Index

A

Access to health data, 216227

HIPAA legislation, and privacy, 138, 145, 172, 219223, 331

industry self-regulation, 216219, 391

patient perspectives on privacy, 223226

Access to information

controlling, 7, 115

to data elements, 41

improper, by law enforcement, 7

insider, 330

literature on equitable, vii

Accountability, 68

ACHR. See American Convention on Human Rights

ACLU. See American Civil Liberties Union

Acquisti, Alessandro, 7677

Ad blockers, 326

Advocates. See Privacy advocates

Affinity cards, 5

African Charter on Human and People’s Rights, 381, 394

Aggregators. See Data aggregators

AIDS. See HIV status

al-Qaeda, 23, 140, 288

Algorithms

for data mining, 6

strong encryption, 267

Allen-Castellito, Anita, 62, 68

Altman, Irwin, 81

AMA. See American Medical Association

America Online (AOL), 104106

American Civil Liberties Union (ACLU), 135, 165

American Convention on Human Rights (ACHR), 381

American Law Institute, 130

American Library Association, 235, 238, 240, 244

Bill of Rights, 236237

Code of Ethics, 231233

American Medical Association (AMA), Ethical Force program, 216218, 221

Anchoring vignettes, 8687, 179182, 191192, 202, 211215, 218219, 228229, 254255, 307

Anderson, Margo, 294, 358



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement



Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 411
Engaging Privacy and Information Technology in a Digital Age Index A Access to health data, 216–227 HIPAA legislation, and privacy, 138, 145, 172, 219–223, 331 industry self-regulation, 216–219, 391 patient perspectives on privacy, 223–226 Access to information controlling, 7, 115 to data elements, 41 improper, by law enforcement, 7 insider, 330 literature on equitable, vii Accountability, 68 ACHR. See American Convention on Human Rights ACLU. See American Civil Liberties Union Acquisti, Alessandro, 76–77 Ad blockers, 326 Advocates. See Privacy advocates Affinity cards, 5 African Charter on Human and People’s Rights, 381, 394 Aggregators. See Data aggregators AIDS. See HIV status al-Qaeda, 23, 140, 288 Algorithms for data mining, 6 strong encryption, 267 Allen-Castellito, Anita, 62, 68 Altman, Irwin, 81 AMA. See American Medical Association America Online (AOL), 104–106 American Civil Liberties Union (ACLU), 135, 165 American Convention on Human Rights (ACHR), 381 American Law Institute, 130 American Library Association, 235, 238, 240, 244 Bill of Rights, 236–237 Code of Ethics, 231–233 American Medical Association (AMA), Ethical Force program, 216–218, 221 Anchoring vignettes, 86–87, 179–182, 191–192, 202, 211–215, 218–219, 228–229, 254–255, 307 Anderson, Margo, 294, 358

OCR for page 411
Engaging Privacy and Information Technology in a Digital Age Anonymity, 2, 24, 45–48, 46n.20, 59, 62 k-anonymity, 110 Anonymizers, 6, 109, 220–221, 325 pressures to resist use of, 108 Antiwar movement, surveillance focused on, 357, 361 AOL. See America Online APEC. See Asia-Pacific Economic Cooperation APPCC. See Asia-Pacific Privacy Charter Council Ashcroft, John, 133 Asia-Pacific Economic Cooperation (APEC), 385, 389 Asia-Pacific Privacy Charter Council (APPCC), 388 Asia Pacific Telecommunity (APT), Guidelines on the Protection of Personal Information and Privacy, 388 Assault on Privacy, The, 167 Assignment of property rights, to individuals, 73–74 Audits automated, 330 to uncover improper access by law enforcement, 7 AUMF. See Authorization for Use of Military Force Australia, 377, 379n.74, 385, 393, 393n.151 Authorization for Use of Military Force (AUMF), 288–289 Avian (bird) flu, 38 B Bank Secrecy Act, 134 Banking Act, 190 Bankruptcy Abuse Prevention and Consumer Protection Act, 332 Bartnicki v. Vopper, 126, 281n.22 Barton, Joe, 159 BBBOnline, 328 Behavioral economics, privacy and, 75–78 Bell Code of Privacy, 332 Bill of Rights, 123, 260, 293, 351, 354. See also individual amendments Biometric identification, 32, 106–107, 268–271, 270n.14 debate over, 271 Biotechnologies, viii, 106–107 Blank and impute process, 112 “Boilerplate” language, in notices, 78 Book checkout systems, self-service, 238 Bork, Robert H., 139, 159, 171n.53 Bowers v. Hardwick, 128 Boyd v. United States, 123 Brandeis, Louis D., 30, 88, 129, 147, 359 Breard v. Alexandria, 126 Brin, David, 159 Buckley Amendment. See Family Educational Rights and Privacy Act Bureau of Labor Statistics, 111 C Cable Communications Policy Act, 135–136 Cairo Declaration on Human Rights in Islam, 381 CALEA. See Communications Access for Law Enforcement Act California Security Breach Information Act, 150 California Supreme Court, 125 Caller-ID, blocking, 326 Calling records, 289 CAN-SPAM Act, 139, 142 Canada, 127, 332, 376, 385, 391, 396 Capt, J. C., 295 CCTV. See Closed-circuit television CDC. See Credit Data Corporation Cell phones, 31, 256 E-911 service on, 89, 256 networks of, 94, 262 Census. See U.S. Census Bureau Center for Democracy and Technology, 165, 327

OCR for page 411
Engaging Privacy and Information Technology in a Digital Age Center for Social & Legal Research, 172 Centers for Disease Control and Prevention, 111 Certified Information Privacy Professional credentialing program, 172 Charities. See Nonprofit organizations Child Online Protection Act (COPA), 104–105, 104n.13 Children’s Internet Protection Act, 240 Children’s Online Privacy Protection Act, 139, 144–145, 169 China, People’s Republic of, 394 ChoicePoint, 25–26, 197–198, 198n.19, 199, 206 Choices default, 338 informed, 338 Church, Frank, 167 Church Committee Hearings, 3, 163, 163n.25, 167 CIPSEA. See Confidential Information Protection and Statistical Efficiency Act Circuit-based networks, 265 Civil rights movement, 319 Civil War, 350, 355–357, 359 Claims, verifying, 34 Closed-circuit television (CCTV), 256n.3, 364 Code of Fair Information Practices, 48–49 CoE Convention. See Council of Europe Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data Coherence, in the concept of privacy, 14, 62–66, 333–336 Coke, Sir Edward, 351 Cold War, America during, 350, 360–363 Collective privacy, 343 Columbia University, 241 Commission of the European Communities (European Commission), 391 Commodification, of personal information, 27, 69–70 Commodity Futures Trading Commission, 144 Common law, 129–131 Common Rule, 222n.6 Communications, and data storage, 259–266 Communications Access for Law Enforcement Act (CALEA), 136, 263–264 Communitarian view of privacy, 68 Complexity of privacy issues, 4–5, 13 and interdependency, ix–x respecting, 324 Computer Fraud and Abuse Act, 139 Computer Matching and Privacy Protection Act, 167 Computing power, advances in, 90–91, 91n.1, 360 Concealing information, 72 Concepts related to privacy, 38–52, 366–371 coherence in, 14, 62–66, 333–336 fair information practices, 15, 48–50, 334, 395 false positives, false negatives, and data quality, 43–45, 120, 270, 299 personal information, sensitive information, and personally identifiable information, 39–43, 42n.15 privacy and anonymity, 2, 24, 45–48, 59, 62 reasonable expectations of privacy, 50–52, 328, 337 Conceptual underpinnings of privacy, 55, 57–87 an integrating perspective, 84–87 economic perspectives on privacy, 1, 69–78 philosophical theories of privacy, 1, 58–69 sociological approaches, 1, 79–84

OCR for page 411
Engaging Privacy and Information Technology in a Digital Age Concerns. See Privacy concerns; Psychological concerns; Social concerns; Unconcern over privacy Conditioned disclosure, 315–316 Condon decision. See Reno v. Condon Confidential Information Protection and Statistical Efficiency Act (CIPSEA), 142–143 Confidentiality, 2 an application of cryptography, 107–108 federal laws relevant to, 142–143 guarantees of, 335 Conformity, 309 Congressional Research Service, 242n.16 Connecticut, 162 Connectivity. See also Interconnectedness increased, ix, 20–21, 97–100 ubiquitous, 99 Consent, 15, 49, 77, 206, 217–218, 338 Constitutional Convention, 353 Constitutional foundations, 57, 122– 129, 149, 275–276, 293–294, 354. See also Bill of Rights; individual amendments First Amendment, 125–127, 201, 240 Fourth Amendment, 51, 122–125, 258n.5, 260–261, 294 Fifth Amendment, 351 Ninth Amendment, 127–129 Fourteenth Amendment, 123 Sixteenth Amendment, 358 voting on, 352n.3 Consumer Credit Reporting Reform Act, 134–135 Consumer proprietary network information (CPNI), 78n.38 Consumers, 164 of information, 361 worries of, vii, 60–61 Content distribution industries, mass media and, 201–203 “Contextual integrity,” 63–64 Contextual issues, 85, 324. See also Privacy context Continental Congress, 353 Continuity. See Discontinuities in circumstance and current events Cookies, 173, 316, 326 Cooley, Thomas, 131 COPA. See Child Online Protection Act Corporate policy, formulation of, 171–173 Costs associated with unfavorable publicity, 14 computational, 118, 325, 327 Council of Europe Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (CoE Convention), 367n.7, 382–383, 388 Counterterrorism, 23, 96 Cox Broadcasting Corp. v. Cohn, 126 CPNI. See Consumer proprietary network information Credit granting of, 34, 43–44, 360 reporting of, 359 Credit bureaus, 197, 326 Credit card information, 200 Credit Data Corporation (CDC), 361 Criminal databases, 7, 11–12 Cruzan v. Missouri Health Dep’t, 129 Cryptography, 267 confidentiality application of, 107–108 techniques for, 107, 112–113, 119 Cryptosystems, public-key, 267 Customer loyalty cards, 192 D DARPA. See Defense Advanced Research Projects Agency Data. See also Microdata analysis and integration of, 306 de-identification of, 220–221 individual-level, 163 projected persistence of, 32n.8 seemingly innocuous, 31 Data Accountability and Trust Act, 150

OCR for page 411
Engaging Privacy and Information Technology in a Digital Age Data aggregators, 26, 116, 196–200, 334, 361 data mining by, 271–275 Data collections, protected, 24 Data-correcting techniques, 327 Data dissemination, 306 Data elements accessibility of, 41 transience of, 41–42 values of, 40 Data flows, trans-border, 153, 398 Data gathering, 306 for national security, legal limitations on, 280–284 Data-gathering systems large-scale public, 6 technologies combined into, 94, 101–102 Data minimization, 6–7 Data mining, 32, 95–96 algorithms for, 6 by data aggregators, 271–275 Data quality, 119–120 false positives and false negatives, 43–45 Data search companies, 102–106 Data storage, 306 communications and, 259–266 Databanks in a Free Society: Computers, Record-keeping and Privacy, 167–168 Databases aggregating information, 361 customer, 201 De-identification of data, 220–221 Death of Privacy, The, 167 DeCew, Judith, 63 Declaration of Independence, 293 Deep privacy, 77 Default choices, 338 Defense Advanced Research Projects Agency (DARPA), 287, 290 Definitions of privacy, 1–4, 21–25, 39–40, 59–62, 305–308 connotations, 1 context dependency of, 3–4 Demonization, avoiding in discussion, 13, 323–324 Denmark, 368, 390n.133 Descriptive identification, 82–83 Details, limiting, 111 DHHS. See U.S. Department of Health and Human Services DHS. See U.S. Department of Homeland Security Digital Millennium Copyright Act (DMCA), 246–247 Digital rights management technologies (DRMTs), 9–10, 99–100, 100n.9, 203, 242, 244, 246, 249–250 “Digital shadows,” 272 Digitized information, 30, 116, 203 Direct Marketing Association, 172, 328 Directive on Data Protection (European Commission), 152 Disasters, natural, 96 Disclosure limitation, 2, 11, 61 statistical techniques for, 111–112 Discrimination, 84 associated with certain medical conditions, 11 Disease, and pandemic outbreak, 37–38 Distribution industries, for content, mass media and, 201–203 DMCA. See Digital Millennium Copyright Act DNA analysis, 10–11, 32, 40–41, 106–107, 214–215, 269, 317, 320, 364 Do-not-call lists, 201, 326 DOJ. See U.S. Department of Justice Domestic wiretapping, 147 Dorman, David, 248 DoubleClick, 173 Douglas, William O., 128 DPPA. See Driver’s Privacy Protection Act Driver’s licenses, 33, 182 Driver’s Privacy Protection Act (DPPA), 137–138, 149

OCR for page 411
Engaging Privacy and Information Technology in a Digital Age DRMTs. See Digital rights management technologies Drug testing, 34, 316 Due Process Clause, 123, 128 Dynamics of privacy, 27–38 discontinuities in circumstance and current events, 36–38 the information age, 27–29 information transformed and the role of technology, 29–33 societal shifts and changes in institutional practice, 33–36 E E-911 service, on cell phones, 89, 256 E-commerce, permitting collection of personal information, vii E-Government Act, 142–143, 298, 330 ECHR. See European Convention on Human Rights and Fundamental Freedoms Economic perspectives on privacy, 1, 69–78. See also Behavioral economics the economic impact of privacy regulation, 74–75 privacy and behavioral economics, 75–78 privacy and the assignment of property rights to individuals, 73–74 privacy as fraud, 71–73 privacy literature oriented toward, vii rationale for, 69–71 ECPA. See Electronic Communications Privacy Act Educational and academic research institutions, 183–188 personal information collected for research purposes, 187–188 student information collected for administrative purposes, 183–187 EEA. See European Economic Area Electronic Communications Privacy Act (ECPA), 136 Electronic fare cards, 31 Electronic Freedom of Information Act (E-FOIA) Amendments, 137 Electronic Frontier Foundation, 165, 327, 340 Electronic medical records, 230 Electronic Privacy Information Center (EPIC), 165, 327, 340, 392n.144 Eligibility, establishing, 34 Emerging technologies, and privacy in libraries, 244–248 Employee Polygraph Protection Act of 1988, 167 Employers, seeking information about employees, 34–35 Encryption, 6–7, 107, 115, 259–260, 264–266, 325–326, 329 Enforcement, 143, 329–330, 397. See also Law enforcement Environmental Protection Agency, 227, 340 EPIC. See Electronic Privacy Information Center Epidemiological research, 228, 319, 338 Equifax, 197 Ervin, Sam, 159, 362 Espionage Act, 358, 358n.14 Ethical Force program, 216–218, 216n.2,3, 217n.5, 221 Ethics of privacy, 186. See also Puritan ethic Etzioni, Amitai, 67–68 E.U. Directive. See Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data European Commission, 152, 398. See also Commission of the European Communities European Convention on Human Rights and Fundamental Freedoms (ECHR), 381–382 European Court of Justice, 387 European Economic Area (EEA), 383

OCR for page 411
Engaging Privacy and Information Technology in a Digital Age European Union (E.U.), 151–152, 152n.20, 157, 376, 398n.176 “legislating for the world,” 384 Exclusionary rule, 276 Executive Order 13145, 146 Executive Order 13181, 146 Executive orders, 146–147 Expectations of privacy, reasonable, 50–52 Experian, 197 F Face-identification systems, 106–107, 269–270 Facebook.com, 344 Fair and Accurate Credit Transactions Act, 144 Fair Credit Reporting Act (FCRA), 134, 144, 188–189, 197, 336, 362 Fair information practices, 15, 48–50, 167, 334, 395 False information, providing, 5, 327 False light, 130 False positives and negatives, 43–45, 120, 270, 299 Family Educational Rights and Privacy Act (FERPA), 139, 160–161, 184 Fare cards, electronic, 31 FBI. See Federal Bureau of Investigation FCRA. See Fair Credit Reporting Act Federal Aviation Administration, 204 Federal Bureau of Investigation (FBI), 243, 275, 356 Library Awareness program, 244 Federal laws relevant to confidentiality, 142–143 relevant to individual privacy, 133–142 Federal Register, 146–147 FERPA. See Family Educational Rights and Privacy Act Fifth Amendment, 280n.19, 351 Financial Crimes Enforcement Network, 189 Financial institutions, 144n.15, 188–191 Financial Modernization Act. See Gramm-Leach-Bliley Act Financial Privacy Rule, 144 Fingerprinting, 32, 53, 106, 268–269, 271 FIP. See Fair Information Practices guidelines Firewalls, 325 First Amendment, 125–127, 201, 240 FISA. See Foreign Intelligence Surveillance Act The Florida Star v. B.J.F., 126 FOIA. See Freedom of Information Act Foreign Intelligence Surveillance Act (FISA), 135, 167, 243, 282–283, 283n.23, 288–289 Foucault, Michel, 81 Fourteenth Amendment, 123, 280n.19 Fourth Amendment, 51, 51n.27, 122–125, 258n.5, 260–261, 294 France, 368 Free Speech Movement, 132 Freedom of information federal laws relating to confidentiality, 142–143 federal laws relating to individual privacy, 133–142 and open government, 131–146 regulation of, 143–146 Freedom of Information Act (FOIA), 132–133, 137, 204, 362 FTC Act, 133. See also U.S. Federal Trade Commission “Fundamentalist” approach to privacy, 60 Fusion of information, 95–96 G Gag provisions, 127 Gait analysis, 32, 270 Gallagher, Cornelius, 362 Gavison, Ruth, 62 Genome. See Human genome Geo-demographic targeting, 36 German Americans, surveillance focused on, 357

OCR for page 411
Engaging Privacy and Information Technology in a Digital Age Germany, 151, 160n.18, 368–370, 372–373, 396–397 Giddens, Anthony, 81 Glass-Steagall Act. See Banking Act Global Networks and Local Values, 161 Global positioning system (GPS) locators, 89, 256 automobiles containing, 94 Google, 102, 104–105 Gorman, Michael, 238–239 Government abuse, post-Watergate revelations of, 3, 29, 163, 167, 363 GPS. See Global positioning system locators Gramm-Leach-Bliley Act, 135, 144, 159, 172, 190, 222 The Great Depression, 358 Griswold v. Connecticut, 61, 127, 363 Group privacy, 83, 343 Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data (OECD Guidelines), 384, 385n.101, 388 Guidelines on the Protection of Personal Information and Privacy, 388 H Habeas data, 392, 392n.144 Hardware advances, 90–95 Harm, intangible, 26 Harvard Law Review, 30, 129 Health care services, 34 receiving, spillover privacy implications of, 226 Health data, 214–215 access to, 216–227 Health insurance, availability of, 228 Health Insurance Portability and Accountability Act (HIPAA) privacy regulations, 138, 145, 172, 331 improper interpretation and unintended consequences of, 225–226 Health privacy, vii–viii, 175–176, 209–230 addressing issues in access to and use of health data, 216–227 information and the practice of health care, 209–211 open issues in, 227–230 HEW report. See U.S. Department of Health, Education, and Welfare HIPAA. See Health Insurance Portability and Accountability Act privacy regulations Hippocratic databases, 113 History. See also Medical history; Mental health history lessons from, 52–53 HIV status, 162–163, 214 stigma attached to, 41, 48 unlawful disclosure of, 127 Hollerith, Herman, 33n.9, 356 Hondius, Frits W., 367n.5 Human genome, mapping of, 215, 364 Humidity sensors, 97 I ICCPR. See International Covenant on Civil and Political Rights Identification. See also De-identification of data biometric, 32 descriptive, 82–83 indexical, 82 nominal, 82 technologies and, 266–271 unique, 40, 47 “Identity,” defining, 47n.21 Identity theft, 140–141, 308–309 Identity Theft and Assumption Deterrence Act, 139 ILO. See International Labor Organization Immunity, doctrine of sovereign, 346 Incentivized disclosure, 315 Indexical identification, 82 India, 394 Individual-level data, 163

OCR for page 411
Engaging Privacy and Information Technology in a Digital Age Individual privacy. See also Recourse and the assignment of property rights to, 73–74 federal laws relevant to, 133–142 law enforcement and national security, 293–301 technologies for enhancing, 107–109 unilateral actions for, 5 Individuals accountability of, 108 actions of, 325–328 direct interests of, 9 law-abiding, 12, 176, 299 liberty of, 354 participating in everyday life, 33 protecting their own privacy, 14 Industry self-regulation. See Self-regulation Information. See also Access to information; Electronic information; Personal information analysis of, 31 concealing, 72 consumers of, 361 creation of, 30 credit card, 200 databases aggregating, 26, 116, 196–200, 197n.16, 198n.19, 334, 361 digitized, 30, 116, 203 fusion of, 95–96 institutional use of, 178–183 keeping private, x manipulation of, 30–31 proprietary, 2 providing false, 5, 327 providing incomplete, 327 searches for, 30 seemingly innocuous, 31 specific uses for, 4 storage of, 31–32 storing electronic, 91–93 unannounced acquisition of, 316 withholding, 5, 72 “Information age,” 27–29, 178n.1 contemporary infrastructures of, 26 and growing privacy concerns, 19 Information collection, 31, 72n.22, 74, 193n.12 cryptographic techniques, 112–113 fine-grained, 10 information flow analysis, 114 information security tools, 115–116 privacy-enhancing technologies for use by, 109–116 privacy-sensitive system design, 114–115 query control, 109–110 statistical disclosure limitation techniques, 111–112 user notification, 113 Information Security and Privacy Advisory Board, 342 Information technology and law enforcement, 252–277 and national security, 277–293 and the practice of health care, 209–211 role of, 29–33 Information Technology for Counterterrorism, 278 Informed choice, 338 Infrared detectors, 258 Infrastructures, of the contemporary “information age,” 26 Insiders access by, 330 threats to privacy from, 329–330 Institutions advocacy by, 14, 227 changes in practice, and societal shifts, 33–36 private sector, 34 use of information by, 178–183 Instrumentalist view of privacy, 66–67 Insurance companies. See also Health insurance information used to deny coverage, 11 Integrity. See “Contextual integrity”

OCR for page 411
Engaging Privacy and Information Technology in a Digital Age Intellectual approaches to privacy, 55, 57–87 an integrating perspective, 84–87 economic perspectives on privacy, 1, 69–78 philosophical theories of privacy, 1, 58–69 sociological approaches, 1, 79–84 Intellectual property, literature on, vii Intelligence activities. See Church Committee Hearings Internal abuses, prevention of, 7 Internal Revenue Service, 204, 294, 335, 358, 361 International Association of Privacy Professionals, 172 International Biometric Group, 270 International Covenant on Civil and Political Rights (ICCPR), 381–382 International Labor Organization (ILO), 386 International perspectives on privacy, 366–399 on privacy policy, 151 Internet, 30, 172, 239–241, 262 sexually explicit material on, 240 spread of, vii, 159 Interpretation, of HIPAA privacy regulations, improper, 225–226 Intimacy, 59 Intrusion, 129 Islam. See Cairo Declaration on Human Rights in Islam J Japan, 393 Japanese-Americans, internment of, 294–295, 319, 332–333 Judicial decisions, 170–171 Junk mail, 178 K K-anonymity, 110 Kalven, Harry, 131 Kastenmeier, Robert, 159 Katz v. United States, 50, 52, 123 Kennedy, Anthony M., 128 Kennedy, Edward, 290–291 Kenya, 395 Key escrow systems, 266, 266n.10 Kilbourn v. Thompson, 123 Korea, 393 Kyllo v. United States, 258n.5 L Lamont v. Postmaster General, 125 Law enforcement, 23–24 aggregation and data mining, 271–275 audits to uncover improper access by, 7 background, 252–254 communications and data storage, 259–266 and information technology, 252–277 national security and individual privacy, 37, 293–301 potential abuses by, 275 and privacy concerns, 275–277 technology and identification, 266–271 technology and physical observation, 254–259 use of criminal databases by, 7 Law of privacy. See Privacy laws Lawrence v. Texas, 128 Legal landscape in the United States, 14, 56, 122–154 common law and privacy torts, 129–131 constitutional foundations, 122–129 executive orders and presidential directives, 146–147 freedom of information and open government, 131–146 impact of non-U.S. law on privacy, 151–154 international perspectives on privacy policy, 151 state perspectives, 147–150

OCR for page 411
Engaging Privacy and Information Technology in a Digital Age Legal limitations, on national security data gathering, 280–284 Legislation. See also U.S. Congress; individual laws HIPAA and privacy, 219–223 Liberal ideals, 376 Liberty, 367 individual, 354 Libraries, 176, 235–250 emerging technologies in, 244–248 mission of, 233–234 and privacy, 7–9, 235–238, 235n.6, 245n.20 privacy since September 11, 2001, 242–244 technology in, 9, 238–242 Licensing practices, 33 Locke, John, 354, 376 Long, Edward, 362 Los Angeles Police Department v. United Reporting Publishing Co., 132 Lunt, Teresa, 109 Lyon, David, 80 M Madison, James, 376 “Mail cover,” 260n.7 Mandated disclosure, 315 Marketable rights, and privacy, vii Marketing personal information, collecting for, vii Marketplace, global, 334 Markey, Ed, 159 Markle Foundation, 169 Marx, Gary T., 64–65 Mass media, and content distribution industries, 201–203 McIntyre v. Ohio Elections Comm’n, 125 Medical history, 214, 313n.1 Medical Information Bureau (MIB), 361 Medical privacy, 4, 211–216 addressing issues in access to and use of health data, 216–227 information and the practice of health care, 209–211 open issues, 227–230 Medical records, electronic, 230 Megan’s Law, 138 Mental health history, 214 Metcalfe’s law, 98, 98n.6 MIB. See Medical Information Bureau Microdata, 47 Mill, John Stuart, 376 Miller, Arthur, 167 Misappropriation, of name or likeness, 130 Money laundering, inhibiting, 34 MySpace.com, 344 N NAACP v. Alabama, 201 National Center for Education Statistics (NCES), 143, 204, 294n.31 National Center for Health Statistics, 204 National Credit Union Administration, 144 National Education Statistics Act, 143 National privacy commissioner, establishing, 15, 341–342 National Research Council, viii, xi, 20, 161 National Science Foundation, 331 National security, viii and law enforcement, 23–24, 37 law enforcement and individual privacy, 37, 293–301 tensions with privacy, 292–293 National Security Agency (NSA), 288–291, 319 National security and information technology, 277–293, 279n.18 background, 277–280 legal limitations on national security data gathering, 280–284 national security and technology development, 280 recent trends, 284–292 tensions between privacy and national security, 292–293 NCES. See National Center for Education Statistics

OCR for page 411
Engaging Privacy and Information Technology in a Digital Age Negatives, false, 43–45, 120 Netherlands, The, 390–391 Networks, of cell phones, 94 New Deal era, 358–359 New England, colonial, 350–353 “New” surveillance, 101–102 New York Civil Service Commission, 356 New Zealand, 385, 393 Ninth Amendment, 127–129 Nissenbaum, Helen, 63–64 Noise, adding, 111 Nominal identification, 82 Non-U.S. law, impact on privacy, 151–154 Nonprofit organizations, 200–201 privacy advocates in, viii Normative theories of privacy, 66–69 Norway, 368–369, 372–373 Notices “boilerplate” language in, 78 difficult-to-read, 344 Notification of privacy policy, 223–224 of users, 78, 113, 223–224 NSA. See National Security Agency Nuremberg Code, 187n.8 O Odor recognition, 270 OECD. See Organisation for Economic Co-operation and Development OECD Guidelines. See Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data Office of Civil Rights, 222 Office of Technology Assessment, 167 Olmstead v. United States, 123, 261 Omnibus Crime Control and Safe Streets Act, 135, 362–363 Online privacy dearth of analytical work on, viii practices of businesses and government agencies, vii Online Privacy Alliance, 165 Online service providers (OSPs), 246–247 Open government federal laws relevant to confidentiality, 142–143 federal laws relevant to individual privacy, 133–142 and freedom of information, 131–146 and regulation, 143–146 “Opt-in” or “opt-out” approaches, 70, 77, 339, 393n.152 Organisation for Economic Co-operation and Development (OECD), 48, 50, 153, 167 Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data, 384 Organizations. See also Institutions; Private foundations actions based in, 328–332 nonprofit, 200–201 OSPs. See Online service providers Oversight, 397 U.S. Congress providing special, 15 P P3P. See Platform for Privacy Preferences Packet-based networks, 265 Pandemic outbreak disease and, 3, 37–38 global, 3 Paperwork Reduction Act, 204 Patient perspectives on privacy, 223–226 improper interpretation and unintended consequences of HIPAA privacy regulations, 225–226 notifications of privacy policy, 223–224

OCR for page 411
Engaging Privacy and Information Technology in a Digital Age privacy implications of greater patient involvement in health care, 224–225 spillover privacy implications of receiving health care services, 226 Patients accessing their own records, 217 cooperation from, 211 Paul v. Davis, 124 PCs. See Personal computers Pearl Harbor attack, 3, 29, 295 Penalties, for improper access, 7 Pentagon attack. See September 11, 2001, attacks “Penumbral” protection for privacy, 127 People’s Republic of China, 394 Persistence of data. See also Transience of data elements projected, 32n Personal computers (PCs), 89 Personal identification number (PIN) schemes, 374 Personal information, 39–43 collected by business and management experts, vii collected by economists, vii collected for research purposes, 187–188 collecting for marketing, vii commodification of, 27, 69–70 demand for and supply of, viii, 33 e-commerce and technologies permitting collection of, vii as an economic good, 70 exploitation of, 13, 86n.56, 314 life cycle of, 13 multidimensional nature of, 65 new sources of, 343 protection of, 380–399, 380n.80, 392n.91 repurposing of, 15, 180, 214, 270, 314, 338 threats to, viii, 20 Personally identifiable information (PII), 39–43 Personnel Security System and Photo Identification Card System, 331n “Persons of interest,” 253, 271 Pew Internet and American Life Project, 166 PGP. See Pretty Good Privacy Phillips, David, 82 Philosophical theories of privacy, 1, 58–69, 58n.1 coherence in the concept of privacy, 62–66 normative theories of privacy, 66–69 privacy as control versus privacy as restricted access, 59–62 “Phishing” attacks, 108, 108n.22, 224, 326, 342 Photo-editing software, 30–31 Photo identification, 226 Physical observation, technologies and, 254–259, 266 PIAs. See Privacy impact assessments PII. See Personally identifiable information PIN. See Personal identification number schemes Platform for Privacy Preferences (P3P), 113 Policy. See Corporate policy; Privacy policy; Public policy Political-loyalty surveillance, 353 Politics of privacy policy in the United States, 56, 155–173 formulation of corporate policy, 171–173 formulation of public policy, 155–162 judicial decisions, 170–171 public opinion and the role of privacy advocates, 162–166 the role of reports, 166–169 shifts in, 8 Pop-up blockers, 326 Pornography on the Internet, 240 privacy issues concerning, 8 Portia project, 112

OCR for page 411
Engaging Privacy and Information Technology in a Digital Age Positives, false, 43–45, 120 Post, Robert, 62 Potential surveillance, 311 Power relationships, differential, 316 Pragmatic approach to privacy, 60 Preference factor, 76, 218, 364 Presidential directives, executive orders and, 146–147 Pressures on privacy, 312–318 “Pretexting,” 135 Pretty Good Privacy (PGP), 267 Principles of privacy, xi, 13–14, 38–52, 323–325 anonymity, 45–48 choice and consent, 338–339 fair information practices, 48–50 false positives, false negatives, and data quality, 43–45 personal information, sensitive information, and personally identifiable information, 39–43, 42n.15 reasonable expectations of, 50–52 Privacy and anonymity, 45–48 assessing, viii, 61, 206–207 and the assignment of property rights to individuals, 73–74 and behavioral economics, 75–78 benefits of, 340 coherence in the concept of, 14, 62–66, 333–336 collective, 343 compromising, vii current environment for, 4 defining, 1–4, 21–25, 39–40, 59–62, 305–308, 367n.4, 369n.24 dynamics of, 27–38 economic perspectives on, 1, 69–78 emerging technologies and libraries, 244–248 ethics of, 186 group, 83, 343 guarantees of, 75 in health and medicine, vii–viii, 209–230 impact of non-U.S. law on, 151–154 impact of technology on, 88–90 important concepts and ideas related to, 38–52 individuals protecting their own, 14 as instrumental, 66–67 international perspectives on, 366–399 large-scale factors affecting, 28 law enforcement and information technology, 252–277 law enforcement and national security, 251–301 libraries and, 231–250 managing the patchwork of approaches, 14, 161, 333–334 marketable rights in, vii multidimensional nature of, 22 national security and information technology, 277–293 pressures on, 312–318 protecting, viii, 33, 121 public debates about, 13 reasonable expectations of, 50–52 as restricted access, 59–62 tensions with national security, 292–293 of thoughts, 90 threats to, viii, 20 in the United States, short history of, 349–365 value of, 66, 308–312, 324n.7, 327 Privacy & American Business, 172 Privacy Act, 137, 159, 159n.14, 165, 168, 170, 204, 336, 362–363 Privacy advocates groups, vii institutional, 14, 331–332 public, 339–345 role of, and public opinion, 162–166 Privacy and Freedom, 59–61, 167 Privacy and organizations, 175, 177–208 data aggregation organizations, 26, 116, 196–200, 334, 361 education and academic research institutions, 183–188

OCR for page 411
Engaging Privacy and Information Technology in a Digital Age financial institutions, 188–191 institutional use of information, 178–183 mass media and content distribution industries, 201–203 nonprofits and charities, 200–201 retail businesses, 35, 191–196 statistical and research agencies, 203–205 Privacy approaches in the information age, 323–346 individual actions, 325–328 organization-based actions, 328–332 principles, 323–325 public policy actions, 332–346 Privacy backdrop, 55–173 intellectual approaches and conceptual underpinnings, 57–87 legal landscape in the United States, 122–154 politics of privacy policy in the United States, 155–173 technological drivers, 88–121 Privacy commission, establishing a standing, 15, 341–342, 344–345 Privacy concerns analyzing causes for, viii, 20 growing in the United States, vii in the “information age,” 19 and law enforcement, 275–277 over pornography, 8 Privacy context, 3–4, 175–301 in health and medicine, 4, 209–230 in law enforcement and national security, 251–301 and libraries, 231–250 in organizations, 177–208 social, 63 taking into account, 13 Privacy enhancers technologies for, 107–116 unsolved problems as, 116–118 for use by individuals, 107–109 for use by information collectors, 109–116 Privacy fundamentalists, 60 Privacy impact assessments (PIAs), 298–301, 330–331 Privacy implications of greater patient involvement in health care, 224–225 of receiving health care services, 226 Privacy International, 392n.144 Privacy laws. See also Common law non-U.S., 151–154 respecting the spirit of, 14, 335–336 reviewing existing, 334–335 by state, 148 state and local, 334 Privacy literature, vii economics-oriented, vii Privacy policy, 6–7, 206–207. See also Politics of privacy policy in the United States; Public policy correction of, 7 creation of, ix, 153–154 international perspectives on, 151, 153–154, 374n.50, 377n.63, 378n.68 limiting information collected and stored, 6–7 limiting outsider access to information, 7 making easily readable, 179n.2, 328 notifications of, 7, 223–224 prevention of internal abuse, 7 Privacy pragmatists, 60 Privacy Protection Act, 167 Privacy regulation, 143–146 economic impact of, 74–75, 75n.29 HIPAA, 225–226 Privacy rights assertions of, 311–312, 359 as marketable, vii Privacy Rights Clearinghouse, 165 Privacy-sensitive system design, 114–115, 114n.32 Privacy torts, common law and, 129–131 Private foundations, privacy advocates in, viii Private sector institutions, 34, 294

OCR for page 411
Engaging Privacy and Information Technology in a Digital Age Probable cause standard, 124 Problems incidence of actual, viii unsolved, as privacy enhancers, 116–118 “Profiling” of people, 21, 389n.131 statistical techniques for, 343 Property rights, privacy and the assignment of, to individuals, 73–74 Proprietary information, 2 Propriety, social and cultural norms regarding, 317 Prosser, William, 129–130 Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data (E.U. Directive), 383–384, 388, 390, 398, 398n.177 Protests, protecting the right to plan and participate in, 12 Proxies, 325 Pruning methods, 118n.35 Psychological concerns, 26 Public advocates, for privacy, 339–345 Public data-gathering systems, large-scale, 6 Public debates about privacy, 13 Public disclosure of private facts, 129–130 Public education, 338, 344 Public Health Service Act, 143 Public-key cryptosystems, 267 Public opinion, and the role of privacy advocates, 162–166 Public policy controversy since September 11, 2001, 12 formulation of, 155–162 Public policy actions, 322n.6, 323, 332–346 establishing the means for recourse, 345–346 managing the privacy patchwork, 14, 161, 333–334 public advocates for privacy, 339–345 relevance of fair information practices today, 336–339 respecting the spirit of the law, 335–336 reviewing existing privacy law and regulations, 334–335 Public protest. See Protests Public surveillance, 309 Public trust, maintaining, 328 Publicity, costs associated with unfavorable, 14 Punch-card-tabulating machine, 356 Puritan ethic, 350–351 Q Quality of data. See Data quality Query control, 109–110 R Radio-frequency ID (RFID) tags, 31, 95, 194–196, 194n.13, 195n.15, 206, 242, 244, 248–249 Real ID Act, 142 Recoding, 111–112 Records bureaucracies relying heavily on, 357 keeping private, 259 Records, Computers and the Rights of Citizens, 48, 188 Recourse, establishing the means for, 15, 299, 331, 345–346 Red-teaming, 330–331 Regan, Priscilla M., 80, 156, 158 Registered traveler program, 332 Regulations framework within United States, 14 restricting information access, 7 reviewing existing, 334–335 Regulatory agencies. See also Privacy regulation work on privacy from, vii Rehnquist, William, 171 Reiman, Jeffrey, 61

OCR for page 411
Engaging Privacy and Information Technology in a Digital Age Re-mailers, 325 Remote identification techniques, 269 Reno v. Condon, 149–150 Reports, role of, 166–169 Repurposing of personal information, 15, 180, 214, 270, 314, 338 Research agencies, 203–205 Research purposes, personal information collected for, 187–188 Reserve, 59 Restatement of the Law of Torts, 130–131 Restrictions on information access, 7 Retail businesses, 35, 191–196 Retail Credit Company, 361 Retinal pattern scans, 32 Revolutionary War, 352–355 RFID. See Radio-frequency ID tags RFPA. See Right to Financial Privacy Act Rhizomic surveillance, 364–365 Right to Financial Privacy Act (RFPA), 134, 167, 189 Rights. See Privacy rights Risks, long-term, 13, 324 Roe v. Wade, 61, 363 Roosevelt, Franklin D., 358 Rosenberg, Jerry, 167 Rosenfeld v. Department of Justice, 132 S “Safe harbor” approach, 152, 337, 392 Safeguards Rule, 144 Sarbanes-Oxley Act, 189n.10 SARs. See Suspicious activity reports SARS outbreak, 3, 38 Scam letters, 224 Scandinavia, 374, 390n.133 Schaefer, Rebecca, 137, 182 Schema definitions, 116 Search engine services, 102, 196, 224 Secrecy, 62 greater need for, 293 Secret ballots, 310 Secret courts, 245 Secure e-mail, 326 Secure shell (SSH) utilities, 267 Securities and Exchange Commission, 144 Security screening, expedited, 332 Security tools, for information, 115–116 Self-help for privacy, personal unilateral actions, 5 “Self-realization,” 371 Self-regulation, 14 by industry, 216–219, 328–332, 391 Self-service book checkout systems, 238 Seltzer, William, 294, 358 Semayne’s Case, 122 Sensing technologies, 93–94, 97, 106–107 Sensitive information, 39–43 September 11, 2001, attacks, 23, 37, 51, 64, 132–133, 163, 169, 242, 297, 317, 365, 378. See also USA PATRIOT Act libraries and privacy since, 242–244 public policy controversy since, 12 as a sentinel event, 13 Sexual offender status, 35, 317 Sexually explicit material, on the Internet, 240 Singapore, data privacy regime of, 394 Sixteenth Amendment, 358 Social networking, 35, 344 Social norms, 317 Social science data archives, 24 Social Security number (SSN), 40, 142, 339, 358–359, 361 inappropriate use of, 185, 326 Social sorting, 84 Societal shifts, 5, 28 and changes in institutional practice, 3, 33–36 Sociological approaches to study privacy, 1, 79–84, 79n.39,40 Software advances, 95–97 Solitude, 59, 62 Sorting. See Social sorting Sound-editing technologies, 30–31 South African Bill of Rights, 394

OCR for page 411
Engaging Privacy and Information Technology in a Digital Age South African Constitution, 395 Sovereign immunity, doctrine of, 346 Spam e-mail, 75, 108, 326 Speech, freedom of, 90 Spyware programs, 108 SSH. See Secure shell utilities SSN. See Social Security number State perspectives on privacy regulation, 147–150 State-sponsored surveillance, 365 Statistical agencies, 203–205 Statistical disclosure limitation techniques, 111–112 Statistical profiling techniques, 343 Stigma, 310 associated with certain medical conditions, 11, 41 Storing electronic information, expansion of capabilities for, 91–93 Strong encryption algorithms, 267 Student information, collected for administrative purposes, 183–187 Stuntz, William, 297 Surveillance. See also Antisurveillance statutes bureaucratic, 359 defining, 349 evolution of, over time, 103 “new,” 101–102, 255 political loyalty, 353 potential, 311 public, 265n.4, 309 rhizomic, 364–365 routine, 349 state-sponsored, 365 thermal-imaging, 124, 258n.5 traditional, 101 video, 4–5, 31, 34–35, 94, 106, 251n.1, 255–258, 256n.3, 309, 321, 374 workplace, 181n.4, 276n.16, 310 Surveillance in the United States, short history of, 349–365 Surveillance technologies, 359 Suspicious activity reports (SARs), 189 Sweden, 369, 390n.133, 396 SWIFT banking communications network, 180n.3 Switzerland, 369 T Talley v. California, 125 Targeted suppression, 111 Technological drivers, 2–3, 6, 28, 55–56, 88–121 biological and other sensing technologies, 106–107 data search companies, 102–106 hardware advances, 90–95 impact of technology on privacy, 88–90 increased connectivity and ubiquity, 97–100 privacy-enhancing technologies, 107–116 risks to personal information, viii software advances, 95–97 unsolved problems as privacy enhancers, 116–118 Technologies. See also Emerging technologies; Information technology combined into a data-gathering system, 101–102 cryptographic, 112–113 fears about, 120 and identification, 266–271 impact on privacy, 88–90 in libraries, 238–242 permitting collection of personal information, vii and physical observation, 254–259 for protecting privacy, 33 for surveillance, 359 Technology development, national security and, 280 Telecommunications Act, 136, 359 Telemarketing and Consumer Fraud and Abuse Prevention Act, 136 Telephone Consumer Protection Act, 136

OCR for page 411
Engaging Privacy and Information Technology in a Digital Age Temperature sensors, 97 Terrorism, 11–12, 51. See also Counterterrorism “war against,” 365 Terrorist operations. See also September 11, 2001, attacks identifying, 96 preventing, 292 reactions to, 336 Thailand, 393 Thermal-imaging surveillance, 124, 258n.5 Thompson, Judith Jarvis, 62 Threats to privacy, viii, 20 insider, 329–330 TIA. See Total Information Awareness program Title III Wiretap Act, 135 Toll-free numbers, 326 Top-coding, 111 Torts. See Privacy torts Total Information Awareness (TIA) program, 287, 287n.28, 290–291 Trade associations, work on privacy from, vii Trade practices, 346 Trade secrets, 2 Tradeoffs, 4–5, 7–11, 12–13, 20–24, 228, 320 clear articulation of, 334 and interactions, viii, 325 making, 2, 318–323 Traditional surveillance, 101 Trans-border data flows, 153, 398 Trans Union Corporation, 197 Transformation of information, and the role of technology, 29–33 Transience of data elements, 41–42 Transparency, enhancing, 320–321, 338 Transportation Security Administration, 332 Treatise on the Law of Torts, 131 Trust, 311–312 public, maintaining, 328 TRUSTe, 328 “Trusted traveler” cards, 21 U Ubiquitous connectivity, 97–100 UDHR. See Universal Declaration of Human Rights Unconcern over privacy, 60 Unfavorable publicity, costs associated with, 14 Unintended consequences, 21 of HIPAA privacy regulations, 225–226 Unique identifiers, 40, 47 United Kingdom, 194, 374, 396 United Nations (UN) Guidelines Concerning Computerized Personal Data Files, 385 United States Department of Justice v. Reporters Committee for Freedom of the Press, 132 Universal Declaration of Human Rights (UDHR), 381 Unlisted phone numbers, 326 U.S. Census Bureau, 111, 204, 272, 294, 295n.33, 335, 357, 361 constitutional call for decennial, 354 public-use files, 24 U.S. Congress, 145–146, 149, 189, 220, 358, 362 Continental, 353 providing special oversight, 15, 339 U.S. Constitution. See Constitutional foundations U.S. Department of Commerce Baldrige awards program, 342 Information Security and Privacy Advisory Board, 342 U.S. Department of Defense, 194 U.S. Department of Health, Education, and Welfare, 48, 167, 337 U.S. Department of Health and Human Services (DHHS), 145, 220 Office of Civil Rights, 222 U.S. Department of Homeland Security (DHS), 290, 298–301, 331

OCR for page 411
Engaging Privacy and Information Technology in a Digital Age Data Privacy and Integrity Advisory Committee, 340, 342 Privacy Office, 340–341 U.S. Department of Justice (DOJ), 104, 133 U.S. Department of State, 278 U.S. Department of the Interior, 357 U.S. Department of Treasury, 189 U.S. Federal Trade Commission (FTC), 25, 49, 78, 133–134, 134n.11, 141, 143, 169 U.S. military, 361. See also Authorization for Use of Military Force U.S. National Security Agency, 146 U.S. Postal Service, 260 U.S. Supreme Court, 57, 122–129, 132, 149–150, 160, 170–171, 201, 258, 261, 360, 363 US-VISIT, 331n.15 USA PATRIOT Act, 23, 136, 138, 143, 189, 243–244, 250, 288–290, 294n.31, 317, 365 Additional Reauthorizing Amendments Act, 242n.16 Improvement and Reauthorization Act, 243 librarian’s view of, 245 User notification, 113 V Value of privacy, 66, 308–312, 327 Verified Identity Pass, Inc., 332 Video Privacy Protection Act (VPPA), 139, 160 Video surveillance, 4–5, 31, 34–35, 94, 106, 255–258, 309, 321, 374 Vignettes. See Anchoring vignettes Voice-over-IP phone service, 136, 262 Voice recognition technologies, 270 Voluntary disclosure, 316 Vote buying, 310 VPPA. See Video Privacy Protection Act W Walking. See Gait analysis War. See also Antiwar movement civil liberties in times of, 53 Warranty cards, 163 Warren, Samuel, 30, 359 Washington, George, 352n.3 Washington Post, 223 Washington v. Glucksberg, 128 Watch lists, 310 “Watchfulness,” neighborly, 350 Watchtower Bible & Tract Soc’y v. Stratton, 126 Watergate scandals, 3, 163, 167, 363 Web bugs, 316, 326 Weber, Max, 81 Westin, Alan, 59–61, 165, 167, 362, 367n.3, 371 Wilson, James Q., 157 Wiretapping, 155, 155n.1, 254 domestic, 147 warrantless, 23 Withholding information, 5, 72 Workplace surveillance, 310 World Trade Center. See September 11, 2001, attacks World War I, 357–358 World War II, 294, 319, 333, 350, 358 World Wide Web, 8, 29, 102, 104, 239–240, 262, 333 Y Yahoo!, 102, 104, 152–153, 152n.22 Z ZIP code, 36, 39, 40n.14