ISTA Quiz 4
Police Drones
A few police departments in US operate small unmanned drones Federal Aviation Administration puts restrictions on use Public opinion mixed -Yes: Search and rescue -No: Identify speeders
AOL Search Dataset
AOL researcher Dr. Chowdhury posted three months' worth of user queries from 650,000 users (2006) No names used; random integers used to label all queries from particular users Researchers identified some users from queries; e.g., many people performed searches on their own names New York Times investigation led to public outcry AOL took down dataset, but it was already copied and reposted AOL fired Dr. Chowdhury and his supervisor
Medical Records
Advantages of changing from paper-based to electronic medical records Quicker and cheaper for information to be shared among caregivers -Lower medical costs -Improve quality of medical care Once information in a database, more difficult to control how it is disseminated
Foreign Intelligence Surveillance Act (FISA)
An act passed in 1978 that describes procedures for the electronic surveillance and collection of foreign intelligence information in communications between foreign powers and agents of foreign powers.
Targeted Direct Mail
Businesses mail advertisements only to those most likely to purchase products Data brokers provide customized mailing lists created for information gathered online and offline Example of making inferences for targeted direct mail Shopping for clothes online + frequent fast-food dining + subscribing to premium cable TV channels → more likely to be obese Two shoppers visiting same site may pay different prices based on inferences about their relative wealth
Enhanced 911 Services
Cell phone providers in United States required to track locations of active cell phones to within 100 meters Allows emergency response teams to reach people in distress What if this information is sold or shared?
Census Records
Census required to ensure every state has fair representation Number of questions steadily rising Sometimes Census Bureau has broken confidentiality requirement -World War I: draft resistors -World War II: Japanese -Americans
Patriot Act Successes
Charges brought against 361 individuals -Guilty pleas or convictions for 191 people -Shoe-bomber Richard Reid -John Walker Lindh (supplied services to the Taliban) More than 500 individuals linked to 9/11 removed from United States Terrorist cells broken up in Buffalo, Seattle, Tampa, and Portland ("the Portland Seven")
Information Technology Erodes Privacy
Collection, exchange, combination, and distribution of information easier than ever, lessens privacy Scott McNealy (Sun Microsystems): "You have zero privacy anyway. Get over it." We will consider how we leave an "electronic trail" of information behind us and what others can do with this info
Operation Shamrock
Continuation of World War II interception of international telegrams (Signal Security Agency) Then - National Security Agency (formed 1952) Expanded to telephone calls Kennedy -Organized crime figures -Cuba-related individuals and businesses Johnson and Nixon -Vietnam war protesters Nixon -War on drugs
Cookies
Cookie: File placed on computer's hard drive by a Web server Contains information about visits to a Web site Allows Web sites to provide personalized services Usually put on hard drive without user's permission You can set Web browser to alert you to new cookies or to block cookies entirely
Harms of Privacy
Cover for illegal or immoral activities Burden on the family Hidden dysfunctional families People on society's fringes can be ignored
Carnivore Surveillance System
Created by FBI in late 1990s Monitored Internet traffic, including email exchanges Carnivore = Windows PC + "packet-sniffing" software Captured packets going to/from a particular IP address Used about 25 times between 1998 and 2000 Replaced with commercial software
Records Held by Private Organizations
Credit card purchases Purchases made with loyalty cards Voluntary disclosures Posts to social network sites
Netflix Prize
Crowdsourcing Win prize if beat algorithm for predicting user ratings
OneDOJ Database
Database being constructed by US Department of Justice Gives state and local police officers access to information provided by five federal law enforcement agencies -Incident reports -Interrogation summaries -Other information not available through NCIC Criticisms -OneDOJ gives local police access to information about people who have not been charged with a crime -There is no way to correct misinformation in raw police reports
Credit Reports
Example of how information about customers can itself become a commodity Credit bureaus -Keep track of an individual's assets, debts, and history of paying bills and repaying loans -Sell credit reports to banks, credit card companies, and other potential lenders System gives you more choices in where to borrow money Poor credit can hurt employment prospects
Facebook Tags
FB tag: Label identifying a person in a photo Facebook allows users to tag people who are on their list of friends About 100 million tags added per day in Facebook Facebook uses facial recognition to suggest name of friend appearing in photo Does this feature increase risk of improper tagging?
Data Gathering and Privacy Implications
Facebook tags Enhanced 911 services Rewards or loyalty programs Body scanners RFID tags Implanted chips Mobile apps OnStar Automobile "black boxes" Medical records Digital video recorders Cookies and flash cookies
Facebook Beacon
Fandango, eBay, and 42 other online businesses paid Facebook to do "word of mouth" advertising Facebook users surprised to learn information about their purchases was shared with friends Beacon was based on an opt-out policy Beacon strongly criticized by various groups Facebook switched to an opt-in policy regarding Beacon
Closed-circuit Television Cameras
First use in Olean, New York in 1968 Now more than 30 million cameras in US Helped to identify Boston marathon bombers New York City's effort in lower Manhattan -$201 million for 3,000 new cameras -License plate readers -Radiation detectors
Flash Cookies
Flash cookie: File placed on your computer's hard drive by a Web server running the Adobe Flash Player Flash cookie can hold 25 times as much information as a browser cookie Flash cookies not controlled by browser's privacy controls Some Web sites use flash cookies as a way of backing up browser cookies. If you delete browser cookie, it can be "respawned" from the flash cookie Half of 100 most popular Web sites use flash cookies
Collaborative Filtering
Form of data mining Analyze information about preferences of large number of people to predict what one person may prefer -Explicit method: rank people's preferences -Implicit method: keep track of their purchases Used by online retailers and movie sites
A Balancing Act
Government must balance competing desires of citizens -desire to be left alone -desire for safety and security
Genetic Information Nondiscrimination Act
Health insurance companies Can't request genetic information Can't use genetic information when making decisions about coverage, rates, etc. Doesn't apply to life insurance, disability insurance, long-term care insurance Employers Can't take genetic information into account when hiring, firing, promoting, etc. Small companies (< 15 employees) are exempt
Malls Track Shoppers' Cell Phones
In 2011 two malls recorded movement of shopper by tracking locations of cell phones -How much time people spend in each store? -Do people who shop at X also shop at Y? -Are there unpopular areas of mall? Small signs informed shoppers of study After protest, mall quickly halted study
iPhone Apps Upload Address Books
In 2012 a programmer discovered SNS Path was uploading iPhone address books without permission Internet community pointed out that this practice violated Apple's guidelines CEO of Path apologized; app rewritten Twitter, Foursquare, and Instagram also implicated for same practice; apps rewritten
Benefits of Privacy
Individual growth Individual responsibility Freedom to be yourself Intellectual and spiritual growth Development of loving, trusting, caring, intimate relationships
Daniel Solove's Taxonomy of Privacy
Information collection: Activities that gather personal information Information processing: Activities that store, manipulate, and use personal information that has been collected Information dissemination: Activities that spread personal information Invasion: Activities that intrude upon a person's daily life, interrupt someone's solitude, or interfere with decision-making
Instagram's Proposed Change to Terms of Service
Late 2012: Instagram announced changes -Privacy policy -Terms of service Legal experts: Instagram and Facebook would have right to use photos in ads without permission Instagram CEO: New policy misunderstood Changed advertising section of terms of service agreement back to original version
Marketplace: Households
Lotus Development Corporation developed CD with information on 120 million Americans Planned to sell CD to small businesses that wanted to create mailing lists based on various criteria, such as household income More than 30,000 consumers complained to Lotus about invasion of privacy Lotus dropped plans to sell CD
Mobile Apps
Many apps on Android smartphones and iPhones collect location information and sell it to advertisers and data brokers -Angry Birds -Brightest Flashlight Flurry: a company specializing in analyzing data collected from mobile apps Has access to data from > 500,000 apps
Automobile "Black Boxes"
Modern automobiles come equipped with a "black box" Maintains data for five seconds: -Speed of car -Amount of pressure being put on brake pedal -Seat belt status After an accident, investigators can retrieve and gather information from "black box"
License Plate Scanners
More than 70% of police departments in United States use license plate scanners -Mounted on police cars, parking enforcement vehicles, road signs, toll gates, bridges How long information kept varies -Minnesota state patrol: 48 hours -Milpitas, California: indefinitely A few states restrict use of scanners because of privacy concerns
Targeting Pregnant Women
Most people keep shopping at the same stores, but new parents have malleable shopping habits Targeting pregnant women a good way to attract new customers Target did data mining to predict customers in second trimester of pregnancy -Large amounts of unscented lotion, extra-large bags of cotton balls, nutritional supplements Mailings included offers for unrelated items with offers for diapers, baby clothes, etc.
FBI National Crime Information Center 2000
NCIC Collection of databases related to various crimes Contains > 39 million records Successes Helps police solve hundreds of thousands of cases every year -Helped FBI tie James Earl Ray to assassination of Dr. Martin Luther King, Jr. -Helped FBI apprehend Timothy McVeigh for bombing of federal building in Oklahoma City
Patriot Act Renewal
Nearly all provisions have been made permanent Four-year sunset clause on two provisions -Roving wiretaps -FBI ability to seize records from financial institutions, libraries, doctors, and businesses with approval from secret Foreign Intelligence Surveillance Court
OnStar
OnStar manufactures communication system incorporated into rear-view mirror Emergency, security, navigation, and diagnostics services provided to subscribers Two-way communication and GPS Automatic communication when airbags deploy Service center can even disable gas pedal
Electronic Communications Privacy Act
Passed by Congress in 1986 Allows police to attach two kinds of surveillance devices to a suspect's phone line -Pen register: displays number being dialed -Trap-and-trace device: displays caller's phone number Court order needed, but prosecutors do not need to show probable cause Allows police to do roving wiretaps (following suspect from phone to phone)
Employee Polygraph Protection Act
Passed in 1988 Prohibits private employers from using lie detector tests under most conditions Cannot require test for employment
Communications Assistance for Law Enforcement Act
Passed in 1994 Designed to ensure police can still do wiretapping as digital networks are introduced FBI asked for new abilities, such as ability to intercept digits typed by caller after phone call placed Federal Communications Commission included these capabilities in its guidelines to phone companies
Privacy and Trust
Perhaps modern life is actually more private than life centuries ago Most people don't live with extended families Automobile allows us to travel alone (vs public transportation) Television vs public entertainment (theatres) Challenge: we now live among strangers Remedy: establishing reputations Ordeal, such as lie detector test or drug test Credential, such as driver's license, key, ID card, college degree Establishing reputation is done at the cost of reducing privacy
Microtargeting
Political campaigns determine voters most likely to support particular candidates -Voter registration -Voting frequency -Consumer data -GIS data Target direct mailings, emails, text messages, home visits to most likely supporters
Social Network Services' Analysis
Potential employers collect information from social networks to inform decisions Cell phone provider Bharti Airtel (India) offers special promotions to "influencers" Police use Facebook and Twitter posts to deploy officers on big party nights Banks combine social network data with credit reports to determine creditworthiness
National Security Agency Wiretapping
President Bush signed presidential order -OK for NSA to intercept international phone calls & emails initiated by highly suspicious people inside US -No search warrant required Number of people monitored -About 500 people inside US -Another 5,000-7,000 people outside US At least two al-Qaeda plots foiled -Plot to take down Brooklyn bridge -Plot to bomb British pubs and train stations
Defining Privacy
Privacy related to notion of access Access -Physical proximity to a person -Knowledge about a person Privacy is a "zone of inaccessibility" Privacy violations are an affront to human dignity But, too much individual privacy can harm society Where to draw the line?
Is There a Natural Right to Privacy?
Privacy rights stem from property rights: "a man's home is his castle" Coercive Acts (British soldiers quartering in times of peace) before American Revolution led to 3rd Amendment to U.S. Constitution Samuel Warren and Louis Brandeis: People have "the right to be let alone" Judith Jarvis Thomson: "Privacy rights" overlap other rights Conclusion: Privacy is not a natural right, but it is a prudential (because it provides a net benefit to society) right
4th Amendment of U.S. Constitution
Protects from unreasonable searches and seizures
USA PATRIOT Act (2001)
Provisions -Greater authority to monitor communications -Greater powers to regulate banks -Greater border controls -New crimes and penalties for terrorist activity
Public Records
Public record: information about an incident or action reported to a government agency for purpose of informing the public Examples: birth certificates, marriage licenses, motor vehicle records, criminal records, deeds to property Computerized databases and Internet have made public records much easier to access
RFID Tags
RFID: Radio frequency identification An RFID tag is a tiny wireless transmitter Manufacturers are replacing bar codes with RFID tags Contain more information Can be scanned more easily (2 meters) If tag cannot be removed or disabled, it becomes a tracking device
Children's Online Privacy Protection Act
Reduces amount of public information gathered from children online Online services must gain parental consent before collecting information from children 12 and under
Data Mining Defined
Searching records in one or more databases, looking for patterns or relationships Can be used to create profiles of individuals Allows companies to build more personal relationships with customers
Google's Personalized Search
Secondary use: Information collected for one purpose use for another purpose Google keeps track of your search queries and Web pages you have visited -It uses this information to infer your interests and determine which pages to return -Example: "bass" could refer to fishing or music Also used by retailers for direct marketing
Covert Activities after 9/11
September 11, 2001 attacks on World Trade Center and Pentagon (3,000 people killed) President Bush authorized new, secret, intelligence-gathering operations inside United States
Rewards or Loyalty Programs
Shoppers who belong to store's rewards program can save money on many of their purchases Computers use information about buying habits to provide personalized service ShopRite computerized shopping carts with pop-up ads Do card users pay less, or do non-users get overcharged?
Body Scanners
Some department stores have 3-D body scanners Computer can use this information to recommend clothes Scans can also be used to produce custom-made clothing
Case Study: New Parents
Sullivans have a baby girl Both work; they are concerned about performance of full-time nanny Purchase program that allows monitoring through laptop's camera placed in family room They do not inform nanny she is being monitored Rule Utilitarian Social Contract Theory Kantian Virtue Ethics
Implanted Chips
Taiwan: Every domesticated dog must have an implanted microchip -Size of a grain of rice; implanted into ear -Chip contains name, address of owner -Allows lost dogs to be easily returned to owners Some RFID tags approved for use in humans -Can be used to store medical information -Can be used as a "debit card"
Internal Revenue Service Records
The 16th Amendment to the US Constitution gives the federal government the power to collect an income tax IRS collects more than $2 trillion a year in income taxes Income tax forms contain a tremendous amount of personal information: income, assets, to whom you make charitable contributions, medical expenses, and more
Digital Video Recorders
TiVo service allows subscribers to record programs and watch them later TiVo collects detailed information about viewing habits of its subscribers Data collected second by second, making it valuable to advertisers and others interested in knowing viewing habits
Ownership of Transaction Information
Who controls transaction information? -Buyer? -Seller? -Both? Opt-in: Consumer must explicitly give permission before the organization can share info Opt-out: Organization can share info until consumer explicitly forbid it Opt-in is a barrier for new businesses, so direct marketing organizations prefer opt-out