Got 30 seconds to spare? Make a no cost food donation to the United Nation s World Food Programme

CIS3090 - Social and Professional Issues in Computing

Lecture 5 - Privacy and Information

Christopher Staff, Department of Computer Science and AI

References: Computer Ethics, Chapter 5

Data Protection Act

To make provision for the protection of individuals against the violation of their privacy by the processing of personal data and for matters connected therewith or ancillery thereto.

Data Protection Act, Chapter 440, The Laws of Malta

Introduction

What is "personal data"?

Why is information important?

Why is privacy important?

Is privacy important because entities (people, corporations, governments, etc.) cannot be trusted to use the information properly? What does using information properly mean? Is this why regulations and legislation are needed - to define proper use of information?

Information is something that has, or is seen to have, value and may have a context in which the information is obtained or used. The value of the information may change depeding on the context in which it is obtained or used. In the context of this lecture if I say "two", then you probably cannot fathom how to make use of it - it appears to have no value; it probably isn't information.

Consider, instead, that again in the context of this lecture, I state "In the exam, the answer to question 4 is 'two'". Suddenly, that statement has considerable value. Not only can you use it to you own advantage (to help you to pass an exam), but you can also perhaps sell the information to other students who are not at this lecture, but who will be sitting for the exam. Although a public announcement of the statement may remove any monetary profit that can be made from transactions involving the information, those sitting for the exam will still profit in other ways.

Scenarios

Consider the following scenarios:

  1. You go to the Blood Bank to make a donation. While the blood is being screened, the doctors and other medical staff discover that you have an ailment that will probably mean that you will be unable to work in three years time. They are under no obligation to disclose the information to you. A short while after the visit to the blood bank, you decide to make a purchase that requires you to seek a bank loan. Before the bank gives you a decision, the bank manager and a doctor who screened your blood meet at a social event. You happen to come up in conversation. It is, perhaps inadvertantly, disclosed to the bank manager that you will probably need to give up work in the near future. The bank manager does not inform the others present that you have recently applied for a loan, but denies you the loan on the basis of what he or she heard. Have you been wronged?

  2. Consider the same scenario but this time the clerk at the Blood Bank who filed the information relating to your medical condition also has a part-time job in the bank's department which considers loan applications. This member of staff has obtained information in one context. Is it right for him or her to use this information in a different context?

  3. In a third scenario, consider that you have been a "good" bank user for a number of years with bank X. You've hardly even gone overdrawn on your account, and then only with permission; you've repaid loans on time; and you've also saved regularly. A rival bank, bank Z, is offering certain attractive facilities, and you decide to avail yourself of these facilities. Bank Z, when you apply, insists that you obtain a signed declaration from an independent source that you can be trusted to not abuse Bank Z's facilities. You have a terrific credit history, but you do not want to inform Bank X that you will also be banking with Bank Z. You may feel embarrased or even humiliated having to ask for such a letter from your employer, etc., and you wish that there was an independent mechanism for a financial institution to establish whether you are a good or a bad risk...

  4. In a fourth scenario, consider that such an independent mechanism for establishing credit risk does exist, but somebody, somewhere, has made a mistake, and your records indicate that you have defaulted on a huge loan... It turns out that the defaulter was not you, but somebody with the same name (or, in the case of ID card numbers, two digits of an ID card number were transposed...)

  5. Consider that the information about credit risk exists, that your records are correct, that the information is shared with third-parties, and that on the basis of your credit standing, a company selling share portfolios contacts you to solicit for business.

  6. Consider that you telephone a company to enquire about an advert you've seen. The company has caller ID. Although you do not disclose your name or address, the company is able to go to an on-line telephone directory, query on the telephone number to obtain the name and address of the subscriber, and add these details, together with information obtained from the phone call, to their direct marketing database. Soon afterwards, you begin to receive product information from this company through the post.

In each scenario, the information has been obtained in one context; the information may have value to the entity which obtained the information initially; the information may also have value to third-parties; the information may be traded or simply made available (intentionally, or otherwise) to third-parties; third-parties may obtain the information for use in a context which is different from the one in which it was obtained; you may be advantaged or disadvantaged by the disclosure of information.

Consent

For each of the presented scenarios, assume that you knew even before you provided the information in the first place that the information may be traded to third-parties (though you don't necessarilty know to which third-parties!), and you give your explicit consent for the information to be shared. Does this change how you feel about the outcomes of each scenario?

Collecting Information

Think about an average day of yours... in how many ways is information about you being collected?

Record-keeping

Information and privacy has much to do with record-keeping. In each scenario other than the first, the information was gathered to be stored. Rather than a few individuals who have first-hand knowledge of the information, or who come across it through discussion with those who have, now anybody who has access to records can discover, and potentially use or make use of, information. If you defaulted on a small loan when you were young, would you like that information to prevent you from ever getting another loan, regardless from which financial institution in any part of the world you approach? Or if you were member of certain political or social parties? Or if you fraternise with individuals who are "known to the police" even though you would never dream of committing a crime? How would you feel about the information being made available to third-parties? Or if they were able to access the information (via hacking, or carelessness on the part of the record-keepers)?

Is it a only a problem if the information is "sensitive" (in some way) and can be used against you?

Technological Advances

Technology has made is possible to process data several orders of magnitude faster than ever before. Technology has made it possible to compare data, faster and more accurately than ever before, to identify whether certain data, although collected separately, should possibly be associated. Christopher Staff owns a Ferrari (data with Vehicle Licensing Department). Christopher Staff owns a villa in Madliena (data with Land Registry Department). Christopher Staff has a declared annual income of Lm5000 (data with Inland Revenue) (All untrue, by the way :-)). Individually, this data is innocuous. Taken together - especially with the Tax Office information - the data suddenly has meaning. It becomes information: information which suggests that I may be living a lifestyle inconsistent with the level of my declared earnings.

It used to be, when this kind of information was available only stored in paper records, that investigators would have to have a feeling that I was worthy of investigation and then manually track down and analyse the evidence, which may have taken months or even longer. Nowadays, a program can be written to do it - for all citizens, rather than just those who have raised suspicions, and make connections between different pieces of information in a heartbeat! Is it an infringement of our rights if governments performs those sorts of checks on us? What if governments don't, but they do not ensure that the data cannot be accessed by the public (lack of security), and a third-party uses the information to threaten to "expose" the information? What if the third-parties simply e-mail the information to "the rest of the world"? Or publish it on a Web site?

Although paper record-keeping and manual processing of data may have given rise to claims of infringements of privacy, technological advances make it possible for infringements on a scale never seen before. Johnson identifies five ways in which technology has effected record-keeping :

  1. "it has made a new scale of information gathering possible;
  2. it has made new kinds of information gathering possible, especially transaction generated information;
  3. it has made a new scale of information distrubution and exchange possible;
  4. the effect of erroneous information can be magnified; and
  5. information about events in one's life may endure much longer than ever before." (Johnson, 2001, Chapter 5, pg. 117)

Data Inversion

We have discussed issues of information being collected in one context, may have a very different value, and different implications for the individual, if the same information is used in a different context.

We will now consider how data may be "inverted" to make unwanted connections between different information that exists.

In the sixth scenario above, a company was able to access information about us that perhaps should not have been available to them. You telephoned a company to make enquiries which were unsatisifed, but through Caller ID the company was able to obtain the name and address of the subscriber and was able add the details to a direct marketing database. The company may have also sold this information to other companies that may be in a better position to meet your requirements.

The information that you provide to the telephone company (name, address, telephone number) is automatically included in a telephone directory unless you ask for it to not appear. In its print form, the telephone directory is organised by surname, name, locality, and telephone number. The intention is clearly that it is possible to extract meaningful information (information that has value) if you know the subscriber's name as well as at least a partial address (unless the subscriber name is unique).

In electronic format, however, data can be inverted. Assuming that the information is stored in a database, with the touch of a button the information may be sorted by telephone number, or by partial address (eg, town or street name). The only reason that the company in scenario six is able to identify the subscriber is because a mechanism is available to invert the data so that instead of the only reasonable method of accessing the data is by subscriber name, suddenly it is possible to access all information about subscribers using any part of the record.

The over-riding problem in this example is not so much that the telephone company has a database of its subscribers - the company needs it. The problem (if, indeed, it is a problem!) is that the company has made this database available to the public (or to third-parties in exchange for a fee). The way that the information may be subsequently used may be inconsistent with its intended use when it was given by the subscriber.

Other forms of data inversion may occur through processing of publicly available information, especially when it is on-line and susceptible to electronic data processing techniques. For instance, a current trend on the Web is to create Web robots that capture email addresses. You can potentially build a list of hundred's of millions of email addresses... However, those email addresses are made public so that contact can be established for "legitimate" reasons. They are not there so that junk mail can be sent indiscriminately. If you do that, as more and more people learn of their rights, you can discover that you are actually acting against your own interests. If I receive unsolicited email of a commercial nature, I usually mail back to say "Thank you very much... I've now added their details to my database of companies I will never, ever, do business with!". Just as it is easy for them to contact me, it is even easier for me to boycott them!

Information and Trust

Normally, when information is given, the information provider (the individual the information is about) gives information to the information seeker on the grounds that the information will be used for a specific and agreed upon purpose. Even though there might not be a signed physical contract, the information seeker is trusted by the information provider to use the information discretely.

In a similar way, if you confess your sins to a priest, get a health check-up, tell your nearest and dearest about the thing that scares you most, discuss your financial situation with your bank manager, or go to the chemist to purchase ointment for an embarrassing skin complaint, you will feel that your trust has been betrayed if all that information appeared in public the next day.

Similarly, when information about ourselves is given to entities as part of an interaction (a company must know your name and address if it is to make a delivery to you; a retail outlet does not need this information, but will have at least your name if you make a purchase using a debit/credit card or cheque; unless you use cash, you cannot be anonymous!), we trust the entity to use the information for that transaction only. The entity rarely throws away the information, however. The entity archives it for processing, to see how trends are developing; to contact you when new stock arrives; to invite you to the launch of a new season; to provide you with a more informed service, tailored to your needs... As in scenario three, there are times when you may feel that you are being provided with a better service as a result of the information being shared and used in different contexts: this is the dilemma of information and privacy! See Johnson, 2001, Chapter 5, pp 118-129) for arguments concerning privacy.

Data Protection

At worst, you may feel that you have been wronged if you feel a sense of injustice about decision taken against you, or involving you, when the information that was used to arrive at the decision was obtained in a different context and is being used without your consent.

Legislation exists in the legal systems of a number of countries to provide legal frameworks for the obtaining, storing, processing, and sharing of information. We will not be looking at the legal implications of the Data Protection Act (Laws of Malta), but you are encouraged to be familiar with its provisions. If are, or will be, creating collections of information about identifiable individuals (as opposed to collections of information about anonymous people), then you must be aware of your rights as well as the rights of the individuals. If you, for or on behalf of an entity, betray the trust of an individual, then, ultimately you will only be hurting your own reputation and the reputation of your employer. Similarly, as a professional, you have a duty to report possible infringements on civil liberties when you are aware of them.

For further information e-mail cstaff@cs.um.edu.mt

Date last amended: Tuesday, 4th November 2003