Private Communications
All forms of personal communication which a person wishes to keep private โ messages, calls, letters.
Health / Medical Information
A person has the right to privacy about the nature of their illness. They cannot be forced to disclose it to others.
Personal Information
Information referring only to that specific person โ e.g. financial information, academic performance.
Information About Possessions
Closely related to property rights. A person has control over information relating to their personal possessions in certain instances.
What data should be collected?
Not all data collection is justified. The scope of collection must be questioned.
What info can be shared with whom?
Who is an authorised recipient? Under what conditions can info be passed on?
To what extent can individuals control it?
How it is gathered, stored, mined, combined, recombined, exchanged, and sold.
Collected without knowledge or consent
Cybertechnology makes it possible to collect data about individuals without them ever knowing it is happening.
Merged โ creating electronic profiles
Unrelated pieces of information residing in separate databases can be merged together to construct electronic personal profiles.
Matched โ cross-database comparison
Information in one database is matched against records in other databases that contain information about us.
Mined โ revealing hidden patterns
Personal data is mined from databases and web activity to reveal patterns in behaviour that would have been very difficult to discern in the pre-computer era.
โข Video cameras monitoring consumers' movements in retail stores
โข Scanning devices used by "intelligent highway vehicle systems"
โข "Invisible supervisors" software โ continuously monitors employee activities around the clock without ever failing to record a single action
People's privacy in the workplace is threatened by these devices. It can also lead to a feeling of fear and of always being watched.
Government surveillance
Governments and government agencies monitor the activities of citizens โ a practice that raises serious privacy concerns. Another mode of surveillance associated with cybertechnology.
Surveillance tools
Some tools are installed using the same type of malicious malware and spyware used by online criminals. They can secretly turn on webcams built into personal laptops and microphones in cell phones that are not being used.
Unmanned Aerial Systems raise significant issues for privacy and civil liberties. Drones in use by law enforcement can carry:
โข Live-feed video cameras โข Infrared cameras โข Heat sensors โข Radar
Some military versions can stay in the air for hours or days, and their high-tech cameras can scan entire cities. They can also carry:
โข Wi-Fi crackers
โข Fake cell phone towers that can determine your location or intercept your texts and phone calls
โข Drone manufacturers even admit they are made to carry "less lethal" weapons such as tasers or rubber bullets.
Legitimate / First-party
Used by legitimate websites to make special offers to returning users and to track the results of their advertising. Generally considered acceptable.
Third-party / Tracking cookies
Communicate data about you to an advertising agency which in turn shares that data with other online marketers. Include "tracking cookies" which use your online history to deliver targeted ads.
โข Monitoring and recording an individual's activities without informing the user crosses the privacy line
โข Raises concerns of intrusion into a user's physical space
โข Information gathered via cookies can be acquired by online advertising agencies, which then target that user for online ads
But cookies also provide a service: They customise the user's experience and provide a list of preferences for future visits. Some websites will not grant access unless you accept cookies.
โข Privacy-enhancing tools are available
โข Most browsers now allow users to opt-in or opt-out of cookies
โข Requires awareness of cookie technology AND knowledge of how to enable/disable it
โข However: some websites will not grant users access unless they accept cookies.
More persistent than regular cookies. Normal procedures for erasing standard cookies, clearing history, erasing the cache, or choosing "delete private data" in the browser will NOT affect flash cookies. They cannot be deleted by any commercially available anti-spyware or adware removal program.
Exception: If you use the Firefox browser, an add-on called Better Privacy can assist in deleting flash cookies.
โข Tracking companies are embracing fingerprinting because it is tougher to block than cookies
โข Cookies are subject to deletion and expiration; rendered useless if user switches browsers
โข Some browsers block third-party cookies by default; add-ons enable blocking/removal
โข Unlike cookies and flash cookies, fingerprints leave NO evidence on a user's computer
โข Therefore, it is impossible for you to know when you are being tracked by fingerprinting.
New web technology has created many unexpected ways for corporations to track your web activity without your knowledge. Countless advertising networks are able to secretly monitor you across multiple websites and build detailed profiles of your behaviour and interests.
"Smart" RFIDs
Embedded in public transport payment systems. Can be read at limited distance โ hold in front of a reader rather than inserting. Also incorporated into automobile keys, inventory control systems, and passports.
"Dumb" RFIDs
Basically contain only a number. Used in many products as a replacement for the barcode and in logistics. Such chips could still be used to trace a person once it is known they carry an item containing the chip.
โข Although commercially intended for identifying real-world objects (e.g. supermarket items), tags can also be used to monitor those objects after they are sold
โข Some nursing homes provide patients with RFID bracelets
โข Chips can be implanted in children so they can be tracked if abducted
โข Because RFID is now embedded in humans โ enabling them to be tracked โ it has raised serious concerns for privacy advocates.
| Technology | How it works | Leaves trace? | Can user remove it? |
|---|---|---|---|
| Regular cookies | File placed on your hard drive by the website you visit; retrieved on return visits | Yes โ file on hard drive | Yes โ via browser settings. But some sites deny access without cookies. |
| Flash cookies (supercookies) | Same concept but more persistent; survives all standard deletion methods | Yes โ but survives deletion | Only via Firefox "Better Privacy" add-on. Standard anti-spyware cannot remove. |
| Fingerprinting | Collects device's unique settings (clock, fonts, software) broadcast when going online | No trace at all | No โ impossible to know you're being tracked |
| Cross-device tracking | Links behaviour across all your devices to build one unified profile | Varies | Very difficult โ no single opt-out |
| RFID | Microchip + antenna; broadcasts data via radio waves to a nearby reader | Physical chip | Only by removing/shielding the chip |
| Dataveillance software | Runs silently on employer/device systems; records every action 24/7 | Only on employer's server | No โ employee has no control |
| Surveillance drones | UAS with cameras, infrared, Wi-Fi crackers flying overhead | No โ it's aerial | No |
| Govt spyware | Malware-like tools installed on devices; can activate webcam/mic remotely | Hidden | Rarely โ requires specialist detection |
Merging (Data-Banking)
Extracting information from two or more unrelated databases and integrating it into a composite file. When organisations merge information about you in a way you did not specifically authorise, the "contextual integrity" of your information has been violated. Problems: the individual is not aware of integration; does not know the purpose; does not know who benefits or whether the information is accurate.
Matching (Record Matching)
Cross-checking information in two or more unrelated databases to produce matching records ("hits"). Used by government agencies to create lists of potential law violators. Key point: the user agrees to give information to individual agencies โ this does not mean they authorised that information to be exchanged with other agencies. Even if matching helps detect fraud, does that fact alone justify it?
Mining (Data Mining)
Employing algorithms to extract patterns from large datasets of user behaviour โ sites visited, links clicked, search terms entered. Decisions may affect only online experience (ads shown) or may impact the user in completely different contexts. Big Data profiling creates typical combinations of user properties to predict interests and behaviour โ which can lead to refusal of insurance or credit cards, or worse, targeted discrimination.
Much of the personal data gathered electronically by one organisation is later exchanged with other organisations. Indeed, the very existence of certain institutions depends on the exchange and sale of personal information.
1. The individual is not aware of personal information being integrated into a central database
2. The individual does not know the purpose(s) for which the integration is effected
3. They do not know by whom or for whose benefit the new database is constructed
4. They cannot verify whether the information is accurate
The user agrees to give information to individual agencies. This does NOT mean the user authorised information given to any one agency to be exchanged with other agencies.
Defenders justify matching because it enables tracking deadbeat parents, welfare cheats, etc. But the question remains: Even if computerised record matching does help extract governmental waste and fraud, would that fact alone justify such a practice?
Cloud Computing โ new privacy concerns
- Previously, user data and programs were stored locally โ vendors had no access to usage data
- In cloud computing, both data and programs are online ("in the cloud")
- It is not always clear what user-generated and system-generated data are used for
- As data is located elsewhere in the world, it is not always obvious which law applies, or which authorities can demand access
Default privacy settings
One way to limit over-sharing is requiring default privacy settings to be strict. But even then, this limits access for other users ("friends of friends") โ it does not limit access for the service provider itself. Such restrictions also reduce the value and usability of the network.
Web 2.0 & user-generated content
The interactive web poses additional challenges. Social network sites invite users to generate more data to increase the site's value ("your profile is X% complete"). Users exchange personal data for free services, providing both their data and their attention as payment. Users may not be aware of what information they are providing โ e.g. the "Like" button on other sites.
Mobile privacy risks
- Mobile devices collect and send more and more data as users become more networked
- Contain a range of data-generating sensors: GPS (location), movement sensors, cameras
- Transmit resulting data via the internet or other networks
- Location data is especially sensitive โ links the online world to physical environment
- Even without GPS, approximate location can be derived by monitoring available wireless networks
- Physical harm risks: stalking, burglary during holidays, etc.
โข Shopping data โข Surveillance camera recordings (public and private spaces) โข Smartcard-based public transport systems
All these data could be used to profile citizens and base decisions upon such profiles. Example: shopping data could be used to send information about healthy food habits โ but also for decisions on insurance.
Big Data may be used in profiling by creating patterns of typical combinations of user properties, which can then be used to predict interests and behaviour. Examples of harm:
โข Profiling could lead to refusal of insurance or a credit card, where profit is the main motive for discrimination
โข Profiling could be used by organisations or governments to discriminate against particular groups โ finding targets, denying access to services, or worse.
Internet of Things (IoT)
Devices connected to the internet are not limited to user-owned computing devices like smartphones. Many devices contain chips and/or are connected in the so-called Internet of Things. In the home:
- Smart meters for automatically reading and sending electricity consumption
- Thermostats and other devices remotely controlled by the owner
- Such devices generate statistics that can be used for mining and profiling
- User autonomy is a central theme in considering the privacy implications of IoT devices
E-Government
Government and public administration have undergone radical transformations as a result of advanced IT systems. Examples:
- Biometric passports
- Online e-government services
- Voting systems
- Online citizen participation tools and platforms
- Online access to recordings of sessions of parliament and government committee meetings
Government case for biometrics
Can be used effectively for border security, to verify employment, to identify criminals, and to combat terrorism.
Private companies' case
Biometrics can enhance our lives by helping us identify friends more easily and by allowing access to places, products, and services more quickly and accurately.
โข Government's ability to use biometrics for surveillance โ face recognition + high-detail cameras = surreptitious identification and tracking becoming the norm
โข Large standardised collections of biometrics increase the risk of data compromise from which it may be almost impossible to recover
โข In the near future, biometrics could stand in for your driver's licence or social security number
โข Could be required for renting an apartment or seeing a doctor โ leading to many vulnerable copies of linked data, potentially in the hands of identity thieves
โข Any data compromise would be catastrophic: unlike a credit card or social security number, your biometric data cannot be revoked or re-issued
All personal and private information handled by the information professional is regarded as confidential. This implies that the information professional acknowledges the right of the client to control โ to a certain extent โ any personal and private information, based on the norm of freedom.
Merging personal information into a different database requires caution
Specifically applicable in situations where the client is not aware of such merging or its implications. The appropriate action is:
- Inform the client about such merging and its implications
- Give the client the right of access to the information on the central database
- Give the client the opportunity to change incorrect information
- Give the client the right to know who is using the information and for what purpose
- Based on the norms of human rights, freedom, and truth
Notify clients and obtain permission
The information professional must explicitly notify the client of the intended purposes of all personal and private information. This implies the client's permission.
Implicit informed consent: Companies must diligently inform the person about various uses of the information. Clients must then be given an opportunity to consent or withhold consent. A lack of response implies consent โ but the burden is on the client to respond. However, the client must always be granted the opportunity to withdraw consent, based on the norms of human rights.
No unnecessary private information
- No unnecessary private information must be gathered โ not only for logistical reasons but also to prevent the unnecessary violation or exposure of a person's privacy
- Personal and private information that is no longer necessary for the function for which it was collected must be destroyed
- When a service or product is refused on the grounds of personal information (e.g. creditworthiness), the reason for denial must be made known to the person, based on human rights
A formal privacy policy must exist
A person's information must be handled with the necessary confidentiality โ implying security and control of access, of the right to use it, and of the right to change or add information.
A private policy must consist of the following elements:
- The categories of information that must be regarded as private and personal
- The levels of confidentiality (who has access and use of which information)
- A clear explanation of the purposes of the use of the information
- A description of procedures to ensure the accuracy of the information
- Based on the norms of truth and human rights
Opt-in / opt-out
Most browsers now allow users to enable or disable cookies entirely. Requires: (1) awareness of cookie technology, and (2) knowledge of how to enable/disable it. Limitation: some websites deny access without cookies.
Browser add-ons
Your browser and some software products enable you to detect and delete cookies, including third-party cookies. For Flash cookies specifically โ Firefox's "Better Privacy" add-on is the primary solution. No commercial anti-spyware can remove flash cookies.
โข Use anti-virus software and keep it updated
โข Enable firewalls on all devices
โข Use encryption tools for sensitive communications
โข Raise your own awareness about how tracking works
โข Actively learn how to configure privacy settings in all your tools and browsers