Engaging Privacy and Information Technology in a Digital Age (2007) / Chapter Skim
Currently Skimming:
3 Technological Drivers
3 Technological Drivers
Pages 88-121
The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.
From page 88... ...
This stands in sharp contrast to apples: If I share an apple with you, we each get half an apple, not a whole apple. If information were not reproducible in this manner, many privacy concerns would simply disappear.
|
From page 89... ...
Cell phones equipped to provide E-911 service can be used to map to a high degree of accuracy the location of the individuals carrying them, and a number of wireless service providers are marketing cell phones so equipped to parents who wish to keep track of where their children are. These trends are manifest in the increasing number of ways people use information technology, both for the conduct of everyday life and in special situations.
|
From page 90... ...
If we can't keep data private with the current use of technology, how will we maintain our current understanding of privacy when the common computing and networking infrastructure includes our voting, medical, financial, travel, and entertainment records, our daily activities, and the bulk of our communications? As more aspects of our lives are recorded in systems for health care, finance, or electronic commerce, how are we to ensure that the information gathered is not used inappropriately to detect or deduce what we consider to be private information?
|
From page 91... ...
With the advances in the capacities of primary storage devices, it is now often more expensive to decide how to cull data or transfer it to secondary storage (and to spend the resources to do the culling or transferring) than it is to simply store it all on primary storage, adding new capacity when it is needed.
|
From page 92... ...
The ability to re-create the original data set is of great value, as it allows more sophisticated analysis of the data in the future. But it also allows the data to be analyzed for purposes other than those for which it was originally gathered, and allows the data to be aggregated with data gathered in other ways for additional analysis.
|
From page 93... ...
From the privacy point of view, this means that once data have been gathered and committed to persistent storage, it is very difficult to ever be sure that the data have been removed or forgotten -- a point very relevant to the archiving of materials in a digital age. With more data, including more kinds of data, being kept in its raw form, the concern arises that every electronic transaction a person ever enters into can be kept in readily available storage, and that audio and video footage of all of the public activities for that person could also be available.
|
From page 94... ...
are in many modern office buildings. Cell phone networks gather position information for 911 calling, which could be used to track the locations of their users.
|
From page 95... ...
But the impact that those and other deployments will have in practice on individual privacy is hard to determine. 3.3 SOFTWARE ADVANCES In addition to the dramatic and well-known advances in the hardware of computing have come significant advances in the software that runs on that hardware, especially in the area of data mining and information fusion/data integration techniques and algorithms.
|
From page 96... ...
For example, by using data mining to analyze the patterns of an individual's previous credit card transactions, a bank can determine whether a credit card transaction today is likely to be fraudulent. By combining results from different medical tests using information fusion techniques, physicians can infer the presence or absence of underlying disease with higher confidence than if the result of only one test were available.
|
From page 97... ...
For example, cell phone companies must track the locations of cell phones on their network in order to determine the tower responsible for servicing any individual cell phone. But these data can be used to trace the location of cell-phone owners over time.4 Temperature and humidity sensors used to monitor the environment of a building can generate data that indicate the presence of people in particular rooms.
|
From page 98... ...
The additional power is characterized by Metcalfe's law, which states that the power of a network of computers increases in proportion to the number of pair-wise connections that the network enables.6 A result of connectivity is the ability to access information stored or gathered at a particular place without having physical access to that place. It is no longer necessary to be able to actually touch a machine to use that machine to gather information or to gain access to any information stored on the machine.
|
From page 99... ...
This interconnectivity seems to mean that it is no longer necessary to actually have data on an individual on a local computer; the data can be found somewhere on another computer that is connected to the local computer, and with the seemingly unlimited computing ability of the network of interconnected machines, finding and making use of that information is no longer a problem. Ubiquitous connectivity has also given impetus to the development of digital rights management technologies (DRMTs)
|
From page 100... ...
And in some instances, they have the potential to create security vulnerabilities in the systems on which they run, exploitation of which might lead to security breaches and the consequent compromise of personal information stored on those systems. 9 On the other hand, DRMTs can -- in principle -- be used by private individuals to exert greater control over the content that they create.
|
From page 101... ...
Networked computers can share any information that they have, and can aggregate information held by them separately. Thus it is possible not only to see all of the information gathered about an individual, but also to aggregate the information gathered in various places on the network into a larger view of the activities of that individual.
|
From page 102... ...
While it is hard to imagine using the Web without search services, their availability has brought up privacy concerns. Using a search engine to assemble information about an individual has become common practice (so common that the term "to Google" has entered the language)
|
From page 103... ...
Integration Data collection as separate Data collection folded into activity routine activity Data collector Human, animal Machine (wholly or partly automated) Where data reside With the collector, stays With third parties, often local migrates Timing of data collection Single point or Continuous (omnipresent)
|
From page 104... ...
for search data from four search engines, including search terms queried and Web site addresses, or URLs, stored in each search engine's index but excluding any user identifying information that could link a search string back to an individual. The intended DOJ use of the data was not to investigate a particular crime but to study the prevalence of pornographic material on the Web and to evaluate the effectiveness of software filters to block those materials in a case testing the constitutionality of the Child Online Protection Act (COPA)
|
From page 105... ...
18-19. 17 United States District Court for the Northern District of California, San Jose Division, Court Ruling, p.
|
From page 106... ...
These are biological sensing technologies, including such things as biometric identification schemes and DNA analysis. Biometric technologies use particular biological markers to identify individuals.
|
From page 107... ...
In addition to these forms of biometric identification is the technology associated with the mapping and identification of human DNA. The mapping of the human genome is one of the great scientific achievements of the past decade, and work is ongoing in understanding the phenotypic implications of variations at specific sites within the gnome.
|
From page 108... ...
Since law enforcement is based on the notion of individual accountability, law enforcement pressures to restrict the use of anonymizing technologies are not unexpected. Anti-spyware technologies stem the flow of personal information related to one's computer and Internet usage practices to other parties, thereby enhancing privacy.
|
From page 109... ...
3.8.2 Privacy-enhancing Technologies for Use by Information Collectors Privacy-enhancing tools that can be used by information collectors include anonymization techniques that can help to protect privacy in certain applications of data mining. 3.8.2.1 Query Control Teresa Lunt has undertaken some work in the development of a privacy appliance23 that is based on a heuristic approach to query control and can be viewed as a firewall that is placed in between databases containing personal information and those querying those databases.
|
From page 110... ...
Nonetheless, it also poses some unresolved issues for which further research is needed. • A lesson from the literature on the statistics of disclosure limitation is that privacy protection in the form of "safe releases" from separate databases does not guarantee privacy protection for information in a merged database.24 It is not known how strongly this lesson applies to the query control approach, especially given the fact that the literature addresses aggregate data, whereas questions of privacy often involve identification of individuals.
|
From page 111... ...
Such files can show, for example, how one household or one household member answered questions on occupation, place of work, and so on. Given the sensitive nature of much of this information and the types of analysis and comparison facilitated by modern technology, statistical agencies also can and do employ a wide range of techniques to prevent the disclosure of personally identifiable information related to specific individuals and to ensure that the data that are made available cannot be used to identify specific individuals or, in some cases, specific groups or organizations.
|
From page 112... ...
Another model involves making random decisions on whether to round a given value up or down (as opposed to conforming data according to a predetermined rounding convention)
|
From page 113... ...
Also, the process of developing a P3P-compatible privacy policy is structured and systematic. Thus, a Web site operator may discover gaps in its existing privacy policy as it translates that policy into machine-readable form.
|
From page 114... ...
Tools can also tag data as privacy sensitive, and when such tagged data are subsequently accessed, other software could check to ensure that the access is consistent with the company's privacy policy. Because of the many information flows in and out of a company, a comprehensive audit of a company's privacy policy is generally quite difficult.
|
From page 115... ...
Law enforcement agencies also have concerns about electronic cash systems that might facilitate anonymous money laundering. 3.8.2.7 Information Security Tools Finally, the various tools supporting information security -- encryption, access controls, and so on -- have important privacy-protecting functions.
|
From page 116... ...
Note that this issue is not resolved simply by searching in multiple databases of similar formats. For example, although search engines facilitate the searching of large volumes of text that can be spread among multiple databases, this is not to say that these data can be treated as belonging to a single database, for if that were the case both the format and the
|
From page 117... ...
The notion that data gathered by sensors about an individual by different sources can be easily aggregated by computers that are connected by a network presupposes, contrary to fact, that this problem of data integration and interpretation has been solved. Similarly, the claim that increases in the capacity of storage devices will allow data to be stored forever and used to violate the privacy of the individual ignores another trend in computing, which is that the formats used to interpret the raw data contained in storage devices are program specific and tend to change rapidly.
|
From page 118... ...
Thus, such tasks will remain computationally infeasible not just now but for a long time to come.35 Similar arguments also apply to certain sensing technologies. For example, privacy advocates worry about the wide deployment of facial recognition technology.
|
From page 119... ...
As one example, digital rights management technologies have the potential to collect highly detailed information on user behavior regarding the texts they read and the music they listen to. In some instances, they have a further potential to create security vulnerabilities in the systems on which they run, exploitation of which might lead to security breaches and the consequent compromise of personal information stored on those systems.
|
From page 120... ...
Consider, for example, that data-mining technologies are seen by many to be tools of those who would invade the privacy of ordinary citizens.36 Poorly formulated limitations on the use of data mining may reduce its impact on privacy, but may also inadvertently limit its use in other applications that pose no privacy issue whatever. Finally, it is worth noting the normative question of whether technology or policy ought to have priority as a foundation for protecting privacy.
|
From page 121... ...
Thus, a second view of privacy would argue that technology should constitute the basis for privacy protection, because such a foundation is harder to change or circumvent than one based on procedural foundations.37 Further, violations of technologically enforced privacy protections are generally much more difficult to accomplish than violations of policy-enforced protections. Whether such difficulties are seen as desirable stability (i.e., an advantage)
|
Key Terms
This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More
information on Chapter Skim is available.