Privacy and Data Parvez Anandam Brenda Hernandez Jessica Miller Santeri Voutilainen Vitaliy Zavesov December 7, 2005 University of Washington CSE P 590TU University of California Berkeley PP 190/290-009 University of California San Diego CSE 291 (C00)Privacy and Data 2 Authors Chapter 1: Jessica Miller Chapter 2, Sections 2.1 – 2.7: Parvez Anandam Chapter 2, Sections 2.8 – 2.12: Vitaliy Zavesov Chapter 3: Brenda Hernandez Chapter 4: Santeri Voutilainen Chapter 5: Parvez Anandam & Vitaliy Zavesov Contents 1 The Complexities of Privacy....................................................................................... 4 1.1 Defining privacy.................................................................................................. 5 1.2 Privacy concerns and levels of concern .............................................................. 7 1.3 Evolution of privacy and privacy policy with technology .................................. 8 2 Personal Privacy – Organizational threats and associated technologies ................... 12 2.1 The power of correlating pieces of public data ................................................. 12 2.2 RFID Passports.................................................................................................. 14 2.3 Real ID .............................................................................................................. 16 2.4 Erosion of Privacy by the USA PATRIOT Act ................................................ 17 2.5 Adware and Spyware ........................................................................................ 18 2.6 Targeted Advertising......................................................................................... 19 2.7 Supermarket loyalty cards................................................................................. 20 2.8 Data and Information Privacy at the Workplace and at Home ......................... 21Privacy and Data 3 2.9 Video and Audio Monitoring ............................................................................ 21 2.10 Phone Call Monitoring...................................................................................... 23 2.11 Computer Monitoring........................................................................................ 26 2.12 Radio Frequency Identification (RFID) ............................................................ 28 3 Current Policy to Protect Privacy.............................................................................. 31 3.1 Privacy not a Constitutional Right and its Opposition to Free Speech ............. 31 3.2 Electronic Surveillance Laws............................................................................ 33 3.3 Protecting Personal Health Information............................................................ 37 3.4 International Privacy Protection through Policy ............................................... 38 3.5 European Union Directive Approach on Data Privacy ..................................... 39 3.6 Other International Privacy Related Laws ........................................................ 41 3.7 Recommendations on Policy to Protect Personal Data ..................................... 41 4 Public yet Private: Analysis of Privacy Preserving Data Mining Techniques.......... 44 4.1 Definition of terms ............................................................................................ 45 4.2 Privacy Preserving Data Mining Techniques.................................................... 47 4.3 Effectiveness and Usability............................................................................... 49 4.4 Recommendations ............................................................................................. 54 5 Conclusion................................................................................................................. 56 6 References ................................................................................................................. 61Privacy and Data 4 1 The Complexities of Privacy With the help of technologies such as the Internet, video cameras, cell phones with cameras, and most recently sensor technologies like RFID, recording of personal information is occurring now more than any other time in human history. Alongside this influx of massive amounts of recording is a gap in policy and public knowledge (e.g., many Americans refer to their “right to privacy” without knowing the word ‘privacy’ doesn’t even appear in the U.S. Constitution or Bill of Rights). Given this technical capability for massive recording and lack of coherent, uniform policy (in the United States and also globally), many key questions start coming to the fore. Namely, to what extent should one be able to assert control over their personal information that is collected by various organizations? What role should technology play in protecting privacy? What role should policy play? The complex interaction between policy and technology has become a research hotbed for the fields of law, economics, computer science and information systems, psychology, and human-computer interaction over the last decade. In this paper, we survey literature from these fields to understand the interaction between policy and technology with respect to personal privacy. Working from this survey, we come to our own conclusions on how we (four computer science students and one policy student) think technology and policy should move forward in personal privacy landscape. In chapter 1 we investigate why personal privacy is of such a concern today. Particularly, we discuss several key complexities of privacy and how technology has pushed on andPrivacy and Data 5 caused peoples’ attitudes of privacy to evolve. Next, in Chapter 2, we will explore the human organizations that want to collect/analyze personal information, the technologies they are using (or will use) that collect, analyze and store personal information, and the benefit/cost to the public of giving up their personal privacy to these organizations. Next, in Chapter 3, we will explore governmental and corporate policies (or lack thereof) that have been developed to protect privacy. We will look at laws in both the United States as well as internationally. We will also try to look for measures of success in these policies. Since personal privacy is such a
View Full Document