-the right to be alone – the most comprehensive of rights, and the right most valued by people. (Justice Louis Brandeis, Olmstead v. US, 1928)
-the right of individuals to control the collection and use of information about themselves. Legal Aspects
Protection from unreasonable intrusion upon one’s isolation. Protection from appropriation of one’s name or likeness. Protection from unreasonable publicity given to one’s private. Protection from publicity that unreasonably places one in a false light before the public.
RECENT HISTORY OF PRIVACY PROTECTION
Communication Act of 1934
-it restricted the government’s ability to secretly intercept communications. However, under a 1968 federal statute, law enforcement officers can use wiretapping if they first obtain a court order.
Wiretapping – the interception of telephone or telegraph communications for purpose of espionage or surveillance. Freedom of Information Act (FOIA)
– (passed -1966, amended-1974) provides the public with the means to gain access to certain government records such as the spending patterns of an agency, the agency’s policies and the reasoning behind them, and the agency’s mission and goals. Fair Credit Reporting Act (1970)
– this act regulates the operations of credit-reporting bureaus, including how they collect, store, and use credit information.
– it is designed to promote accuracy, fairness, and privacy of information in the files of credit reporting companies and to check verification systems that gather and sell information about people. Privacy Act (1974)
– declares that no agency of the U.S. government can conceal the existence of any personal data record-keeping system, and that any agency that maintains such a system, must publicly describe both the kind of information in it and the manner in which the information will be used.
– the Central Intelligence Agency (CIA) and the law enforcement agencies are excluded from this act.
– the Organization for Economic Cooperation and Development (OECD) “Fair Information Practices” are often held up as a model of ethical treatment of consumer data for organization to adopt.
Summary of the 1980 OECD privacy guidelines
Limit the collection of personal data. All such data must be obtained lawfully and fairly with the subject’s consent and knowledge. Data Quality
Personal data should be accurate, complete, current and relevant to the purpose for which it is used. Purpose Specification
The purpose for which personal data is collected should be should be specified and should not be changed. Use Limitation
Personal data should not be used beyond the specified purpose without a persons consent or by authority of law. Security Safeguards
Personal data should be protected against unauthorized access, modification, or disclosure. Openness principle
Data policies should exist and a “data controller” should be identified. Individual participation
People should have the right to review their data, to challenge its correctness, and to have incorrect data changed. Accountability
A “data controller” should be responsible for ensuring that the above principles are met.
Children’s Online Protect Act (COPA)(1998)
– The law states that a website that caters to children must offer comprehensive privacy policies, notify their parents or guardians about its data collection practices, and receive parental consent before collecting any personal information from children under 13 years of age. European Company Directives 95/46/EC (1998)
– requires any company that does business within the borders of 15 Western European nations to implement a set of privacy directives on fair and appropriate use of information.
Summary of the European Data Privacy Principle
Tell all customer what is done with their information.
Give customer a way to opt out of marketing.
Give customer access to their information.
Protect customer information from unauthorized access.
Ensure that information are accurate and relevant.
Better Business Bureau Online (BBB Online) and TRUSTe
– independent, nonprofit initiatives that favor an industry-regulated approach to data privacy which concerned about the government regulation that could have a negative impact on the Internet’s use and growth, and that such regulation would be costly to implement and difficult to change.
The BBB Online Seal adheres that the website has a high level of data
The TRUSTe’s main rule is that websites should openly communicate what information it gathers, its use, to whom it will be shared, and does the consumer has a choice of opting out. Gramm-Leach-Bliley Act (1998)
-this act required all financial-services institutions to communicate their data privacy policies and honor customer data-gathering preferences by July 1, 2001. This was to make them take actions to protect and secure customers’ nonpublic data from unauthorized access or use.
KEY PRIVACY AND ANONYMITY ISSUES
GOVERNMENTAL ELECTRONIC SURVEILLANCE
Federal Wiretap Act (U.S. Code Title 18 Part 1, Chapter 119, Wire and Electronic Communications Interception and Interception of Oral Communications)
– it requires processes to obtain court authorization for surveillance of all kinds of electronic communications, including e-mail, fax, internet, and voice, in criminal investigation. A court order must be issued based on probable cause before a wiretap can commence. roving tap – government authority to obtain a court order that does not name a specific telephone or e-mail, but allows them to tap any phone lines or internet accounts that the suspect uses.
Electronic Communication Privacy Act of 1986 (ECPA, U.S Code Title 18, part 2, Chapter 206)
– standards for access to stored e-mail and other electronic communications and records.
ECPA amended Title III (Omnibus Crime Control and Safe Streets Act of 1968)
– extended the title III’s prohibitions against the unauthorized interception (use of person’s oral or electronic communications).
-this act failed to address emerging technologies such as wireless modems, cellular, data networks, etc. thus, this communication can still be legally
Foreign Intelligence Surveillance Act of 1978 (FISA)
– allows wiretapping of aliens and citizens in the U.S. based on a finding of probable cause that the target is a member of a foreign terrorist group or an agent of a foreign power.
Executive Order 123333 (U.S. Pres. Reagan, 1982)
– legal authority for electronic surveillance outside the U.S. It permits intelligence agencies to intercept communications outside the U.S. without a court order.
Communication Assistance for Law Enforcement Act (CALEA, 1994)
– it covers radio-based data communication. The Federal Communications Commission (FCC) required providers of Internet phone and broadband services to ensure that their equipment can allow police wiretaps.
USA Patriot Act of 2001
– Gives sweeping new powers to Domestic law enforcement and International intelligence agencies. It contains several sunsets that gives the government much more surveillance capability. Sunset provisions – can terminates itself or portions after a specific date unless further actions is taken to extend the law
Cryptography – the science of encoding messages so that only the sender and the intended receiver can understand them. Encryption – the process of converting an electronic message into a form that can be understood only by the intended recipients. Public key encryption system uses two keys
Message receiver’s public key – readily available
Message receiver’s private key – kept secret
Private key encryption system
Single key to encode and decode messages
RSA (named after Rivest, Shamir and Adleman) – is a public key encryption algorithm, the basis for much of the security that protects Web consumers and merchants. PGP ( Pretty Good Privacy) – uses 128 bit encryption that represents a total of 2128 . DES (Digital Encryption Standard) – the standard for encryption, it employs a 56 bit key that represents 7.2×1016 . (It can now be crack using brute methods) AES (Advanced Encryption Standards) – requires crackers to try as many as 1.1×1077 combinations.
– occurs when someone steals key pieces of personal information to gain access to a person’s financial accounts.
– fastest growing form of fraud in the United States.
Phishing – is an attempt to steal personal identity data by tricking users into entering the information on a counterfeit Website. Spear-phishing – is a variation in which employees are sent phony emails that look like they came from high-level executives within their organization. Spyware – is a term for keystroke-logging software that is downloaded to users computer without adequate notice, consent, or control for the user. It creates a record of keystrokes entered into the computer with or without internet and will send to the email of the spy when internet connections are available.
Identity Theft and Assumption Deterrence Act of 1998
– the congress passed this act to fight identity fraud, making it a federal felony punishable by a prison sentence of 3 -25 years.
– researchers estimated that 1 of 700 identity crimes were led to conviction.
– marketing firms uses this information in building databases that contains consumer behavioral data. They want to know about who the users are, what they like, how they behave, and what motives them to buy. Cookies – a text file that a website puts on your hard drive so that it can remember your information later on. Affiliated Websites – is a group or collection of websites served by a single advertising network. 3 Types of Data Gathered
POST – it is entered into a blank fields on an affiliated website when a consumer signs up for a service. GET – it reveals what the consumer requested product in a specific store. Click-Stream Data – it is the tracking of the information the user sought and viewed.
4 Ways to Limit/Stop deposit Cookies
Set browsers to limit or stop cookies or browse the web using the incognito browsing mode which will remove all marks of your browsing. Manually delete cookies in your hard drives.
Download and install cookie management program.
Or use anonymous proxy websites to browse websites.
However, some websites lock users to browse in their page when cookie is disabled.
Personalization software – it is used by marketers to optimize the number, frequency and mixture of their ad placements. It is also used to evaluate how visitors react to new ads.
Types of Personalization Software
Rule-based – used business rules that are tied to customer provided preferences or online behaviors to determine the most appropriate page views and product information to display. Collaborative Filtering – offers consumer recommendations based on the types of product purchased by other people with similar buying habits.
Types of Personalization Software (Continued)
Demographic Filtering – it augments click stream data and user supplied data with demographics information associated with user zip codes to make product suggestions. Contextual Commerce – associates product promotions and other e-commerce offerings with specific content a user may receive in a new story online.
Platforms for Privacy Preferences (P3P)
-Strong measures are required to avoid customer relationship problems. Code of Fair Information Practices – most widely accepted approach to treating consumers data responsibly. Guidelines of Code of Fair Information Practices and the 1980 OECD an organizations collects only personal information that is necessary to deliver its product and services. Company ensures that the information is carefully protected and accessible only by those with a need to know, and that consumers can review their own data and make corrections. Company informs customers if it intends to use it’s information for research or marketing, and it provides a means for them to opt out.
Chief Privacy Officer (CPO) – executive to oversee data privacy policies and initiatives. Duties of CPO
Avoid government regulations and reassure customers that their privacy will be protected. Stop or modify major company marketing initiatives.
Developing and managing a process for customer privacy disputes.
Employers monitor workers
– Ensures that corporate IT usage policy is followed
Fourth Amendment cannot be used to limit how a private employer treats its employees.
– Public-sector employees have far greater privacy rights than in the private industry. Privacy advocates want federal legislation
– To keeps employers from infringing upon privacy rights of employees.
– the transmission of the same email message to a large number of people. Spammers target individual users with direct email messages, building their mail list by scanning Usenet postings, buying mail lists or searching the web for addresses.
– extremely inexpensive method of marketing.
– used by many legitimate organizations.
– can contain unwanted and objectionable materials.
Controlling the Assault of Non-Solicited Pornography and Marketing(CAN-SPAM) the act says it is legal to spam provided that the message meet a few basic requirements: (1) spammers cannot disguise identity, (2) there must be a label in the message specifying that it is an ad or solicitation, and (3) include a way that the recipient can stop the receiving of spam. The act failed to slow the flow of spam but instead, it actually increased the flow of spam by legalizing it.
ADVANCED SURVEILLANCE TECHNOLOGY
Advanced surveillance technology provide a new data gathering capabilities, however, these advance can also diminish individuals privacy.
Advocates of the technology argue that people have no legitimate expectations of privacy in a public place. Camera Surveillance
– is one of the most common advanced system used in surveillance nowadays. It has the capability to record events, detecting unusual behaviour, automatically capturing important events, and used in monitoring day to day events in different places. Facial Recognition Software
There have been numerous experiments with facial recognition software to help identify criminal suspects and other undesirable characters. It has been first tested by the Rampart Division of the Los Angeles Police Department and yielded a result. Global Positioning System (GPS)
These are chips placed in different devices to monitor locations of the users. It is useful in locating callers of 911, parents monitoring their children, etc.