Bnote2  -- version: Thu Mar 18 12:49:34 EDT 2010

Ch 5 - Privacy and Cyberspace  pp.132-155
-------------------------------------------


"... analyzed more than 4,000 Facebook profiles of students, including
links to friends who said they were gay. The pair was able to predict,
with 78 percent accuracy, whether a profile belonged to a gay male."




"... researchers ... showed that the customer data released for
... [the contest to analyze the movie rental history of 500,000
subscribers and improve the predictive accuracy of Netflix's
recommendation software], despite being stripped of names and other
direct identifying information, could often be 'de-anonymized' by
statistically analyzing an individual's distinctive pattern of movie
ratings and recommendations."




"By examining correlations between various online accounts, ...
scientists showed that they could identify more than 30 percent of the
users of both Twitter, the microblogging service, and Flickr, an
online photo-sharing service, even though the accounts had been
stripped of identifying information like account names and e-mail
addresses." 




"... reported that they could accurately predict the full, nine-digit
Social Security numbers for 8.5 percent of the people born in the
United States between 1989 and 2003 - nearly five million
individuals. 

Social Security numbers are prized by identity thieves because they
are used both as identifiers and to authenticate banking, credit card
and other transactions.

... researchers used publicly available information from many sources,
including profiles on social networks, to narrow their search for two
pieces of data crucial to identifying people - birthdates and city or
state of birth." 




i.e., a clear and present danger - 
  How Privacy Vanishes Online - NY Times, March 2010.






** ARE PRIVACY CONCERNS ASSOCIATED WITH CYBERTECHNOLOGY UNIQUE OR SPECIAL? 


Impact of technology changes:

- amount of personal info gathered
- speed at which it can be transmitted
- duration of time that it can be retained
- kind of information that can be acquired









Some additional issues and consequences:

- difficulty of control of accuracy of information
- ease of distribution 
- rapid change between context of original collection
    and context of potential future use
- ease of storage of large amounts of info
   (i.e., not limited by physical space)
- deleting records - harder to remove all copies
                   - less motivation to do so
                   - note potential for accidental deletion too.









Contrast with physical media and non-computer technology



Cybertech has exacerbated privacy concerns.






** WHAT IS PERSONAL PRIVACY?



What's the "normal" meaning? 









"having one's privacy"      - descriptive sense
                              (i.e., naturally private)
                            - privacy can be lost

"having a right to privacy" - normative sense
                              (i.e., involving "norms" or laws)
                            - privacy can be violated










Accessibility privacy - freedom from unwarranted intrusion
                      - one's physical space 
                      - being let alone



Decisional privacy - freedom from interference in one's personal affairs
                   - choices/decisions
                   - e.g., contraception; right to die



Informational privacy - control over the flow of personal information
                      - including transfer and exchange










Privacy:

"An individual has privacy in a situation with regard to others if and
 only if in that situation the individual is protected from intrusion,
 interference and informational access by others"




Situation/context - specific contexts can have norms
                    - preserving contextual integrity


Norms for a context - norms of appropriateness 
                        (i.e., for gathering or disseminating info)

                    - norms of distribution 
                        (i.e., for controlling information flow
                               across contexts)

Examples? 













** WHY IS PRIVACY IMPORTANT

What do they know about you? 
-  Skype, Amazon, Facebook, MySpace, YouTube, LinkIn, ...













Is privacy dead?  
- "You don't know what you've got 'til its gone"
- how much do YOU care?













Attitude change with generations? 















Attitude differences with culture? 













Privacy -- intrinsic value?    (desired for its own sake: e.g., happiness)
        -- instrumental value? (desired as means to achieve ends: e.g., $$)













Less privacy ==> more pressure to conform? 













Privacy is of value for social good (e.g., democracy), 
   not just for individual   - how exactly? 















** GATHERING PERSONAL DATA: MONITORING, RECORDING & TRACKING

dataveillance  - data monitoring & data recording & processing

old or new?  - voice, photo, video, email, scanning, browsing, ...?
             - coffee/food/pee break detection? 











What's the problem with cookies? 

Why is DoubleClick activity a problem? 

Info sold to online advert providers -- problem? 
                                     -- if sold to others?

Browsers -- is default "opt in" or "opt out" for cookies? 
         -- what difference does it make? 











What's the problem with RFID tags? 

What gets tagged?  -- products, vehicles, animals, people, ...? 

What about contextual integrity?

What's the issue with location privacy?








proposed RFID Bill of Rights - whether in a product
                             - removed/deactivated
                             - when/where/why they are being read












Government monitoring of citizens - domestic spying

methods...

   GPS chip in cell phones - why?
   Intercepting personal email - why? 
   Obtaining Google search requests - why? 













** EXCHANGING PERSONAL DATA: MERGING & MATCHING ELECTRONIC RECORDS

major business - sale and exchange of personal data - why? 






What kind of control can an individual expect to retain over personal 
information that he or she has given to an organization?  






Computer Merging - extracting info from two or more unrelated datbases
                     and integrating it into a single source. 
                   - Violates "contextual integrity" of the information. 






Computer Matching - cross checking info in two or more unrelated databases
                      to produce matching records.
                    - possibility of profiling 
                    - fishing expedition vs. targeted? 











** MINING PERSONAL DATA 

"people really can judge you by your friends"


Data mining is the analysis of data to discover implicit patterns

i.e., associate individuals with non-obvious groups

e.g., white, middle aged males who like Army movies, who own a truck, and
      use Amazon to buy books about bombs and suicide.


a form of profiling -- others use profile to make decisions 
                    -- what assumptions does that make? 






Any different from what an expert does? 
    - e.g., bank officer denies a loan.
    - consumer profiling? 
        people who do x and y are type z
        type z people always default on their loans






Web mining - target is web data





Currently no protection for:
    - implicit personal information
    - nonconfidential information
    - information not exchanged between databases






---------------------------------------------