EXCAVATING EQUIPMENT ppt,excavating instrument ppt,advance construction equipment ppt
priv4.ppt
description
Transcript of priv4.ppt
45-848 ECOMMERCE LEGAL ENVIRONMENT SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Lecture 4:Privacy
45-848 ECOMMERCE LEGAL ENVIRONMENT SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Outline
• Proliferation of data• What is privacy?• Driver’s License Data• Privacy Laws• De-identification• Medical privacy• P3P• European Union approach
45-848 ECOMMERCE LEGAL ENVIRONMENT SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
What is Privacy?
• Many different concepts all collected under the single word “privacy”
• Protection against intrusion into one’s “space” – Protection from Government (4th Amendment)– Freedom from publicity, disclosure of
embarrassing facts (“Invasion of Privacy”)– Protection from telemarketers
• Protection in cyberspace– Anti-spam– Web data collection
45-848 ECOMMERCE LEGAL ENVIRONMENT SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
What is Privacy?
• Bodily privacy (Roe v. Wade)• Communications privacy
– Against eavesdropping, wiretapping– Electronic Communications Privacy Act
• Identity privacy– Anonymity
• Data privacy– Right to control collection, use and dissemination
of non-public personal information
45-848 ECOMMERCE LEGAL ENVIRONMENT SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Data Privacy
• Who “owns” data about you? Can data be owned?– Facts (residence, phone #, age)
e.g. Allegheny County Property– Sales information– Habits, personal preferences– Message traffic
• Problem: electronic collections are subject to greater abuse than paper ones
• Problem: having everything on line is different from just having records be public
• Policy: is it the data or its use that requires protection?
45-848 ECOMMERCE LEGAL ENVIRONMENT SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
U.S. Privacy Law• No definition of “privacy”; few legal principles• Federally protected categories: financial, educational, medical• State: limited, usually embarrassing facts or photos• Constitutional basis?
– 4th amendment: government searches– “liberty” as right of privacy
• State constitutions
California Const. Art. I, §1: “All people are by nature free and independent and have inalienable rights. Among these are ... pursuing and obtaining safety, happiness, and privacy.” (Not in the 1849 Constutution)
Hawaii Const. Art. 1, §6: “The right of the people to privacy is recognized and shall not be infringed without the showing of a compelling state interest.” (Added in 1978)
45-848 ECOMMERCE LEGAL ENVIRONMENT SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Sample Federal Privacy Statutes
• Gramm-Leach-Bliley (financial privacy)• Health Insurance Portability and Accountability Act of 1996 (medical)• Children’s Online Privacy Protection Act of 1998• Privacy Act of 1974 (covers U.S. government)• Driver’s Privacy Protection Act of 1994 (driver’s license info)• Video Privacy Protection Act of 1998 (videotape rental and sale
records)• Electronic Communications Privacy Act of 1986• Family Education Rights and Privacy Act of 1974 (academic)• Fair Credit Reporting Act of 1970• Cable Communications Policy Act of 1984
. . .
45-848 ECOMMERCE LEGAL ENVIRONMENT SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Driver’s Privacy Protection Act of 1994
• Deals with release of information obtained by a State department of motor vehicles
• Designed to prevent sale of driver’s license information
• “personal information” means information that identifies an individual, including an individual's photograph, social security number, driver identification number, name, address (but not the 5-digit zip code), telephone number, and medical or disability information, but does not include information on vehicular accidents, driving violations, and driver's status
• “highly restricted personal information” means an individual's photograph or image, social security number, medical or disability information;
Driver’s Privacy Protection Act of 1994• A State department of motor vehicles, and any officer, employee, or
contractor thereof, shall not knowingly disclose or otherwise make available to any person or entity:– personal information … about any individual obtained by the
department in connection with a motor vehicle record, except [lots of exceptions]; or
– highly restricted personal information … without the express consent of the person to whom such information applies, except [small list of exceptions]
• Statute makes it a crime. Penalty: fine + prison– For a State Department of Motor Vehicles, $5000/day
• Is this constitutional?• Where does Congress get the power to regulate state drivers’ licenses?
45-848 ECOMMERCE LEGAL ENVIRONMENT SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Reno v. Condon• South Carolina made driver’s license information available to anyone
(except telephone solicitors)• Charlie Condon was the Attorney General of South Carolina• When the DPPA was passed, Condon sued the U.S. Attorney General
to prevent enforcement (or he would become a criminal)• Claimed it makes “state officials the unwilling implementors of federal
policy”• U.S. Constitution, Art. 1, Sec. 8, Clause 3: “The Congress shall have
Power … To regulate Commerce with foreign Nations, and among the several States, and with the Indian Tribes”
• “sale or release of … information in interstate commerce is … a proper subject of congressional regulation”
• Information as an article of commerceReno v. Condon, 528 U.S. 666 (2000)
45-848 ECOMMERCE LEGAL ENVIRONMENT SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Data Collection
• Public birth records now contain 226 fields of information, including name, DOB, gender, ZIP, parents’ race, level of education, genetic risk factors
• Voter registration data contains name, address, gender
• Public hospital discharge records contain 50 fields, including DOB, gender, ZIP, diagnosis, treatments, medical bills (no name)
• Grocery store data include name, address, bank account, SSAN, weekly spending
• Linking produces huge dossiers
45-848 ECOMMERCE LEGAL ENVIRONMENT SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Data Anonymity
• Data is “anonymous” if it cannot be associated with a a specific individual
• Data that includes a name, SSAN, address, etc. is not anonymous.
• Data can be made anonymous by abridging or modifying it, e.g. change ZIP from 20011 to 200** (de-identifying)
• Problem: abridging data affects its integrity• How much data must be eliminated to make it
anonymous? Is it ever possible?
45-848 ECOMMERCE LEGAL ENVIRONMENT SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Methods of De-Identification
• Quasi-identifier, profile {Birth0.5, ZIP0.7, Sex0.3}
• Generalization 10/27/59 1959
• Suppression 02139
• Encryption 3245123 2168582
SOURCE: LATANYA SWEENEY
Idea: onebecomes
many
45-848 ECOMMERCE LEGAL ENVIRONMENT SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Data Anonymity
• Problem: de-identifying data does not necessarily make it anonymous. It can often be re-identified:
Ethnicity
Visit date
Diagnosis
Procedure
Medication
Total bill
ZIP
Birth date
Sex
Medical Data
Name
Address
Dateregistered
Party
Date lastvoted
Voter Lists
ZIP
Birth date
Sex
SOURCE: LATANYA SWEENEY
Date of birth, gender + 5-digit ZIP uniquely identifies 87.1% of U.S. population
ZIP 60623 has 112,167 people, 11%, not 0% uniquely identified. Insufficient # over 55 living there.
SOURCE: LATANYA SWEENEY
= one ZIP code
45-848 ECOMMERCE LEGAL ENVIRONMENT SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Privacy Act of 19745 U.S.C. §552a
• Deals with disclosure of Federal Government records on individuals
• “No agency shall disclose any record … to any person, or to another agency, except pursuant to a written request by, or with the prior written consent of, the individual to whom the record pertains [except … ]”– … the record is to be transferred in a form that is not
individually identifiable; – authorized law enforcement– heath or safety– Congress– court order
45-848 ECOMMERCE LEGAL ENVIRONMENT SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Privacy Act of 1974
• “No agency shall disclose any record … to any person, or to another agency, except … with the prior written consent of, the individual to whom the record pertains, unless disclosure of the record would be --– … used solely as a statistical research or reporting
record, and the record is to be transferred in a form that is not individually identifiable” (not a defined term)
• Restriction on “matching programs”
– any computerized comparison of -- (i) two or more automated systems of records … [certain exceptions]
45-848 ECOMMERCE LEGAL ENVIRONMENT SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Privacy on the Web
• Posted privacy policies are legal representations• Violation of privacy policy by a website is deceptive
advertising and an unfair trade practice• The Federal Trade Commission acts on behalf of
consumers• Vigorous enforcement
– Example: In the Matter of Microsoft Corporation
• FTC is the leading U.S. government privacy watchdog– Is this good? (It was never intended.)
45-848 ECOMMERCE LEGAL ENVIRONMENT SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Electronic Communications Privacy Act 18 U.S.C. §§1367, 2232, 2510, 2701, 3117, 3121
• Defines “oral communication” as “any oral communication uttered by a person exhibiting an
expectation that such communication is not subject to interception under circumstances justifying such expectation”
• Prohibits– interception of wire, oral, or electronic communication– use or disclosure of intercepted communication
• Complicated exceptions– Inadvertently overhearing evidence of a crime
• Chat rooms?
45-848 ECOMMERCE LEGAL ENVIRONMENT SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
• A “covered entity” may not use or disclose protected health information, except as permitted or required …– pursuant to … a consent … to carry out treatment, payment, or
health care operations– pursuant to … an authorization– pursuant to … an agreement (opt-in)– [other provisions]
45 CFR §164.502
• Health information that meets … specifications for de-identification … is considered not to be individually identifiable health information
45 CFR §164.502(d)
45-848 ECOMMERCE LEGAL ENVIRONMENT SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
What HIPAA Protects
• “Individually identifiable health information” is information that is a subset of health information, including demographic information collected from an individual, and: …– relates to … physical or mental health or condition of an
individual;… provision of health care to an individual; or… payment for … health care to an individual; and
– identifies the individual; or– with respect to which there is a reasonable basis to believe the
information can be used to identify the individual
45 CFR §164.501
45-848 ECOMMERCE LEGAL ENVIRONMENT SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
De-Identification• A covered entity may determine that health information is not individually identifiable
only if: … the following identifiers of the individual or of relatives, employers, or household members of the individual are removed:
• Names; • All geographic subdivisions smaller than a State, including street address, city, county, precinct, zip
code, …, except for the initial three digits of a zip code if …• All elements of dates (except year) for dates directly related to an individual, including birth date,
admission date, discharge date, date of death; and all ages over 89…• Telephone numbers; Fax numbers; email addresses; URLs; IP addresses• Social security numbers; Medical record numbers; Health plan beneficiary numbers; Account
numbers; • Certificate/license numbers; vehicle identifiers, serial numbers, plate numbers; • Device identifiers and serial numbers; • Biometric identifiers, including finger and voice prints; • Full face photographic images and any comparable images; and • Any other unique identifying number, characteristic, or code; and • The covered entity does not have actual knowledge that the information could be used alone or in
combination with other information to identify an individual who is a subject of the information.
45 CFR §164.514
45-848 ECOMMERCE LEGAL ENVIRONMENT SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Employer Surveillance
• In general, surveillance by the employer is legal if– the computer being monitored belongs to the employer; or– the computer is connected to the employer’s network; and– even if communications are encrypted
• McLaren v. Microsoft Corp.,No. 05-97-00824 (Tex. Ct. App. May 28, 1999).– Employee used private password to encrypt email messages
stored on office computer.– Company decrypted and viewed files.– Email account and workstation were provided for business
use, so Microsoft could legitimately access data stored there.
• Notice of Electronic Monitoring Act (CT)– Versions introduced in other states and Congress
45-848 ECOMMERCE LEGAL ENVIRONMENT SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Platform for Privacy Preferences
• P3P• Developed by World Wide Web Consortium• Protocol allowing users to interrogate websites about
privacy• P3P-enabled site posts machine-readable privacy
policy summary (IBM P3P editor, PrivacyBot)• User sets up his privacy preferences in his browser• User’s browser examines the summary; does not
allow access to non-compliant sites• Compliance is voluntary. Validator available.
45-848 ECOMMERCE LEGAL ENVIRONMENT SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Anonymity (U.S.)
• Freedom to publish anonymously is guaranteed by the First Amendment. McIntyre v. Ohio Elections Comm’n, 514 U.S. 334 (1995). Basis: Federalist Papers (1787-1788)
• Are you anonymous if your ISP can be forced to identify you?
• Currenty a VERY HOT topic because of efforts of the recording industry to identify file swappers– Not strictly a privacy rights matter because the Digital Millennium
Copyright Act specifically authorizes such subpoenas
45-848 ECOMMERCE LEGAL ENVIRONMENT SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Subpoenas to Identify• No privilege between a user and and ISP. But ISP
may have standing to assert user’s rights, especially First Amendment rights
• In re Subpoena Duces Tecum to America Online, Inc. (Anonymous Publicly Traded Co. v. Doe), Va. Cir. Ct., Fairfax Cty., Misc. Law No. 40570, 2/7/00
• Company alleged it was defamed by an anonymous AOL subscriber
• Company did not want to identify itself, but demanded in a subpoena that AOL identify the subscriber
• (Underlying case was in Ohio; AOL is in Virginia)
45-848 ECOMMERCE LEGAL ENVIRONMENT SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Subpoenas to Identify
• Lower court allowed the subpoena• Gave a test for subpoenas to identify a user:
– are pleadings and evidence supplied to the court satisfactory?
– does the party requesting the subpoena have a legitimate, good faith basis that it may be the victim of actionable conduct?
– is identifying the subscribers central to advancing the claim?
45-848 ECOMMERCE LEGAL ENVIRONMENT SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
America OnLine, Inc. v. Record No. 000974 Anonymous Publicly Traded Company
• Appeals court REVERSED the decision to allow the anonymous subpoena (2001 Va. LEXIS 38; 29 Media L. Rep. 1442) HTML version
• HELD, anonymous plaintiff could be given subpoena power only if it would suffer exceptional harm, such as social stigma, or extraordinary economic retaliation, as a result of exposing its identity
• Company subsequently dropped the lawsuit
45-848 ECOMMERCE LEGAL ENVIRONMENT SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Korean Privacy Law
• Constitution of the Republic of Korea– Article 17 [Privacy]
The privacy of no citizen may be infringed. – Article 18 [Secrecy of Correspondence]
The secrecy of correspondence of no citizen may be infringed.
• Act on the Protection of Personal Information Maintained by Public Agencies (1995)
• Act on Promotion of Information and Communication Network Utilization and Data Protection (“DP Act,” 2001)
• Korea Personal Data Protection Center
45-848 ECOMMERCE LEGAL ENVIRONMENT SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
European Union Privacy Approach
• Total contrast to U.S.• Europeans fear their neighbors, not the government• Americans fear the government, not their neighbors• “Public” information highly restricted• No notion of personal data as a commodity to be
bought and sold• Concept:
– prior notice and consent by individual– use restricted to disclosed use– right of access and correction– onward transfer restricted
45-848 ECOMMERCE LEGAL ENVIRONMENT SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
EU Privacy Structure
European Parliament
UKGovernment
Information Commissioner
Registered DataControllers, e.g. Shell
FrenchGovernment
GermanGovernment
Privacy Commissioner Privacy Commissioner
Individuals
45-848 ECOMMERCE LEGAL ENVIRONMENT SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
European Union Privacy Directive
• Member States shall provide that personal data may be processed only if:(a) the data subject has given his consent unambiguously; or(b) processing is necessary for– performance of a contact to which the data subject is party;– compliance with a legal obligation to which the controller is
subject; – protecting the vital interests of the data subject; or– legitimate interests of parties to whom the data are
disclosed, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject
• EU claims this also applies to U.S. companies who use cookies
45-848 ECOMMERCE LEGAL ENVIRONMENT SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Remote Data Collection
• Where the data have not been obtained from the data subject … the controller must at the time of undertaking the recording of personal data provide the data subject with at least:– identity of the controller and his representative,– purposes of the processing– categories of data concerned– recipients or categories of recipients;– existence of the right of access and rectification
• Subject may object, but not refuse
45-848 ECOMMERCE LEGAL ENVIRONMENT SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
European Union Privacy Directive• Member States shall grant the right to every person not to
be subject to a decision which produces legal effects concerning him … based solely on automated processing of data … such as– performance at work– creditworthiness– reliability– conduct, etc.
• Member States shall provide that the transfer to a third country of personal data ... may take place only if ... the third country in question ensures an adequate level of protection.– big problem with respect to U.S.
45-848 ECOMMERCE LEGAL ENVIRONMENT SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
US/EU Agreement on Data Privacy and Safe Harbor
• 7 Principles to which a US company may voluntarily agree• Safe harbor companies deemed to protect data
adequately and data flows to them from the EU may occur • Member State requirements for prior approval of data
transfers either will be waived or approval will be automatically granted; and
• Claims brought by European citizens against U.S. companies will be heard in the U.S. subject to limited exceptions
• Enforcement in the US by the Federal Trade Commission and Department of Transportation, 49 U.S.C. §41712
• Does not include financial institutions
45-848 ECOMMERCE LEGAL ENVIRONMENT SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Seven US/EU Safe Harbor Principles
• Notice– “clear and conspicuous” first time data is collected– purpose of collection– how to complain– types of third parties with whom data will be shared
• Choice (opt-out always, opt-in for “sensitive” information)• Onward Transfer (ascertain status of transferee)• Security• Data Integrity (reliability + use consistent with purpose)• Access (+ right to correct)• Enforcement (recourse + obligation to remedy)
45-848 ECOMMERCE LEGAL ENVIRONMENT SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Major Ideas
• Privacy is important• No accepted definition of privacy• Federal legislation in medical, financial, educational• Many state laws, few dealing with data• Anonymizing databases is difficult• Privacy policies are contracts• FTC is the main U.S. privacy enforcement body• Complying with privacy policies and laws is not easy
45-848 ECOMMERCE LEGAL ENVIRONMENT SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
QA&
A simple HTTP transaction
WebServerGET /index.html HTTP/1.1
Host: www.att.com. . . Request web page
HTTP/1.1 200 OKContent-Type: text/html. . . Send web page
SOURCE: LORRIE CRANOR
… with P3P 1.0 added
WebServer
GET /w3c/p3p.xml HTTP/1.1Host: www.att.comRequest Policy Reference File
Send Policy Reference File
GET /index.html HTTP/1.1Host: www.att.com. . . Request web page
HTTP/1.1 200 OKContent-Type: text/html. . . Send web page
Request P3P Policy
Send P3P Policy
SOURCE: LORRIE CRANOR
P3P increases transparency
• P3P clients can check a privacy policy each time it changes
• P3P clients can check privacy policies on all objects in a web page, including ads and invisible images
http://adforce.imgis.com/?adlink|2|68523|1|146|ADFORCE
http://www.att.com/accessatt/
SOURCE: LORRIE CRANOR
P3P in IE6
Privacy icon on status bar indicates that a cookie has been blocked – pop-up appears the first time the privacy icon appears
Automatic processing of compact policies only;third-party cookies without compact policies blocked by default
SOURCE: LORRIE CRANOR
Users can click on privacy icon forlist of cookies;
privacy summariesare available atsites that are P3P-enabled
SOURCE: LORRIE CRANOR
Privacy summary report isgenerated automaticallyfrom full P3P policy
SOURCE: LORRIE CRANOR
P3P/XML encoding<POLICIES xmlns="http://www.w3.org/2002/01/P3Pv1"><POLICY discuri="http://p3pbook.com/privacy.html" name="policy"> <ENTITY> <DATA-GROUP> <DATA ref="#business.contact-info.online.email">[email protected] </DATA> <DATA ref="#business.contact-info.online.uri">http://p3pbook.com/ </DATA> <DATA ref="#business.name">Web Privacy With P3P</DATA> </DATA-GROUP> </ENTITY> <ACCESS><nonident/></ACCESS> <STATEMENT> <CONSEQUENCE>We keep standard web server logs.</CONSEQUENCE> <PURPOSE><admin/><current/><develop/></PURPOSE> <RECIPIENT><ours/></RECIPIENT> <RETENTION><indefinitely/></RETENTION> <DATA-GROUP> <DATA ref="#dynamic.clickstream"/> <DATA ref="#dynamic.http"/> </DATA-GROUP> </STATEMENT></POLICY></POLICIES>
P3P version
Location ofhuman-readableprivacy policy
P3P policy name
Site’s nameandcontactinfo
Access disclosure
Sta
tem
en
t
Human-readableexplanation
How data maybe used
Data recipients
Data retention policy
Types of data collected
SOURCE: LORRIE CRANOR