Privacy and Surveillance
32
Privacy and Surveillance Understanding & Use of the Internet Spring 2012 G. F Khan, PhD
description
Privacy and Surveillance. Understanding & Use of the Internet Spring 2012 G. F Khan, PhD. Ideas so far. Internet and properties Theoretical approaches toward technology and society’ e.g STT. SCOT Information Society Community & Identify Politics & Democracy. This class. Surveillance - PowerPoint PPT Presentation
Transcript of Privacy and Surveillance
Privacy and Surveillance
Understanding & Use of the Internet Spring 2012
G. F Khan, PhD
Ideas so far
Internet and properties Theoretical approaches toward
technology and society’ e.g STT. SCOT
Information Society Community & Identify Politics & Democracy
This class
• Surveillance• Sensitive Personal Data/Information• Privacy• Data protection
– Legislation, governance, practice• Dataveillance• Social Sorting• Surveillance Society
Surveillance• Surveillance – to watch over – paying
close attention to personal details for the purpose of influencing, managing or controlling those under inspection or scrutiny (Lyon)
• Purposeful, Routine, systematic, focused attention paid to personal details for the sake of control, entitlement, management, influence or protection (OIC report 2006)
SurveillanceSurveillance involves the use of techniques to
gather and use information about individuals – their personal details, their movements and social contacts, their habits and behaviour, their communication – in order to make administrative or business decisions that affect their life chances and those of the groups or categories into which they are construed to fall. (OIC report 2010)
Surveillance Mass Surveillance
Systematic surveillance of everyone Targeted Surveillance
Surveillance of particular individuals places or activities
Both can use tools of Internet age, but increasing possibilities for mass surveillance
Surveillance Watching each other (p2p), lateral
surveillance
Government surveillance - of individuals and organisations
Commercial surveillance - of individuals and organisations
‘Sousveillance’ of powerful organisations Ordinary people doing the watching, rather
than higher authorities or architectures doing the watching
Surveillanceof individuals
By individuals by organizations
Of organisations
Peer monitoringsurveillance
Sousveillance
Holding to account/ espionage
Theoretical approaches-Surveillance Enables rationalisation and efficiency in the
bureaucratic systems
Productivity and economic efficiency in the capitalist system– not only in production, but in marketing and selling.
Many see surveillance central to the emergence of states, and all the institutions of states.
State does not only use violence, but surveillance, which is a powerful tool in development of dictatorship.
Privacy questions How can we define Privacy? What are main sources of ideas about
privacy? What are benefits of privacy? For whom? What are the problems with main conceptions
of privacy? How is privacy a social policy question? Why
do we need it in a free, democratic society? How does privacy relate to trust? What are the main tools used in safeguarding
privacy? What alternative futures are there for privacy?
Privacy
Privacy is the interest that individuals have in sustaining a 'personal space', free from interference by other people and organisations. (Clarke, 2005)
http://www.rogerclarke.com/DV/Intro.html
Privacy of personal communications. • Individuals claim an interest in being able to
communicate among themselves, using various media, without routine monitoring of their communications by other persons or organisations. This includes what is sometimes referred to as 'interception privacy'; and
Privacy of personal data. • Individuals claim that data about themselves
should not be automatically available to other individuals and organisations, and that, even where data is possessed by another party, the individual must be able to exercise a substantial degree of control over that data and its use. This is sometimes referred to as 'data privacy' and 'information privacy'.
Dimensions of Privacy (by Clarke,2005)
Dimensions of Privacy (by Clarke,2005)Privacy of the person:
• Sometimes referred to as 'bodily privacy' This is concerned with the integrity of the individual's body. Issues include compulsory immunisation, blood transfusion without consent, compulsory provision of samples of body fluids and body tissue, and compulsory sterilisation;
Privacy of personal behaviour:• This relates to all aspects of behaviour, but
especially to sensitive matters, such as sexual preferences and habits, political activities and religious practices, both in private and in public places. It includes what is sometimes referred to as 'media privacy';
Personal Data What is Personal Data? What is Sensitive personal data? Who ‘owns’ personal data? How can personal data be used? What moral rights should be have over personal
data How can these rights be protected in law and in
practice?
Dataveillance (Clarke) Collection, classification, linking and
use of personal and collective information
Creation of information ‘identity’ The individual and their data
‘identity’ What makes up your ‘data identity’? Personal Data
Personal Data? Highly contested concept
To be “personal data”, data must be capable of affecting an identifiable person in a material way, and the notion of what is a relevant effect permits various interpretations. (ICO report 2010)
‘Sensitive personal data’
OCI survey of 27 European countries approach to PD (2004)
‘Unique Identifier’ ModelPersonal Data is data which may be uniquely related to an individual.
Due to the uniqueness of the data, it is impossible for it to be anonymised in such a way as to render it impossible for it to continue to be related to an identifiable person. Context is irrelevant.
‘Affects’ Model Personal Data is data which is capable of affecting an individual in a
relevant way. It is possible to anticipate whether data will affect an individual in a relevant way without taking account of context.
‘Context Dependent Identifier’ Model Personal Data is data which may identify an individual. All data is
capable of being personal data, as any data is capable of identifying an individual in the right circumstances.
‘Context Dependent Affects’ Model Personal Data is data which may affect an individual in a relevant way.
All data is capable of being personal data, as any data is capable of affecting an individual in a relevant way in the right circumstances.
Personal Data in the Internet? IP address and trail Cookies Spyware Website specific personal data – e-
government and ecommerce Bank/credit card; Government; Commercial
records Search term logs Posts to bulletin boards Emails; Chat logs SNS posts etc Designed into technology
Consent and limits of data use
We are not passive ‘data objects’ We can give or withhold our consent Types and use of consent
Informed consent Explicit consent Also known as express or direct consent —means
that an individual is clearly presented with an option to agree or disagree with the collection, use, or disclosure of personal information.
Implicit consent Opt-in or opt-out
Protecting privacy, making consent work Law- e.g. Data protection directive of EU
Policy and Policy Practice
Technology
Self-regulation
Protecting privacy, making consent workThe seven principles governing the OECD’s recommendations
for protection of personal data were: Notice—data subjects should be given notice when their
data is being collected; Purpose—data should only be used for the purpose stated
and not for any other purposes; Consent—data should not be disclosed without the data
subject’s consent; Security—collected data should be kept secure from any
potential abuses; Disclosure—data subjects should be informed as to who is
collecting their data; Access—data subjects should be allowed to access their
data and make corrections to any inaccurate data; and Accountability—data subjects should have a method
available to them to hold data collectors accountable for following the above principles
Internet’s threat to personal data (Clarke, 1998) Transmission Insecurity
Data transmitted over the Internet is subject to several risks:
it might not reach the intended recipient; it might reach an unintended person or
organisation; it might be accessed by an unintended person or
organisation; the contents might change while in transit; a message might be transmitted that purports
(claims) to come from a particular sender, but doesn't;
a sender may wrongfully deny that they sent it; and
a recipient might wrongfully deny that they received it.
Internet’s threat to personal data (Clarke, 1998) More Transaction Trails, of Greater
Intensity Internet transactions enable the automated
maintenance of yet more trails of each person's activities and locations, including: logs of email messages sent and received; logs of web-pages visited (referred to by marketers as
`the click-trail'); and logs of transactions using the many other Internet
services (such as FTP, Telnet, IRCs, MUDs, video-phones and video-conferences).
A cookie is a record that is written onto the local drive of the web-browser, as a result of a command issued by a web-server
Internet’s threat to personal data (Clarke, 1998) Personal Profile Extraction
One extract all your information from your online profile, even after you delete it. E.g. Facebook
Push-Marketing Tracking your online behavior and send you with
ads while your visiting some website.
Threats to Personal Identity (Clarke, 1998) Appropriation of One's Identity
Identity theft is the acquisition and use of sufficient evidence of identity relating to a particular person that the thief can operate as though they were that person.
e.g. stealing credit card number, email ID and password etc
Location Services Through GPS and other technology people can know
exactly where are you. Good side V.S bad side?
What is Surveillance Society? We live in a surveillance society-every move is
watched every key stroke in recorded. In all the rich countries of the world everyday
life is suffused with surveillance encounters, not merely from dawn to dusk but 24/7.
There are complex infrastructure which assumes that gathering and processing personal data is vital to contemporary living. E.g. CCTV, fingerprints or iris scans,
communication records or the actual content of calls
Two sides of Surveillance Society Benefit
Efficiency speed control Law and order Coordination, and Reduction of corruption
Drawbacks Privacy-a lot of personal data collected Security- what if this data goes into wrong hands? Large infrastructure large problems- e.g. social security
or medical databases if corrupted or hacked? Who is watching the watcher?
Key issues in surveillance Social Sorting Function Creep Data Flow
Social Sorting In government and commerce large personal
information databases are analysed and categorized to define target markets and risky populations
To make sense of personal data Examples?
Micro targeting in politics Marketing e.g. Amazon and eBay Suspicious individual behaviour Connivance for customers e.g. easy to find your
product and save time
Function Creep
Collected for one purpose, but used for other purpose beyond what was originally understood and considered socially, ethically and legally acceptable
Examples?
Data Flow Data gathered by surveillance technologies
flow around computer networks. Many may consent to giving data in one
setting, but what happens if those data are then transferred elsewhere?
