THE IMPACT OF COMPUTER TECHNOLOGY Computers are not necessary for the invasion of privacy, however, because the

use of computers has made new threats possible and old threats more potent. Computer technology has had a profound impact on what information is collected about us, who has access to it, and how they use it. Computer technology allows search and surveillance of huge numbers of people, often with out our knowledge. Privacy is probably the computer issue that worries the people most. There are three key aspect of privacy: Freedom from intrusion being left alone Control of information about oneself Freedom from surveillance (from being watched, eavesdropped upon). It is clear that we cannot expect complete privacy. We usually do not accuse someone who initiates a conversation invading our privacy. Many friends and slight acquaintances know what you look like, where you work, what kind of car you drive, and whether you are a nice person. Critics of privacy argue that it gives cover to deception, hypocrisy, and wrong doing. It allows fraud. It protects the guilty. Concern for privacy may be regarded with a suspicious What do you have to hide? Privacy involves a balancing act. Privacy scholar Alan Westin describes the factors to be balanced as follows: Safeguarding personal and group privacy, in order to protect individuality and freedom against unjustified intrusion by authorities. Collecting relevant personal information essential for rational decision-making in social, commercial, and governmental life. Conducting the constitutionally limited government surveillance of people and activities necessary to protect public order and safety. The man who is compelled to live every minute of his life among others and whos every need, thought, desire, fancy or gratification is subject to public scrutiny, has been deprived of his individuality and human dignity. He merges with the mass Such a being, although sentient, is fungible; he is not an individual. Its important to realize that privacy preserves not personal secrets, but a sense of safety within a circle of friends so that the individual can be more candid, more expressive, and more open with secrets.

RISKS OF THE TECHNOLOGY Computers, internet and World Wide Web make collection, searching, analysis, storage, access, and distribution of large amounts of information easier, cheaper, and faster than before. Today, there are thousands of databases, both government and private, containing personal information about us. Some of this information, such as our specific purchases in the supermarkets and bookstores, was simply not recorded before. In the past, conversations disappeared when people finished speaking, and personal communications were normally read by only the sender and recipient. Now that we communicate by e-mail and electronic discussion groups our words are recorded and can be copied, distributed and read by others even years later. INVISIBLE INFORMATION GATHERING Invisible Information gathering describes collection of personal information about someone without the persons knowledge. The important ethical issue is that, if someone is not aware that the information is being collected or of how it will be used, he or she has no opportunity to consent or withhold consent for its collection and use. An Internet Service Provider (ISP) manages the connection between a user and the sites he or she is visiting. Thus the ISP knows every site we visit. ISP and Web Site logs are used for tracking and collecting evidence about criminals. Cookies are files a Web sites stores on each visitors computer. This sites stores in the cookie and then uses information about the visitors activity. Cookies were developed as a customer convenience; by using information in a cookie, a site avoids having to ask user to help companies provide personalized customer service and target advertising to each of visitors. At first, cookies were controversial because the very idea that web sites were storing files on the users hard drive with out the users knowledge was startling and disturbing to many people. SECONDARY USE, COMPUTER MATCHING AND PROFILING The ease of copying, distributing, and analyzing data resulting from the use of the computer and computer networks led to a huge increase in secondary use of personal information and that is, use of information for a purpose other than the one for which it was supplied Computer matching means combining and comparing information from different databases (usually by using a persons Social Security number to match records). Business use the technique

to form consumer dossiers, and government uses it primarily for detecting fraud and enforcing the law in other ways Computer profiling means using data in computer files to determine characteristics of people most likely to engage in certain behavior. Business use profiling to find people who are likely customers for specific products and services. Computer matching and profiling are, in most cases, examples of secondary use of personal information.

THE FOURTH AMENDMENT AND EXPECTATION OF PRIVACY The right of the people to be secure in their persons, houses, papers, and effect, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched and the persons or things to be seized SATELLITE SURVEILLANCE AND THERMAL IMAGING Satellites use various computer technologies to take detailed photographs of the earth, detailed enough to show our homes and backyards. Is this an intrusion into our personal space, a search of our homes, which the Forth Amendment should prohibit with out warrant? AUTOMATED RECORDS TOLL COLLECTION AND ITEMIZED PURCHASE

Many bridges, tunnels, and toll roads now use automated tollcollection systems. Sensors read a device in a car as it goes by without stopping, and the owners credit card or bank account gets billed for the toll. These systems save time for drivers and reduce the cost of collection. Their flexibility also allows the implementation of variable charges for different times of the day to improve traffic flow. The database used for billing drivers contains record of where and when the person traveled; the privacy concern is that marketers and government agencies can use this information to track people. Some toll-road operators have an option allowing drivers to pay cash in advance, avoiding billing records. Currently, however, most of the systems do not provide anonymity. ELECTRONIC BODY SEARCHES

Several airports use an X-ray device that displays on a computer screen the image of a persons body without clothes. Weapon and packets of drugs hidden under clothing are visible in the image. The U.S. customs service first used the device to examine travelers it suspected of smuggling drugs. People singled out for search were given a choice of using the machine or undergoing a pat-down search. After terrorist attacks in 2001, the Federal Aviation Administration ordered the machines for airport security. What are the advantages and disadvantages of these devices? How does the computer technology change the impact of a search? CONSUMER INFORMATION DATABASES AND MARKETING Business use powerful hardware and software to analyze consumer data, government records, and other useful information to determine who might be a new customer. This is an application of a process called data mining, the searching of masses of data to find new information or knowledge. CHILDREN ON THE WEB There are two main privacy issues related to children on the web, one of which is linked to safety: Child molesters use the web to find children, win their confidence via mail and chat, and then arrange the meetings. The second issue is the collection of personal information by the many of the websites designed for the children. In 1998, a Federal Trade Commission (FTC) study found that 89% of Web sites aimed at children collected personal information, and only 23% of the sites asked children to get consent from their parents before providing information. Later that year, Congress passed the Childrens Online Privacy Protection Act (COPPA) ordering the FTC to set up rules for protecting children under age 13. The rules prohibit web sites from collecting personal information from children under 13 without verifiable parental consent. The site must prominently port their policy telling what information they collect and how it is used. CREDIT BUREAUS Credit bureau databases are one of the best examples of the observation that the data collected for one purpose almost inevitably will be used for other, unexpected purpose. The primary purpose of the credit bureaus is to provide a central storehouse of information for evaluating applicant for credit. Some employers including the federal government also use credit bureaus as part f the background check on job applicants.

The Fair Credit Reporting Act of 1970 (FCRA) was, according to Private Journal, the first law anywhere in the world, to establish regulations for use of consumers information by private businesses. It restricts credit bureaus to disclosing credit information only to employers, the government, insurance companies, and others who need it for legitimate business purposes involving consumer. PRINCIPLES FOR DATA COLLECTION AND USE The first principle for ethical treatment of personal information is informed consent: Business and organizations must inform consumers about what information they are collecting and how they will use it. We have seen that people can trade information for many benefits from borrowing large amount of money for a home mortgage to convenient shopping on the web. After informing people about what an organization does with personal information the next simplest and most desirable policy is to give to people a choice about whether data collected about them is distributed to other business or organizations and is used to send advertisements. The two most common forms for providing such choice about what data collected about hem is distributed to other business or organizations and is used to send advertisements. The two most common forms for providing such choices are called opt in and opt out. Under opt out policy, one must check a box on a contract, membership form, or agreement, or call or write to the organization to request removal from the distribution lists. If the consumer does not take action, the presumption is that, his or her information will be used. Under opt in policy, personal information is not distributed to other business or organization unless the consumer has explicitly checked a box or signed a form permitting disclosure. Under opt-out policy, more people are likely to be in that is, on the lists, and under opt-in policy, more people are likely to be out because the default presumption is the opposite of the policy name. PRIVACY PRINCIPLES FOR PERSONAL DATA 1.) Collect only the data needed 2.) Inform people when data about them are being collected, what is collected, and how it will be used. (Do not use invisible information gathering techniques without informing people. 3.) Offer a way for people to opt out from mailing lists and from transfer of their data to other parties. 4.) Provide stronger protection for sensitive data. For example, use an opt-in policy for disclosure of medical data. 5.) Keep data only as long as needed. 6.) Maintain accuracy and security of data.

7.) Provide a way for people to access and correct data stored about them. MORE PRIVACY RISKS SOCIAL SECURITY NUMBERS AND NATIONAL ID SYSTEMS The real danger is the gradual erosion of individual liberties through automation, integration, and interconnection of many small, separate record keeping systems, each of which alone may seem innocuous, even benevolent and wholly justifiable. With the advent of smart cards (cards containing microprocessor and memory), there are increasing proposal for establishment of a computerized national identification system. SOCIAL SECURITY NUMBERS We use our Social Security number (SSN) for identifications for numerous services, yet its insecurity compromises our privacy and exposes us to fraud. Because the SSN is an identifier in so many database, someone who knows your name and has your SSN can, with varying degrees of ease, get access to your work and earning history, credit report, driving record, bank account, and other personal data. The potential for both privacy, invasion and fraud is clear. NATIONAL ID SYSTEM Proposed national ID cards would contain (on a magnetic strip or in smart-card memory) a persons name, photo, Social security number, and other identifying information, and health, tax, financial, citizenship, employment, or other data, depending on the specific proposal and the government agencies advocating it. It might include biometric information such as fingerprints or a retina scan. In many proposals, the cards would also access a variety of databases containing such information. The cards would allow accurate verification of a persons identity when interacting wit government agencies and for transactions such as credit card purchases, government payments, medical treatment, and banking transactions. Advocates of a national ID cards describe several benefits. You would need the actual card, not just a number, to verify identity. The cards would be harder to forge than Social Security Cards. A person would need to carry only one card, rather than a separate card for your various services as we do now. The authentication of identity would help reduce fraud both in private credit card transactions and in government benefits programs. Use of ID cards for verifying work eligibility would prevent people from working in the U.S. illegally. Criminals and terrorists would be easier to track and identify.

Opponents to these proposals argue that national ID cards are profound threat to freedom and privacy. Smart cards with the large amount of personal information they can carry or access in national databases, have even more potential for abuse. Most people might have access to the machinery that reads the cards; thus they would not always know what information they are giving others about themselves. Peter Neumann and Lauren Weinstein warned of the many risks that arise from the databases and communication complexes that would support a national ID card system: card readers, real time networking, monitoring, data mining, aggregation, and probably artificially intelligent inference engines of questionable reliability. The opportunities of over zealous surveillance and serious privacy abuses almost limitless, as are opportunities for masquerading, identity theft, and draconian social engineering on a grand scale. PERSONAL HEALTH AND MEDICAL INFORMATION Our health and medical information is personal. Some is very sensitive: information about alcoholism, sexually transmitted diseases, psychiatric treatment, and suicide attempts. We might strong desire to keep our health problems private even if they do not have negative social connotations. Marketing and technology are two economic factors that diminish our control over our medical records: Most of us do not pay directly for our medical care, and we get care from large medical organization rather than individual, private doctor. We waive confidentiality of our medical records for insurance payments. The insurer needs access to the records to verify eligibility and amounts of payments and to check for fraud. Preventing and detecting fraud requires access to medical and personal information about patients. When patients often pay cash and ask doctors not to keep notes of their sessions. When patients worry about the privacy of medical information, the quality of care they receive can suffer. Of course the ethical consumer must distinguish between keeping medical information about relevant health conditions of risky behavior from insurance companies. Informed consent is as important a principle for sellers of insurance as it is for consumers. Hiding relevant data can also be a fraud. PROTECTING MARKETS PRIVACY: EDUCATION, TECHNOLOGY, AND

1.) AWARENESS The first step in protecting privacy from the risks of computer technology is awareness of how that technology works, how it is being used, what are the risks, and what tools are available to reduce exposure and unwanted uses of personal data. The demand for privacy is being met, t some degree, by individual programmers who post free privacy-protecting software on the web, entrepreneurs who have built new companies to provide new technology-based privacy protections, large businesses that are responding to consumer demand, organized efforts of privacy advocates such as the Electronic Privacy Information Center (EPIC), and threats of regulation by the government. As a consumers, once we are aware of problems and potential solutions, we can decide to what extent we wish to use privacy protecting tools, to be more careful about the information we give out, and consider the privacy policies of business and web sites we use or visit. As business managers, we can learn and implement techniques to respond to the privacy demands of customers. As computer professionals, we can design database systems and Web software that make it easier to build in privacy protection and reduce the risk of unauthorized leaks. PROTECTING PRIVACY: LAW AND REGULATION PHILOSOPHICAL VIEWS Until the late 19th century, legal decisions supporting privacy in social and business until were based on property rights and contracts. In 1890, a crucial article called The right to privacy, by Samuel Warren and Louis Brandeis , argued that privacy was distinct from other rights and needed more protection. Judith Jarvis Thomson, an MIT philosopher, argued in 1975 essay that the old views was more accurate, that in all cases where a violation of privacy is a violation of someones rights, another right has been violated WARREN AND BRANDEIS: THE INVIOLATE PERSONALITY The main target of criticism in the Warren and Brandeis article is newspapers, especially the gossip columns, they vehemently criticize the press for overstepping obvious bounds of proprietary and decency. The kinds of information of most concern to them are personal appearance, statements, acts, and interpersonal relationships (marital, family and others). They base their defense on the principle of an inviolate personality. Privacy violation can be address by laws against other wrongs, such as slander, libel, and defamation, and copyright infringement, violation of property right and breach of contracts. An important aspect of Warren and Brandeis paper and Thomsom paper is that of consent.

There is no privacy violation is obtained or published with a persons consent. FREEDOM OF INFORMATION USE GUIDELINES: 1.) Truth in Information Gathering Organization collecting personal data should clearly inform the person providing the information if it will not be kept confidential from other businesses, individuals and government agencies and how it will be used. They should be liable for violation. 2.) Freedom in information contacting People should be free to enter agreement to disclose any personal information n exchange for fee or services according to their own judgment. 3.) Freedom of speech and commerce People as well as business organization should not be prevented by law from disclosing facts independently and un intrusively discovered CONTRACTS AND REGULATIONS: A good basic legal framework that defines and enforces legal rights and responsibilities is essential to a complex, robust society and economy. One of its tasks is enforcement of agreements and contracts. Contracts including freedom to form them and enforcement of their terms by the legal system are a mechanism for implementing flexible and diverse economic transactions that take place over time and between people who do not know each other well or at all. The second task of a legal system is to set defaults for situations that are not explicitly covered in contracts. Privacy protecting default would be that the information could be used only for direct and obvious purpose for which it was supplied. The legal system can set special confidentiality defaults for sensitive information, such as medical and financial information, that tradition and most people can consider private. REQUIRING SPECIFIC CONSENT POLICIES When we go beyond the basic framework, there is more controversy. We consider consent policies as an example of privacy protecting regulation. The principle of informed consent can be incorporated into law in a variety of ways differing in their levels of control. There are four levels: 1.) Business and organizations must clearly state their policy for use of personal information. If a person proceeds and make a purchase, explores the web site provides information, and so on, consent to the policy is assumed.

2.) Business and organization must provide an opt out option. 3.) Businesses and organization must use an opt-in policy. 4.) Business and organizations must obtain consumer consent for each individual secondary use, disclosure, or transfer of their personal information. PRIVACY REGULATION IN THE EUROPEAN UNION The European Union (EU) passed a comprehensive privacy directing covering procession of personal data. It defines processing to include collection, use, storage, retrieval, transmission, destruction, and other actions. The principles similar to the privacy principles include the following. 1.) Personal data may be collected only for specified, explicit purposes and must not be processed for incompatible purpose. 2.) Data must be accurate and up to date. Data must not keep longer than necessary. 3.) Processing of data is permitted only if the person consented um ambiguously, or if the processing is necessary to fulfill contractual or legal obligations, or if the processing is needed for tasks in the public interest or by official authorities to accomplish their tasks. 4.) Special categories of data, including ethnic and racial origin, political and religious beliefs, health and sex life, and union membership, must not be processed with out the subjects explicit consent. Member nations my outlaw processing of such data even if the subject does not consents. 5.) People must be notified of the collection and use of data about them, they must have access to the data stored about them and a way to correct incorrect data. 6.) Processing of data abut criminal convictions is severely restricted. ASSIGNMENT: 1. Find a website at which people can buy something online with a credit card. Look for the privacy policy that tells how the sites uses the customer information it collects. Write a brief summary of the privacy policy. Include the URL, the business name, and the type of product. And tell how many sites you looked at before finding one with a privacy policy.