This document summarizes key concepts and theories related to privacy and cybertechnology from the textbook. It discusses how cybertechnology has increased the collection, exchange, retention, and accessibility of personal information. Several privacy theories are outlined, including intrusion theory, non-interference theory, and Nissenbaum's theory of contextual integrity. Cybertechnology techniques that threaten privacy are examined, such as cookies, RFID technology, computer merging, matching, and data mining. The value of privacy as an intrinsic vs. instrumental value is also debated.
Coca Cola's Distribution Network and Inventory Control
1. Write about Distribution Network Configuration and Inventory
Control of coca cola (only about coca cola only) donât include
other products of coca cola.
Strategies for Answering Discussion and Essay Questions
Chapter 5
V: Strategies for selected Discussion and Essay Questions in
Chapter 5 (see pages 169-
170 in the textbook)
A. Strategies for Selected Discussion Questions in Chapter 5
2. As a test case, connect to the search engine Google.com and
then type in your name in
Googleâs entry box. How many âhitsâ were returned under your
name? Assuming that one or
more hits were returned, was any of the information that you
were able to retrieve about
2. yourself information that you personally had authorized to be on
the Web. Were you surprised
that any of the information about you identified on Google was
so easily accessible to the
general public? Should that kind of personal information be
treated as âpublic informationâ?
What recourse should you have, if you wish to get that
information about you removed from
the Internet.
3. Striking the âappropriateâ balance in this case has not been
easy. Generally, in the US,
privacy laws have tended to favor the interests of businesses
and organizations in the
commercial sector rather than individuals. In Europe, on the
other hand, privacy policies and
data-protection schemes have been friendlier to individuals.
Judith DeCew has argued that we
should presume in favor of individual privacy and then let
people negotiate their personal
information in ways that they choose.
Further complicating the process of trying to balance the
interests of personal privacy and
3. information access has been recent concerns about national
security. This has been especially
apparent in period following the 9/11 attack.
B. Strategies for Selected Essay Questions in Chapter 5
1. In the early days of computing, the main concern about
privacy invasion tended to be
centered around issues associated with fears involving
governments snooping on their private
citizens. This was especially the case in the 1960s, when the
U.S. government considered the
feasibility of constructing a huge, national database that would
contain information about
every citizen. Fears about this proposal were then allayed when
it was determined that such a
database would not be constructed at that time. In the 1970s
through the 1990s, fears
regarding privacy violations of individuals shifted away from
concerns about the federal
government to worries about businesses and organizations in the
commercial sector that
collect and exchange personal information about individuals.
Following September 11, 2001,
4. however, privacy concerns have once again shifted â this time,
moving away from concerns
about privacy invasions in the commercial sector to privacy
concerns about the new roles that
the federal government plays in gathering personal information.
The USA Patriot Act, for
example, has concerned many civil libertarians who fear that
personal privacy has been
significantly eroded and that it may never again be fully
restored.
3. In the days immediately following 9/11, there were some
signs that people would be
willing to trade-off bits of their privacy in return for greater
security. Indeed, many Americans
still seem willing to do this. However, there have also been
attempts by privacy advocates to
âreclaimâ some of the individual privacy rights that appear to
have been undermined by
controversial legislation such as the Total Information
Awareness Act. For example, under
certain provisions of this act, it would be permissible for
airlines to conduct a background
5. check on oneâs credit history before determining whether that
individual is considered a
security risk. (In other words, an association is made between
oneâs credit record and that
personâs likelihood of being a terrorist; opponents of this
legislation have argued that it
unfairly biases poorer individuals.)
In some sense, privacy interests have already been reassessed
and recalibrated in the post-
September 11 world. Yet, many American still claim to value
their privacy. One way to
proceed with respect to privacy expectations in the current
period is for individuals to concede
that they must be willing to give away more pieces of their
privacy to the federal government
for purposes of national security, but that they should be able to
expect to retain their privacy
in cases of commercial transactions. One way of doing this is to
think of privacy not so much
in all-or-nothing terms but rather how individual privacy can be
protected in various sectors â
i.e. sectors involving medical privacy, financial privacy,
6. employee privacy, and so forth.
Personal privacy in most of these sectors could still be
protected from commercial interests,
even if the federal government has greater access to our
personal information.
Privacy and Cybertechnology
our lives â from commerce to
healthcare to work.
egories such as:
Privacy and Cybertechnology
(Continued)
cybertechnology affect each of us,
whether or not we have ever owned or
even used a networked computer.
7. can be acquired from our commercial
transactions in a bank or in a store.
Privacy and Cybertechnology
(Continued)
recreational purposes, our privacy is
threatened.
interests, can now easily be acquired by
organizations whose need for this information
is not always clear.
online activities can be sold to third parties.
Privacy and Cyberspace
cybertechnology in at least four ways, i.e., by the:
1. amount of personal information that can now be
collected;
2. speed at which personal information can now be
transferred and exchanged;
8. 3. duration of time in which personal information
can now be retained;
4. kind of personal information (such as
transactional information) that can be acquired.
What is Personal Privacy
privacy as something that can be:
What is Privacy (continued)?
that can be diminished (i.e., as a repository of
personal information that can be eroded gradually) or
lost altogether.
9. metaphor of a (spatial) zone that can be intruded
upon or invaded.
concerns affecting the confidentiality of information,
which can be breached or violated.
Classic Theories of Privacy
ve tended to
view privacy in terms of either:
-intrusion,
-interference,
information.
Non-intrusion Theory of Privacy
-intrusion theory views
privacy as either:
ne,
referred to as accessibility privacy
(DeCew, 1997).
10. Non-intrusion Theory of Privacy
(Continued)
-intrusion
theory can be found in both:
th Amendment to the U.S.
Constitution (i.e., search and seizure re
oneâs papers, affects, and so forth);
Warren and Brandeis in the Harvard Law
Review (1890).
Non-interference Theory of
Privacy
e non-interference theory views
privacy as freedom from interference in
making decisions.
the Griswold v. Connecticut (U.S. Supreme
Court) case in 1965.
-interference theory of privacy
is also sometimes referred to as
decisional privacy.
The Control and Limited Access
11. Theories of Informational Privacy
protecting personal information in
computer databases.
over their personal information.
been set up to restrict or limit access to
oneâs personal data.
Table 5-1: Three Views of
Privacy
Accessibility Privacy Privacy is defined in terms of one's
physically "being let alone," or
freedom from intrusion into one's
physical space.
Decisional Privacy Privacy is defined in terms of
freedom from interference in one's
choices and decisions.
Informational Privacy Privacy is defined as control over
the flow of one's personal
information, including the transfer
and exchange of that information.
A Comprehensive Account of
Privacy
12. privacy theory that incorporates key
elements of the three classic theories:
-intrusion),
-interference),
access to oneâs personal information).
Moorâs Comprehensive Theory of
Privacy
âan individual has privacy in a situation if
in that particular situation the individual is
protected from intrusion, interference, and
information access by others.â [italics
added]
Moorâs Theory of Privacy
(continued)
notion of a situation, which can apply to
a range of contexts or âzones.â
âactivity,â a ârelationship,â or the
âstorage and access of informationâ in a
13. computer or on the Internet.
Moorâs Privacy Theory
(continued)
ishes between ânaturally
privateâ and ânormatively privateâ situations
required for having:
Moorâs Natural vs. Normative
Privacy Distinction
Moorâs natural/normative privacy
distinction, we can further differentiate
between a:
Two Scenarios in the Textbook: One Involving Natural
Privacy, and One Involving Normative Privacy
alks into the computer lab
(at 11:30 PM, when no one else is around)
14. and sees Mary typing on a computer.
violated.
keyhole of Maryâs apartment door and
sees Mary typing at her computer.
but is also violated.
Helen Nissenabumâs Theory of
Privacy as âContextual Integrityâ
that the processes used in gathering and
disseminating information are
personal information in a given context.
Nissenbaumâs Theory (Continued)
types of informational norms as:
15. Nissenbaumâs Theory (Continued)
type of personal information is either appropriate or
inappropriate to divulge within a particular context.
information within and across contexts.
privacy occurs.
personal information is maintained when both kinds
of norms are ârespectedâ
Nissenbaumâs Theory (Continued)
theory demonstrates why we must always
attend to the context in which information
flows, not the nature of the information itself,
in determining whether normative protection
is needed.
seminar (in the textbook), which intends to
illustrate the role of âcontextual integrity.â
16. Why is Privacy Important, Why Is it
Valued, and What Kind of Value is It?
industrialized societies, where greater
importance is placed on the individual than
on the values and objectives of the broader
community?
Is Privacy an Intrinsic Value or an
Instrumental Value?
for its own sake
â i.e., is privacy an intrinsic value?
some further end
-- i.e., is privacy an instrumental value?
Privacy as an Intrinsic vs. an
Instrumental Value (Continued)
its own sake, and thus does not appear
to have intrinsic worth.
17. seems to be more than
merely an instrumental value
contingent) for achieving important human
ends (Fried, 1990).
Privacy as an Intrinsic or
Instrumental Value (Continued)
ivacy is
necessary for important human ends
such as trust and friendship.
a âcore valueâ â viz., security, which is
essential for human flourishing.
Privacy as a Universal Value
importance in
all societies, but it is not valued the
same in all cultures.
-Western
nations, as well as in many rural societies in
Western nations.
societies where national security and safety are
considered more important than individual privacy
(e.g., as in Israel).
18. The Value of Privacy as a âShieldâ
acts as a âshieldâ by providing for
freedom and independence.
Privacy also shields us from pressures
that preclude self-expression and the
development of relationships.
Privacy as a âShieldâ (Continued)
leaves us vulnerable and threatened because
we are likely to become:
Privacy as a âShieldâ (Continued)
protects (i.e., shields) us from:
19. Privacy as an Important Social
Value
underestimate the importance of privacy as
an important social value (as well as an
individual value).
debate in terms of privacy as a social value
(essential for democracy), as opposed to an
individual good, the importance of privacy is
better understood.
Three Cybertechology-related
Techniques that Threaten Privacy
-gathering techniques used to collect and
record personal information, often without the
knowledge and consent of users.
-exchanging techniques used to transfer and
exchange personal data across and between
computer databases, typically without the knowledge
and consent of users.
-mining techniques used to search for
patterns implicit in large databases in order to
generate consumer profiles based on behavioral
20. patterns discovered in certain groups.
Cybertechnology Techniques
Used to Gather Personal Data
ered at
least since Roman times (census data).
dataveillance to capture two techniques
made possible by cybertechnology:
-monitoring),
-recording.
Internet Cookies as a Surveillance
Technique
retrieve from the computers of Web users.
to collect data about those who access their
sites.
browsing preferences can be âcapturedâ
whenever a person visits a Web site.
21. Cookies (Continued)
file placed on the hard drive of the user's
computer system.
the user's system and resubmitted to a Web
site the next time the user accesses that site.
a user's knowledge and consent.
Can the Use of Cookies be
Defended?
se
cookies maintain that they are performing a
service for repeat users of their sites by
customizing a user's means of information
retrieval.
they are able to provide a user with a list of
preferences for future visits to that Web site.
Arguments Against Using Cookies
activities involving the monitoring and
recording an individual's activities while
visiting a Web site violates privacy.
22. that information
gathered about a user via cookies can
eventually be acquired by or sold to
online advertising agencies.
RFID Technology as a
Surveillance Technique
consists of a tag (microchip) and a reader.
data, and antenna that broadcasts data by radio
waves in response to a signal from a reader.
radio signal, and demodulator that transforms the
analog radio into suitable data for any computer
processing that will be done (Lockton and
Rosenberg, 2005).
RFID Technology (Continued)
labelsâ make it much easier to track inventory
and protect goods from theft or imitation.
threat to individual privacy.
23. transaction data by RFID owners and how
that data will be used in the future.
RFID Technology (Continued)
40 million Americans carry some form of RFID
device every day.
has been included in chips embedded in
humans, which enables them to be tracked.
RFID Technology (Continued)
gathering and surveillance techniques), RFID
threatens individual privacy.
while visiting Web sites, RFID technology can
track an individualâs location in the off-line
world.
involving âlocational privacyâ (see Chapter 12).
Cybertechnology and
Government Surveillance
24. required by the FCC to install a GPS (Global
Positioning System) locator chip in all new
cell phones.
enables the location of a cell phone user to be
tracked within 100 meters.
can also be used by the government to spy
on individuals.
Computerized Merging
Techniques
extracting information from two or
more unrelated databases and
incorporating it into a composite file.
ccurs whenever
two or more disparate pieces of
information contained in separate
databases are combined.
Computer Merging (Continued)
information about yourself to three different
organizations, by giving information about your:
25. 1. income and credit history to a lending institution
in order to secure a loan;
2. age and medical history to an insurance
company to purchase life insurance;
3. views on certain social issues to a political
organization you wish to join.
Computer Merging (Continued)
information to make decisions about you; for
example:
know about your age and medical history before
agreeing to sell you life insurance;
know information about your income and credit
history before agreeing to lend you money to
purchase a house or a car.
Computer Merging (Continued)
that information about you in the insurance
company's database is merged with information
about you in the lending institution's database or in
the political organization's database.
26. three different organizations, you authorized each
organization to have specific information about you.
authorized any one organization to have some
combination of that information.
Computer Merging (Continued)
Review the scenario (in the textbook)
involving Double-Click (an online
advertising company that attempted to
purchase Abacus, Inc., an off-line
database company).
-Click would have been
able to merge on- and off-line records.
Computer Matching
computer merging.
-
checks information in two or more
databases that are typically unrelated to
produce "matching records" or "hits."
Computer Matching (Continued)
27. government organizations, computerized
matching has been used by various agencies
and departments to identify:
who are suspected of having broken the law
(welfare cheats, deadbeat parents, etc.).
Computer Matching (Continued)
state motor vehicle registration records
(looking for individuals reporting low incomes
but owning expensive automobiles).
your mail is matched (and opened) by
authorities to catch criminals suspected of
communicating with your neighbors.
Computer Matching (Continued)
ing argue:
If you have nothing to hide, you have nothing to
worry about.
1. Privacy is a legal right.
2. Legal rights are not absolute.
28. 3. When one violates the law (i.e., commits a
crime), one forfeits one's legal rights.
4. Therefore, criminals have forfeited their right to
privacy.
Computer Matching (Continued)
-
recognition technology was used to scan the
faces of individuals entering the stadium.
e digitized facial images were instantly
matched against images contained in a
centralized database of suspected criminals
and terrorists.
many civil-liberties proponents.
Data Mining
involves the indirect gathering of
personal information via an analysis of
implicit patterns discoverable in data.
-mining activities can generate new and
sometimes non-obvious classifications or
categories.
could
29. become identified with or linked to certain
newly created groups that they might never
have imagined to exist.
Data Mining (Continued)
-to-
no protection for how personal information
that is acquired through data-mining activities
is subsequently used.
individuals based on the patterns found in the
personal data that has been âmined.â
-mining technology raise
special concerns for personal privacy.
Data Mining (Continued)
records in databases, information acquired
about persons via data mining is often
derived from implicit patterns in the data.
relationships, or associations about that
person, such as that person's membership in
a newly "discovered" category or group.
30. Data Mining (Continued)
used
in data-mining applications is generally
considered to be information that is
neither confidential nor intimate.
personal information generated by or
acquired via data mining techniques
must by default be public data.
Data Mining (Continued)
involving Lee, a 35-year old executive:
-mining algorithm âdiscoversâ that Lee:
own business, and
to declare bankruptcy within the first three years;
based on
data-mining algorithms, despite his credit score.
31. an actual case occurred in 2008, where an individual
had two credit cards revoked and had the limit on a
third credit card reduced because of associations
with: (1) where this person shopped and (2) where
he lived and did his banking (Stuckey 2009).
-mining algorithm âdiscoveredâ that this person:
purchased items there defaulted on their credited card
payments;
even though he made his mortgage payments on time.
Data Mining (Continued)
Web Mining: Data Mining on the Web
y, most data mining was done in
large âdata warehousesâ (i.e., off-line).
Web sites to analyze data about Internet
users, which can then be sold to third parties.
âWeb mining.â
âFacebook Beaconâ as an example of Web mining.
32. Table 5-2: Three Techniques
Used to Manipulate Personal Data
Data Merging A data-exchanging process in which personal
data from two or more sources is combined to
create a "mosaic" of individuals that would not
be discernable from the individual pieces of data
alone.
Data Matching A technique in which two or more unrelated
pieces of personal information are cross-
referenced and compared to generate a match or
"hit," that suggests a person's connection with
two or more groups.
Data Mining A technique for "unearthing" implicit patterns in
large databases or "data warehouses," revealing
statistical data that associates individuals with
non-obvious groups; user profiles can be
constructed from these patterns.
Public vs. Non-Public Personal
Information
-Public Personal Information (or NPI)
refers to sensitive information such as in
oneâs financial and medical records.
about a different kind of personal information
called Public Personal Information (or PPI).
33. -confidential and non-intimate in
character, and is generally not legally protected.
Privacy Concerns Affecting PPI
organizations generate privacy concerns?
you are a student at Technical University; you
frequently attend university basketball
games; and you are actively involved in your
universityâs computer science club.
because it is about you (as a person);but it is
also about what you do in the public sphere.
PPI (Continued)
no need to protect the kind of information we
now call PPI, because it was viewed as simply
public information.
assumptions about not needing to protect PPI
are no longer tenable because of what she
views as a misleading assumption:
There is a realm of public information about persons to
34. which no privacy norms apply.
PPI (Continued)
(described in the textbook):
protecting privacy in public, in an era
when data mining is typically used.
Search Engines and Personal
Information
h engines can be used to:
the textbook);
the text book.
sites you have visited (as in the Google vs. Bush
Administration case where usersâ search requests
were subpoenaed by the U.S. Government).
35. Accessing Public Records via
the Internet
we have them?
st, one had to go to municipal
buildings to get public records.
made a difference if Liam Youens had
to go to a municipal building to get the
information he sought about Boyer?
Accessing Public Records via
the Internet (continued)
(on accessing online public records):
information about license plate numbers for state residents
to an e-commerce site);
) The city of Merrimack, NH (making home property
records, and layouts of houses, available online).
available online to the public?
Can Technology Be Used to
36. Protect Personal Privacy?
for stronger
privacy legislation.
strong privacy laws and lobby instead
for voluntary industry self-regulation.
provide a compromise solution?
Privacy Enhancing Technologies
(PETs)
protect:
Web;
email) sent over the Internet.
PETs (Continued)
volving PETs include:
tools;
37. when using these tools.
Educating Users About PETs
PETs?
fault has been that
users must:
reasonable one?
PETS and the Problem of
Informed Consent
sites have a privacy policy.
about them collected
unless they specifically indicate otherwise.
secondary and future uses of personal data.
38. Privacy Legislation and
Industry Self-Regulation
-regulate
privacy through voluntary controls,
instead of strong privacy legislation?
do online consumers need regarding
the protection of their privacy?
(described in the textbook) to see some of the
challenges that can emerge.
Privacy Laws and Data Protection
-protection
principles in Europe and the U.S.
include the:
Insurance Portability and Accountability Act).
Towards a Comprehensive Privacy Policy
39. requires that rules for setting up normatively private
situations be âpublicâ and open to debate.
governing private situations should be âclear and known to
persons affected by them.â
transparency,
so that all parties in the âsituation,â or context, are kept abreast
of
what the rules are at any given point in time.
comprehensive privacy policy that incorporates legislation,
self-regulation, and privacy-enhancing tools.