through lack of care and bureaucracy.

  7. What has the law done to protect privacy? • The law has reacted to technology that threatens our privacy. • In the time of the early settlers of the U.S., social norms, the expenses of typesetting, and the distance of rural life protected privacy. • As the country grew, so did the government’s need for information. The 1840 census contained financial and health questions, and many people were concerned about privacy. (the amount of information could not have been processed without a new technology, the punch card) • Shortly after, the invention of the instant camera, and the growth of the popular press inspired an article by Warren and Brandeis – which is considered the beginning of privacy law in the U.S. The article drew on existing law to assert a private tort action for privacy. • The courts responded to this article allowing tort actions for situations which were considered to violate privacy.

  8. Evolution of Privacy Law • 1960- Prosser reviewed over 300 privacy tort cases since the Warrant and Brandeis article, and asserted that instead of a single privacy right, there were in fact four distinct separate torts. • Intrusion upon seclusion • Public disclosure of private facts • False light • Appropriation • These were adopted into the restatement of torts, although many states (including New York) do not recognize all four tort actions.

  9. Advent of the Computer Age • Computerization of government and commercial records began in the 1960’s and 70’s. • A public was concern about privacy, focusing on surveillance and the increasing use of the social security number as an identifier. • Individuals can have similar or identical information, so a way of uniquely identifying them is useful. The SS# is a uniquely assigned nine digit number, many agencies and organizations use it. • Congress responded with the enactment of FOIA in 1966, and the Privacy Act of 1974 • The privacy act restricts the release of personal records held by federal agencies, with significant exceptions, and regulates use of SS#. • FOIA 1966- allows for more transparency in government, however commercial collectors of information have used FOIA to collect information. There are permissive privacy exceptions.

  10. Further Privacy Legislation • Legislative action in the seventies and since has consisted of ad hoc legislation restricting selected categories of information. • CCPA 1984– restricted the release of cable viewing habits • FERPA 1974- restricting the release of student records • VPPA 1988 - restricting the release of video rental records • HIPPA 1996- restricts the release of medical information • Some legislation arguably enables the dissemination of information • Fair Credit Reporting Act 1970- allows subjects of information to see and correct information in their credit reports, allows the sale of credit headers containing SS#. • Graham Leach Bliley 1999- restricts the release of financial information to unafilliated financial institutions- however it allows transfer to associates, provides opt-out notices

  11. Good examples of legislation • COPPA- the Children’s Online Privacy Protection Act restricts the collection of children’s information online. • DPPA- the Driver’s Privacy Protection act restricts the ability of states to sell DMV information. • A patchwork of protection • Some subjects are protected, while others are unregulated.

  12. Judicial Treatment of Privacy Law • The Supreme Court recognized a constitutional right to informational privacy in Whalen V. Roe (1975) • “there may be a lot of laws, but not much protection” • The courts have not been effective in protecting against the dangers of database technology. • Tort law is largely directed towards the media, which publicizes information. While database companies share the information, they have no incentive to publicize. • Two traditional conceptions of privacy have influenced judicial decisions on decisions involving databases. • Secrecy/seclusion- information is either private or public. Under the conception of secrecy, if the information has been revealed, it can no longer be protected as private. • Invasion- The interest to be protected in privacy was against invasive action of wrongdoers who cause damage. The collection of this information is legal, and there is no cognizable damage.

  13. FTC action • The federal trade commission is responsible for handling fraudulent and unfair trade practices. The FTC allowed commercial entities on the internet to self-regulate their data collection practices, however with little incentive to limit the use, collection, and dissemination of that information they have moved on to filing suit. Since 1998 they have been attempting to influence the collection of information on the internet through privacy policies. • Several high profile cases have settled, however the settlements have been light. In many cases the punishment was merely a promise to reform. • The FTC relies upon the existence of a privacy policy, and they can only bring suit if the website violates that policy

  14. Problems not Addressed by the Law • The law today does not effectively address the problems caused by database technology • The law makes a clear distinction between private and public information. • Opt-out policies (like those involved with GLB) and privacy policies create an incentive for companies to create notices that are hard to read and follow. • The invasion concept bases privacy violations on the harm to the individual by wrongdoing, rather than the harm to society as a whole. • Protection of privacy is a patchwork of legislation, with many holes. • FTC action still relies mostly upon self-regulation, and does not punish severely enough to deter violations.

  15. What can be done? • Education • Technology • Encryption • Anonymization • Current legislation – to require notification of security breaches, require information be secure, and punish violations. • The European Model • Update judicial conceptions of privacy away from the “secrecy” and “invasion” conceptions to recognize the harms of the collection of personal information.

More Related