Privacy and Surveillance

Understanding & Use of the Internet

Spring 2011

G. F Khan, PhD

Ideas so far

Internet and properties Theoretical approaches toward technology

and society’ e.g STT. SCOT Information Society Community & Identify Politics & Democracy

This class

• Surveillance• Sensitive Personal Data/Information• Privacy• Data protection

– Legislation, governance, practice• Dataveillance• Social Sorting• Surveillance Society

Surveillance

• Surveillance – to watch over – paying close attention to personal details for the purpose of influencing, managing or controlling those under scrutiny (Lyon)

• Purposeful, Routine, systematic, focused attention paid to personal details for the sake of control, entitlement, management, influence or protection (OIC

report 2006)

Surveillance

Surveillance involves the use of techniques to gather and use information about individuals – their personal details, their movements and social contacts, their habits and behaviour, their communication – in order to make administrative or business decisions that affect their life chances and those of the groups or categories into which they are construed to fall. (OIC report 2010)

Surveillance Mass Surveillance

Systematic surveillance of everyone Targeted Surveillance

Surveillance of particular individuals places or activities

Both can use tools of Internet age, but increasing possibilities for mass surveillance

Surveillance Watching each other (p2p), lateral

surveillance Government surveillance - of individuals and

organisations Commercial surveillance - of individuals and

organisations ‘Sousveillance’ of powerful organisations

Ordinary people doing the watching, rather than higher authorities or architectures doing the watching

Surveillanceof individuals

By individuals by organizations

Of organisations

Peer monitoringsurveillance

Sousveillance

Holding to account/ espionage

Theoretical approaches-Surveillance Enables rationalisation and efficiency in the

bureaucratic systems Productivity and economic efficiency in the

capitalist system– not only in production, but in marketing and selling.

Many see surveillance central to the emergence of states, and all the institutions of states. State does not only use violence, but surveillance, which is a powerful tool in development of dictatorship.

Privacy questions How can we define Privacy? What are main sources of ideas about

privacy? What are benefits of privacy? For whom? What are the problems with main conceptions

of privacy? How is privacy a social policy question? Why

do we need it in a free, democratic society? How does privacy relate to trust? What are the main tools used in safeguarding

privacy? What alternative futures are there for privacy?

Privacy

Privacy is the interest that individuals have in sustaining a 'personal space', free from interference by other people and organisations. (Clarke, 2005)

http://www.rogerclarke.com/DV/Intro.html

Privacy of personal communications. • Individuals claim an interest in being able to

communicate among themselves, using various media, without routine monitoring of their communications by other persons or organisations. This includes what is sometimes referred to as 'interception privacy'; and

Privacy of personal data. • Individuals claim that data about themselves

should not be automatically available to other individuals and organisations, and that, even where data is possessed by another party, the individual must be able to exercise a substantial degree of control over that data and its use. This is sometimes referred to as 'data privacy' and 'information privacy'.

Dimensions of Privacy (by Clarke,2005)

Dimensions of Privacy (by Clarke,2005)Privacy of the person:

• Sometimes referred to as 'bodily privacy' This is concerned with the integrity of the individual's body. Issues include compulsory immunisation, blood transfusion without consent, compulsory provision of samples of body fluids and body tissue, and compulsory sterilisation;

Privacy of personal behaviour:• This relates to all aspects of behaviour, but

especially to sensitive matters, such as sexual preferences and habits, political activities and religious practices, both in private and in public places. It includes what is sometimes referred to as 'media privacy';

Personal Data What is Personal Data? What is Sensitive personal data Who ‘owns’ personal data? How can personal data be used? What moral rights should be have over personal

data How can these rights be protected in law and in

practice?

Dataveillance (Clarke)

Collection, classification, linking and use of personal and collective information

Creation of information ‘identity’ The individual and their data

‘identity’ What makes up your ‘data identity’? Personal Data

Personal Data? Highly contested concept

To be “personal data”, data must be capable of affecting an identifiable person in a material way, and the notion of what is a relevant effect permits various interpretations. (ICO report 2010)

‘Sensitive personal data’

OCI survey of 27 European countries approach to PD (2004)

‘Unique Identifier’ ModelPersonal Data is data which may be uniquely related to an individual.

Due to the uniqueness of the data, it is impossible for it to be anonymised in such a way as to render it impossible for it to continue to be related to an identifiable person. Context is irrelevant.

‘Affects’ Model Personal Data is data which is capable of affecting an individual in a

relevant way. It is possible to anticipate whether data will affect an individual in a relevant way without taking account of context.

‘Context Dependent Identifier’ Model Personal Data is data which may identify an individual. All data is

capable of being personal data, as any data is capable of identifying an individual in the right circumstances.

‘Context Dependent Affects’ Model Personal Data is data which may affect an individual in a relevant way.

All data is capable of being personal data, as any data is capable of affecting an individual in a relevant way in the right circumstances.

Personal Data in the Internet? IP address and trail Cookies Spyware Website specific personal data – e-government

and ecommerce Bank/credit card; Government; Commercial records

Search term logs Posts to bulletin boards Emails; Chat logs SNS posts etc

Designed into technology

Consent and limits of data use

We are not passive ‘data objects’ We can give or withhold our consent Types and use of consent

Informed consent: Explicit consent Also known as express or direct consent —means

that an individual is clearly presented with an option to agree or disagree with the collection, use, or disclosure of personal information.

Implicit consent Opt-in or opt-out

Protecting privacy, making consent work

Law- e.g. Data protection directive of EU

Policy and Policy Practice

Technology

Self-regulation

Protecting privacy, making consent workThe seven principles governing the OECD’s recommendations

for protection of personal data were: Notice—data subjects should be given notice when their

data is being collected; Purpose—data should only be used for the purpose stated

and not for any other purposes; Consent—data should not be disclosed without the data

subject’s consent; Security—collected data should be kept secure from any

potential abuses; Disclosure—data subjects should be informed as to who is

collecting their data; Access—data subjects should be allowed to access their

data and make corrections to any inaccurate data; and Accountability—data subjects should have a method

available to them to hold data collectors accountable for following the above principles

Internet’s threat to personal data (Clarke, 1998) Transmission Insecurity

Data transmitted over the Internet is subject to several risks:

it might not reach the intended recipient; it might reach an unintended person or organisation; it might be accessed by an unintended person or

organisation; the contents might change while in transit; a message might be transmitted that purports to

come from a particular sender, but doesn't; a sender may wrongfully deny that they sent it; and a recipient might wrongfully deny that they received

it.

Internet’s threat to personal data (Clarke, 1998) More Transaction Trails, of Greater Intensity

Internet transactions enable the automated maintenance of yet more trails of each person's activities and locations, including:

logs of email messages sent and received; logs of web-pages visited (referred to by marketers as

`the click-trail'); and logs of transactions using the many other Internet

services (such as FTP, Telnet, IRCs, MUDs, video-phones and video-conferences).

A cookie is a record that is written onto the local drive of the web-browser, as a result of a command issued by a web-server

Internet’s threat to personal data (Clarke, 1998) Personal Profile Extraction One extract all your information from your

online profile, even after you delete it. E.g. Facebook

Push-Marketing Tracking your online behavior and send you

with ads while your visiting some website.

Threats to Personal Identity (Clarke, 1998) Appropriation of One's Identity

Identity theft is the acquisition and use of sufficient evidence of identity relating to a particular person that the thief can operate as though they were that person.

e.g. stealing credit card number, email ID and password etc

Location Services Through GPS and other technology people can know

exactly where are you. Good side V.S bad side?

What is Surveillance Society? We live in a surveillance society-every move is

watched every key stroke in recorded. In all the rich countries of the world everyday

life is suffused with surveillance encounters, not merely from dawn to dusk but 24/7.

There are complex infrastructure which assumes that gathering and processing personal data is vital to contemporary living. E.g. CCTV, fingerprints or iris scans,

communication records or the actual content of calls

Two sides of Surveillance Society Benefit

Efficiency speed control Law and order, and Coordination Reduction of corruption

Drawbacks Privacy-a lot of personal data collected Security- what if this data goes into wrong hands? Large infrastructure large problems- e.g. social security

or medical databases if corrupted or hacked? Who is watching the watcher?

Key issues in surveillance Social Sorting Function Creep

Data Flow

Social Sorting In government and commerce large personal

information databases are analysed and categorized to define target markets and risky populations

To make sense of personal data Examples?

Micro targeting in politics Marketing e.g. Amazon and eBay Suspicious individual behaviour Connivance for customers e.g. easy to find your

product and save time

Function Creep

Collected for one purpose, but used for other purpose beyond what was originally understood and considered socially, ethically and legally acceptable

Data Flow Data gathered by surveillance technologies

flow around computer networks. Many may consent to giving data in one

setting, but what happens if those data are then transferred elsewhere?