Relation between technology and privacy

• Micro level – focus on empowering individuals – information and tools to effectuate privacy in various contexts

• Macro level – what kind of world do we want to live in

Why do we care about privacy• Why do you care, or not, about

privacy?

• Why does society protect it, or not?

• Reflections from what we’ve read this semester?

What does it protect?

• Literally?

• Figuratively?

What sort of right or interest is it?

• Is it an end or a means? Or both?

• What happens without it? – How do you know?

• What values is it in tension with?– How do you harmonize or balance?

• How does technology challenge conceptions of privacy?

Scope of 4th A Protection

• The 4th Amendment:– The right of the people to be secure in their

persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but on probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the person or things to be seized.

Scope of 4th A ProtectionKatz v. U.S. 389 U. S. 347, 353 (1967).• “the Fourth Amendment protects people—and not

simply ‘areas’…the reach of that Amendment cannot turn upon the presence or absence of a physical intrusion into any given enclosure.”

• Test– You must have an actual, subjective expectation of

privacy.

– It must be an expectation that is objectively reasonable (“one society is prepared to recognize as ‘reasonable’”-- 389 U. S. 347, 361 (Justice Harlan concurring)).

Scope of 4th A Protection• Smith vs. Maryland, 1979

– individuals have no legitimate expectation of privacy in the phone numbers they dial, and therefore the installation of a technical device (a pen register) that captured such numbers on the phone company's property did not constitute a search.

• United States v. Miller– records of an individual's financial transactions held by

his bank were outside the protection of the Fourth Amendment

Basis for narrowing Protection

• Assumption of the risk– “takes the risk, in revealing his affairs to

another, that the information will be conveyed by that person to the Government”

• Voluntary nature of the disclosure– “a person has no legitimate expectation of

privacy in information he voluntarily turns over to third parties”

"It would be foolish to contend that the degree of privacy secured to citizens by the 4th A has been entirely unaffected by the advance of technology...the question we confront today is what limits there are upon this power of technology to shrink the realm of guaranteed privacy."

Status Quo, Technology, & Law

“reasonable expectation of privacy”Dog sniff Aerial photography Thermal imaging

expectations

capa

bilit

ylegal rules

data in networks?

• The interception of communications, transactional data during transmission.

• The acquisition of stored communications and transactional data.

ECPA (SCA + amendments to Title III)

The Electronic Communications Privacy Act defined two types of ISPs:

• Electronic Communications Service to the extent you permit users to communicate with each other

• Remote Computing Service to the extent you permit users to store communications or other information

Kinds of Data

• Basic Subscriber Information (name, address, equipment identifier such as temporary IP address, and means and source of payment)

• Other non-content Information (clickstream, location)

• Wiretap, Pen Register or Trap and Trace

• Content - Real Time and Stored

Legal Standards• Basic Subscriber Information: Subpoena or

better (Gov’t may not use civil subpoena)• Other Information: 2703(d) order or better• Dialed digits: Pen Register or better• Real Time Content: Title III order• Stored Content < 180 days: search warrant• Stored Content > 180 days: subpoena or

better• Opened v. Unopened -- ct doesn’t matter;

doj says once opened no warrant required

1 Home Energy Use (Pot diaries)

• Story of Starkweather“The public awareness that such records are routinely maintained…negate[s] any consistutaionally sufficient expectation of privacy…”

• Story of Kyllo"We think that obtaining by sense-enhancing technology any information regarding the interior of the home that could not otherwise have been obtained without physical intrusion into a constitutionally protected area constitutes a search -- at least where (as here) the technology in question is not in general public use. This assures preservation of that degree of privacy against government that existed when the 4th A was adopted."

• Story of Caballes“Well trained narcotics detection dog, one that does not expose noncontraband items that otherwise would remain hidden from public view during a lawful traffic stop generaly does not implicate legitimate privacy interests.”

1 DistinctionsIs it sensed or recorded?

• Activity that generates records held by others

• Activity that is imperceptible without trespass

• Activity that can be perceived (sensed) from outside, “Plain view”

• Activity that is rendered perceptible by technology

Where is the activity taking place?

• home v. public street?

What is sensed?

• Just illegal activity, contraband?

• Mix of legal and illegal activities?

1 Lessons

• A little recording can mean a lot

• Location matters (people, activity, data)

• Use of well trained technologies (precise and accurate)– low false positives – outside the 4th A because they are not searches, at least in some instances

• Police only technology is unreasonable invasion, readily available technology maybe not

2 Cameras in Public Places

• Value of public places– Community, speech, protest, public life

• “No Privacy in Public” – – You see me, I see you (reciprocity)– Police need not avert eyes– As much privacy as the space affords– Bounded by space, time, presence

2 Ubiquitous image collection

• I see you, you cannot see me

• Police virtually present all the time

• Porous unknowable public “space”

• Permanence

• Aggregation

• Who, when, where of observation change

• Inability to engage in self help

2 Responses

• Legislated click

• Bans on camera phones in some places (you may see me but you can’t prove that you saw me)

• Upskirt laws

• Barak Obama privacy zone

• HP anti paparazzi patents

“…how, when, and at what level does privacy matter?”

• Importance of legal context as well as social context

• Expectations of privacy are shaped by what is technically possible, technical possibility in turn informs courts’ analysis of reasonableness

• Court makes distinctions that may not relate to normative understandings -- careful where this happens

Value Driven Architecture

• Architectural choices constrain policy

• Policy choices if considered in architectural design can be “hardened”

• Need to identify policy goals – privacy, security, other – in order to engage in iterative process during design phase

• Must understand stakeholder needs, technology, law, and have clear objectives

Value Driven Architecture

• Architectural choices constrain policy

• Policy choices if considered in architectural design can be “hardened”

• Need to identify policy goals – privacy, security, other – in order to engage in iterative process during design phase

• Must understand stakeholder needs, technology, law, and have clear objectives

The last word…

Reserved judgment as to how much technological enhancement of ordinary perception, from such a vantage point (public street) if any is too much.