Privacy(2021) Flashcards
Laws Pertaining to
Privacy
General Privacy
- Company Privacy Policies/Statements
- Fourth Amendment of the US Constitution:
- Unreasonable search and seizure, warrents
Personal Records
- Family Education Rights and Privacy Act (FERPA)
- Video Privacy Protection Act
- Children’s Online Privacy Protection Act (COPPA)
- Health Insurance Portability and Accountability Act (HIPPA)
- Genetic Information Nondiscrimination Act (GINA)
- Employee Polygraph Protection Act
Government Surveillance
- Omnibus Crime Control and Safe Streets Act (1968)
- Title III - Wiretapping Rules
- Electronic Communications Privacy Act (ECPA)
- USA Patriot Act
What is Privacy?
The ability of an individual or group to keep their data out of the hands of the public.
Or the ability to control the flow of information about themselves.
Three Types:
- Physical
- Informational
- Decisional
- A company’s idea of privacy and your own may not align
- Many companies create privacy statements or policies that define how they view privacy and treat data
Three Types
of
Privacy
Physical Privacy
Informational Privacy
Decisional Privacy
Privacy Taxonomy Categories
(Daniel Solove’s)
- Information Collection
- Information Processing
- Information Dissemination
- Invasion
Privacy:
Harms and Benefits
Harm:
- Privacy can cover illegal activity
Benefit:
- Privacy promotes normal behavior
US Constitution:
Fourth Amendment
The right of the people to be secure in their persons, houses, papers, and effects,
against unreasonable searches and seizures,
shall not be violated, and no Warrants shall issue,
but upon probable cause, supported by Oath or affirmation,
and particularly describing the place to be searched,
and the persons or things to be seized.
Privacy:
Warren and Brandeis
Summary
Warren and Brandeis, 1890
- Earliest US publication advocating privacy as a legal right
- Response to “modern” society
- Focuses on abusive newspapers(tabloids)
- Response to celebrity status
- Need a legal remedy for victims, not slander
- Advocated for “The right to be let alone”
The Right to Privacy (paper)
Summary
Paper published by Judith Jarvis Thomson
- Argued that nobody knows what privacy is
- Violating privacy always violates another right
- No agreed on natural right to privacy,
- but some privacy rights are important
Daniel Solove’s Privacy Taxonomy:
4 Classes of Privacy Concerns
-
Information Collection
- Surveillance
- Interrogation
-
Information Processing
- Aggregation
- Identification
- Secondary Use
- Exclusion
-
Information Dissemination
- Breach of Confidentiality
- Disclosure
- Exposure
- Increased Accessibility
- Appropriation
- Distortion
-
Invasion
- Intrusion
- Decisional Interference
Disclosing Information:
Three Types of Information
-
Public Information
- Your data provided to an organization that has the right to share
- i.e. phone number, email, name, etc
-
Public Record
- Incident or action reported to a government agency to inform the public
- i.e. Marriage license, criminal charges
-
Personal Information
- Not public or in public record
- Only personal until you disclose
Cases:
What is/was HART?
Heterogeneous Aerieal Reconnaissance Team
(formerly Heterogeneous Urban RSTA Team(HURT) )
- Northrop Grumman Aerial Surveillance Project
- Essentially, drones would constantly monitor an area
Disclosing Information:
Methods/Technologies
that disclose people’s information
(9)
- Rewards/Benefits Programs
- Body Scanners
- Video Recorders
- Automotive Black Boxes
- Enhanced 911
- RFID tags/chips
- US Passport
- Web Cookies
- Spyware
Disclosing Information:
Enhanced 911
FCC Mandate - Requires cell phone providers to be able to trace location of active phone to within 50-300 meters
- Provides greater safety
- Emergency services can locate a caller
- Loss of privacy
- Users location info can be shared or sold
Disclosing Information:
RFID
Radio Frequency ID
- Tiny wireless, passive transmitter
- Can replace bar codes on products -contains more info
- Read from 60+ feet away
- Not turned off until after a product is purchased
- Now used in IDs, such as passports
- US Passport uses RFID plus digital photo
Disclosing Information:
US Passport features
- Biometric Passport (electronic passport)
- Descriptive data & digitized passport photo on chips
- Does not have fingerprint information on the chip
- Chip is large enough for inclusion of biometric identifiers
- Able to perform facial recognition match betweent he bearer and his or her image stored
- Possible to simply “walk” through borders
Disclosing Information:
Cookies
A file placed on your computer by a Web server
- Contains passwords, personalization, history, etc
- Only data, but allow for detection of web pages viewed by the user on a given site or set of sites
- Information can be collected in a profile
- Often anonymous, cannot contain personal information unless user has made it available to some sites
- Third Party Cookies may be used to track a user across multiple sites
Disclosing Information:
Spyware
Software that is installed surreptitiously on a personal computer to intercept or take partial control over the user’s interaction with the computer without consent
- Log keystrokes
- Pop-ups
- System snapshots
- Send Reports
- Log web use
- etc
- Rogue Programs
- Say there is a threat and you need to pay money for it to be removide
- “Lock” browser, etc.
Data Mining
Summary
- Searching for patterns or relationships in one or more databases
- Way to generate new information
- Secondary use:
- Information collected for one purpose may be used for another purpose
- Customer information is a valuable commodity
- Concerns:
- Who owns transaction information?
- You or a company/agency?
- Opt-in vs Opt-out
- Opt-in : must give permission to share info
- Opt-out: Must withold permission to share info
- Who owns transaction information?
Identity Theft:
Basic Definition,
Methods
Misuse of another person’s identity to take actions permitted by the owner.
- Ex: Credit Card fraud
Methods to steal ID
- Mailboxes
- Lost or stolen wallets
- Dumpster diving
- Phishing
US Laws:
develop in four ways…
Constitutional Law
Statutory Law
Adminstrative Regulations
Common (Case) Law
US Laws:
Statutory Law
definition
Statutory Law:
Set down by a legislature or other governing authority such as the executive branch of the government
Federal, state laws.
US Laws:
Case (Common) Law
Law derived from judicial decisions (court cases)
- Involve interpretations of the statutes, constitutional provisions and adminstrative rules
- Uses the application of precedent
- Determines much of what is legal/illegal on the internet
FERPA
Overview
Family Education Rights and Privacy Act
- Federal Law
- Protects the privacy of student education records
- Applies to all schools that receive funds from the Department of Education
- Protects the information of students
FERPA
Rules
Family Education Rights and Privacy Act
Applies to all schools receiving funds from DoE
- Education records are private
- A student is allowed to access their own records
- Mistakes must be addressed
HIPPA
Overview
Health Insurance Portability and Accountability Act
- Protects health insurance coverage when changing jobs
- Requires national standards for electronic healthcare
-
Privacy Rule:
- Regulations for the use and disclosure of
- Protected Health Information (PHI)
- Regulations for the use and disclosure of
-
Security Rule:
- Deals with Electronic Protected Health Information (EPHI)
Video Privacy Protection Act
Prevents disclosure of personally identifiable video rental records
- Reaction to disclosure of Supreme Court nominee Robert Bork’s video rental records in a newspaper
- Ban on the disclosure of personally identifiable rental information unless given consent in writing
- Disclosure to police only with valid warrant
- Allows disclosure of “genre preferences” along with names and addresses for marketing
- But allows customers to opt-out
Children’s Online Privacy Protection Act (COPPA)
- Websites that collect information from children under the age of 13 are required to comply with COPPA
- When and how to seek verifiable consent form a parent or guardian (consent must be obtained before collection of info)
- What responsibilities an operator has to protect children’s privacy and safety online
- Info like name, address, email address
- Collected directly from the child or passively via cookies
Genetic Information Nondiscrimination Act
- Prohibits the improper use of genetic information in health insurance and employment
- Prohibits health plans and health insurers from denying coverage to a healthy individual or charging that person higher premiums based solely on a genetic predisposition to developing a disease in the future
- Bars employers from using individuals’ genetic information when hiring, firing, promoting, etc
Employee Polygraph Protection Act
- Prevents employers from using lie detector tests, either for pre-employment screening or during the course of employment - https://www.dol.gov/whd/regs/compliance/ whdfs36.htm
- Exempt
- Federal, state, and local governments
- Specific employers who hire security or armored car drivers, etc
US Laws:
Summary with respect to privacy
No specific constitutional right to privacy,
some legal rights that are spread over federal laws
Information Collected
by the US Government:
* Census
* IRS
- Census
- Title 13 of the US Code governs how the Census is conducted and how its data is handled, mandating confidentiality of information
- IRS
- Protecting privacy rights by the Internal Revenue Code, Privacy Act of 1974, the Freedom of Information Act, and IRS policies and practices
Information Collected
by the US Government:
Two major Crime Databases
- National Crime Information Center (NCIC)
- OneDOJ
Information Collected
by the US Government:
NCIC
- FBI National Crime Information Center
- Computerized index of criminal justice information
- Federal, state, and local law enforcement
- 2 million+ requests for info every day
- Contains > 39 million records
Information Collected
by the US Government:
NCIC
Success and Problems
- Success Stories
- Helps police solve hundreds of thousands of cases every year
- Helped catch Timothy McVeigh - bombing in Oklahoma City
- However, Erroneous records have led to false arrests
- Arrested innocent people with same name
- Keep records of people not suspected of a crime
- Corrupt law-enforcement employees
- Sell information, illegally access the NCIC
Information Collected
by the US Government:
OneDOJ
- Department of Justice
- Central database that allows local law enforcement to search and read federal criminal cases
- Holds records on cases, criminal investigations, criminal history, and personal details of other persons
- 2006 it had about 1,000,000 entries and expected to triple by 2009
Privacy Act 1974
- Following revelations of the abuse of privacy during the administration of President Richard Nixon
- Applies only to government data
- Only covers records indexed by personal identifier
- No one in charge of enforcement
- “Routine use” permits sharing
NSA Wiretapping:
Legislation Authorizing Wiretapping
- The Omnibus Crime Control and Safe Streets Act of 1968
- created Law Enforcement Assistance Administration (LEAA)
- Title III of this Act sets rules for obtaining wiretapping
-
Electronic Communications Privacy Act
- Title I of the ECPA protects wire, oral, and electronic communications while in transit
-
USA Patriot Act
- Expands authority to monitor communications
NSA Wiretapping:
Omnibus Crime Control and Safe Streets Act
- The Omnibus Crime Control and Safe Streets Act of 1968
- created Law Enforcement Assistance Administration (LEAA)
- Title III of this Act sets rules for obtaining wiretapping
- Police can get a court order to tap a phone for 30 days
- 1972 warrantless wiretaps forbidden
NSA Wiretapping:
Electronic Communications Privacy Act
- Updates wiretaps
- Title I of the ECPA protects wire, oral, and electronic communications while in transit
- Sets down requirements for search warrants that are more stringent than in other settings
NSA Wiretapping:
USA Patriot Act
- Provisions
- Greater authority to monitor communications
- Greater powers to regulate banks
- Greater border controls
- Critics say Act undermines 4th Amendment
- Searches and seizures without warrants
- Warrants issued without need for showing probable cause
NSA Wiretapping:
Roving Wiretap
- Allowed under the Patriot Act
- Follows surveillance target, not a device
- If a target attempts to defeat surveillance by throwing away phone, another surveillance order would be needed
- However, with a roving wiretap it can follow the target, not the device
- Allows government to tap any phone, email, internet account that the suspect uses