CS 1023 Cultural Implications of the Information Society

Privacy in the U.S. is a confusing and misunderstood issue, since the word ``privacy'' does not appear in the U.S. Constitution. However, the U.S. courts have given citizens privacy rights under the Fourth Amendment guarantee of rights of ``people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures.'' In practice this has meant that without a warrant or probable cause, U.S. citizens have considerable privacy in their private space and little privacy in public space. (The inside of a person's body and the interior of their car are in their private space.) The situation actually fits well with suggestions for widespread public surveillance, and for privacy laws and policies that allow individuals to protect their private space, including private communications and private data.

Why is privacy important? Alderman and Kennedy, in their book The Right to Privacy gave the following answer:

[Privacy] protects the solitude necessary for creative thought. It allows us the independence that is part of raising a family. It protects our right to be secure in our homes and possessions, assured that the government cannot come barging in. Privacy also encompasses our right to self-determination and to define who we are. Although we live in a world of noisy self-confession, privacy allows us to keep certain facts to ourselves if we so choose. The right to privacy, it seems, is what makes us civilized.

In my terms, removing all privacy would be a greater crime, a crime against citizens committed by government or society. Nevertheless, it is not obvious that privacy is the only way for mankind to go forward. I can imagine successful human societies with no privacy: no secrets, not even secret thoughts, and glass houses. Many problems and fears might disappear, replaced by the comfort and certainty of communal activities. Some societies, such as Navaho Indian tribes, or natives of Western Samoa, lived that way. Privacy, and its companion, individuality, may be overrated now in the West. It is a relatively new concept; the Middle Ages had little privacy.

In the U.S., there are also Fifth Amendment problems with the absence of privacy, since a violation of privacy could incriminate someone. There are problems of blackmail, plagiarism, stealing secrets, and espionage with privacy violations. People can be subjected to emotional distress or humiliation or ridicule if privacy is violated -- think of Prince Charles and his intercepted cellular phone conversations. He had a right to expect privacy; strong cryptography should have protected him, but instead his lovers' conversation was paraded before the world.

In the end, individuals must decide for themselves how important privacy is to them. The trend has been to accept some loss of privacy in public, a privacy that was only present because no one bothered to violate it, in exchange for additional safety and security. An expectation of privacy of electronic conversations promotes the free exchange of ideas and thus promotes free speech and open access to information. This is one reason for American's emphasis on the right to privacy.

Privacy of Data

Recently in the U.S., when the issue of privacy abuse comes up, the subject is often privacy of data. The concern is about invasion of the privacy of one's personal data, particularly that carried out by government and private industry. In the United States agencies and companies collect vast amounts of data about individuals. The collectors proceed to copy and exchange and sell the data, to correlate and cross-correlate. Companies want a profile of the individual's activities and interests to target advertising better. There is data about lifestyle, about crimes, about finances, about preferences, and about family history; companies track purchases at stores, magazine subscriptions, catalog purchases, vacation destinations, movie rentals, and so forth. Much of the data is inaccurate -- a notorious problem with credit data. The usual discussion proceeds to ways of limiting the data collected, limiting its spread, and correcting inaccurate data. Privacy advocates propose laws to limit the collection and spread of data. They would use the new laws to correct inaccuracies and also would provide open access by individuals to their own data, to amend or delete it.

Current personal data privacy laws are strong in Europe, while they are confused and uneven in the U.S. For example, American laws now forbid releasing the titles of videos rented, but allow dissemination of information from medical records.

It is easy to imagine problems arising from inaccurate data. A bank may deny a loan application because of past loan defaults by someone with a similar name. Similarities can lead to arrest and imprisonment. Part of the problem rests with inadequate personal identification. I would feel personally more secure if I knew my activities could be accurately ascribed to me, and that no one else could impersonate me. In addition to improved identification, agencies should expand open access to one's own personal data. Note that accurate identification is a crucial issue: Everyone wants access to their own personal data and wants any impostors denied such access. One current method of obtaining data about an individual is to pretend to be that individual. Alternatively, people desiring data pretend to have a legitimate need for the data, whether related to health, finances, or other matters.

Suppose a person accesses data (books, tapes, or online data) about AIDS, perhaps because a friend is ill, and later finds that he can no longer get insurance or a job, because a computer data bank has kept track of this ``suspicious'' reading material and now is using the data for a different purpose. Society needs laws against the correlation of such data by private industry, but governments still ought to gather the data by logging, for use by law enforcement with a court order.

It is also possible to abuse legitimate access to data. For example, there are often news reports about misuse of personal data, with stories describing the sale of criminal records to private detectives, lawyers, and politicians in defiance of the right-of-privacy laws. Examples included an angry ex-policeman tracking down and murdering his former girlfriend, and a drug-dealer getting help from police computers to verify the background of clients, to check for undercover agents. The story recommended strong criminal sanctions as a deterrent. One could also use fingerprints. Access to personal data in the U.S. by the ``proper'' authorities is far too easy, usually with no auditing or controls. This must change, with logging of the accesses to personal data and with auditing of these logs.

The World Wide Web has added a new dimension to problems with personal data, since sites can collect information about visitors -- information that can be saved, combined, reused, and sold. There is a recent push for web sites to list their privacy policy, that is, to tell users how much personal information the site saves. Even more worrisome is the current practice of web browsers to save information about browser use in the user's computer -- the so-called ``cookies.'' Other web sites can access this cookie information to learn about a user's activity on the web.