Internet & Society, Sept. 30: Privacy
encryption to privacy
layered network, TCP/IP, programs like Eudora don’t need to deal with
week, encryption. Possible to encrypt
week, think more broadly about privacy in networks broadly.
in privacy issues
v Lessig debate. Singleton worried
about government privacy intrusions, Lessig worried about privacy issues
outside of government (private parties.
party problem: someone not invited to communication who listens in
party problem: person you communicate with who promises to keep secret, but
on-going ability to tune into world and on-going communications
ability to view records of previous communications, e.g., to “nexis” someone
there such thing as “too much privacy”?
ducks, and other animals…
definitions of privacy:
to keep secrets
to prevent others from collecting data about you. Example, GUID number embedded in Microsoft Office
to keep partial secrets (being able to reliably designate people to keep your
from intrusion (comprise of your private information, even if not “kept”);
to make certain decisions unfettered (Griswold v CT); the right to be let
alone. Example: right to make decisions
in the bedroom
privacy attach to person or place?
How do you
privacy rights and penalties for violations (“tortify” privacy)
of consumers to have disclosure of someone’s use of information about them
· Inalienability. Can’t give up these rights.
property interests in privacy rights
market in private information, charge for use of private information
it. Construct technology to force
data, marks data and makes it possible to track it, see if someone gave it
away. Simple example: list your middle
name differently each time you submit it.
is privacy in
absence of physical boundaries?
environment of ubiquitous sensors and cheap sensors?
in computing power and rapid decrease in prices makes it readily available in
inexpensive toys and other goods
recently, cheap networks make transmission of data very easy and affordable
era has light computers and stronger networks (?)
sensors: high-resolution cameras, live image transfer, biometric identifiers
in traffic control
live camera in girl’s dorm room, charge for viewing
Sobel: Electronic Privacy Information
about future uses of information collected today
hot debate: is there need for regulation,
or can parties self-regulate
is there such thing as informed consent?
people understand these policies?
to change policy at any time could create problems. User might give consent for use of information today but not know
what info will be used for later
supermarket discount cards
say they don’t mind supermarket collecting data about consumer purchases
if supermarket provided that database to insurers (to examine healthiness of
diets, for example), people get alarmed
could insurance company ask consumers directly about their diets? DS: yes, insurer could ask, and no, such a
question probably does not offend privacy
big concern over future use of data after consented collection
JZ: what about prohibiting retroactive changes
Enactment of legislation such as federal privacy act entitles notice of
information collection and use, and right of individual to see/correct such
concern today is private sector, not government
limits on ability of individuals to contract.
JZ: Aside from procedural boundaries, are there
any substantive limits that we should impose on individuals to contract out of
If there really is bona fide informed consent, then OK
JZ: What if Star Market gave you privacy
Students not a representative sample, lower privacy concerns.
Example: free PCs if you sign away all your privacy rights
JZ: should people be able to sign away their
Would you still go to mall if you were going to be monitored on your
viewing? People say no, but internet
effectively permits collection of detailed personal profile not just of
purchases, but of examination of different products.
of other potentially malicious uses of information: book purchases
Starr’s subpoena of Monica Lewinsky’s book purchases in the bookstore. On Amazon.com, would have been able to get
much more information (on browsing records too, not just purchases).
ability to look at book browsing and purchases of Unabomber would presumably be
between law enforcement and privacy.
DS: Most people would prefer more privacy, even at the expense of law
example: FBI ability to wiretap telephones
public doesn’t mind currently
environment could be different in future (a la Hoover era)
examples of cost/benefit of privacy compromises
for average law-abiding citizen, benefits of reduced privacy outweigh costs and
hypo: government installs speed limit sensors in cars. What do you think?
Likes to speed. Speeding controls:
Mikey doesn’t like it!
How about university access to cable TV records, see if you were studying.
DS: Not so crazy, university could contract to
Student2: You are friggin hysterical!
Student2: Most people think they are “below the radar”
in terms of what companies are interested in
Our generation is desensitized, we are all video taped, we all look at
porn, we aren’t so concerned.
Student3: What about asymmetric information? Example, slot machines release coins to
maximize gambler’s time there.
DS: Valid concerns raised, such as manipulation
of consumers based upon collection of personal information.
Speeding example is an invasion of privacy, but there are benefits, would lead
to safer highways. Even better, device
slows your car down, makes highways super safe. Creates a public benefit.
Striking a balance is tough, but such privacy compromises can be
beneficial. Example, in VA, cameras
installed at intersections, public outrage at driving violations, people like
But violation of private rights can go to far, even if they seem beneficial
overall. Ex: other rights.
rental, promise to obey speed limits, insurance won’t pay if you violate.
example: U-Haul truck physically will not permit you to speed.
and Founder of Birch Tree Systems
company, 1997, make software utilities
by parent interested in seeing what child does on computer, but Birch Tree felt
that was Big Brother-esque
product called “NetSee”
watch and record what individual does on the computer
visual screen activity
of benefit, with www.whitehouse.com,
can actually see what content is, not just URL
what constitutes “Big Brother”?
Monitoring is OK when concerned with company incurring legal liability for
offensive material. Purchase of
software may protect against liability
to watch multiple screens in real-time
have ability to record and archive screen activity, easy to view later on. Can keep as long as desired
halt activity of particular user (shame on you, Mike. You have way too much porn.)
watch for inappropriate images, games
product coming out that would allow administer to take control of user’s
computer and communicate via dialog box
Questions on NetSee
you should tell employees you are installing NetSee, put stickers on user’s
Do buyers actually use stickers and notify employees?
and reduces waste by 80%
client computer require software? Yes.
there anti-NetSee products? Not yet.
does it work with large numbers of employees?
Use hierarchical system.
Other product do same thing, but without user’s knowledge. Many high-profile customers for this
reluctant to admit to use of NetSee-type programs.
and inherent ability to monitor networks
cards uniquely numbered, allows networks to identify unique users.
enables ability to match packets of data to user’s Ethernet card
Ethernet cards, listen to data packets intended for others.
doctrine as it applies to NetSee, from Birch Tree System’s in-house counsel
So long as notice is given to employee, employer has right to monitor
notice might not even be required because computer is property of employer, and
employee should not have expectation of privacy on employer’s computer. Notice is still good policy though.
JZ: What about telecommuters working on own
JG: Not technologically feasible yet, but soon.
DS: In individual’s home, individual’s privacy
JG: Wouldn’t recommend NetSee on employee’s
where does law draw line, e.g., can you monitor at night?
If on employer’s network, can always monitor.
DS: When employer takes active role in
monitoring employee, could employer incur liability to third parties? Example:
Yahoo sues for message sent by employee that employer should have
Could NetSee enforce notification of users?
JZ: Could build-in blinking eye or other
Shouldn’t there be a distinction between government’s ability to monitor vs.
JZ: Yes, and there is. What about when employer is government?
DS: In government use of NetSee type programs,
probably have to notify users. Example:
government phones with disclaimer stickers.
do we feel about employer’s ability to monitor employees?
If there is no notice, find it troubling.
Previously there was proposed legislation requiring employers to give
notice of e-mail monitoring. But still,
employees are not well-educated as to distinctions between personal at
work-related computer use.
Divinity School Dean, university-provided computer in university-provided home,
pornography found by ITS.
Difficult because paper and pen communication from work OK, but same thing
on-line is not OK. Can’t blame
employees for unintentional misuse of employer’s computer. Technology is changing what behavior is
JG: NetSee does not block or filter, just
monitor. Difference between use and
DS: Why not just look at productivity of
employee? Could be reading a book (not
monitored) or surfing on web (monitored
JG: CEOs more concerned about computer usage
JZ: Blockbuster forbidden from disclosing rental
information. Also laws, protect private
law, can’t tape record conversation without approval, but could remember or
Summer Associates at law firms change behavior in light of NetSee? Yes.
Internet Explorer keeps records of your activities, employer can monitor
activities even without NetSee. E-mail
in general offers NO privacy.
JZ: Sociologist marveled at officers in Rodney
King’s willingness to discuss their activities over tele-type device in patrol
car. Did research, found that people
are much more willing to discuss things over tele-type than on the phone. Put a blinking tape recorder on the
tele-type screen, and then people became more reluctant.
Constant reminder is much more effective than a one-time acquiescence to
During web surfing, people are not cognizant of records being kept.
be much more multi-media monitoring and recording of data in the future
protection has ramifications for other internet policies
computer monitoring software offensive to dignity conception of privacy?