Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.
Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.
OCR for page R1
Engaging Privacy and Information Technology in a Digital Age ENGAGING PRIVACY AND INFORMATION TECHNOLOGY IN A DIGITAL AGE James Waldo, Herbert S. Lin, and Lynette I. Millett, Editors Committee on Privacy in the Information Age Computer Science and Telecommunications Board Division on Engineering and Physical Sciences NATIONAL RESEARCH COUNCIL OF THE NATIONAL ACADEMIES THE NATIONAL ACADEMIES PRESS Washington, D.C. www.nap.edu
OCR for page R2
Engaging Privacy and Information Technology in a Digital Age THE NATIONAL ACADEMIES PRESS 500 Fifth Street, N.W. Washington, DC 20001 NOTICE: The project that is the subject of this report was approved by the Governing Board of the National Research Council, whose members are drawn from the councils of the National Academy of Sciences, the National Academy of Engineering, and the Institute of Medicine. The members of the committee responsible for the report were chosen for their special competences and with regard for appropriate balance. Support for this project was provided by the W.K. Kellogg Foundation, Sponsor Award No. P0081389; the Alfred P. Sloan Foundation, Sponsor Award No. 2001-3-21; the AT&T Foundation; and the Carnegie Corporation of New York, Sponsor Award No. B 7415. Any opinions, findings, conclusions, or recommendations expressed in this publication are those of the author(s) and do not necessarily reflect the views of the organizations or agencies that provided support for the project. Library of Congress Cataloging-in-Publication Data Engaging privacy and information technology in a digital age / James Waldo, Herbert S. Lin, and Lynette I. Millett, editors. p. cm. Includes bibliographical references and index. ISBN 978-0-309-10392-3 (hardcover) — ISBN 978-0-309-66732-6 (pdf) 1. Data protection. 2. Privacy, Right of—United States. I. Waldo, James. II. Lin, Herbert. III. Millett, Lynette I. QA76.9.A25E5425 2007 005.8--dc22 2007014433 Copies of this report are available from the National Academies Press, 500 Fifth Street, N.W., Lockbox 285, Washington, DC 20055; (800) 624-6242 or (202) 334-3313 (in the Washington metropolitan area); Internet, http://www.nap.edu. Copyright 2007 by the National Academy of Sciences. All rights reserved. Printed in the United States of America
OCR for page R3
Engaging Privacy and Information Technology in a Digital Age THE NATIONAL ACADEMIES Advisers to the Nation on Science, Engineering, and Medicine The National Academy of Sciences is a private, nonprofit, self-perpetuating society of distinguished scholars engaged in scientific and engineering research, dedicated to the furtherance of science and technology and to their use for the general welfare. Upon the authority of the charter granted to it by the Congress in 1863, the Academy has a mandate that requires it to advise the federal government on scientific and technical matters. Dr. Ralph J. Cicerone is president of the National Academy of Sciences. The National Academy of Engineering was established in 1964, under the charter of the National Academy of Sciences, as a parallel organization of outstanding engineers. It is autonomous in its administration and in the selection of its members, sharing with the National Academy of Sciences the responsibility for advising the federal government. The National Academy of Engineering also sponsors engineering programs aimed at meeting national needs, encourages education and research, and recognizes the superior achievements of engineers. Dr. Wm. A. Wulf is president of the National Academy of Engineering. The Institute of Medicine was established in 1970 by the National Academy of Sciences to secure the services of eminent members of appropriate professions in the examination of policy matters pertaining to the health of the public. The Institute acts under the responsibility given to the National Academy of Sciences by its congressional charter to be an adviser to the federal government and, upon its own initiative, to identify issues of medical care, research, and education. Dr. Harvey V. Fineberg is president of the Institute of Medicine. The National Research Council was organized by the National Academy of Sciences in 1916 to associate the broad community of science and technology with the Academy’s purposes of furthering knowledge and advising the federal government. Functioning in accordance with general policies determined by the Academy, the Council has become the principal operating agency of both the National Academy of Sciences and the National Academy of Engineering in providing services to the government, the public, and the scientific and engineering communities. The Council is administered jointly by both Academies and the Institute of Medicine. Dr. Ralph J. Cicerone and Dr. Wm. A. Wulf are chair and vice chair, respectively, of the National Research Council. www.national-academies.org
OCR for page R4
Engaging Privacy and Information Technology in a Digital Age This page intentionally left blank.
OCR for page R5
Engaging Privacy and Information Technology in a Digital Age COMMITTEE ON PRIVACY IN THE INFORMATION AGE WILLIAM H. WEBSTER, Milbank, Tweed, Hadley & McCloy, Chair JAMES WALDO, Sun Microsystems, Vice Chair JULIE E. COHEN, Georgetown University ROBERT W. CRANDALL, Brookings Institution (resigned April 2006) OSCAR GANDY, JR., University of Pennsylvania JAMES HORNING, Network Associates Laboratories GARY KING, Harvard University LIN E. KNAPP, Independent Consultant, Ponte Vedra Beach, Florida BRENT LOWENSOHN, Independent Consultant, Encino, California GARY T. MARX, Massachusetts Institute of Technology (emeritus) HELEN NISSENBAUM, New York University ROBERT M. O’NEIL, University of Virginia JANEY PLACE, Digital Thinking RONALD L. RIVEST, Massachusetts Institute of Technology TERESA SCHWARTZ, George Washington University LLOYD N. CUTLER, Wilmer, Cutler, Pickering, Hale & Dorr LLP, served as co-chair until his passing in May 2005. Staff HERBERT S. LIN, Senior Scientist LYNETTE I. MILLETT, Senior Staff Officer KRISTEN BATCH, Associate Program Officer JENNIFER M. BISHOP, Program Associate DAVID PADGHAM, Associate Program Officer JANICE M. SABUDA, Senior Program Assistant
OCR for page R6
Engaging Privacy and Information Technology in a Digital Age COMPUTER SCIENCE AND TELECOMMUNICATIONS BOARD JOSEPH F. TRAUB, Columbia University, Chair ERIC BENHAMOU, 3Com Corporation WILLIAM DALLY, Stanford University MARK E. DEAN, IBM Systems Group DAVID DEWITT, University of Wisconsin-Madison DEBORAH L. ESTRIN, University of California, Los Angeles JOAN FEIGENBAUM, Yale University KEVIN KAHN, Intel Corporation JAMES KAJIYA, Microsoft Corporation MICHAEL KATZ, University of California, Berkeley RANDY KATZ, University of California, Berkeley SARA KIESLER, Carnegie Mellon University TERESA H. MENG, Stanford University TOM M. MITCHELL, Carnegie Mellon University FRED B. SCHNEIDER, Cornell University WILLIAM STEAD, Vanderbilt University ANDREW VITERBI, Viterbi Group, LLC JEANNETTE M. WING, Carnegie Mellon University JON EISENBERG, Director KRISTEN BATCH, Associate Program Officer RENEE HAWKINS, Financial Associate MARGARET MARSH HUYNH, Senior Program Assistant HERBERT S. LIN, Senior Scientist LYNETTE I. MILLETT, Senior Program Officer DAVID PADGHAM, Associate Program Officer JANICE M. SABUDA, Senior Program Assistant TED SCHMITT, Program Officer BRANDYE WILLIAMS, Office Assistant JOAN WINSTON, Program Officer For more information on CSTB, see its Web site at http://www.cstb.org, write to CSTB, National Research Council, 500 Fifth Street, N.W., Washington, DC 20001, call (202) 334-2605, or e-mail the CSTB at firstname.lastname@example.org.
OCR for page R7
Engaging Privacy and Information Technology in a Digital Age Preface Privacy is a growing concern in the United States and around the world. The spread of the Internet and the seemingly unbounded options for collecting, saving, sharing, and comparing information trigger consumer worries; online practices of businesses and government agencies present new ways to compromise privacy; and e-commerce and technologies that permit individuals to find personal information about each other only begin to hint at the possibilities. The literature on privacy is extensive, and yet much of the work that has been done on privacy, and notably privacy in a context of pervasive information technology, has come from groups with a single point of view (e.g., civil liberties advocates, trade associations) and/or a mission that is associated with a point of view (e.g., regulatory agencies) or a slice of the problem (e.g., privacy in a single context such as health care). Many of the groups that have looked at privacy have tended to be singular in their expertise. Advocacy groups are typically staffed by lawyers, and scholarship activities within universities are conducted largely from the perspective of individual departments such as sociology, political science, or law. Business/management experts address demand for personal information (typically for marketing or e-commerce). Although a few economists have also examined privacy questions (mostly from the standpoint of marketable rights in privacy), the economics-oriented privacy literature is significantly less extensive than the literature on intellectual property or equitable access. In an area such as privacy, approaches from any single discipline are unlikely to “solve” the problem, making it
OCR for page R8
Engaging Privacy and Information Technology in a Digital Age important to assess privacy in a manner that accounts for the implications of technology, law, economics, business, social science, and ethics. Against this backdrop, the National Research Council believed that the time was ripe for a deep, comprehensive, and multidisciplinary examination of privacy in the information age: How are the threats to privacy evolving, how can privacy be protected, and how can society balance the interests of individuals, businesses, and government in ways that promote privacy reasonably and effectively? A variety of conversations in late 2000 with privacy advocates in nonprofit organizations, and with private foundation officials about what their organizations have not been supporting, and ongoing conversations with computer scientists and other analysts who focus on information technology trends indicated a dearth of analytical work on the subject of online privacy that incorporated expertise about key technologies together with other kinds of expertise. Without adequate technical expertise, information technology tends to be treated as a black box that has impacts on society; with such expertise, there can be a more realistic exploration of interactions among technical and nontechnical factors and of design and implementation alternatives, some of which can avoid or diminish adverse impacts. For these reasons, the National Research Council established the Committee on Privacy in the Information Age. The committee’s analytical charge had several elements (see Chapter 1). The committee was to survey and analyze the causes for concern—risks to personal information associated with new technologies (primarily information technologies, but from time to time biotechnologies as appropriate) and their interaction with nontechnology-based risks, the incidence of actual problems relative to the potential for problems, and trends in technology and practice that will influence impacts on privacy. Further, the charge called for these analyses to take into account changes in technology; business, government, and other organizational demand for and supply of personal information; and the increasing capabilities for individuals to collect and use, as well as disseminate, personal information. Although certain areas (e.g., health and national security) were singled out for special attention, the goal was to paint a big picture that at least sketched the contours of the full set of interactions and tradeoffs. The charge is clearly a very broad one. Thus, the committee chose to focus its primary efforts on fundamental concepts of privacy, the laws surrounding privacy, the tradeoffs in a number of societally important areas, and the impact of technology on conceptions of privacy. To what end does the committee offer such a consideration of privacy in the 21st century? This report does not present a definitive solution to any of the privacy challenges confronting society today. It does not pro-
OCR for page R9
Engaging Privacy and Information Technology in a Digital Age vide a thorough and settled definition of privacy. And it does not evaluate specific policies or technologies as “good” or “bad.” Rather, its primary purpose is to provide ways to think about privacy, its relationship to other values, and related tradeoffs. It emphasizes the need to understand context when evaluating the privacy impact of a given situation or technology. It provides an in-depth look at ongoing information technology trends as related to privacy concerns. By doing so, the committee hopes that the report will contribute to a better understanding of the many issues that play a part in privacy and contribute to the analysis of issues involving privacy. In creating policies that address the demands of a rapidly changing society, we must be attuned to the interdependencies of complex systems. In particular, this must involve trying to avoid the unwitting creation of undesirable unintended consequences. We may decide to tolerate erosion on one side of a continuum—privacy versus security, for example. Under appropriate conditions the searching of travelers’ bags and the use of behavioral profiles for additional examination are understandable. But with this comes a shift in the continuum of given types of privacy. Perhaps most importantly, the report seeks to raise awareness of the web of connectedness among the actions we take, the policies we pass, the expectations we change. In creating policies that address the demands of a rapidly changing society, we must be attuned to the interdependencies of complex systems—and whatever policy choices a society favors, the choices should be made consciously, with an understanding of their possible consequences. We may decide to tolerate erosion on one side of an issue—privacy versus security, for example. We may decide it makes sense to allow security personnel to open our bags, to carry a “trusted traveler” card, to “profile” people for additional examination. But with such actions come a change in the nature and the scope of privacy that people can expect. New policies may create a more desirable balance, but they should not create unanticipated surprises. To pursue its work, the National Research Council constituted a committee of 16 people with a broad range of expertise, including senior individuals with backgrounds in information technology, business, government, and other institutional uses of personal information; consumer protection; liability; economics; and privacy law and policy. From 2002 to 2003, the committee held five meetings, most of which were intended to enable the committee to explore a wide range of different points of view. For example, briefings and/or other inputs were obtained from government officials at all levels, authorities on international law and practice relating to policy, social scientists and philosophers concerned with personal data collection, experts on privacy-enhancing technologies, business
OCR for page R10
Engaging Privacy and Information Technology in a Digital Age representatives concerned with the gathering and uses of personal data, consumer advocates, and researchers who use personal data. Several papers were commissioned and received. As the committee undertook its analysis, it was struck by the extraordinary complexity associated with the subject of privacy. Most committee members understood that the notion of privacy is fraught with multiple meanings, interpretations, and value judgments. But nearly every thread of analysis leads to other questions and issues that also cry out for additional analysis—one might even regard the subject as fractal, where each level of analysis requires another equally complex level of analysis to explore the issues that the previous level raises. Realistically, the analysis must be cut off at some point, if nothing else because of resource constraints. But the committee hopes that this report suffices to paint a representative and reasonably comprehensive picture of informational privacy, even if some interesting threads had to be arbitrarily limited. This study has been unusually challenging, both because of the nature of the subject matter and because the events that occurred during the time the report was being researched and written often seemed to be overtaking the work itself. The temptation to change the work of the committee in reaction to some news story or revelation of a pressing privacy concern was constant and powerful; our hope is that the work presented here will last longer than the concerns generated by any of those particular events. The very importance of the subject matter increases the difficulty of approaching the issues in a calm and dispassionate manner. Many members of the committee came to the process with well-developed convictions, and it was interesting to see these convictions soften, alter, and become more nuanced as the complexities of the subject became apparent. It is our hope that readers of this report will find that the subject of privacy in our information-rich age is more subtle and complex than they had thought, and that solutions to the problems, while not impossible, are far from obvious. The committee was highly diverse. This diversity reflects the complexity of the subject, which required representation not just from the information sciences but also from policy makers, the law, business, and the social sciences and humanities. Such diversity also means that the members of the committee came to the problem with different presuppositions, vocabularies, and ways of thinking about the problems surrounding privacy in our increasingly interconnected world. It is a testament to these members that they took the time and effort to learn from each other and from the many people who took the time to brief the committee. It is easy in such situations for the committee to decompose into smaller tribes of like-thinking members who do not listen to those outside their tribe; what
OCR for page R11
Engaging Privacy and Information Technology in a Digital Age in fact happened was that each group learned from the others. The collegial atmosphere that resulted strengthened the overall report by ensuring that many different viewpoints were represented and included. Much of this collegial atmosphere was the result of the work of the staff of the National Research Council who guided this report. Lynette Millett started the study and has been invaluable through the entire process. Herb Lin injected the energy needed to move from first to final draft, asking all of the questions that needed to be asked and helping us to craft recommendations and findings that are the real reason for the report. The committee could not have reached this point without them. Special thanks are due to others on the CSTB staff as well. Marjory Blumenthal, CSTB’s former director, was pivotal in framing the project and making it happen. Janice Sabuda provided stalwart administrative and logistical support throughout the project. David Padgham and Kristen Batch provided valuable research support and assistance. Outside the NRC, many people contributed to this study and report. The committee took inputs from many individuals in plenary sessions, including both scheduled briefers and individuals who attended and participated in discussions. The committee also conducted several site visits and informational interviews and commissioned several papers. The committee is indebted to all of those who shared their ideas, time, and facilities. The committee thanks the following individuals for their inputs and assistance at various stages during the project: Anita Allen-Castellitto, Kevin Ashton, Bruce Berkowitz, Jerry Bogart, Bill Braithwaite, Anne Brown, David Brown, Bruce Budowle, Lee Bygrave, Michael Caloyannides, Cheryl Charles, David Chaum, Ted Cooper, Amy D. Corning, Lorrie Cranor, Jim Dempsey, George Duncan, Jeff Dunn, Ed Felten, Michael Fitzmaurice, Michael Froomkin, Moya Gray, Rick Gubbels, Van Harp, Dawn Herkenham, Julie Kaneshiro, Orin Kerr, Scott Larson, Edward Laumann, Ronald Lee, David Lyon, Kate Martin, Patrice McDermott, Robert McNamara, Judith Miller, Carolyn Mitchell, Jim Neal, Pablo Palazzi, Kim Patterson, Merle Pederson, Priscilla Regan, Joel Reidenberg, Jeff Rosen, Mark Rothstein, Vincent Serpico, Donna Shalala, Martha Shepard, Eleanor Singer, David Sobel, Joe Steffan, Barry Steinhardt, Carla Stoffle, Gary Strong, Richard Varn, Kathleen Wallace, Mary Gay Whitmer and the NASCIO Privacy Team, and Matthew Wynia. Finally, we must acknowledge the contribution of Lloyd Cutler, who served as co-chair of the committee from the time of its inception to the time of his death in May 2005. Lloyd was an active and energetic member of the committee, who insisted that we think about the principles involved and not just the particular cases being discussed. The intellectual rigor, curiosity, and decency shown and demanded by Lloyd set the tone
OCR for page R12
Engaging Privacy and Information Technology in a Digital Age and the standard for the committee as a whole. We were fortunate to have him as part of our group, and we miss him very much. William Webster, Chair Jim Waldo, Vice Chair Committee on Privacy in the Information Age
OCR for page R13
Engaging Privacy and Information Technology in a Digital Age Acknowledgment of Reviewers This report has been reviewed in draft form by individuals chosen for their diverse perspectives and technical expertise, in accordance with procedures approved by the National Research Council’s Report Review Committee. The purpose of this independent review is to provide candid and critical comments that will assist the institution in making its published report as sound as possible and to ensure that the report meets institutional standards for objectivity, evidence, and responsiveness to the study charge. The review comments and draft manuscript remain confidential to protect the integrity of the deliberative process. We wish to thank the following individuals for their review of this report: Hal Abelson, Massachusetts Institute of Technology, Ellen Clayton, Vanderbilt University Medical Center, Peter Cullen, Microsoft Corporation, George Duncan, Carnegie Mellon University, Beryl Howell, Stroz Friedberg, LLC, Alan Karr, National Institute of Statistical Sciences, Michael Katz, University of California, Berkeley, Diane Lambert, Google, Inc., Susan Landau, Sun Microsystems Laboratories, Tom Mitchell, Carnegie Mellon University, Britton Murray, Freddie Mac, Charles Palmer, IBM, Thomas J. Watson Research Center, Emily Sheketoff, American Library Association,
OCR for page R14
Engaging Privacy and Information Technology in a Digital Age Robert Sparks, Independent Consultant, El Dorado Hills, California, Peter Swire, Ohio State University, and Alan Westin, Independent Consultant, Teaneck, New Jersey. Although the reviewers listed above have provided many constructive comments and suggestions, they were not asked to endorse the conclusions or recommendations, nor did they see the final draft of the report before its release. The review of this report was overseen by Stephen Fienberg, Carnegie Mellon University. Appointed by the National Research Council, he was responsible for making certain that an independent examination of this report was carried out in accordance with institutional procedures and that all review comments were carefully considered. Responsibility for the final content of this report rests entirely with the authoring committee and the institution.
OCR for page R15
Engaging Privacy and Information Technology in a Digital Age Contents EXECUTIVE SUMMARY 1 PART I THINKING ABOUT PRIVACY 1 THINKING ABOUT PRIVACY 19 1.1 Introduction, 19 1.2 What Is Privacy?, 21 1.3 An Illustrative Case, 25 1.4 The Dynamics of Privacy, 27 1.4.1 The Information Age, 27 1.4.2 Information Transformed and the Role of Technology, 29 1.4.3 Societal Shifts and Changes in Institutional Practice, 33 1.4.4 Discontinuities in Circumstance and Current Events, 36 184.108.40.206 National Security and Law Enforcement, 37 220.127.116.11 Disease and Pandemic Outbreak, 37 1.5 Important Concepts and Ideas Related to Privacy, 38 1.5.1 Personal Information, Sensitive Information, and Personally Identifiable Information, 39 1.5.2 False Positives, False Negatives, and Data Quality, 43 1.5.3 Privacy and Anonymity, 45 1.5.4 Fair Information Practices, 48 1.5.5 Reasonable Expectations of Privacy, 50 1.6 Lessons from History, 52 1.7 Scope and Map of This Report, 53
OCR for page R16
Engaging Privacy and Information Technology in a Digital Age PART II THE BACKDROP FOR PRIVACY 2 INTELLECTUAL APPROACHES AND CONCEPTUAL UNDERPINNINGS 57 2.1 Philosophical Theories of Privacy, 58 2.1.1 A Philosophical Perspective, 58 2.1.2 Privacy as Control Versus Privacy as Restricted Access, 59 2.1.3 Coherence in the Concept of Privacy, 62 2.1.4 Normative Theories of Privacy, 66 2.2 Economic Perspectives on Privacy, 69 2.2.1 The Rationale for an Economic Perspective on Privacy, 69 2.2.2 Privacy as Fraud, 71 2.2.3 Privacy and the Assignment of Property Rights to Individuals, 73 2.2.4 The Economic Impact of Privacy Regulation, 74 2.2.5 Privacy and Behavioral Economics, 75 2.3 Sociological Approaches, 79 2.4 An Integrating Perspective, 84 3 TECHNOLOGICAL DRIVERS 88 3.1 The Impact of Technology on Privacy, 88 3.2 Hardware Advances, 90 3.3 Software Advances, 95 3.4 Increased Connectivity and Ubiquity, 97 3.5 Technologies Combined into a Data-gathering System, 101 3.6 Data Search Companies, 102 3.7 Biological and Other Sensing Technologies, 106 3.8 Privacy-enhancing Technologies, 107 3.8.1 Privacy-enhancing Technologies for Use by Individuals, 107 3.8.2 Privacy-enhancing Technologies for Use by Information Collectors, 109 18.104.22.168 Query Control, 109 22.214.171.124 Statistical Disclosure Limitation Techniques, 111 126.96.36.199 Cryptographic Techniques, 112 188.8.131.52 User Notification, 113 184.108.40.206 Information Flow Analysis, 114 220.127.116.11 Privacy-Sensitive System Design, 114 18.104.22.168 Information Security Tools, 115 3.9 Unsolved Problems as Privacy Enhancers, 116 3.10 Observations, 118
OCR for page R17
OCR for page R18
OCR for page R19
Engaging Privacy and Information Technology in a Digital Age PART IV FINDINGS AND RECOMMENDATIONS 10 FINDINGS AND RECOMMENDATIONS 305 10.1 Coming to Terms, 305 10.2 The Value of Privacy, 308 10.3 Pressures on Privacy, 312 10.4 Making Tradeoffs, 318 10.5 Approaches to Privacy in the Information Age, 323 10.5.1 Principles, 323 10.5.2 Individual Actions, 325 10.5.3 Organization-based Actions, 328 10.5.4 Public Policy Actions, 332 10.5.4.1 Managing the Privacy Patchwork, 333 10.5.4.2 Reviewing Existing Privacy Law and Regulations, 334 10.5.4.3 Respecting the Spirit of the Law, 335 10.5.4.4 The Relevance of Fair Information Practices Today, 336 10.5.4.5 Public Advocates for Privacy, 339 10.5.4.6 Establishing the Means for Recourse, 345 APPENDIXES A A Short History of Surveillance and Privacy in the United States 349 B International Perspectives on Privacy 366 C Biographies 400 Index 411
OCR for page R20
Engaging Privacy and Information Technology in a Digital Age This page intentionally left blank.