Computer Ethics, Fall 2010 Week 5

Corboy Law Room 523
4:15-6:45 Mondays

Privacy
From whom?
AOL leak
RFID

Read: §2.1, 2.2 of Baase on privacy
Read http://cs.luc.edu/pld/ethics/garfinkel_RFID.pdf on privacy




Privacy

What is privacy all about? Baase (p 45) says it consists of
Are these all? Note that Baase put control of information as #2; I moved it to #1.

In some sense the second one is really a different category: the need to get away from others. A technological issue here is the prevalence of phones, blackberries, and computers and the difficulty of getting away from work.

The third one is to some degree a subset of the first: who gathers information about us, and how is it shared? Another aspect of the third one is freedom from GOVERNMENTAL spying. Privacy from the government is a major part of Civil Liberties.

Privacy is largely about our sense of control of who knows what about us. We willingly put info onto facebook, and are alarmed only when someone reads it who we did not anticipate.

Privacy from:
Sometimes, when we try to argue for our privacy, we get asked what do you have to hide? Is this fair?

On the other hand, should we care at all about privacy? Or is it just irrelevant?

Strange history: once upon a time we were mostly concerned about privacy from the government, not from private commercial interests.

What do computers have to do with privacy?
Old reason: they make it possible to store (and share) so much more data
Newer reasons: 
 
Baase, p 45: Communist East-German secret police Stasi, and non-computerized privacy invasion

Fourth amendment:
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated.

Baase p 47: computers "make it easy to produce detailed profiles of our personal characteristics, relationships, activities, opinions, and habits"

Maybe also of what sales pitches we're likely to respond to??
 
Some non-governmental privacy issues:

 
http://pleaserobme.com, listing twitter/foursquare announcements that you will not be At Home (now "off"; I wish I'd kept some sample data)


In ~1990, a big privacy issue was Caller ID. Whose privacy was at stake?
 
Facebook and MySpace have made us our own worst privacy leakers.

Facebook and college admissions, employment, any mixed recreational & professional use


Some things we may want to keep private:
In keeping these sorts of things private, are we hiding something?

Sometimes we want to keep things private simply to avoid having someone else misinterpret them.


Why do we care about privacy? Is it true that we wouldn't care if we had nothing to hide? What about those "minor transgressions"  on the list? Are they really minor?

Or is is true that "we live 'in a nation whose reams of regulations make almost everyone guilty of some violation at some point'" [Baase p 69]

Once upon a time (in the 1970's) there was some social (and judicial) consensus that private recreational drug use was reasonably well protected: police had to have some specific evidence that you were lighting up, before they could investigate. Now, police are much more free to use aggressive tactics (eg drug-sniffing dogs without a warrant, though they can't use thermal imaging without a warrant).

Is this a privacy issue?

On page 47, Baase quotes Edward J Bloustein as saying that a person who is deprived of privacy is "deprived of his individuality and human dignity". Dignity? maybe. But what about individuality? Is there some truth here? Or is this overblown?

On page 67, Baase quotes Justice William O. Douglas as saying, in 1968,

In a sense a person is defined by the checks he writes. By examining them agents get to know his doctors, lawyers, creditors, political allies, social connections, religious affiliation, educational interests, the papers and magazines he reads, and so on ad infinitum.

Nowadays we would add credit-card records. Is Douglas's position true?

Privacy from the government

This tends not to be quite as much a COMPUTING issue, though facial recognition might be an exception. "Matching" was an exception once upon a time. Interception of electronic communications generally fits into this category; the government has tried hard to make sure that new modes of communication do not receive the same protections as older modes. They have not been entirely successful.
   
To large extent, we'll deal with this one later.

One of the biggest issues with government data collection is whether the government can collect data on everyone, or whether they must have some degree of "probable cause" to begin data collection. On p 73 of Baase there is a paragraph about how the California Department of Transportation photographed vehicles in a certain area and then looked up the registered owners and asked them to participate in a survey on highway development in that area. Why might that be a problem?

Canadian position: government must have a "demonstrable need for each piece of personal information collected".
   

Commercial data, based on transaction history
    Primary use is some sort of marketing

Other data
    legal, workplace, medical, etc
    Traditional "paper" data;
    The computerization issue is easy/universal access to such data
   
personal
    facebook, etc
     

Some data collection that we might not even be aware of:

Google Buzz

Google Buzz is google's new social-networking site. When it was first introduced, your top gmail/gchat contacts were made public as "friends". For many, the issue isn't so much that yet another social-networking site made a privacy-related goof, but that it was google, which has so much private information already. Google has the entire email history for many people, and the entire search history for many others. The Google Buzz incident can be interpreted as an indication that, despite having so much personal information, Google is "clueless" about privacy. At the very least, Google used personal data without authorization.

For many people, though, the biggest issue isn't privacy per se, but the fact that their "google profile" overnight became their buzz page, without so much as notification.

See http://www.nytimes.com/2010/02/15/technology/internet/15google.html.
Or http://searchengineland.com/how-google-buzz-hijacks-your-google-profile-36693.

Tyler Clementi

On September 19, 2010, Rutgers University Tyler Clementi asked his roommate to be out of the room for the evening. Clementi then had a sexual encounter with another male. The roommate, meanwhile, turned on his webcam remotely from a friend's room, watched the encounter, and streamed it live over the internet.
(More at http://news.yahoo.com/s/ap/20101001/ap_on_re_us/us_student_taped_sex.)

Three days later Clemente leapt to his death from the George Washington bridge, presumably because he felt "outed".

How much is this about harassment of homosexuals?

How much is this about bullying?

How much is this about invasion of privacy?

Would the situation be seen differently if  Clemente's tryst had been with a woman?

Is this at all about "cyber harassment"?

Is it about abuse of "social media"?

What about "outing" that was once relatively common within the gay community?

What about Erin Andrews, the ESPN reporter who was videoed while undressed in her New York hotel room, allegedly by Michael Barrett, apparently now convicted? This video too was circulated on the internet; the case made headlines in July 2009 (though when the videos were actually taken is unclear). Barrett got Andrews' room number from the hotel, reserved a room next to hers, and either modified the door peephole somehow, or drilled a hole through the wall and added a new peephole.

Is Andrews' situation any different from Clementi's? (Aside from the part about damages to hotel property).

What should the law say here? Is it wrong to place security cameras on your business property? Is it wrong to place "nannycams" inside your house? What sort of notice do you have to give people?

Note that in Illinois it is a felony to record conversations without the consent of all parties, even in a public place. But there is a downside to this: you also cannot record the police if they stop or harass you, and you cannot record others who harass you (eg in the workplace). More at http://www.chicagobreakingnews.com/2010/08/aclu-challenges-illinois-eavesdropping-act.html. For a stronger slant on the recording-police issue, see http://gizmodo.com/5553765/are-cameras-the-new-guns (there is at least some evidence that the Illinois law in question was intended to disallow recording of police).


Note: Under New Jersey’s invasion-of-privacy statutes, it is a fourth degree crime to collect or view images depicting nudity or sexual contact involving another individual without that person’s consent, and it is a third degree crime to transmit or distribute such images. The penalty for conviction of a third degree offense can include a prison term of up to five years.

New Jersey lists "nudity" and "sexual contact" as entitled to privacy; some other states list "expectation of privacy".

One final note: if Clementi killed himself simply because he had been "outed", then any sex partner could have outed him legally. Sex partners could not have filmed him without his consent, but (like the Paris Hilton sex tape) a lover could later release a tape that had been made with consent.

Pennsylvania school laptops

In the Lower Merion school district in Ardmore PA, school-owned laptops were sent home with students. School officials have now been accused of spying on students by turning on the laptops' cameras remotely, while the laptops were in the students' homes.

The school's position is that remote camera activation was only done when the laptop was reported lost or stolen, as part of the LANRev software package (see also the open-source preyproject.com site). Note that the current owners of LANRev now state:

We discourage any customer from taking theft recovery into their own hands," said Stephen Midgley, the company's head of marketing, in an interview Monday. "That's best left in the hands of professionals."

However, the AP article on the incident states the following:

The Robbinses said they learned of the alleged webcam images when Lindy Matsko, an assistant principal at Harriton High School, told their son that school officials thought he had engaged in improper behavior at home. The behavior was not specified in the suit.

"(Matsko) cited as evidence a photograph from the webcam embedded in minor plaintiff's personal laptop issued by the school district," the suit states.

Supposedly the camera was activated because the laptop was reported as missing, but that in the case in question the laptop was declared missing by the school because insurance fees were not paid. Matsko saw the student ingesting something that looked to her like drug capsules; the student in question claimed it was Mike-and-Ike candy and there was considerable corroborating evidence that that was the case.

Some technical details, including statements made by Mike Perbix of the school's IS department, are available at http://strydehax.blogspot.com/2010/02/spy-at-harrington-high.html. The stryde.hax article also makes the following claims:
The first, if true, would seem odd; the other points are fairly standard.

Note that public schools are part of the government, and, as such, must abide by the Fourth Amendment (though schools may be able to search lockers on school property). (Loyola, as a private institution, is not so bound, though there are also several Federal statutes that appear to apply.)

Students and parents do sign an Acceptable Use policy. However, a signature is required for the student to be issued a laptop. Also, students are minors, and it appears to be the case that parents are not authorized to sign away the rights of minors.

In April 2010 the school's attorneys issued a report claiming there was no "wrongdoing", but nonetheless documenting rather appalling privacy practices. Some information from the report is at http://www.physorg.com/news192193693.html. The most common problem was that eavesdropping was not terminated even after the equipment was found.

Note that in Illinois it is a felony to record conversations without the consent of all parties, even in a public place.

AOL search leak, 2006

Baase p 48: search-query data: Google case, AOL leak.
In August 2006, AOL leaked 20,000,000 queries from ~650,000 people. MANY of the people involved could be individually identified, because they:
Many people searched for medical issues.

Wikipedia: "AOL_search_data_scandal"
    Thelma Arnold

Mirror site: http://gregsadetsky.com/aol-data/
   
An article:
http://www.techcrunch.com/2006/08/06/aol-proudly-releases-massive-amounts-of-user-search-data

Google strongly resisted releasing "anonymized" search data to the government.

What would make search data sufficiently anonymous?

Question: Is it ethical to use the actual AOL data in research? What guidelines should be in place?

Are there other ways to get legitimate search data for sociological research?

Where is google-search-history stored on your computer?

What constitutes "consent" to a privacy policy?
Are these binding? (Probably yes, legally, though that is still being debated)

Have we in any way consented to having our search data released?

Event data recorders in automobiles

Who owns the data? Should you know it is there?

What if it's explained on page 286 of the owners manual?

Should it be possible to use it AGAINST you?

See wikipedia: "Event_data_recorder"

Facebook and privacy

Facebook know a lot about you. It knows
In May 2010 Facebook introduced changes requiring that some of your information be visible to everyone: your name, your schools, your interests, your picture, your friends list, and the pages you are a "fan" of. Allegedly your "like" clicks also became world-readable. Here's an article by Vadim Lavrusik spelling out why this can be a problem: http://mashable.com/2010/01/12/facebook-privacy-detrimental. Lavrusik's specific concern is that he sometimes joins Facebook groups as part of journalistic investigation, not out of any sense of shared interest.

Here's a timeline of the progressive privacy erosion at facebook: eff.org/deeplinks/2010/04/facebook-timeline

Facebook also has proposed "sharing" agreements with some other sites, and made data-sharing with those sites the default. Some of the sites (from readwriteweb.com) are:
Right now it appears that Facebook has again stepped back from a full roll-out of the sharing feature.

Facebook has long tinkered with plans for allowing a wide range of third-party sites to have access to your facebook identity. Back in 2007, this project was code-named Beacon. Supposedly the Beacon project has been dropped, but it seems the idea behind it has not.

Ironically, third-party sites might not need Facebook's cooperation to get at least some information about their visitors (such as whether they are even members of Facebook). Your browser itself may be giving this away. See http://www.azarask.in/blog/post/socialhistoryjs. (Note that this technique, involving the third party's setting up invisible links to facebook.com, myspace.com, etc, and then checking the "link color" (doable even though the link is invisible!) to see if the link has been visited recently, cannot reveal your username.)

After resisting the most recent uproar for a couple weeks, Facebook once again changed. However, they did not apologize, or admit that they had broken their own past rules.

Here's an essay from the EFF, http://www.eff.org/deeplinks/2010/05/facebook-should-follow, entitled Facebook Should Follow Its Own Principles, in which they point out that Facebook's 2009 principles (announced after a similar uproar) state

People should have the freedom to decide with whom they will share their information, and to set privacy controls to protect those choices.

But Facebook's initial stance in 2010 was that users always had the freedom to quit facebook if they didn't like it. Here's part of Elliot Schrage, FB VP for Public Policy, as quoted in a May 11, 2010 article at http://bits.blogs.nytimes.com/2010/05/11/facebook-executive-answers-reader-questions:

Joining Facebook is a conscious choice by vast numbers of people who have stepped forward deliberately and intentionally to connect and share. We study user activity. We’ve found that a few fields of information need to be shared to facilitate the kind of experience people come to Facebook to have. That’s why we require the following fields to be public: name, profile photo (if people choose to have one), gender, connections (again, if people choose to make them), and user ID number.

later, when asked why "opt-in" (ie initially private) was not the default, Schrage said

Everything is opt-in on Facebook. Participating in the service is a choice. We want people to continue to choose Facebook every day. Adding information — uploading photos or posting status updates or “like” a Page — are also all opt-in. Please don’t share if you’re not comfortable.

That said, much of your information is still public by default.

Facebook vigorously claims that your information is not shared with advertisers, by which they mean that your name is not shared. However, your age, interests, and general location (eg town) are shared, leading to rather creepy advertisements at best, and cases where your identity can be inferred at worst.

Recall that advertisers are facebook's real customers. They are the ones who pay the bills. The users are just users.


Two weeks later, Facebook CEO Mark Zuckerberg weighed in, with a May 24, 2010 article in the Washington Post: http://www.msnbc.msn.com/id/37314726/ns/technology_and_science-washington_post/?ns=technology_and_science-washington_post. In the article, Zuckerberg does not seem to acknowledge that any mistakes were made. He does, however, give some Facebook "principles":
The first principle is a step back from the corresponding 2009 principle.


Finally, here is a lengthy essay by Eben Moglen, author of the GPL, on "Freedom in the Cloud: Software Freedom, Privacy, and Security for Web 2.0 and Cloud Computing": http://www.softwarefreedom.org/events/2010/isoc-ny/FreedomInTheCloud-transcript.html. Mr Moglen adds some additional things that can be inferred from Facebook-type data:
You get free email, free websites, and free spying too!

Mr. Zuckerberg has attained an unenviable record: he has done more harm to the human race than anybody else his age.

Because he harnessed Friday night. That is, everybody needs to get laid and he turned it into a structure for degenerating the integrity of human personality and he has to a remarkable extent succeeded with a very poor deal. Namely, “I will give you free web hosting and some PHP doodads and you get spying for free all the time”. And it works.

Later:

I’m not suggesting it should be illegal. It should be obsolete. We’re technologists, we should fix it.


Here are some of the June 2010 Facebook privacy settings, from privacy settings => view settings (basic directory information). Note that there is a clear explanation for why some things are best left visible to "everyone".

Your name, profile picture, gender and networks are always open to everyone. We suggest leaving the other basic settings below open to everyone to make it easier for real world friends to find and connect with you.

* Search for me on Facebook
This lets friends find you on Facebook. If you're visible to fewer people, it may prevent you from connecting with your real-world friends.
      Everyone

* Send me friend requests
This lets real-world friends send you friend requests. If not set to everyone, it could prevent you from connecting with your friends.
      Everyone

* Send me messages
This lets friends you haven't connected with yet send you a message before adding you as a friend.
      Everyone

* See my friend list
This helps real-world friends identify you by friends you have in common. Your friend list is always available to applications and your connections to friends may be visible elsewhere.
      Everyone

* See my education and work
This helps classmates and coworkers find you.
      Everyone

* See my current city and hometown
This helps friends you grew up with and friends near you confirm it's really you.
      Everyone

* See my interests and other Pages
This lets you connect with people with common interests based on things you like on and off Facebook.
      Everyone

Here are some more settings, from privacy settings => customize settings (sharing on facebook)

    * Things I share
          o Posts by me (Default setting for posts, including status updates and photos)
                Friends Only
          o Family
                Friends of Friends
          o Relationships
                Friends Only
          o Interested in and looking for
                Friends Only
          o Bio and favorite quotations
                Friends of Friends
          o Website
                Everyone
          o Religious and political views
                Friends Only
          o Birthday
                Friends of Friends
         .
    * Things others share
          o Photos and videos I'm tagged in
                Friends of Friends
          o Can comment on posts
                Friends Only
          o Friends can post on my Wall
                Enable
          o Can see Wall posts by friends
                Friends Only
    * Contact information
          o Friends Only


Caller ID

When it first came out in the early 1990's, Caller ID was widely seen as a privacy intrusion. That is, it took away your "right" to call someone anonymously. Actually, that is a plausible right if you're calling a commercial enterprise; if you don't want them calling you back, you should be able to refuse to give them your number.

Within a decade, Caller ID was widely seen as a privacy boost: you could control who could interrupt you. This is privacy in sense #2 above; the original issue was privacy in sense #1.

Caller ID never caught on with stores; it did catch on with ordinary people.

Is there any right to phone someone anonymously? What if you're trying to give the police a tip? What if you're a parole officer?


Facebook "connections": http://www.eff.org/deeplinks/2010/05/things-you-need-know-about-facebook

Your connections are not communications with other users, but are links to your school, employer, and interests. It is these that Facebook decided to make "public".


Personalization

We understand that all sorts of online purchasing information is collected about us in order for the stores to sell to us again. Whenever I go to amazon.com, I am greeted with book suggestions based on past purchases. But at what point does this information cross the line to become "personalized pitches"?

What if the seller has determined that we are in the category "price-sensitive shopper", and they then call/mail/email us with pitches that offer us the "best price" or "best value"? (See the box on Baase, p 78, for a related example.)

Political parties do this kind of personalization all the time: they tailor their pre-election canvassing to bring up what they believe are the hot-button issues for you personally.


SCOTUS cases on privacy -- Baase pp 69ff

moved to week 6