7. Interference Flashcards
Interference
Interference is an act that prevents or obstructs a process from continuing or being carried out properly.1 For individual privacy, interference can be informed by Warren and Brandeis’ privacy right “to be let alone” and Alan Westin’s notions of solitude and reserve, wherein an individual’s preference not to be bothered includes avoiding outside interference from others. Interference can also be thought of as any disruption of individual autonomy.2 Surveillance and tracking technologies, such as those described in Chapter 6, enable interference because they provide access to the individual’s physical person as well as to information about the individual’s behaviors and preferences. Society’s need to protect itself from nefarious individuals sometimes justifies the use of surveillance and tracking technologies. “interference is a threat to privacy that can result from a sequence of steps in an IT system. Some of these steps may be innocuous, such as collecting a person’s zip code, whereas other steps are more prone to error, such as drawing conclusions about someone based on their purchase history.3 Other actions can lead to a process obstruction or unwanted attention, such as sending advertising to a person based on an attribute inferred from data.
Whether an inferred attribute is accurate or not does not lessen the perception of the intrusion, often referred to as “creepiness.”
Obstruction or decisional interference
Obstruction or decisional interference—any action to interfere with decisions that affect the person’s daily life, such as whether to allow the person to travel, to borrow money or to obtain lawful employment. This form of interference is often difficult to detect as it can be concealed in complex business or IT processes. Consequently, this form may not be easily recognizable by the person about whom the decision is made as they may be unaware of the decision-making process, or the decision itself may be hidden from the person. “An act of direct interference involves the person whose privacy is most affected by the interference. An act of indirect interference is significantly removed from the effects of the act. Type 1 interference can be indirect, if the decision occurs without directly involving the person (e.g., a decision of creditworthiness).
Intrusion into psychological or informational spaces
Intrusion into physical, psychological, or informational spaces—any action that affects a person’s solitude, including their desire to be alone or to be among a few confidantes of their choosing, and their desire to control who has access to their visual and thoughtful attention or who has access to their information. Such actions include searches of private spaces, curfews or other restrictions of movement, alerts and notifications that grab and divert the attention of the person. While these actions may constitute objective harms under Calo’s classification, the act of surveillance is a psychological intrusion and subjective harm, because it can affect whether people feel comfortable behaving as they otherwise would without persistent monitoring. Type 2 interference can be direct, if the act interacts with the person’s physical, psychological or informational space, such as by reading a person’s contact list from their mobile phone.
Interference with representation of self
Interference with representation of self—any action that alters how an individual is represented, such as a person’s marriage, financial or employment status, their race, gender or sexual orientation, political views or any other affinity toward specific ideas or social groups. Regardless of whether the representation is accurate or a misrepresentation, individuals may wish to control access to the representation to avoid unwanted attention.
Bayesian algorithm
Bayesian algorithms, which use statistical and probabilistic approaches to classify likely spam messages based on keywords and email headers. Email users often customize Bayesian approaches to ensure a low false positive rate so that desirable messages are delivered. Unwanted SMS texts, however, are more intimate, as they arrive on a person’s cell phone, which is typically used to receive personal calls. By employing the appropriate opt-in or opt-out mechanism, companies can more effectively communicate with potential customers while affording these individuals with controls over unwanted interference.
Spam
“Unsolicited messages, also called spam, can be used to capture an individual’s attention for advertising or other purposes. Spam is often restricted to email, but, increasingly, unwanted messages can be sent using other means, such as SMS texts. Spam is estimated to be roughly 78 percent of the total volume of email sent, and it has grown into a serious security and economic threat.9 In 2003, the United States passed the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN- SPAM) Act in an effort to regulate spammers, and the U.S. Federal trade Commission (FTC) implemented the CAN-SPAM Act by providing guidelines for businesses that include offering individuals the opportunity to opt out.10 Spam is often not directed at one specific individual any more than another individual, and response rates to spam are often extremely low compared with other forms of advertising. Under the CAN-SPAM Act, companies are required to provide one-click access within commercial bulk email messages to unsubscribe from mailing lists and future bulk messages. The link to unsubscribe must be prominently displayed, and the receiving website must quickly allow the user to unsubscribe. This means that the receiving website cannot require collecting additional information from the user, nor can the website create obstacles to unsubscribing, such as requiring the creation of user accounts. Under other jurisdictions, such as Europe, companies must first obtain individual consent before sending marketing messages; this is called opt-in consent. Thus, organizations often collect a person’s residency status in Europe to determine which mechanism must be applied to such communications.
First and 3rd party approaches to behavioral advertising.
There are two approaches to behavioral advertising: first party and third party. In first-party behavioral advertising, the party with which the user initiated communication is also the party collecting user behavior to create the profile. “In third-party behavioral advertising, the ad is delivered by a party different from the party with which the user initiates the communication. Websites regularly partner with third-party advertisers to support their website’s business. Third parties may work with numerous first-party websites, collecting user profile data across multiple types of sites, such as news, weather, entertainment and travel websites, and delivering ads to users as they surf from one website to another. For effective third-party behavioral advertisers, the accuracy and relevance of the ads is assumed to improve as the number of websites with which a third-party advertiser works increases.32 Behavioral advertising has also been shown to be more effective over short sessions than over long-term profiles”
Excerpt From
IAPP_T_TB_Introduction-to-Privacy-for-Technology_1.1
This material may be protected by copyright.
Network based profiling
Network-based profiling provides more access to user behavior by partnering with internet service providers (ISPs), who provide users with connectivity to the internet. With this level of access and deep packet inspection (DPI), these advertisers can create behavior profiles based on all of a user’s network traffic. Network-based behavioral advertising provides ISPs with an additional revenue source to improve the quality their infrastructure, but it poses the most serious risk of interference because of the exceptional level of access to user data.34 Browser plug-ins that users may employ to obstruct behavioral advertisers from monitoring their website usage behavior are ineffective against network-based behavioral advertising. End-to-end encryption can be used to conceal the content of messages, but often not the original headers needed to route the information across the network.
Web-based behavioral profiling
Web-based profiling uses browser-based technology to track users as they surf the internet. This technique can only collect information on websites with which the advertiser has partnered.
Deepfake
Recent advances in AI and machine learning have also allowed for the creation of extremely realistic—but entirely fake—audio, video and photographic content called deepfakes. Deepfakes present profound technical and social challenges. From a technical standpoint, the most effective means of detecting deepfakes uses the same technology that created them: neural networks.92 This pits one AI system against another in a never-ending arms race of more realistic creation and more sophisticated detection. Detection is also only useful against some of the harms caused by deepfakes. For example, platforms that can detect a deepfake quickly can filter it out, exposing relatively few people and limiting the harm.
Social engineering
Social engineering is any means of using psychology to manipulate people to do something that divulges valuable information or provides access to valuable property. When combined with even rudimentary knowledge of technology, social engineering is a powerful technique that attackers can use to interfere with user privacy.
