Impact of Computerson Society2. Privacy and Personal Information

Is Your Privacy Being Invaded? Wear a tinfoil hat to protect yourself! A few people seriously believe(d) this! Although a tinfoil hat will not protect you

from a computer, ensuring personal privacy is an important issue in today’s society.

At some time in their lives, most people feel that their privacy has been compromised.

J. Edgar Hoover In 1950 J. Edgar Hoover, then director of the

FBI, proposed imprisoning 12,000 “disloyal” Americans on a list he had been compiling for years. “The index now contains approximately twelve thousand individuals,

of which approximately ninety-seven per cent are citizens of the United States,” he wrote.

“In order to make effective these apprehensions, the proclamation

suspends the Writ of Habeas Corpus,” it said. New York Times, December 23, 2007

Maryland State Police Recently the Maryland State Police admitted to surveillance of groups such

as PETA, anti-war and anti-abortion protesters, and Amnesty International, beginning in 2005. At first the state claimed that those listed did not even have the right to review the files kept on them.

The Washington Post chronicled the story as it unfolded:

October 8, 2008 October 9, 2008 October 18, 2008 January 4, 2009

Privacy Can Mean Freedom from Intrusion – being left alone

Control of Information about Oneself

Freedom from Surveillance Being followed Being watched Being eavesdropped upon

Privacy versus Confidentiality Privacy – concerns personal information that

one cannot be compelled to reveal about oneself

Confidentiality – concerns information that has been entrusted to others with the understanding that it will not be revealed without permission

Guaranteed? Privacy is not guaranteed by the Constitution.

It is implied in the 4th Amendment (freedom from unreasonable search and seizure).

Privacy is implied by the Declaration of Independence.

Americans have the unalienable rights to life, liberty, and the pursuit of happiness, and freedom from unreasonable search…

I’ll see you in court! The right to privacy has been upheld by some

court decisions. Roe v. Wade (1973) There is a right to privacy in

the first trimester of pregnancy but less so in the second and third trimesters

Lawrence et al. v. Texas: sodomy law struck down

Hiibel vs. Sixth District Court: can a person refuse to identify himself prior to arrest?

Then, What is the Problem? We need to give up some privacy in society to

make it possible to interact with others.

To a certain extent we can choose how much privacy we are willing to give up.

Sometimes that choice is limited.

Privacy Problems With increasing frequency we are forced to reveal more than

we wish. Individuals, organizations, businesses, and government

collect and exchange information about us, often without our knowledge or permission.

Recently some have been concerned by Facebook’s storing and trading data. Facebook stores huge amounts of personal data on members and non-members Hoover would be envious!

A Chilling Effect “He knows!!” Necking at lunch SLAPP suits What do you have to hide?

Suppose someone monitored every web site you visit on the Internet? Suppose there were a camera in the parking lot at work or school? In your front yard? In your living room? In the bedroom? In the bathroom?

Observation causes subtle changes in behavior This is true in physics experiments, as well as with people

More Privacy Problems “If you don’t have anything to hide…” recently has

taken on political overtones.

Giving up freedom to defend freedom can result in no freedom.

"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." - Benjamin Franklin

What is Personal Information? Any information from which a living

individual can be identified, including… Deeds, contracts, wills, divorces, legal documents Public records Law enforcement Banking, brokerage, other financial information Purchase information Medical records, tests, treatments Travel documents, EZ-Pass

And also . . . Educational records Drivers’ and professional licenses Biometric data Membership rosters Rentals and leases Website logs, ISP logs, web sites, photos Cellular phone records, including GPS Example: the CVS Medication “Reminder” And more . . . .

What does this have to do with computers? Where is all that data stored? How is all that data retrieved? How is all that data manipulated and

interpreted? How is all that data shared?

Computers

Privacy Act of 1974 Restricts data in federal records to what is

“relevant and necessary” Requires federal agencies to notify the public in

the Federal Register A more useable source of info? Data.gov Allows people to access their records and to

correct errors Requires procedures to protect DB security Prohibits disclosure without consent

Computer Matching and Privacy Protection Act of 1988 Requires a review process before doing computer

matching Can be circumvented by purchasing large amounts

of data from the private sector Example: LexisNexis Example: Reed Elsevier (bought LexisNexis) Example: MIB (Medical Information Bureau) Example: Medical Database Problems The ChoicePoint leak exposes 145K records (2005)

Erosions of the 4th Amendment USA Patriot Act of 2001 loosened restrictions

on wiretapping and surveillance FBI may obtain credit information without a

court order Law enforcement may obtain medical records

without court order Extended by Obama for four more years

(May, 2011)

Privacy Act Problems Restrictions apply only to federal government Enforcement has been lax Lack of oversight, checks and balances Information is often outdated or inaccurate Difficult to write legislation in such a rapidly

evolving situation Passed hurriedly

A Legal Vacuum No federal laws govern the use of

surveillance camera video Unless it includes sound Dispute over videotaping police A hodge-podge of state and local laws There are extensive, clear laws in the UK UK laws link criminal justice, local police,

camera industry, Home Office (like our DHS)

What is a Database? A relational database contains information stored

in tabular format on a computer system Rows Columns Primary key uniquely identifies each row Multiple tables Foreign keys help match tables to each other

Because of the keys, DB’s can easily be matched, summarized, compared

Examples of Databases Supermarket “club” cards Medical and insurance databases Sex offender registry Google and other search engines Online searches of public records Automated Fingerprint ID Systems AFIS National Crime Information Center

The Universal Key: Your SSN Intended in 1936 for Social Security Administration

only Required as an identifier for federal records in 1943 Used by IRS in 1961 In 1976 state and local agencies allowed to use SSN Required in 1988 to get birth certificate In 1996 may be used for occupational and marriage

licenses Detailed SSA timeline of SSN policy and law.

SSN Flaws Not unique Social Security cards are easy to forge Frequently not verified by the requestor Information supplied by applicant was

frequently not verified Have been used in many situations when they

should not be

Fishing Expeditions Made possible in part by the SSN Can be based on vague suspicion and

uncorroborated tips A presumption of guilt rather than innocence Frequently involve searches of data of people

not under suspicion The problem of “inference” – computer

matching, computer profiling

Telecom records are a big problem Contents of calls and emails are protected by the first

and fourth amendments Courts have ruled that metadata are not protected

Records of calls, email messages, browser histories May be subject to “data mining”

This was the legal justification the Bush administration used in directing the NSA to sift through telecom records without a warrant.

Web Search Data When you Google a topic, both the search terms and

information about the searcher are saved. These searches may later be analyzed for summary purposes. But they also can be traced back to individuals. Google’s Chrome browser has had problems. The federal government subpoenaed Google for two months

of user queries and URL’s in an attempt to respond to court challenges of the Child Online Protection Act (COPA).

Businesses routinely use data mining to seek out new customers.

Principles of Data Collection and Retention (in an ideal world) Collect only necessary information Inform people when and why data are being

collected Offer a convenient way to opt out Provide a convenient means for correcting errors Provide for updating information Establish clear security and access rules Do not use data for purposes other than the purpose

for which they were collected Provide for timely disposal of data

A National ID Card What would it be used for? Passports, permission to work, health care? Smart cards or biometric data Help reduce fraud Prevent illegal aliens Could be used to match virtually anything

about the individual What about voter ID?

“Real ID” Act of 2005

To Obtain a Real ID You Need… Birth certificate Documentation of legal residency status Social Security number Documentation of name and legal residence Digitized images of documents to be stored in individual state

databases To date 16 states have passed legislation opposing Real ID A few states such as California and North Carolina have

already taken steps to implement the requirements Read more about it: c|net—National ID Cards on the Way?

A National ID Card? Con

Privacy advocates argue that the standards amount to a de facto national ID card

It would be fairly simple to link the state databases Implementation will be expensive and potentially

troublesome or offensive to citizens

Pro Technically a voluntary program Needed to prevent terrorism Will help control illegal immigration

Your Credit Report Obtain your free personal credit report from one of the three major credit

reporting companies: Equifax, Experian, TransUnion Because the companies want you to pay, they originally made it difficult

to locate and use the free site. To learn about the Fair Credit Reporting Act , go to http://www.epic.org/privacy/fcra/

Now you can easily get a report from https://www.annualcreditreport.com/ (Type into your browser)

This site is safe. The data are protected by https encryption. Be prepared to print out your full report, with the exception of the three-

digit credit score. Unfortunately, federal credit reporting law does not require credit

reporting companies to give the score to you for free. More info from the Federal Trade Commission

Freeze your credit Most states allow you to freeze your credit No new accounts can be opened State, not federal, laws govern freezes Consumers Union guide to state laws Not 100% secure because a thief could use existing

account numbers Credit cards Bank accounts Brokerage accounts Credit bureau can still use your info for marketing

Opt Out/Opt In Opt out (or in) for preapproved credit offers Often “affinity cards” from organizations By phone: 888-567-8688 Internet: http://www.optoutprescreen.com/ USPS:

TransUnion P.O. Box. 505 Woodlyn, PA 19094-0505

Homework <groan!> Download your personal credit history. If you do this on a computer that is not your

own, be sure not to leave personal data behind: Clear the cache Erase the browser history

Write up your experience. Do not submit your downloaded report. Only submit the write-up.