Thursday, March 10, 2011

THE FOURTH AMENDMENT AND EXPECTATION OF PRIVACY

“ The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath of affirmation, and particularly describing the place to be searched, and the persons or things to be seized. ” --

Fourth Amendment, U.S. Constitution –-

The U.S. Constitution protects a right to privacy from intrusion by government, most explicitly in the Fourth Amendment . The Supreme Court has interpreted other parts of the Bill of Rights to provide a constitutional right to privacy from government in other areas as well.


WEAKENING THE FOURTH AMENDMENT


• The Fourth Amendment sets limits on the government’s rights to legally search our homes and businesses and seize documents. It requires that the government have probable causefor the search and seizure; this is, there must be a good reason for the specific search.

• The trouble now is that so much personal information is not safe in our homes or in the individual offices of our doctors and financial advisors. Because many laws allow law enforcement agencies to get information from nongovernment databases without a court order.


EXAMPLES OF THE WEAKING OF THE FOURTH AMENDMANT


SATELLITE SURVEILLANCE AND THERMAL IMAGING

Uses various computer technologies to take detailed photographs of the earth, detailed enough to show our homes and backyards.


AUTOMATED TOLL COLLECTION AND ITEMIZED PURCHASE RECORDS

Sensors read a device in the car as it goes by without stopping, and the owner’s credit card or bank accounts gets billed for the toll.


SUPREME COURT DECISION AND EXPECTAION OF PRIVACY

Several Supreme Court cases addressed the impact of technology on Fourth Amendment protection earlier context.”

Olmstead, U.S, 1928, the government has used wiretaps on telephone lines without a court order.


Katz, U.S, 1967, the Supreme Court reversed its position and ruled that the Fourth Amendment does apply to conversation and that it applies public places In some situations.


MORE SEARCH AND SURVEILLANCE TOOLS


ELECTRONIC BODY SEARCHES

Several airports use an x-ray device that displays on a computer screen the image of a person’s body without clothes. Weapons and packets of drugs hidden under clothing are visible in the image. The U.S Customs Service first used the device to examine travellers it suspected of smuggling drugs.


SURVEILLANCE CAMERAS (CCTV – close circuit television)

We are used to security cameras in banks and convenience stores. They deter crimes and help in investigations of crimes.


AMENDMENT ACCORDING TO THE SURVEILLANCE POLICY

“To permit unrestricted video surveillance by agent of the state would seriously diminish the degree of privacy we can reasonably expect to enjoy in a free society. We must always be alert to the fact that modern methods of electronic surveillance have the potential, if uncontrolled, to annihilate privacy.”

-- Supreme Court of Canada, 1990 --


CONSUMER INFORMATION

2.3.1 Database And Marketing

Businesses use powerful hardware and software to analyze consumer data, government records, and any other useful information to determine who might be a new customer. This is an application of a process called “data mining“, the searching of masses of data to find new information or knowledge.


Children On The Web

There are two privacy issues related to it, one of which is linked to safety; in which the child molesters use the Web to find Children. The second issue is the collection of personal information by the many Websites designed for children.


1998 – Federal Trade Commission (FTC) study that 89%of Web sites aimed at children collected personal information, and only 23% of the sites asked children to get parents consent from their parents before providing the information.

Later that year, Congress passed the Children’s Online Privacy Protection Act (COPPA) ordering the FTC to set up rules for protecting children under age 13. “Verifiable Parental Consent” which mean the site must prominently post their policy telling what information they collect and show and how it is used.


2.3.3 Credit Bureaus

To provide a central storehouse of information for evaluating applicants and for credits. Some employers also use credit bureaus as part of a background check on job applicants.

1996 – Congress amended the Fair Credit Reporting Act of 1970 (FCRA), setting stronger standards to reduce access to credit records and making access under false pretense a felony.

2001 – Federal judge ruled that the law restricting sale of personally identifiable financial information included the headers on credit reports, and the credit bureaus could no longer sell header information without consumer consent. This ruling was a significant change in privacy protection.


2.3.4 Principles For Data Collection And Use

Informed Consent - the first principle for ethical treatment of personal information.


TWO MOST COMMON CHOICE GIVEN TO THE PEOPLE

OPT OUT Policy – one must check a box on a contract, membership form, or agreement, or call or write to the organization to request removal from distribution list.

OPT IN Policy – personal information is not distributed to other business or organizations unless the consumer has explicitly checked a box or signed a form permitting disclosure.


FIGURE 2.2

Summarizes privacy principles for personal data. Many government statements and laws, recommendations from many privacy organizations, and many business policies include versions of these principles. There is wide variation in interpretation and implementation of the principles.

  1. Collect only the data needed.
  2. Inform people when data about them are being collected, what is collected, and how is will be used. (do not use invisible information gathering techniques without informing people.)
  3. Offer a way for to opt out from mailing lists and from transfer of their data to other parties.
  4. Provide stronger protection for sensitive data. For example, use an opt-in policy for disclosure of medical data.
  5. Keep data only as long as needed.
  6. Maintain accuracy and security of data.
  7. Provide a way for people to access and correct data stored about them.

Wednesday, March 9, 2011

RIGHTS OF PRIVACY

In The Offline World

Rights of privacy claims fall generally into these categories.

1. The disclosure via some publication of private facts even if true. This refers to information that goes beyond what is necessary to tell the facts. In privacy claims, the “publication” required to show a cause of action is generally deemed to be more widespread than that required for defamation claims since the gist of the claim is akin to a public embarrassment. Thus, the facts so disclosed must be sufficiently private and unrelated to the matters otherwise disclosed that the disclosure becomes offensive to the ordinary person.

2. The publishing of truthful information that, within the context of the publication, casts the claimant in a “false light.” This means that, when the material is read or seen, the right of privacy claimant appears to have attributes or qualities that are detrimental and *within the context of the published event,* not true even though there may be technical truth when the matter is looked at outside the distorted context. This may also occur as a result of editing and not just in the writing.

3. Trespassing on the private property of another or invading a private space in which the claimant has a reasonable expectation of privacy. In these instances, even if the photograph for example would be validly taken were the subject not inside a private place, it may become actionable if the photographer had to trespass on private land (the subject’s or a third party’s) to obtain the photograph.

4. Using the name or likeness of an individual, generally a celebrity but this is not always so, for commercial purposes. This is sometimes referred to as the “right of publicity” and it has been greatly expanded in recent years. As but one example, California has a specific statute dealing with this legal right and the penalties for the violation of it. As indicated, while most often a claim filed by celebrities, there have also been instances where private persons have found their name and likeness used for advertising, especially on the Internet.

Unlike defamation, there can be an actionable claim for invasion of privacy even if the matters disclosed are true. This is a separate cause of action from libel or slander in this regard. Also unlike defamation, only living individuals can sue for invasion of privacy and there is no “trade libel” equivalent for remarks about a company or product. There is one exception, however, to the “living individual” rule and that applies in the so called “right of publicity” area in which celebrities or those individuals who exploited their name and likeness during their lives have rights to pass on to their heirs and estates. The estates of Charlie Chaplain, Marilyn Monroe and Jimi Hendrix are but a few examples. For an article dealing with domain name rights asserted by the estate of Jimi Hendrix, read “Julia, Jimi and Cybersquatting.”

As with defamation, public officials and others in the public arena enjoy less protection for their rights of privacy than do “ordinary” folks. Further, disclosure of publicly known facts or matters of concern to the public are also shielded from claims.

There are many more issues and subtleties in this area of the law than can be covered in this article since I am trying to give a broader picture of this complex area of the law.

On The Internet

In addition to the laws and rules that apply in the offline world discussed above, the Internet presents us with potential invasions of our rights of privacy that do not find one-to-one equivalents in the offline world. Because of the technological ease of obtaining and thus collating and ultimately sharing information, whether through overt gathering practices or through the use of cookies and other means, there is some reason to be concerned about how our “tracks” are being used.

However, it should be noted that, except in certain specific instances, there is no overall statutory structure dealing with such rights on the Internet and sites are not required to have privacy policies. And because, absent these specific instances, there is no such generalized “right of privacy” unless there are the violations mentioned above in the offline equivalent, in some of these instances, the Federal Trade Commission (FTC) has stepped in and determined that the particular “invasion” was actually an “unfair trade practice.” I have written about some of these cases in the article “Privacy Issues: New Wrinkles.”

Thus, the cases involve those sites that either have adopted such policies, either for marketing reasons or because they fall within the scope of a regulated area but due to subsequent events, the sites have not adhered to those policies or sites in which, even though there is no stated policy, the FTC has found that there were other “deceptive” practices for which the information collected was being used. This latter instance may be because there was some sort of implied statement on the site about how information would be used. The violations may be either intentional or negligent. The effect on the site visitor’s privacy is often the same.

Irrespective of whether or not a site has a stated privacy policy, the use of information obtained from site visitors for purposes not directly related to the purpose for which the information was provided can be deemed to be an unfair trade practice. Among the most widely used “practice” is the sharing of information with third parties, almost always for marketing to the visitor, where such use was not expressly indicated.

Technologically, this “sharing” takes on new meaning when information gathered online (from those who clicked on banner and other ads and otherwise) can be combined with information obtained offline, since offline database collection has been going on for much, much longer.

The remedies the FTC has imposed on sites has generally been to order the sites to notify those who provided information and make provision for those parties to delete that information (opt out provisions). The violating sites are often required to notify the third parties to whom the information was provided to delete such information as well.

It is an interesting separate issue whether or not in the license agreement for such information such subsequent government action was covered and whether or not the licensor would thus be in breach of that license agreement entitling the licensee to some remedy. Thus one of the side issues involved here is the structure of such licenses in the first instance and whether or not the information is provided on an “As Is” basis or is the subject of warranties. If you are a site owner licensor or a third party licensee, be very careful in how you structure such licenses.

Tuesday, March 8, 2011

PRIVACY

Privacy (from Latin: privatus "separated from the rest, deprived of something, esp. office, participation in the government", from privo "to deprive") is the ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively. The boundaries and content of what is considered private differ among cultures and individuals, but share basic common themes.

Privacy is sometimes related to anonymity, the wish to remain unnoticed or unidentified in the public realm. When something is private to a person, it usually means there is something within them that is considered inherently special or personally sensitive. The degree to which private information is exposed therefore depends on how the public will receive this information, which differs between places and over time.

Privacy is broader than security and includes the concepts of appropriate use and protection of information.


TYPES OF PRIVACY

1.) Physical

Physical privacy could be defined as preventing "intrusions into one's physical space or solitude" This would include such concerns as:

preventing intimate acts or one's body from being seen by others for the purpose of modesty; apart from being dressed this can be achieved by walls, fences, privacy screens, cathedral glass, partitions between urinals, by being far away from others, on a bed by a bed sheet or a blanket, when changing clothes by a towel, etc.; to what extent these measures also prevent acts being heard varies

* video, of aptly named graphic, or intimate, acts, behaviors or body parts
* preventing unwelcome searching of one's personal possessions
* preventing unauthorized access to one's home or vehicle
* medical privacy, the right to make fundamental medical decisions without

governmental coercion or third party review, most widely applied to questions of contraception

An example of the legal basis for the right to physical privacy would be the US Fourth Amendment, which guarantees "the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures". Most countries have laws regarding trespassing and property rights also determine the right of physical privacy.

Physical privacy may be a matter of cultural sensitivity, personal dignity, or shyness. There may also be concerns about safety, if for example one has concerns about being the victim of crime or stalking.

2.) Informational

Data privacy refers to the evolving relationship between technology and the legal right to, or public expectation of privacy in the collection and sharing of data about one's self. Privacy concerns exist wherever uniquely identifiable data relating to a person or persons are collected and stored, in digital form or otherwise. In some cases these concerns refer to how data is collected, stored, and associated. In other cases the issue is who is given access to information. Other issues include whether an individual has any ownership rights to data about them, and/or the right to view, verify, and challenge that information.

Various types of personal information often come under privacy concerns. For various reasons, individuals may not wish for personal information such as their religion, sexual orientation, political affiliations, or personal activities to be revealed. This may be to avoid discrimination, personal embarrassment, or damage to one's professional reputation.

Financial privacy, in which information about a person's financial transactions is guarded, is important for the avoidance of fraud or identity theft. Information about a person's purchases can also reveal a great deal about that person's history, such as places they have visited, whom they have had contact with, products they use, their activities and habits, or medications they have used.

Internet privacy is the ability to control what information one reveals about oneself over the Internet, and to control who can access that information. These concerns include whether email can be stored or read by third parties without consent, or whether third parties can track the web sites someone has visited. Another concern is whether web sites which are visited collect, store, and possibly share personally identifiable information about users. Tools used to protect privacy on the internet include encryption tools and anonymizing services like I2P and Tor.

Medical privacy allows a person to keep their medical records from being revealed to others. This may be because they have concern that it might affect their insurance coverage or employment. Or it may be because they would not wish for others to know about medical or psychological conditions or treatment which would be embarrassing. Revealing medical data could also reveal other details about one's personal life (such as about one's sexual activity for example).

Sexual privacy prevents a person from being forced to carry a pregnancy to term and enables individuals to acquire and use contraceptives and safe sex supplies and information without community or legal review

Political privacy has been a concern since voting systems emerged in ancient times. The secret ballot is the simplest and most widespread measure to ensure that political views are not known to anyone other than the original voter — it is nearly universal in modern democracy, and considered a basic right of citizenship. In fact even where other rights of privacy do not exist, this type of privacy very often does.

3.) Organizational

Governments agencies, corporations, and other organizations may desire to keep their activities or secrets from being revealed to other organizations or individuals. Such organizations may implement various security practices in order to prevent this. Organizations may seek legal protection for their secrets. For example, a government administration may be able to invoke executive privilege or declares certain information to be classified, or a corporation might attempt to protect trade secrets.

4.) Spiritual and intellectual

The earliest development of privacy rights began under British common law, which protected "only the physical interference of life and property." Its development from then on became "one of the most significant chapters in the history of privacy law." Privacy rights gradually expanded to include a "recognition of man's spiritual nature, of his feelings and his intellect." Eventually, the scope of those rights broadened even further to include a basic "right to be let alone," and the former definition of "property" would then comprise "every form of possession -- intangible, as well as tangible." By the late 19th century, interest in a "right to privacy" grew as a response to the growth of print media, especially newspapers.

HISTORY OF PRIVACY

Privacy and technology

As technology has advanced, the way in which privacy is protected and violated has changed with it. In the case of some technologies, such as the printing press or the Internet, the increased ability to share information can lead to new ways in which privacy can be breached. It is generally agreed that the first publication advocating privacy in the United States was the article by Samuel Warren and Louis Brandeis, The Right to Privacy, 4 Harvard L.R. 193 (1890), that was written largely in response to the increase in newspapers and photographs made possible by printing technologies.

New technologies can also create new ways to gather private information. For example, in the U.S. it was thought that heat sensors intended to be used to find marijuana growing operations would be acceptable. However in 2001 in Kyllo v. United States (533 U.S. 27) it was decided that thermal imaging devices that can reveal previously unknown information without a warrant does indeed constitute a violation of privacy.

Generally the increased ability to gather and send information has had negative implications for retaining privacy. As large scale information systems become more common, there is so much information stored in many databases worldwide that an individual has no way of knowing of or controlling all of the information about themselves that others may have access to. Such information could potentially be sold to others for profit and/or be used for purposes not known to the individual of which the information is about. The concept of information privacy has become more significant as more systems controlling more information appear. Also the consequences of a violation of privacy can be more severe. Privacy law in many countries has had to adapt to changes in technology to address these issues and maintain people's rights to privacy as they see fit. But the existing global privacy rights framework has also been criticized as incoherent and inefficient. Proposals such as the APEC Privacy Framework have emerged which set out to provide the first comprehensive legal framework on the issue of global data privacy.

Privacy and the Internet

he Internet has brought new concerns about privacy in an age where computers can permanently store records of everything: "where every online photo, status update, Twitter post and blog entry by and about us can be stored forever," writes law professor and author Jeffrey Rosen.

This currently has an effect on employment. Microsoft reports that 75 percent of U.S. recruiters and human-resource professionals now do online research about candidates, often using information provided by search engines, social-networking sites, photo/video-sharing sites, personal web sites and blogs, and Twitter. They also report that 70 percent of U.S. recruiters have rejected candidates based on internet information.[11] This has created a need by many to control various online privacy settings in addition to controlling their online reputations, both of which have led to legal suits against various sites and employers.

The ability to do online inquiries about individuals has expanded dramatically over the last decade. Facebook for example, as of July 2010, was the largest social-networking site, with nearly 500 million members, or 22 percent of all Internet users, who upload over 25 billion pieces of content each month. Twitter has more than 100 million registered users. The Library of Congress recently announced that it will be acquiring — and permanently storing — the entire archive of public Twitter posts since 2006, reports Rosen.

Top 10 Privacy Issues for 2011

The prevalence of mobile devices with personally identifiable location-based information and the increasing use of social media are top concerns for 2011.

With more personal information available on the Internet, in everyday consumer applications and stored in corporate databases, risks to consumers and companies will only grow in the next year.



In addition, increasing regulations and new laws will force many organizations in 2011 to review their handling of private information and implement new programs to minimize their risks. To deal with these increasing threats and obligations, more organizations will create stronger privacy policies and turn to encryption, web filtering and secure managed file transfer.

Proofpoint predicts the following trends will dominate privacy discussions in 2011:

1. The privacy and confidentiality of location-based information will become a major concern for both consumers and corporations. With the rise in mobile GPS information, companies will have to protect both personally identifiable information (PII) of employees, customers and partners, and also create new policies for handling location-based information. Not only will real-time information about location be a vulnerability, but companies will have access to information about where people (or their devices) spend much of their time.

2. At least one major social media site will experience a major breach. According to Neilsen, nearly a quarter (22.7%) of all online time is spent social networking. With more people on social networks and more personal information available via those networks, the potential for exposure of that data is likely.

3. Stricter regulations will be passed worldwide. Privacy regulations in the healthcare, financial services and critical infrastructure industries like energy and telecommunications will likely see new regulations dictating what needs to be protected and what to do when data loss occurs.

4. Expect a national data breach notification law. Notification laws like California’s SB 1386 exist in 46 of 50 states today. A federal law is imminent.

5. Blended threats will increase. While email is still the number one threat vector for personal information loss, threats from newer communications channels is increasing, especially in the form of blended threats where the target is first attacked through email, then directed to Web or social media.

6. At least one company will be prosecuted under the broad-reaching Massachusetts Privacy Law (201 CMR 17.00). In March of this year, the Massachusetts Privacy Law went into effect, mandating that any company that “owns or licenses” personal information—whether stored in electronic or paper form—about Massachusetts residents must comply with its privacy requirements, including notification of breaches and encryption of stored or transmitted personal data. Although the state has yet to enforce the law, 2011 will likely be the year that companies begin seeing penalties. In addition, we may see more laws of this type passed in 2011. Nevada also has a similar law.

To deal with these threats, the following additional trends will emerge among businesses:

7. Companies will move away from outright bans on social networks, IM or web mail to allowing those services, but applying stricter corporate policies on these new services as well as investing in secure web gateways to monitor use. New innovations such as Facebook mail give enterprises yet another good reason to put better policy and technology controls around the corporate email system.

8. More companies will create policy around acceptable use. Email leaks such as the recent Google corporate memo exposure are heightening awareness in companies that policies need to be created about what content is considered sensitive and enforce them both through technology and through training.

9. More companies will encrypt more data. Three factors are converging to make 2011 the year of encryption adoption. (1) More regulations today require encryption. (2) It’s become a best practice in many industries. (3) It’s easier to implement and less confusing for users. With processing power increasing and companies innovating, encryption has become faster and easier to implement and use.

10. More interest in secure managed file transfer. Driven by privacy considerations and security flaws in FTP, more companies will be implementing reliable ways to send files securely. With data breach notification laws in place in nearly every state, companies cannot risk losing data through FTP security issues.

About Ethics in Information Technology


Every advancement in information technology is accompanied by at least one ethical quandary. From Facebook to email updates, computer users are unaware of the fine balance between ethics and profit struck by providers. Software developers, businesses and individuals must think about the rights and wrongs of using information technology every day. The fundamental issues underlying the world of information technology are the end user's expectation of privacy and the provider's ethical duty to use applications or email responsibly.

Data Mining


Data mining covers a wide range of activities that turn numbers, words and other data into distinguishable patterns. In the hands of a responsible agency or business, data mining can determine a probable next step for a terrorist cell or determine buying patterns within demographic groups. This practice has been assailed in the post 9/11 world as part of a widespread pattern of invasions of privacy carried out by America's intelligence experts. The practices of the Total Information Awareness Progress in particular were thought to pry into the day-to-day lives of innocent people by IT ethics experts and civil libertarians.

Social Networking

The social networking craze may allow people around the world to speak with each other but it has also brought up several IT ethics issues. Facebook initiated a program called Beacon in 2007 to turn each user's personal information into an advertisement, allowing a greater amount of connectivity between the website's members. Facebook's developers failed to create an opt-in system that gave willing users the chance to participate of their own accord. Beacon came under fire for pulling information from Facebook profiles and breaking down privacy boundaries common in the real world. Another ethical issue for social networking websites is the amount of security they should use when registering members. Several abductions in recent years have been connected to MySpace, bringing up concerns that social networking sites aren't doing enough to protect young users.

E-Mail Spam

Spam is defined broadly as emails with commercial or profane messages that are sent blindly to hundreds and thousands of users. Aside from the content of spam email, the major ethical issues for service providers and individuals alike involve identifying spammers. Email programs through AOL and Yahoo! may identify some spammers who are brazen enough to send out millions of emails but their spam programs rely largely on user feedback. While some users will identify legitimate spammers carrying viruses and pornographic messages, there is the potential for users to identify legitimate companies as spammers.

Intellectual Property and Information Technology

The merger of intellectual property rights and information technology has been rough going since the 1990s. The advent of Napster, Limewire and other peer-to-peer downloading networks brought the issue of infringing on artistic property to the fore. NBC's exclusive rights to the 2008 Olympic Games were challenged by bloggers and online pirates who placed footage on YouTube. The ethical issue that arises when dealing with intellectual property in the virtual world is the length to which content producers should pursue permission to reprint images and articles. While lifting entire articles for a term paper is clearly unacceptable, there are questions from ethicists about the practicality of seeking out unknown artists and writers for something as minor as a blog.

Filtering Online Content

Comcast has come under fire in the past two years for blocking downloads from Bit Torrent. The Internet service provider (ISP) has claimed that "throttling down" downloads via Bit Torrent is a reasonable element of maintaining high-speed service. Religious groups, adult websites and others have banned together in an unusual alliance to fight Comcast's effort to filter content. The major ethical debate raged between ISP, the Federal Communications Commission (FCC) and end users is whether Internet service should be content-neutral.