320 likes | 890 Views
Privacy and Surveillance. Understanding & Use of the Internet Spring 2012 G. F Khan, PhD. Ideas so far. Internet and properties Theoretical approaches toward technology and society’ e.g STT. SCOT Information Society Community & Identify Politics & Democracy. This class. Surveillance
E N D
Privacy and Surveillance Understanding & Use of the Internet Spring 2012 G. F Khan, PhD
Ideas so far • Internet and properties • Theoretical approaches toward technology and society’ e.g STT. SCOT • Information Society • Community & Identify • Politics & Democracy
This class • Surveillance • Sensitive Personal Data/Information • Privacy • Data protection • Legislation, governance, practice • Dataveillance • Social Sorting • Surveillance Society
Surveillance • Surveillance – to watch over – paying close attention to personal details for the purpose of influencing, managing or controlling those under inspection or scrutiny (Lyon) • Purposeful, Routine, systematic, focused attention paid to personal details for the sake of control, entitlement, management, influence or protection (OIC report 2006)
Surveillance Surveillance involves the use of techniques to gather and use information about individuals – their personal details, their movements and social contacts, their habits and behaviour, their communication – in order to make administrative or business decisions that affect their life chances and those of the groups or categoriesinto which they are construed to fall. (OIC report 2010)
Surveillance • Mass Surveillance • Systematic surveillance of everyone • Targeted Surveillance • Surveillance of particular individuals places or activities • Both can use tools of Internet age, but increasing possibilities for mass surveillance
Surveillance • Watching each other (p2p), lateral surveillance • Government surveillance - of individuals and organisations • Commercial surveillance - of individuals and organisations • ‘Sousveillance’ of powerful organisations • Ordinary people doing the watching, rather than higher authorities or architectures doing the watching
Surveillance of individuals Peer monitoring surveillance By individuals by organizations Holding to account/ espionage Sousveillance Of organisations
Theoretical approaches-Surveillance • Enables rationalisation and efficiency in the bureaucratic systems • Productivity and economic efficiency in the capitalist system– not only in production, but in marketing and selling. • Many see surveillance central to the emergence of states, and all the institutions of states. • State does not only use violence, but surveillance, which is a powerful tool in development of dictatorship.
Privacy questions • How can we define Privacy? • What are main sources of ideas about privacy? • What are benefits of privacy? For whom? • What are the problems with main conceptions of privacy? • How is privacy a social policy question? Why do we need it in a free, democratic society? • How does privacy relate to trust? • What are the main tools used in safeguarding privacy? • What alternative futures are there for privacy?
Privacy Privacyis the interest that individuals have in sustaining a 'personal space', free from interference by other people and organisations. (Clarke, 2005) http://www.rogerclarke.com/DV/Intro.html
Dimensions of Privacy (by Clarke,2005) • Privacy of personal communications. • Individuals claim an interest in being able to communicate among themselves, using various media, without routine monitoring of their communications by other persons or organisations. This includes what is sometimes referred to as 'interception privacy'; and • Privacy of personal data. • Individuals claim that data about themselves should not be automatically available to other individuals and organisations, and that, even where data is possessed by another party, the individual must be able to exercise a substantial degree of control over that data and its use. This is sometimes referred to as 'data privacy' and 'information privacy'.
Dimensions of Privacy (by Clarke,2005) • Privacy of the person: • Sometimes referred to as 'bodily privacy' This is concerned with the integrity of the individual's body. Issues include compulsory immunisation, blood transfusion without consent, compulsory provision of samples of body fluids and body tissue, and compulsory sterilisation; • Privacy of personal behaviour: • This relates to all aspects of behaviour, but especially to sensitive matters, such as sexual preferences and habits, political activities and religious practices, both in private and in public places. It includes what is sometimes referred to as 'media privacy';
Personal Data • What is Personal Data? • What is Sensitive personal data? • Who ‘owns’ personal data? • How can personal data be used? • What moral rights should be have over personal data • How can these rights be protected in law and in practice?
Dataveillance (Clarke) • Collection, classification, linking and use of personal and collective information • Creation of information ‘identity’ • The individual and their data ‘identity’ • What makes up your ‘data identity’? • Personal Data
Personal Data? • Highly contested concept • To be “personal data”, data must be capable of affecting an identifiable person in a material way, and the notion of what is a relevant effect permits various interpretations. (ICO report 2010) • ‘Sensitive personal data’
OCI survey of 27 European countries approach to PD (2004) • ‘Unique Identifier’ Model Personal Data is data which may be uniquely related to an individual. Due to the uniqueness of the data, it is impossible for it to be anonymised in such a way as to render it impossible for it to continue to be related to an identifiable person. Context is irrelevant. • ‘Affects’ Model Personal Data is data which is capable of affecting an individual in a relevant way. It is possible to anticipate whether data will affect an individual in a relevant way without taking account of context. • ‘Context Dependent Identifier’ Model Personal Data is data which may identify an individual. All data is capable of being personal data, as any data is capable of identifying an individual in the right circumstances. • ‘Context Dependent Affects’ Model Personal Data is data which may affect an individual in a relevant way. All data is capable of being personal data, as any data is capable of affecting an individual in a relevant way in the right circumstances.
Personal Data in the Internet? • IP address and trail • Cookies • Spyware • Website specific personal data – e-government and ecommerce • Bank/credit card; Government; Commercial records • Search term logs • Posts to bulletin boards • Emails; Chat logs • SNS posts etc • Designed into technology
Consent and limits of data use • We are not passive ‘data objects’ • We can give or withhold our consent • Types and use of consent • Informed consent • Explicit consent • Also known as express or direct consent —means that an individual is clearly presented with an option to agree or disagree with the collection, use, or disclosure of personal information. • Implicit consent • Opt-in or opt-out
Protecting privacy, making consent work • Law- e.g. Data protection directive of EU • Policy and Policy Practice • Technology • Self-regulation
Protecting privacy, making consent work The seven principles governing the OECD’s recommendations for protection of personal data were: • Notice—data subjects should be given notice when their data is being collected; • Purpose—data should only be used for the purpose stated and not for any other purposes; • Consent—data should not be disclosed without the data subject’s consent; • Security—collected data should be kept secure from any potential abuses; • Disclosure—data subjects should be informed as to who is collecting their data; • Access—data subjects should be allowed to access their data and make corrections to any inaccurate data; and • Accountability—data subjects should have a method available to them to hold data collectors accountable for following the above principles
Internet’s threat to personal data (Clarke, 1998) • Transmission Insecurity • Data transmitted over the Internet is subject to several risks: • it might not reach the intended recipient; • it might reach an unintended person or organisation; • it might be accessed by an unintended person or organisation; • the contents might change while in transit; • a message might be transmitted that purports (claims) to come from a particular sender, but doesn't; • a sender may wrongfully deny that they sent it; and • a recipient might wrongfully deny that they received it.
Internet’s threat to personal data (Clarke, 1998) • More Transaction Trails, of Greater Intensity • Internet transactions enable the automated maintenance of yet more trails of each person's activities and locations, including: • logs of email messages sent and received; • logs of web-pages visited (referred to by marketers as `the click-trail'); and • logs of transactions using the many other Internet services (such as FTP, Telnet, IRCs, MUDs, video-phones and video-conferences). • A cookie is a record that is written onto the local drive of the web-browser, as a result of a command issued by a web-server
Internet’s threat to personal data (Clarke, 1998) • Personal Profile Extraction • One extract all your information from your online profile, even after you delete it. E.g. Facebook • Push-Marketing • Tracking your online behavior and send you with ads while your visiting some website.
Threats to Personal Identity (Clarke, 1998) • Appropriation of One's Identity • Identity theft is the acquisition and use of sufficient evidence of identity relating to a particular person that the thief can operate as though they were that person. • e.g. stealing credit card number, email ID and password etc • Location Services • Through GPS and other technology people can know exactly where are you. • Good side V.S bad side?
What is Surveillance Society? • We live in a surveillance society-every move is watched every key stroke in recorded. • In all the rich countries of the world everyday life is suffused with surveillance encounters, not merely from dawn to dusk but 24/7. • There are complex infrastructure which assumes that gathering and processing personal data is vital to contemporary living. • E.g. CCTV, fingerprints or iris scans, communication records or the actual content of calls
Two sides of Surveillance Society • Benefit • Efficiency • speed • control • Law and order • Coordination, and • Reduction of corruption • Drawbacks • Privacy-a lot of personal data collected • Security- what if this data goes into wrong hands? • Large infrastructure large problems- e.g. social security or medical databases if corrupted or hacked? • Who is watching the watcher?
Key issues in surveillance • Social Sorting • Function Creep • Data Flow
Social Sorting • In government and commerce large personal information databases are analysed and categorized to define target markets and risky populations • To make sense of personal data • Examples? • Micro targeting in politics • Marketing e.g. Amazon and eBay • Suspicious individual behaviour • Connivance for customers e.g. easy to find your product and save time
Function Creep • Collected for one purpose, but used for other purpose beyond what was originally understood and considered socially, ethically and legally acceptable • Examples?
Data Flow • Data gathered by surveillance technologies flow around computer networks. • Many may consent to giving data in one setting, but what happens if those data are then transferred elsewhere?