Our orders are delivered strictly on time without delay 
Tavani Chapter 5
5.1 Privacy in the Digital Age: Who is affected and why Should we worry?
5.1.1 Whose Privacy is Threatened by Cybertechnology
5.1.2 Are Any Privacy Concerns Generated by Cybertechnology Unique or Special?
5.2 WHAT IS PERSONAL PRIVACY?
5.2.1 Accessibility Privacy: Freedom from Unwarranted Intrusion p. 135
5.2.2 Decisional Privacy: Freedom from Interference in One’s Personal Affairs p. 135
5.2.3 Informational Privacy: Control over the Flow of Personal Information p.136
TABLE 5.1 Three Views of Privacy p. 137
Accessibility privacy Privacy is defined as one’s physically being let alone, or being free from intrusion into one’s physical space.
Decisional privacy Privacy is defined as freedom from interference in one’s choices and decisions.
Informational privacy Privacy is defined as control over the flow of one’s personal information, including the transfer and exchange of that information
SCENARIO 5–1: Descriptive Privacy Mary arrives in the computer lab at her university at 11:00 PM to work on a paper that is due the next day. No one else is in lab at the time that Mary arrives there, and no one enters the lab until 11:45 PM, when Tom—the computer lab coordinator—returns to close the lab for the evening. As Tom enters, he sees Mary typing on one of the desktop computers in the lab. Mary seems startled as she looks up from her computer and discovers that Tom is gazing at her. P. 137
SCENARIO 5–2: Normative Privacy Tom decides to follow Mary, from a distance, as she leaves the computer lab to return to her (offcampus) apartment. He carefully follows her to the apartment building, and then stealthily follows Mary up the stairway to the corridor leading to her apartment. Once Mary is safely inside her apartment, Tom peeps through a keyhole in the door. He observes Mary as she interacts with her laptop computer in her apartment. P. 137
5.2.5 Privacy as “Contextual Integrity” We have seen the important role that a situation, or context, plays in Moor’s privacy theory. But some critics argue that the meaning of a situation or context is either too broad or too vague. Helen Nissenbaum (2004a, 2010) elaborates on the notion of a c SCENARIO 5–1: Descriptive Privacy Mary arrives in the computer lab at her university at 11:00 PM to work on a paper that is due the next day. No one else is in lab at the time that Mary arrives there, and no one enters the lab until 11:45 PM, when Tom—the computer lab coordinator—returns to close the lab for the evening. As Tom enters, he sees Mary typing on one of the desktop computers in the lab. Mary seems startled as she looks up from her computer and discovers that Tom is gazing at her. & c SCENARIO 5–2: Normative Privacy Tom decides to follow Mary, from a distance, as she leaves the computer lab to return to her (offcampus) apartment. He carefully follows her to the apartment building, and then stealthily follows Mary up the stairway to the corridor leading to her apartment. Once Mary is safely inside her apartment, Tom peeps through a keyhole in the door. He observes Mary as she interacts with her laptop computer in her apartment. & 5.2 What is Personal Privacy? Page 138 context in her model of privacy as “contextual integrity,” where she links adequate privacy protection to “norms of specific contexts.” She notes that the things we do, including the transactions and events that occur in our daily lives, all take place in some context or other. In her scheme, contexts include “spheres of life” such as education, politics, the marketplace, and so forth. Nissenbaum’s privacy framework requires that the processes used in gathering and disseminating information (a) are “appropriate to a particular context” and (b) comply with norms that govern the flow of personal information in a given context.5 She refers to these two types of informational norms as follows: 1. Norms of appropriateness. 2. Norms of distribution. Whereas norms of appropriateness determine whether a given type of personal information is either appropriate or inappropriate to divulge within a particular context, norms of distribution restrict or limit the flow of information within and across contexts. When either norm has been “breached,” a violation of privacy occurs; conversely, the contextual integrity of the flow of personal information is maintained when both kinds of norms are “respected.”6 As in the case of Moor’s privacy model, Nissenbaum’s theory demonst
SCENARIO 5–3: Preserving Contextual Integrity in a University Seminar Professor Roberts teaches a seminar on social issues in computing to upper division undergraduate students at his university. Approximately half of the students who enroll in his seminar each semester are computer science (CS) students, whereas the other half are students majoring in humanities, business, etc. At the first class meeting for each seminar, Professor Roberts asks students to fill out an index card on which they include information about their major, their year of study (junior, senior, etc.), the names of any previous CS courses they may have taken (if they are non-CS majors), their preferred e-mail address, and what they hope to acquire from the seminar. Professor Roberts then records this information in his electronic grade book. P. 138
Stakeholders
5.4 GATHERING PERSONAL DATA: MONITORING, RECORDING, AND TRACKING TECHNIQUES Collecting and recording data about people is hardly new. Since the Roman era, and possibly before then, governments have collected and recorded census information. Not all data gathering and data recording practices have caused controversy about privacy. However, cybertechnology makes it possible to collect data about individuals without their knowledge and consent. In this section, we examine some controversial ways in which cybertechnology is used to gather and record personal data, as well as to monitor and track the activities and locations of individuals.
SCENARIO 5–4: Merging Personal Information in Unrelated Computer Databases DoubleClick planned to purchase Abacus Direct Corporation, a database company, in late 1999. Abacus’s databases contained not only records of consumer’s catalogue purchases but also actual names and telephone numbers that had been collected by Abacus primarily from offline transactions. With this acquisition, DoubleClick could merge records in the Abacus database with its own database, which consisted of information gained primarily from Internet cookies files. And with its newly merged data, DoubleClick would have an information mosaic about individuals that included not merely anonymous and indirect information (such as IP addresses and ISP-related information) but also direct personal information. The Web profiles in DoubleClick’s original database, gathered via cookies, included data about which Web sites that users (who are identified and tracked via an IP address) visit, how long they visit a particular site, and so on. That information would be able to be compared to and combined with explicit personal information (gathered offline and stored in Abacus’s databases), including names, addresses, and phone numbers. p. 147
Stakeholders
SCENARIO 5–5: Using Biometric Technology at Super Bowl XXXV At Super Bowl XXXV in January 2001, a facial recognition technology scanned the faces of individuals entering the stadium. The digitized facial images were then instantly matched against images in a centralized database of suspected criminals and terrorists. Those who attended the sporting advent were not told that their faces had been scanned. The day after the super bowl, many learned what had happened via a newspaper story, which caused considerable controversy at the time. Many privacy advocates and civil liberties proponents criticized the tactics used by the government at this major sports event. P. 149
Stakeholders
SCENARIO 5–6: Data Mining at the XYZ Bank Lee, a junior executive at ABE Marketing Inc., has recently applied for an automobile loan at the XYZ Bank. To secure the loan, Lee agrees to complete the usual forms required by the bank for loan transactions. He indicates that he has been employed at the ABE Marketing Company for more than 3 years and that his current annual salary is $240,000. He also indicates that he has $30,000 in a separate savings account, a portion of which he intends to use as a down payment for a new BMW. On the loan form, Lee also indicates that he is currently repaying a $15,000 personal loan used to finance a family vacation to Europe the previous year. Next, the bank’s computing center runs a data mining program on information in its customer databases and discovers a number of patterns. One reveals that executives earning more than $200,000 but less than $300,000 annually, who purchase luxury cars (such as BMWs), and who take their families on international vacations, are also likely start their own businesses within their first 5 years of employment. A second data mining algorithm reveals that the majority of marketing entrepreneurs declare bankruptcy within 1 year of starting their own businesses. The data mining algorithms can be interpreted to suggest that Lee is a member of a group that neither he nor possibly even the loan officers at the bank had ever known to exist—viz., the group of marketing executives likely to start a business and then declare bankruptcy within a year. With this new category and new information about Lee, the bank determines that Lee, and people that fit into Lee’s group, are long-term credit risks. P. 151
Stakeholders
SCENARIO 5–7: The Facebook Beacon Controversy Facebook (originally called “The Facebook”) is a popular social networking service founded by Mark Zuckerberg in 2004, when he was a student at Harvard University. As in the case of other SNSs (examined in detail in Chapter 11), Facebook enables its members to share information about themselves with “friends” and to make additional friends through its range of services. In November 2007, Facebook announced a marketing initiative called Facebook Beacon, which would let Facebook friends share information about what they do online, including the purchases they make. Although this feature, made possible by external Web sites that sent data about individuals to Facebook, enabled users to share their online activities with their friends, it also allowed targeted advertisements by the Web sites sending the data. Essentially, Beacon allowed affiliate Web sites (including Blockbuster, Fandago, and many others) to send stories about a user’s online activities to Facebook, which were then displayed to that user’s “friends” in the form of news feeds and Social Ads. However, the Beacon initiative proved to be very controversial; for one reason, it disclosed what purchases users made at certain Web sites. Also, when Facebook introduced Beacon, it stated that it would not share any personally identifiable information in the Social Ads, and it claimed that users would only see those ads to the extent that they were willing to share that information with others. But Facebook was soon criticized for collecting more user information for advertisers than it had originally admitted. In December 2007, Zuckerberg publicly apologized for the way that the Beacon project had been set up, admitting that it was established as an “opt-out” system instead of an “opt-in” system. So, by default, if a Facebook user did not explicitly decline to share something, Beacon would share the advertising information with that person’s friends via the user’s profile. P. 155
Stakeholders
TABLE 5.2 Mining, Matching, and Merging Techniques for Manipulating Personal Data
Data Merging A data exchange process in which personal data from two or more sources is combined to create a “mosaic” of individuals that would not be discernable from the individual pieces of data alone.
Data Matching A technique in which two or more unrelated pieces of personal information are cross-referenced and compared to generate a match, or “hit, ” that suggests a person’s connection with two or more groups.
Data Mining A technique for “unearthing” implicit patterns in large single databases, or “data warehouses,” revealing statistical data that associates individuals with nonobvious groups; user profiles can be constructed from these patterns.
SCENARIO 5–10: Tracking Your Search Requests on Google In 2005, the George W. Bush administration informed Google that it must turn over a list of all users’ queries entered into its search engine during a 1-week period (the exact dates were not specified by Google). But Google refused to comply with the subpoena on the grounds that the privacy rights of its users would be violated. Both Yahoo Inc. and Microsoft Corp. MSN, companies that operated the second- and third-most-used search engines, respectively, also had their search records subpoenaed by the Bush administration. Yahoo, unlike Google, complied with the subpoena. It was not clear whether Microsoft also turned over its records to the government, since it declined to say one way or another. P. 159
Stakeholders
SCENARIO 5–11: Accessing Online Public Records in Pleasantville The city of Pleasantville has recently made all of its public records, including real estate records, available online; with a networked computer or electronic device, one can simply enter the address of any house in Pleasantville and retrieve the current tax assessment for the house, the price paid by the most recent owner, and a description of the physical layout of the house, including the location of doors and windows. Many of Pleasantville’s citizens were outraged when they learned that this information was available online, even though the same information had previously been available as public records, stored in physical file cabinets at City Hall. P. 161
Stakeholders
SCENARIO 5–12: Accessing a State’s Motor Vehicle Records Online In the late 1990s, information from the state of Oregon’s Department of Motor Vehicle became accessible online. An independent computer consultant used the means available to any private citizen to purchase data from that state’s department, which was already available offline to anyone willing to pay a small fee. Once he purchased the information and converted it to electronic format, the consultant set up a Web site where any Internet user could, for a small fee, enter an Oregon license plate number and obtain the name and address of the owner of the registered vehicle. Many of Oregon’s residents were outraged when they heard about this practice; eventually, the state’s governor intervened and persuaded the consultant to close down the Web site. P. 162
Stakeholders
5th Edition
Chapter 5
Scenario 5-1: A New NSA Data center p. 113
Stakeholders
NSA
Foreign Citizens
