Society Information

Technology
Dr. Eng. Fatma Hussien Elgendy
Chapter 3
Privacy
 Privacy

• Privacy is “the right to be left alone—the most comprehensive of

1. Personal Privacy: This type of privacy involves the privacy of personal attributes
which would mean the prevention of anyone or anything that would intrude or
violate that personal space where those attributes are.
2. Informational Privacy: This type concerns the protection of unauthorized access
to information itself.
3. Institutional Privacy: Institutions and organizations data must be private as:
research data, the sales and product data, the marketing strategies, and the activities
of the organization.
 Informational Privacy
• There are different strands of information that we have to protect including:
a. Personal information: Most personal information of value includes information on
personal lifestyles like religion, political affiliations, or personal activities.
b. Financial information: Financial information is important not only to individuals
but also to organizations because it gives the organization the autonomy it needs to
compete in the market place.
c. Medical information: Medical information is very personal and very
important to all of us. For personal, employment, and insurance purposes,
many people want their medical information to be private.
d. Internet: the Internet keeps track of all our activities online. With an
increasing number of people spending an increasing number of time online in
social networks, our social life is being online. We want those activities and
habits private.
 Value of Privacy
1. Personal Identity: Personal identity is valuable because it enshrines personal privacy.
Unfortunately, with rapid advances in technology, especially computer technology, it has become
increasingly difficult to protect personal identity.
2. Autonomy
• The less personal information people have about an individual, the more autonomous that
individual can be, especially in decision making. However, other people will challenge one’s
autonomy depending on the quantity, quality, and value of information they have about that
individual. People usually tend to establish relationships and associations with individuals and
groups that will respect their personal autonomy, especially in decision making.
 Identity theft
• Identity theft occurs when someone steals key pieces of personal information to
impersonate a person. This information may include such data as name, address, date
of birth, Social Security number, passport number, driver’s license number, and
mother’s name.
• Using this information, an identity thief may apply for new credit or financial
accounts, rent an apartment, set up utility or phone service, and register for college
courses—all in someone else’s name.
• Four approaches are frequently used by identity thieves to capture the personal data of
their victims:
(1) create a data breach to steal hundreds, thousands, or even millions of personal records:
• The breach may be caused by hackers breaking into the database by carelessness or failure to
follow proper security procedures.
• organizations are unwilling to announce data breaches to avoid bad publicity and potential for
lawsuits
• victims, whose personal data was compromised need to be informed so that they can take
protective measures.
(2) purchase personal data from criminals;
• Black market for: credit card number, logon name and PIN for bank accounts,
identity information
(3) use phishing to entice users: sending legitimately looking emails claiming to be
from reputable companies to encourage individual to reveal personal information on a
fake web site to willingly give up personal data;
(4) install spyware capable of capturing the keystrokes of victims.
• Spyware: keystroke-logging software downloaded to users computers
without the knowledge of the user.
• Operates even if infected computer isn’t online, until the user connects to
the internet then, data captured by spyware is emailed directly to the spy or is
posted to a website where the spy can view it.
 Consumer Profiling
• Companies openly collect personal information about Internet users when they register at Web
sites, complete surveys, fill out forms, or enter contests online. Data can be sold or shared
with third parties.
• Many companies also obtain information about Web surfers through the use of cookies, text
files that a Web site can download to visitors’ hard drives so that it can identify visitors on
subsequent visits.
• Companies also use tracking software to allow their Web sites to analyze browsing habits and
deduce personal interests and preferences.
• The use of cookies and tracking software is controversial because companies can collect
information about consumers without their explicit permission.
• A number of advances in information technology—such as surveillance cameras,
facial recognition software, and satellite-based systems that can pinpoint a
person’s physical location—provide exciting new data-gathering capabilities.
However, these advances can also diminish individual privacy and complicate the
issue of how much information should be captured about people’s private lives.
 Privacy Implications of Database System
• Information Gathering
• Information gathering is a very serious business, no one is safe anymore.
• Invisible information gathering describes collection of personal information without the person’s
knowledge.
• The Act also tries in some way to protect the customer through three
requirements that the institutions must disclose to us:
1. Privacy policy: Through which the institution is bound to tell us the types of
information the institution collects and has about us and how it uses that information
2. Right to opt out: Through which the institution is bound to explain our recourse to
prevent the transfer of our data to third-party beneficiaries
3.Safeguards: Through which the institution must put in place policies to prevent
fraudulent access to confidential financial information.
 Privacy Violations and Legal Implications
• Other privacy violations include
1. intrusion
2. misuse of information
3. interception of information
4. information matching.
• Intrusion
• Intrusion is an invasion of privacy by wrongful entry, seizing, or acquiring possession of the
property of others.
• For example, hackers are intruders because they wrongfully break into computer systems
whether they cause damage or not.
• With computer network globalization, intrusion is only second to viruses among computer
crimes, and it is growing fast.
• Misuse of Information
• Businesses and governments collect this information from us honestly to provide services
effectively. The information collected is not just collected only to be stored but this
information is used for unauthorized purposes
• Interception of Information
• Interception of information is unauthorized access to private information via
eavesdropping, which occurs when a third party gains unauthorized access to a
private communication between two or more parties. Information can be gathered by
eavesdropping in the following areas:
• At the source and sink of information, where either client or server intrusion
software can listen in, collect information, and send it back to the sender
• Between communication channels by tapping into the communication channels and
then listening in.
• Information Matching
• The danger with information matching is that there is no limit to what one can do
with the collected information
• The threat to information matching originate from linking individual records in
different databases and also can come from erroneous or outdated information.
 Privacy Protection and Civil Liberties
• the most accepted set of civil liberties are grouped into the following four categories:
(i) criminal justice, that includes police powers, personal liberty, and the right to a fair
trial
(ii) basic freedoms of speech, assembly, association, movement, and no discrimination
(iii) freedom of information
(iv) communications and privacy.
• The structures and guidelines, that safeguard and protect privacy rights , fall under the following
categories:
1. Technical: Through the use of software and other technically based safeguards and also by education of users
and consumers to carry out self-regulation.
❖ For example, the Electronic Frontier Foundation has the following guidelines for online safeguards:
(a) Do not reveal personal information inadvertently.
(b) Turn on cookie notices in your Web browser, and/or use cookie management software or infomediaries.
(c) Keep a “clean” email address.
(h) Be conscious of Web security.
(i) Be conscious of home computer security.
(l) Use encryption!
2. Contractual: Through determination of which information such as
electronic publication, and how such information is disseminated, is given
contractual and technological protection against unauthorized reproduction
or distribution.
❖Contractual protection of information, mostly special information like
publications, is good only if actions are taken to assure contract
enforceability.
❖3. Legal: Through the enactment of laws by national legislatures and enforcement of such
laws by the law enforcement agencies. For example, in the USA the following acts are such
legal protection instruments:
• Privacy Act (1974): regulates federal government agency record keeping and disclosure
practices. The Act allows most individuals to seek access to federal agency records about
themselves and also requires that personal information in agency files be accurate, complete,
relevant, and timely.
• (f) Family Educational Right and Privacy Act (1974): requires schools and colleges to grant
students or their parents access to student records and limits disclosure to third parties.
• Right to Financial Privacy Act (1978): provides bank customers the privacy of financial
records held by banks and other financial institutions.