Privacy(2021)

Question 1

Laws Pertaining to

Privacy

Answer 1

General Privacy

• Company Privacy Policies/Statements
• Fourth Amendment of the US Constitution:
  
  • Unreasonable search and seizure, warrents

Personal Records

• Family Education Rights and Privacy Act (FERPA)
• Video Privacy Protection Act
• Children’s Online Privacy Protection Act (COPPA)
• Health Insurance Portability and Accountability Act (HIPPA)
• Genetic Information Nondiscrimination Act (GINA)
• Employee Polygraph Protection Act

Government Surveillance

• Omnibus Crime Control and Safe Streets Act (1968)
  
  • Title III - Wiretapping Rules
• Electronic Communications Privacy Act (ECPA)
• USA Patriot Act

Question 2

What is Privacy?

Answer 2

The ability of an individual or group to keep their data out of the hands of the public.

Or the ability to control the flow of information about themselves.

Three Types:

• Physical
• Informational
• Decisional
• A company’s idea of privacy and your own may not align
• Many companies create privacy statements or policies that define how they view privacy and treat data

Question 3

Three Types

of

Privacy

Answer 3

Physical Privacy

Informational Privacy

Decisional Privacy

Question 4

Privacy Taxonomy Categories

(Daniel Solove’s)

Answer 4

• Information Collection
• Information Processing
• Information Dissemination
• Invasion

Question 5

Privacy:

Harms and Benefits

Answer 5

Harm:

• Privacy can cover illegal activity

Benefit:

• Privacy promotes normal behavior

Question 6

US Constitution:

Fourth Amendment

Answer 6

The right of the people to be secure in their persons, houses, papers, and effects,

against unreasonable searches and seizures,

shall not be violated, and no Warrants shall issue,

but upon probable cause, supported by Oath or affirmation,

and particularly describing the place to be searched,

and the persons or things to be seized.

Question 7

Privacy:

Warren and Brandeis

Summary

Answer 7

Warren and Brandeis, 1890

• Earliest US publication advocating privacy as a legal right
• Response to “modern” society
• Focuses on abusive newspapers(tabloids)
• Response to celebrity status
• Need a legal remedy for victims, not slander
• Advocated for “The right to be let alone”

Question 8

The Right to Privacy (paper)

Summary

Answer 8

Paper published by Judith Jarvis Thomson

• Argued that nobody knows what privacy is
• Violating privacy always violates another right
• No agreed on natural right to privacy,
  
  • but some privacy rights are important

Question 9

Daniel Solove’s Privacy Taxonomy:

4 Classes of Privacy Concerns

Answer 9

• Information Collection
  
  • Surveillance
  • Interrogation
• Information Processing
  
  • Aggregation
  • Identification
  • Secondary Use
  • Exclusion
• Information Dissemination
  
  • Breach of Confidentiality
  • Disclosure
  • Exposure
  • Increased Accessibility
  • Appropriation
  • Distortion
• Invasion
  
  • Intrusion
  • Decisional Interference

Question 10

Disclosing Information:

Three Types of Information

Answer 10

• Public Information
  
  • Your data provided to an organization that has the right to share
  • i.e. phone number, email, name, etc
• Public Record
  
  • Incident or action reported to a government agency to inform the public
  • i.e. Marriage license, criminal charges
• Personal Information
  
  • Not public or in public record
  • Only personal until you disclose

Question 11

Cases:

What is/was HART?

Answer 11

Heterogeneous Aerieal Reconnaissance Team

(formerly Heterogeneous Urban RSTA Team(HURT) )

• Northrop Grumman Aerial Surveillance Project
• Essentially, drones would constantly monitor an area

Question 12

Disclosing Information:

Methods/Technologies

that disclose people’s information

(9)

Answer 12

• Rewards/Benefits Programs
• Body Scanners
• Video Recorders
• Automotive Black Boxes
• Enhanced 911
• RFID tags/chips
• US Passport
• Web Cookies
• Spyware

Question 13

Disclosing Information:

Enhanced 911

Answer 13

FCC Mandate - Requires cell phone providers to be able to trace location of active phone to within 50-300 meters

• Provides greater safety
  
  • Emergency services can locate a caller
• Loss of privacy
  
  • Users location info can be shared or sold

Question 14

Disclosing Information:

RFID

Answer 14

Radio Frequency ID

• Tiny wireless, passive transmitter
• Can replace bar codes on products -contains more info
• Read from 60+ feet away
• Not turned off until after a product is purchased
• Now used in IDs, such as passports
  
  • US Passport uses RFID plus digital photo

Question 15

Disclosing Information:

US Passport features

Answer 15

• Biometric Passport (electronic passport)
• Descriptive data & digitized passport photo on chips
• Does not have fingerprint information on the chip
• Chip is large enough for inclusion of biometric identifiers
• Able to perform facial recognition match betweent he bearer and his or her image stored
• Possible to simply “walk” through borders

Question 16

Disclosing Information:

Cookies

Answer 16

A file placed on your computer by a Web server

• Contains passwords, personalization, history, etc
• Only data, but allow for detection of web pages viewed by the user on a given site or set of sites
• Information can be collected in a profile
  
  • Often anonymous, cannot contain personal information unless user has made it available to some sites
• Third Party Cookies may be used to track a user across multiple sites

Question 17

Disclosing Information:

Spyware

Answer 17

Software that is installed surreptitiously on a personal computer to intercept or take partial control over the user’s interaction with the computer without consent

• Log keystrokes
• Pop-ups
• System snapshots
• Send Reports
• Log web use
• etc
• Rogue Programs
  
  • Say there is a threat and you need to pay money for it to be removide
  • “Lock” browser, etc.

Question 18

Data Mining

Summary

Answer 18

• Searching for patterns or relationships in one or more databases
• Way to generate new information
• Secondary use:
  
  • Information collected for one purpose may be used for another purpose
• Customer information is a valuable commodity
• Concerns:
  
  • Who owns transaction information?
    
    • You or a company/agency?
  • Opt-in vs Opt-out
    
    • Opt-in : must give permission to share info
    • Opt-out: Must withold permission to share info

Question 19

Identity Theft:

Basic Definition,

Methods

Answer 19

Misuse of another person’s identity to take actions permitted by the owner.

• Ex: Credit Card fraud

Methods to steal ID

• Mailboxes
• Lost or stolen wallets
• Dumpster diving
• Phishing

Question 20

US Laws:

develop in four ways…

Answer 20

Constitutional Law

Statutory Law

Adminstrative Regulations

Common (Case) Law

Question 21

US Laws:

Statutory Law

definition

Answer 21

Statutory Law:

Set down by a legislature or other governing authority such as the executive branch of the government

Federal, state laws.

Question 22

US Laws:

Case (Common) Law

Answer 22

Law derived from judicial decisions (court cases)

• Involve interpretations of the statutes, constitutional provisions and adminstrative rules
• Uses the application of precedent
• Determines much of what is legal/illegal on the internet

Question 23

FERPA

Overview

Answer 23

Family Education Rights and Privacy Act

• Federal Law
• Protects the privacy of student education records
• Applies to all schools that receive funds from the Department of Education
• Protects the information of students

Question 24

FERPA

Rules

Answer 24

Family Education Rights and Privacy Act

Applies to all schools receiving funds from DoE

• Education records are private
• A student is allowed to access their own records
• Mistakes must be addressed

Question 25

HIPPA Overview

Answer 25

**_Health Insurance Portability and Accountability Act_** * Protects health insurance coverage when changing jobs * Requires national standards for electronic healthcare * **_Privacy Rule_**: * Regulations for the use and disclosure of * Protected Health Information (**PHI**) * **_Security Rule_**: * Deals with Electronic Protected Health Information (**EPHI**)

Question 26

Video Privacy Protection Act

Answer 26

Prevents disclosure of personally identifiable video rental records * Reaction to disclosure of Supreme Court nominee Robert Bork's video rental records in a newspaper * Ban on the disclosure of personally identifiable rental information unless given consent in writing * Disclosure to police only with valid warrant * Allows disclosure of "genre preferences" along with names and addresses for marketing * But allows customers to opt-out

Question 27

Children's Online Privacy Protection Act (COPPA)

Answer 27

* Websites that collect information from children under the age of 13 are required to comply with COPPA * When and how to seek verifiable consent form a parent or guardian (consent must be obtained before collection of info) * What responsibilities an operator has to protect children’s privacy and safety online * Info like name, address, email address * Collected directly from the child or passively via cookies

Question 28

Genetic Information Nondiscrimination Act

Answer 28

* Prohibits the improper use of genetic information in health insurance and employment * Prohibits health plans and health insurers from denying coverage to a healthy individual or charging that person higher premiums based solely on a genetic predisposition to developing a disease in the future * Bars employers from using individuals’ genetic information when hiring, firing, promoting, etc

Question 29

Employee Polygraph Protection Act

Answer 29

* Prevents employers from using lie detector tests, either for pre-employment screening or during the course of employment - https://www.dol.gov/whd/regs/compliance/ whdfs36.htm * Exempt * Federal, state, and local governments * Specific employers who hire security or armored car drivers, etc

Question 30

US Laws: Summary with respect to privacy

Answer 30

No specific constitutional right to privacy, some legal rights that are spread over federal laws

Question 31

Information Collected by the US Government: \* Census \* IRS

Answer 31

* Census * Title 13 of the US Code governs how the Census is conducted and how its data is handled, mandating confidentiality of information * IRS * Protecting privacy rights by the Internal Revenue Code, Privacy Act of 1974, the Freedom of Information Act, and IRS policies and practices

Question 32

Information Collected by the US Government: Two major Crime Databases

Answer 32

* National Crime Information Center (NCIC) * OneDOJ

Question 33

Information Collected by the US Government: NCIC

Answer 33

* FBI National Crime Information Center * Computerized index of criminal justice information * Federal, state, and local law enforcement * 2 million+ requests for info every day * Contains \> 39 million records

Question 34

Information Collected by the US Government: NCIC Success and Problems

Answer 34

* Success Stories * Helps police solve hundreds of thousands of cases every year * Helped catch Timothy McVeigh - bombing in Oklahoma City * However, Erroneous records have led to false arrests * Arrested innocent people with same name * Keep records of people not suspected of a crime * Corrupt law-enforcement employees * Sell information, illegally access the NCIC

Question 35

Information Collected by the US Government: OneDOJ

Answer 35

* Department of Justice * Central database that allows local law enforcement to search and read federal criminal cases * Holds records on cases, criminal investigations, criminal history, and personal details of other persons * 2006 it had about 1,000,000 entries and expected to triple by 2009

Question 36

Privacy Act 1974

Answer 36

* Following revelations of the abuse of privacy during the administration of President Richard Nixon * Applies only to government data * Only covers records indexed by personal identifier * No one in charge of enforcement * “Routine use” permits sharing

Question 37

NSA Wiretapping: Legislation Authorizing Wiretapping

Answer 37

* The **Omnibus Crime Control and Safe Streets Act** of 1968 * created Law Enforcement Assistance Administration (LEAA) * **Title III** of this Act sets rules for obtaining wiretapping * **Electronic Communications Privacy Act** * **Title I** of the ECPA protects wire, oral, and electronic communications while in transit * **USA Patriot Act** * Expands authority to monitor communications

Question 38

NSA Wiretapping: Omnibus Crime Control and Safe Streets Act

Answer 38

* The Omnibus Crime Control and Safe Streets Act of 1968 * created Law Enforcement Assistance Administration (LEAA) * Title III of this Act sets rules for obtaining wiretapping * Police can get a court order to tap a phone for 30 days * 1972 warrantless wiretaps forbidden

Question 39

NSA Wiretapping: Electronic Communications Privacy Act

Answer 39

* Updates wiretaps * Title I of the ECPA protects wire, oral, and electronic communications while in transit * Sets down requirements for search warrants that are more stringent than in other settings

Question 40

NSA Wiretapping: USA Patriot Act

Answer 40

* Provisions * Greater authority to monitor communications * Greater powers to regulate banks * Greater border controls * Critics say Act undermines 4th Amendment * Searches and seizures without warrants * Warrants issued without need for showing probable cause

Question 41

NSA Wiretapping: Roving Wiretap

Answer 41

* Allowed under the Patriot Act * Follows surveillance target, not a device * If a target attempts to defeat surveillance by throwing away phone, another surveillance order would be needed * However, with a roving wiretap it can follow the target, not the device * Allows government to tap any phone, email, internet account that the suspect uses