Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Privacy Chapter 5 James Balestrery Joshua Moulton Inesa Diaz Agenda • • • • • • What Is Privacy ? “Electronic Trail” of Information New Technologies and the Law Data Mining Identity Theft Problem How Do We Preserve Our Privacy in the Information Age? Definition • Privacy as a notion of access, where access means either physical proximity to a person or knowledge about that person. • Where to draw the line between what is private and what is public ? • In summary, privacy is a social arrangement that allows individuals to have some level of control over who is able to gain access to their physical selves and their personal information. Harms • Privacy provides people with a way of covering up actions that are immoral or illegal. • Too much privacy creates a closure around a person or a family cell. – Inability to receive support from outside. – Inability to receive protection from outside. Benefits • Privacy as an indication of people’s responsibility. • Privacy allows people to develop as individuals. • An opportunity to shut out the world, be creative. • An opportunity to develop different kinds of relationships with different people. Is There a Natural Right to Privacy? •18th century. A natural right. Historically privacy is seen in terms of control over personal territory, and privacy rights evolve out of property rights. • 19th century. Political, social and economic changes in modern society demand recognition of new kinds of legal rights. Warren & Brandeis. •Every ‘privacy right’ violation is a violation of another right. There are a cluster of rights associated with privacy. Thompson. •Prudential right. Recognition of some privacy rights because granting these rights is to the benefit of society. Rosenberg. Example: telemarketing. Privacy and Trust • Modern technology creates a society of strangers by increasing our privacy. • Loss of trust. • Society must get information out of people to establish reputations. – Ordeal – Credentials Disclosing Information • Public information is information you provide to an organization that has the right to share it with other organizations. – Telephone directory. Disclosing Information • Public record contains information about an incident or action reported to a government agency for the purpose of informing the public. – Birth certificate – Motor vehicle record – Criminal record Disclosing Information • Personal information is information that is not public or part of a public record. It can become public through – Voluntary – Involuntary – Statutory Public Information • • • • • • • • • Rewards or loyalty programs Body scanners Digital Video recorders (TiVo) Automobile “Black Boxes” Enhanced 911 service RFID Implanted chips Cookies Spyware 5.5 US Legislation • Fair Credit Reporting Act 1970 (Revised 1996) • Promote accuracy and privacy of credit information • Ensures negative information does not stay on record permanently (except criminal record) • The Family Education Rights and Privacy Act 1974 • Students 18+ years can request changes be made to educational records that contain errors • Student records cannot be released without permission of student • Video Privacy Protection Act 1988 • Videotape service providers cannot disclose rental records without customers consent • Personally identifiable records must be destroyed after 1 year • Financial Services Modernization Act 1999 • Requires financial institutions to prevent unauthorized access to customer information • Financial institutions must disclose privacy policy to customers • Children's Online Privacy Protection Act 2000 • Online services must obtain parental consent before collecting information about web users < 12 years old • Health Insurance Portability and Accountability Act 1996 • Health Insurance guidelines to protect privacy of patients • Forbid Heath Care providers from giving info to life insurance companies and banks • Customers have a right to see their medical records upon request, and can request corrections to errors within the records. 5.6 Public Records • US Government has thousands of databases containing records on its citizens. • Census Records • Census performed every 10 years • 1790-1850 Questions on census increase, government requires more information (job class, school attendance, illiteracy, occupations) • 1940 statistical sample put to use using census information • Federal law prohibits Census Bureau for revealing census information except in times of emergency • WWII Census Bureau provided US Gov with locations of Japanese Americans • Internal Revenue Service Records • IRS collects ~$2 trillion in taxes each year • IRS data contains personal information which has been misused by employees • IRS claims to have “misplaced” hundreds of diskettes and tapes containing income tax data • 2003 consumer protection groups complain that H&R Block website was requiring people to consent to their information to be used in cross-marketing. This act is against the law • FBI National Crime Info Center 2000 • This is a collection of databases containing information activities of fed, state, local law enforcement agencies in the US, US Virgin Islands, Puerto Rico, and Canada • This currently consists of ~39 million records • Databases contain information such as: wanted persons, criminal history, people incarcerated in fed prisons, convicted sex offenders, unidentified persons, people believed to be a threat to the President, foreign fugitives, gang members, suspected terrorists, etc... • 80,000 Law enforcement agencies have access to these records • NCIC processes more then 2 million requests each day with a average response time of 1 second • NCIC privacy violations • Erroneous Records lead to innocent arrests • Innocent people are arrested because they have the same name as a wanted person • NCIC has records on people not accused of any crime (opponents to the Vietnam war) • Corrupt employees sell information, manipulate, and delete records • People with access to NCIC have used it illegally to screen employees and acquaintances • Privacy Act 1974 “bill of rights for the Information Age” • Prohibits the use of secretive data record systems • Ensures there is a way for a person to find out what information about them exists and how it is being used • Prohibits the use of personal information to be used for other purposes without the person's consent • There must be a way for a person to correct or amend a record of identifiable information • Any organization creating or maintaining such records is obligated to ensure the integrity, correctness, and protection of such information 5.7 Government Surveillance • Wire taps have been taking place since 1890s • 1892-1920 New York Police use unlawful wiretaps to listen to conversations at hotels, between lawyers and patients, doctors and patients, and priests and penitents • Wire taps used to catch bootleggers 1919-1933 • 1934 Congress pass Federal Communications Act making wiretaps illegal • FBI Continues secret wiretapping throughout WWII, information they collected was considered confidential • NSA 1952 – Operation Shamrock, monitoring of all messages entering and leaving the country 5.8 Legislation Authorizing Wiretapping • Vietnam War era 1968 Congress pass Title III of Omnibus Crime Control and Safe Streets Acts allowing court ordered wiretaps for up to 30 days • Digital Telephony Act 1994 requires phone companies to provide law enforcement a means of tracing calls, listen to calls, and intercept email messages. • FBI uses ambiguities of this act to extract digital phone numbers, credit card numbers, and bank account numbers • 2005 FCC demands that broadband providers provide a means of access to VoIP communications • US Patriot Act 2001 • Designed to prevent future terrorist attacks against the US • Provided law enforcement greater surveillance powers, police can use pen registers on the net to track email addresses and URLs without probably cause • Extends court ordered wire taps to the entire country • Roving surveillance performed for the purpose of intelligence. Law enforcement is not required to report on its findings • Secretary of Treasury increased powers to regulate banks and prevent money laundering • Made it more difficult for terrorists to enter the US • Defined new crimes and penalties for terrorist activity • Law enforcement can enter and search a person's premises without a search warrant • Patriot Act makes it easier for FBI to collect info on business, medical, educational, library, church/mosque/synagogue records • 100s of cities and several states pass anti-Patriot Act resolutions • 2003 Patriot Act II proposed but not passed by congress Data Mining • Lots of random data and transactions. “Snapshots” • Searching through one or more databases to generate new information by combining facts • Information on people is valuable product • Secondary use Data Mining • Commonly used technique – IRS – Banks – Police agencies • Syndromic Surveillance System (N.Y.C) – 50,000 pieces of info a day – Find patterns to use for early warning TIA–Total Information Awareness • Government program to capture “information signature” of people • Combine records with biometric identity • 2003- Program defunded by Congress. Changed name to Terrorist Information Awareness • Benefits = Could detect possible terrorist activity • Criticisms = Too much centralized data, no citizen access or review and Big Brother effect. Transaction Data Ownership • Who owns rights to data produced by transactions? – Seller/Buyer/Neither – Transactions are public information – Privacy can be purchased • Opt-in Vs. Opt-out – Hippocratic databases Identity Theft • Use of another persons identity to get access to information or documents • Leading form of Identity theft? Why? - 15 million Americans were victims in 2006 (Gartner.com) • Types = Shoulder surfing, dumpster diving, phishing and skimmers. Mostly low-tech Social Security Number • S.S. Act of 1935. Created for sole use by Social Security Administration • Why it became so popular • Problems with using S.S.N – Not unique – No error-detection capability – Not a verified form or identification. Easily copied • National ID card Encryption • Definition = Transforming a message in order to conceal its meaning. • Why it is important • Types – Symmetric Encryption – Pubic Key Cryptography (Diffie and Hellman) • Asymmetric = 2 keys: Public/Private • Mathematical relationship between keys makes possible security breaches. Other Instances of Encryption • Pretty Good Privacy (PGP) • Clinton’s “Clipper” Program (1993) • Digital Cash – Online or Off-line – Safeguards – Pros and Cons THE END Questions?