Apr 242006
 
 Posted by on April 24, 2006 key points, technology  Add comments
  1. What is privacy and why is it important ? 
  2. How might privacy change in the digital domain?
  3. How does the Internet threaten privacy?
  4. What are some of the laws within Australia to protect privacy? 

1) What is Privacy 

Privacy can simply be defined as the right to be left alone. 'It is a comprehensive right and it is the right most valued by a free people. It is a fundamental human right.  A society in whish there was a total lack of privacy would be intolerable; but then again a society in which there was a total privacy would be no society at all’ (the is a balance needed). Privacy is the right of people to make personal decisions regarding their own intimate matters, it is the right of people to lead their lives in a manner that is reasonably secluded from public scrutiny, and it is the right of people to be free from such things as unwarranted drug testing or electronic surveillance (edited from Answers.com http://www.answers.com/topic/privacy)

 What is information privacy? 

Information privacy is the ability of an individual or group to stop information about themselves from becoming known to people other than those they choose to give the information to. Privacy is sometimes related to anonymity although it is often most highly valued by people who are publicly known.

Privacy can also be seen as an aspect of security—one in which there are trade-offs between the interests of one group and another can become particularly clear. (edited from Wikipedia http://en.wikipedia.org/wiki/Privacy)

UN Declaration of Human Rights. 

The UN Declaration of Human Rights defined Privacy as this:

No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone had the right to the protection of the law against such interference or attacks.  

Without Privacy 

Without privacy life would be hell. It would mean that you would be highly vulnerable to the control of others, you would lose your freedom which may lead to inhibition and tentativeness and you may be less spontaneous and you would be more likely to be manipulated. 

     

2) How might privacy change in the digital domain? 

The Internet threatens privacy in a number of ways, partly because it is possible to record everything that you do on line (partly through IP addresses). The government of Australia and the US and other countries regularly monitor electronic communication as do commercial companies such as Google, and Microsoft. Google monitors all its searches (which it uses in its advertising strategies) and Microsoft, particularly through its Hotmail system, monitors a great deal of the world’s email traffic. There is also an increasing trend for companies to monitor their staff’s email and web searching habits as well as monitor their staff through cameras and other such devices.

Echelon 

Two of the largest electronic surveillance initiatives originate in the US; a leader in the tactics of surveillance. The first is the Echelon system which is managed by the National Security Agency of the US. It is said to be capable of intercepting and decrypting almost any electronic message sent anywhere in the world via satellite. Microwave, cellular, and fiberoptic (so this is any message in the whole world between anyone!). And Echelon has come under intense criticism, especially from the European Union who have accused the US of using the Echelon system to spy on European corporation to gain commercial advantage for US corporations (and Echelon is said to operate in Australia through the US’s Pine Gap facility)

Carnivore 

The second electronic surveillance system is called Carnivore (it is a great name) and is used by the US FBI to monitor selective e-mail messages and other Internet traffic. The opponents of this system insist that the FBI should be required to get a court order before they tap someone’s email, as they need to with the telephone.

Arguments for Government Monitoring 

There are in fact a number of compelling reasons why a Governments need to monitor its people. 

There is Increased crime detection – Partly due to the placement of CCTV cameras, the success rate of conviction has increased as criminals are more likely to be convicted due to the ability to prove a suspect committed an offence.

Prevention of terrorism -. If communications between devices can be monitored, the activities of terrorists can be prevented before any terrorist attacks is carried out, and their networks can be disclosed by analysing the traffic flows in the networks.

Arguments against Government Monitoring 

And there are a number of arguments against government monitoring.  

Surveillance infringes on civil liberties – there is a lack of anonymity if facial recognition systems can be used, for example, to identify protestors in a demonstration.

CCTV cameras displace crime, rather than eliminate it – criminals move to areas where CCTV is not in place.

Due to the enormous manpower require to operate and monitor many surveylence systems, many crimes (even if recorded) go unnoticed for hours, days, or even months.

Monitoring can be used in committing crime, for example police officers have been caught using cameras to invade the personal privacy of women walking through airports.

Gathering data about many people in one place (the monitoring centre) provides a vulnerable source of data which would fuel illegal activities if its integrity was compromised.

The same technology used for disclosing networks of terrorists and criminals can be used by repressive regimes for finding dissidents and political dissenters.

 (edited from Wikipedia http://en.wikipedia.org/wiki/Privacy

Techniques for Manipulating Personal Information 

What are some of the techniques that governments and other institutions use to manipulate personal information? 

The first system is called Data Merging and this is when a number of databases, say a database with your drivers licence details is merged with a database about your car registration. Or it is when a database with your University subjects is merged with the Department of Immigration. Or it is when the Department of Immigration and Centrelink link up (so you can’t get unemployment benefits when you are holidaying in Thailand).

Say for example, that you give information about your income and credit history to a bank in order to secure a loan. The you give information about your age and medical history to an insurance company to purchase life insurance. You then give information about your views on certain social issues to a political organisation that you wish to join. Each of these organisations can be said to have a legitimate need for this information to make certain decisions about you — insurance companies have a legitimate need to know about your age and medical history before agreeing to sell you life insurance and lending institutions have a legitimate need to know about your income and credit history before agreeing to lend you money to purchase a house or car.

And insofar as you voluntarily give these organisations the information requested, no breach of your privacy has occurred. Now suppose that without your knowledge and consent, information about you that resides in the insurance company’s database is transferred and merged with information about you that resides in the lending institution’s database or in the political organisation’s database.

Even though you voluntarily gave certain information about yourself to three different organisations, and even though you voluntarily authorised each organisation to have the information, it does not follow that you authorised any one organisation to have some combination of that information. When organisations merge information about you in a way that you did not specifically authorise, you lose control over the way in which that information about you is exchanged.

Yet this is precisely what happens to much of the personal information that businesses and organisations gather and store electronically” (edited from Herman H Tavani, Ethics and Technology: Ethical Issues in an Age of Information and Communicatation Technology, Wiley, 2004 p.127.)

(and this can happed when a company goes broke or is bought by another company; the data files can become one and be used in way that you didn’t originally intend).   

And Data Merging is part of the impetus behind the proposed Australia Identification Card system where many government databases could become one uber database and link all government services through the one card and the one database (so the Australia Card System isn’t just about a small plastic card that we might be forced to carry, but it is also about a very large, and very expensive, and very vulnerable national database).

The second system is called Data Matching and this is when information on a discrete database is used to match similar records on another database. Such as the Taxation office matching banking records or matching Australian Stock Market holdings to taxation claims or the ASIO matching data against suspect banking transactions that may signal terrorist activities. The criticisms of this is similar to data merging as you gave information to one department or organisation to be used in one context but you didn’t give permission for that information to be used in another context (Herman H Tavani, Ethics and Technology: Ethical Issues in an Age of Information and Communicatation Technology, Wiley, 2004 p.127.)  

This is similar to data merging and one of the most famous cases was in the US when biometric identifiers were used at the Superbowl in 2001. Facial recognition software was used to scan the faces of individuals entering the stadium. The digitised facial images were then instantly matched against images in a centralised database to suspected criminals and terrorists”. (Tavani p.130).

 And the final system is called Data Mining and this is the technique most favoured by the Private Sphere. Private companies, such as Microsoft, can use the Information that they gather through systems such as Hotmail to uncover social trends that places them in a better position to market goods and services to people (like Google that uses targeted adds). If a company can understand broad commercial and social trends, through data mining large volumes of information, then they have a great competitive advantage over other companies. 

And although data mining is not concerned about individual records, it can be used to make important decisions about those individuals (ie. Hotmail could be used to discover the sexual habits of young people or the political beliefs of young people that could be used against then as a group). Or say data mining techniques could be used to discover implicit patterns of behaviour of young people via using Microsoft Messenger, sold to the ANZ bank, and used to discriminate against giving loans to you (even though you yourself may not identify with the majority habits of this group).

3) How does the Internet threaten privacy?

Cookies and Spyware 

And Cookies and Spyware, that nearly all desk top PCs have installed upon them usually without the permission of the user, send information back to various companies who can use it to better understand your web browsing activities (or for malicious purposes). And theage.com.au installs an cookie on you machine that The Age uses to uncover the browsing habits of it readers so that it can better target its online advertising to them (and some online advertising companies can access cookies from more than one web site, thus cross referencing them to gain a greater insight to your browsing habits).

Workplace Monitoring 

A trend that we have seen in recent years is for businesses to monitor their employees through various tactics. They may monitor their employees through CCTV cameras, or through monitoring the alarm system to see what time they arrive at work, or they may monitor their email to make sure that no trade secrets are being let out of the company, or they may monitor their web-browsing habits to make sure that no illicit sites or non-work-related sites are visited. Most large organisations, including most universities, have policies in place to govern the use of the internet and email and have systems to monitor its use.  

A Perth academic called Professor John Weckert argues that work place monitoring achieves very little and that it is better to instil a culture of trust in the workplace. He argues that a workplace is much more efficient where there is trust and if workers are heavily monitored, then they will simply do what they are told and what go beyond this and show initiative. (How does the boss monitor you?)

4) What are some of the laws within Australia to protect privacy? 

What are some of the laws that protect your privacy in Australia and particular your information privacy?  The main ones that concern us are in the Privacy Act of 1988 and particularly the National Privacy Principles (NPP). There is no constitutional right to privacy in Australia, such as in France, and there is a patchwork of state and federal laws protect privacy. 

National Privacy Pronciples (NPPs)

NPP1 – Collection:  Only collect personal information that is necessary for performance of functions

NPP2 – Use and Disclosure: Use and disclose personal information only for the primary purpose for which it was collected or a secondary purpose the person would reasonably expect. Use for other secondary purposes should have the consent of the person

NPP3 – Data Quality: Requires personal information is accurate, complete, and up to date

NPP 4 – Data Security: Take reasonable steps to protect personal information from misuse, loss, unauthorised access, modification or disclosure

NPP 5 – Openness: Organisations must be open about how they handle personal information. Must have clearly expressed policies on management of personal information and provide the policies to anyone who asks

NPP 6 – Access and Collection: Individuals have a right to seek access to their personal information and have it corrected if it is inaccurate, incomplete or out-of-date

 nNPP 7 – Identifiers: Government identifiers  eg. Tax file, Medicare, and Drivers License, can only be used for purpose for which thet were issued (and should now be used by private sector)

NPP 8 – Anonymity: Give individuals the option of not identifying themselves when entering transactions with organisations, if that would be lawful and feasible

NPP 9 — Transborder data flows: Transfer of personal information across borders is restricted nPersonal Information may be transferred only if the recipient protects privacy under standards similar to Privacy Act NPPs
NPP 10 – Sensitive Information: Sensitive information includes: racial and ethnic origins, political views, religious beliefs, professional memberships and associations, sexual preferences and criminal record Requires consent when collected and higher levels of protection afforded   

Further Reading

  1. Victorial Law Reform Commisson "Workplace Privacy"
  2. Rodger Clarke (ANU) "Australia Card"

  4 Responses to “What is privacy and why is it important?”

  1. [...] Hopefully, public awareness will rise in Australian about the negative aspects of the so-called ’smart-card’ (ie Privacy concerns). This is a similar proposal to the Australia Card in the 1980s, however because of the advences in technolgy (ie. data mining, and data matching) the stakes are a lot higher. [...]

  2. [...] While I was working for my last enterprise company I got this sneaking suspicion that something was going on with our corporate email. In particular, I thought that someone was embedding information into the emails to be tracked at a later date. This was in an attempt to stop employees from sending corporate confidential emails to third parties without concent – particularly fuckedcompany.com (the owner of which now runs Adbright, as an aside) and internalmemos.com, among others. I’m not typically a very paranoid person, I’m just really good at knowing when and where Big Brother is waiting around the corner. One day I finally had enough information to test my theory. Someone sent me a copy of one of the memos that was send out to one of the larger groups. It detailed the transition of a very important vice president to “special projects”. For those of you not accustom to the corporate world, that is double talk for the professional equivalant of the round file. So it was exactly the kind of dirt that these types of website and indeed investors would want to know. [...]

  3. [...] I’m not typically a very paranoid person, I’m just really good at knowing when and where Big Brother is waiting around the corner. One day I finally had enough information to test my theory. Someone sent me a copy of one of the memos that was send out to one of the larger groups. It detailed the transition of a very important vice president to “special projects”. For those of you not accustom to the corporate world, that is double talk for the professional equivalant of the round file. So it was exactly the kind of dirt that these types of website and indeed investors would want to know. [...]

  4. [...] Along with balancing the rules that govern Intellectual Property, the battles over the protection of personal data become another area of potential conflict within a society where information storage and retrieval devices have become cheap and ubiquitous. Here is the international guidelines set by the OECD (Organisation for Economic Cooperation and Development). Also see the primer that I wrote earlier this year about privacy and why it is important. The development of automatic data processing, which enables vast quantities of data to be transmitted within seconds across national frontiers, and indeed across continents, has made it necessary to consider privacy protection in relation to personal data. Privacy protection laws have been introduced, or will be introduced shortly, in approximately one half of OECD Member countries (Austria, Canada, Denmark, France, Germany, Luxembourg, Norway, Sweden and the United States have passed legislation. Belgium, Iceland, the Netherlands, Spain and Switzerland have prepared draft bills) to prevent what are considered to be violations of fundamental human rights, such as the unlawful storage of personal data, the storage of inaccurate personal data, or the abuse or unauthorised disclosure of such data.OnOn [...]

Leave a Reply