WEEK 6 PRIVACY --- COMMERCIAL SURVEILLANCE
March 4, 2002
-
Announcements
o Bathrooms down stairs
o Papers – take something
we’ve done in greater depth – multiple options
o Rotisserie – see logistics
memo to understand the details, graded as average, below average, and above
average. Concise is good.
o Breaking news section on
website
o 4:10-6:10 pm on April 18
probable make-up session (will be recorded)
o JOLT conference on weekend
of April 20-21?
o Chilling Effects project and
Sharkwire.org (slashdot for this stuff)
o 1 comment per person today
(get other to make your comments)
o Bifurcated readings on
privacy – next week Government Surveillance and John Perry Barlow phone in.
-
What
are the nightmares? Credible?
o Medical privacy –
§
Genetic
pre-dispositions and other medical info – the chips that act as medic id
bracelets.
o Locational tracking –
§
Tracking
devices – “Digital Angel”
o Online aggregation of
transactional information
o Behavior on net too easily tied identity
o Highly targeted advertising
- on the basis of personal info (blurring distinction between ads and personal
interactions)
o Judgments made about you
that “leak”
o “Monitoring” turns into
“search”
o Identity theft (Credit card fraud)
o Industry nightmare - Inability to do targeted advertising because
of privacy paranoia. [issues of market relationship between industry and
consumer]
o Information divide – some
people have more info than others
o Targeted pricing --- WEB
LINING see below
o Blurring of lines between
government surveillance and public information (e.g. online sex offender
registry)
-
Technical
possibilities for surveillance
o IP address and reverse
look-up on domain name
o Cookies – can aggregate info
from different sites visited
§
Doubleclick
brings you those ads based on cookies collected on other sites
§
It’s
a nightmare if the information is able to be connected to personal identity.
-
Legal
actions
o FTC threat of suit
o Class action suit brought
against Doubleclick – 3rd party intrusions
o Successive legislation tends
to be highly specific
§
e.g.
Video Rental Protection Act –( no divulging list of rentals to 3rd
party without permission)
§
DMV
info
§
Waivers
– Buckley Amendment for educational privacy
o OPT IN v OPT OUT
§
FTC
regime – we’ll know it when we see it and we’ll send you a complaint
§
Difference
with EU – data privacy directive
·
Must
have user permission for exact use, and after use must destroy
·
Real
world assessment – it’s impossible to be compliant (so assume only worst
offenders will be prosecuted).
§
Self-regulation
model – endorsed by FTC right now
·
You
must have a privacy policy and follow it after you’ve posted it
-
Privacy
Policies
o Who reads them? They reserve
the right to change. Compare amazon.com to google.com (neither opt in nor opt
out but not the usual Yadda yadda).
-
At
what level of abstraction do you want to regulate?
o Inalienable rights framework
in Europe
o In US more like property
o Should privacy rely on
choice? To what degree?
-
Solutions
o Warn them in advance
§
Problems
– people don’t really think about what it means
§
No
choices – like insurance
o P3P
§
On
your computer set your preferences vis-à-vis merchants once, then machines
handle it themselves
§
Structures
promises
o Passport
§
Microsoft’s
project that gives you one log in for many sites
·
Has
partnership with ebay, msn communities, etc. – don’t share data
o Predictive networks
o Zero Knowledge, Anonymizer –
slower
o Safeweb
-
Where
are we now?
-
How
do we feel about Weblining?
o Some people like it –
perfect competition
o Economists are basically on
the fence about whether they like it
o The dog food thing is not
that scary
o The profiles that get
consumers different prices are more problematic – price discrimination and
service discrimination