Skip to main content

Engaging Privacy and Information Technology in a Digital Age (2007) / Chapter Skim
Currently Skimming:

Part I Thinking About Privacy, 1 Thinking About Privacy
Pages 17-54

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.


From page 17...
... Notions of privacy are influenced by many factors, including technological change, societal and organizational change, and changes in immediate circumstances. Relevant technical issues include concepts of false positives and false negatives, the nature of personal information, the distinction between privacy and anonymity, fair information practices, and reasonable expectations of privacy.
Read the entire page →
From page 19...
... This report focuses on privacy and its intersections with information technology and associated social and technology trends. 1.1 INTRODUCTION One of the most discussed and worried-about aspects of today's information age is the subject of privacy.
Read the entire page →
From page 20...
... Within this big picture, and motivated by changes in the national security environment since the September 11, 2001, attacks on the World Trade Center and the Pentagon, the committee addressed issues related to law enforcement and national security somewhat more comprehensively than it did other areas in which privacy matters arise. To what end does the committee offer this consideration of privacy in the 21st century?
Read the entire page →
From page 21...
... It emphasizes the need to understand context when evaluating the privacy impact of a given situation, piece of legislation, or technology. And it provides an in-depth look at ongoing information technology trends as related to privacy concerns.
Read the entire page →
From page 22...
... For example, concerns over whether an individual's HIV status should be private may in fact reflect, in part, a concern about his or her ability to obtain health insurance. In short, as with most interesting and contentious social topics, where privacy is concerned there are both costs and benefits, and these vary by the group, context, and time period in question, as well as by the means used to measure them.
Read the entire page →
From page 23...
... Though rhetorical excesses are often a staple of advocacy, in truth the factors driving the information age rarely create simple problems with simple solutions. Perhaps the best known of the general tradeoffs in the privacy debate is that which contrasts privacy with considerations of law enforcement and national security.
Read the entire page →
From page 24...
... However, in general, these data never have to be associated with specific individuals. This situation contrasts sharply with the societal needs described above: law enforcement authorities are interested in apprehending a specific individual guilty of criminal wrongdoing, national security authorities are interested in identifying a particular terrorist, or a business wants to identify a specific customer who will buy a product.
Read the entire page →
From page 25...
... Federal Trade Commission (FTC) announced that ChoicePoint would pay $15 million in fines and other penalties for lax security standards in verifying the credentials of its business customers.
Read the entire page →
From page 26...
... Indeed, such information is so important to these businesses and government agencies that they are willing to pay to check and verify the accuracy of information provided by employees and customers. (Note also that by insisting that employees and customers provide personal information, these businesses and agencies often add to the personal information that is available to data aggregators.)
Read the entire page →
From page 27...
... Some of these factors include the volume, magnitude, complexity, and persistence of information; the expanding number of ways to collect information; the number of people affected by information; and the geographic spread and reach of information technology. 1.4.1 The Information Age What is meant by the term "information age," and what are the factors so profoundly affecting the dynamics of privacy?
Read the entire page →
From page 28...
... systems 1The World Wide Web is a product of technology trends, but it was also the primary driving force underlying the explosion of easy-to-use Internet applications that ultimately made enor mous amounts of information -- personal and otherwise -- publicly accessible. This brief characterization of the information age highlights the three major factors, indeed drivers, of the vast changes affecting current notions, perceptions, and expectations of privacy: technological change, societal shifts, and discontinuities in circumstances (Box 1.2)
Read the entire page →
From page 29...
... • Changes in business models, which are increasingly based on the notion of greater customization of services and products, a process that in turn requires large amounts of personal information so that the appropriate customization can be employed. • Changes in expectations of security following the terrorist attacks of 2001 have reduced people's expectations of the privacy rights of foreign nationals and U.S.
Read the entire page →
From page 30...
... Today, in the information age, the sheer quantity of information; the ability to collect unobtrusively, aggregate, and analyze it; the ability to store it cheaply; the ubiquity of interconnectedness; and the magnitude and speed of all aspects of the way we think about, use, characterize, manipulate, and represent information are fundamentally and continuously changing. Consider concepts of: • Information search.
Read the entire page →
From page 31...
... . Still another effect of new information technologies is the erosion of privacy protection once provided through obscurity or the passage of time; e.g., youthful indiscretions can now become impossible to outlive as an adult.
Read the entire page →
From page 32...
... Once data is aggregated, new and more powerful techniques and technologies for analyzing information (generically known as data mining) will make it much easier to extract and identify personally identifiable patterns that were previously protected by the vast amounts of data "noise" around them.
Read the entire page →
From page 33...
... However, such privacy-protecting technologies must be deployed in order to enhance privacy, and because they generally have no operational or business value other than protecting privacy, it is often the case that such protective technologies are not deployed. 1.4.3 Societal Shifts and Changes in Institutional Practice Focusing solely on technological advancements provides an incomplete view of how values, understandings, and expectations shift over time.
Read the entire page →
From page 34...
... In response to concerns about fraud, administering government agencies are asking for more information and have increasingly turned to computer matching involving diverse databases. In contrast, such agencies rarely do computer matching to identify potential clients who are not utilizing benefits to which they are entitled.
Read the entire page →
From page 35...
... No one forces these people to do so, and yet the social context of the sites' use provides a strong impetus for doing so. The examples above illustrate current information demands.
Read the entire page →
From page 36...
... Finally, in some cases personal information is used to determine a category into which a given individual might fall, and what is of interest to another party is the category rather than the person.10 The availability of personal information enables the assignment of an individual to one or more categories, such as those who share a characteristic such as age, race, or genetic marker. For example, the popularity of geo-demographic targeting for the marketing of goods and services at the neighborhood level reflects a determination that there is quite a bit of predictive utility in the differences between 100 types of communities definable at the ZIP + 4 level of precision.11 Political parties use personal information to determine how to target their voter turnout efforts towards those most likely to vote for their candidates.12 Undertaken in the context of selling different products based on a zip code's socioeconomic status indicators, such a practice may be benign.
Read the entire page →
From page 37...
... Thus, attention has been focused on identifying other possible terrorist cells operating in the United States by detecting their operational "signatures" through domestically focused information gathering and analysis. While the concerns of law enforcement and national security officials regarding the possibility of U.S.-based terrorist operations cannot be discounted, the mere fact of including information about U.S.
Read the entire page →
From page 38...
... Thus, the only other option is to monitor closely for the outbreak of disease in other nations and to seek to prevent those who are disease carriers from crossing one's own national borders. Although individuals seeking to enter the United States have fewer and more limited privacy protections than they would if they were already present in-country, monitoring and obtaining information on the health of individuals have implications for privacy.
Read the entire page →
From page 39...
... Combining the values of personal data elements D1, D2, D3, D4 means taking the intersection of S1, S2, S3, S4 (call the intersection S1, and the number of people in S1 the bin size. In general, S1 has more than one person in it (i.e., the bin size is more than one)
Read the entire page →
From page 40...
... • In general, it is the values of data elements and combinations thereof that specify unique individuals, not the data elements themselves. In some cases, "unique identifiers" -- if genuinely unique -- could be said to specify unique individuals.
Read the entire page →
From page 41...
... That is, in one situation, an individual may regard a particular data element as highly private (one that might require a large bin size) and in a different situation regard the same data element as not at all private (i.e., he would be perfectly fine with a bin size of one)
Read the entire page →
From page 42...
... 15 The above discussion also illuminates the distinction between three categories of information -- personal information, sensitive information, and personally identifiable information.16 • Personal information is the set of all information that is associated with a specific person X Personal information is thus defined in a technical or objective sense.
Read the entire page →
From page 43...
... 1.5.2 False Positives, False Negatives, and Data Quality In many societies, alleged criminals are tried by jury. In any given trial, the jury finds a defendant either innocent or guilty (apart from jury deadlocks)
Read the entire page →
From page 44...
... False positives and false negatives are important in a discussion of privacy because they are the language in which the tradeoffs described in Section 1.2 are often cast. Banks obtain personal information on individuals for the purpose of evaluating their creditworthiness.
Read the entire page →
From page 45...
... ; improperly duplicated records; data conversion errors, as might occur when a database of vendor X is converted to a comparable database using technology from vendor Y; use of inconsistent definitions over time; and definitions that become irrelevant over time. Data quality issues for multiple databases include all of those issues for a single database, and also syntactic inconsistencies (one database records phone numbers in the form 202-555-1212 and another in the form 2025551212)
Read the entire page →
From page 46...
... .20 Note also that anonymity is often tied to the identification of an individual rather than the specification of that individual. A person may be specified by his or her complete genomic sequence, but in the absence of databases that tie that sequence to a specific identity the person is still anonymous.
Read the entire page →
From page 47...
... In other words, in the usual discussion of anonymity, an anonymous person is someone whose identity cannot be definitively ascertained. However, for some purposes, a bin size of three would be insufficient to protect his or her identity -- if a stool pigeon for an organized crime syndicate were kept "anonymous" within a bin size of three, it is easy to imagine that the syndicate would be perfectly willing and able to execute three murders rather than one.
Read the entire page →
From page 48...
... 1.5.4 Fair Information Practices Fair information practices are standards of practice required to ensure that entities that collect and use personal information provide adequate privacy protection for that information. These practices include notice to and awareness of individuals with personal information that such information is being collected, providing individuals with choices about how their personal information may be used, enabling individuals to review the data collected about them in a timely and inexpensive way and to contest that data's accuracy and completeness, taking steps to ensure that the personal information of individuals is accurate and secure, and providing individuals with mechanisms for redress if these principles are violated.
Read the entire page →
From page 49...
...  THINKING ABOUT PRIVACY BOX 1.3 Codes of Fair Information Practice Fair information practices are standards of practice required to ensure that enti ties that collect and use personal information provide adequate privacy protection for that information. As enunciated by the U.S.
Read the entire page →
From page 50...
... Closets may be provided for the storage of personal effects, and depending on the relative permanence of assigned spaces, desk drawers may be treated as personal space. The presence or absence 26 Marc Rotenberg, The Priacy Law Sourcebook 00, Electronic Privacy Information Center, 2001, pp.
Read the entire page →
From page 51...
... In the case of information technology, the "objects" about which one is private (digital objects such as electronic files or streams of bits as communications) are quite distinct from objects that were originally the focus of privacy concerns (physical, tangible objects made of atoms)
Read the entire page →
From page 52...
... 1.6 LESSONS FROM HISTORY In the history of the United States, a number of societal shifts have taken place that relate to contemporary visions of privacy (Appendix A)
Read the entire page →
From page 53...
... One result is that the legal and regulatory framework surrounding privacy has been a patchwork without a unifying theme or driving principles. This state of affairs in the United States contrasts sharply with those of certain other nations (notably the member states of the European Union)
Read the entire page →
From page 54...
... . Chapter 9 looks at law enforcement and national security.
Read the entire page →

Key Terms

  • bin size
  • data element
  • false negatives
  • fair information
  • data quality

  • law enforcement
  • information practices
  • false positives
  • information age
  • stated purpose

  • privacy concerns
  • privacy protection
  • personally identifiable
  • provide personal
  • bad credit

  • person x
  • credit risks
  • identity theft
  • identifiable information
  • collect information

  • data elements
  • societal shifts
  • reasonable expectations
  • sensitive information
  • data fields

  • privacy debate
  • false negative
  • false positive
  • specific individual
  • national borders


    • This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
    More information on Chapter Skim is available.