Chapter 4 opens with some remarks about privacy rights. The text observes that the US constitution does not contain a provision that specifically addresses privacy with regard to personal information. The fourth amendment to the constitution does grant protection of "papers and effects" from "unreasonable searches and seizures". It also provides that proper searches and seizures must be done under a warrant properly describing what place is to searched and what things may be seized. What does this mean? In part, it means that a warrant must state what a searcher is looking for, and the searcher is constrained to reasonable places to search. On the other hand, courts have also interpreted this to mean that there is no privacy where there is no expectation of it, which explains the right of an employer to access email in a system it owns.
The text defines information privacy as a combination of communications privacy and data privacy. These concepts have been around for a long time, but technology has changed how we communicate and what we communicate. The next section of the chapter review a great many laws that relate to information and privacy.
Laws, Applications, Rulings
The text continues with some standards that state how data will be handled by members of the organization that sets the standard.
Many of the laws listed seem to fall on the side of giving law enforcement access to records. Another one that provides access to information for private citizens is the Freedom of Information Act (FOIA 1966, 1974). The purpose of FOIA is to provide a means for citizens to request information from Federal agencies. The request must not be burdensome, wide-ranging, or unreasonable, and it must be made according to agency procedures. FOIA requests may be denied if the response would compromise national security, interfere with an active investigation, or violate someone's privacy (unless the public's need for the response outweighs that violation).
The last law discussed in this section is the Privacy Act of 1974 which prohibits federal agencies from concealing databases of personal information, but the CIA and law enforcement agencies are exempt from the act, so it means less than it might.
Privacy and Anonymity
The next section of the chapter discusses privacy and violation of privacy issues.
The text defines this as impersonating a person by use of stolen personal information. Usually this is done as part of a scheme to obtain goods, credit, services, or money by fraud. Read through the list of suggestions on page 156 to reduce the risk of someone stealing various personal information.
The text lists several examples of companies who have had database thefts of customer information. This list does not address online accounts, such as those with game companies or ongoing accounts at online stores like Amazon. The text mentions black market web sites that sell such stolen data.
As we have already discussed, a phishing scam asks the reader of an email to volunteer personal information by pretending to be someone the reader would normally trust. Most of these scams are obvious, but it would only take a little polish to make them look more realistic.
The text describes spyware as key logging software. This is only one type of spyware, but it is powerful in that it captures exactly what was entered on a keyboard. It can be used by investigators as well as by hackers. The text lists a case in which the FBI used such a program to capture data from a student suspected of sending bomb threats.
The text discusses the practice of collecting information about consumers when they visit or purchase from web sites. Cookies are a well known example of data stored on a computer that can identify the user (correctly or incorrectly) as a patron of your own web site or the site of a business partner. Doubts about what vendors and marketers actually do with the data led to the ability to clear your browser of cookies. The text continues with this for a few pages, but there is little content to it.
There are always ongoing discussions about the amount of time employees waste. Employers typically have reason to monitor their activities, but the text raises some ideas about such monitoring being extended to employee use and abuse of the computer environment. Proper use of an acceptable use policy would be a first step in avoiding the kind of abuses mentioned on page 166.
The text argues that government employees may use the fourth amendment as an argument against some employer intrusions, but that non-government employees do not have the same "protection", because the actions of their employers are not actions of the government. The bottom line is that employees have little right to privacy in the workplace.
The text ends with a short discussion about the use of video surveillance, facial recognition software, and global positioning system location monitoring. Each has its place in making the world safer, in making business run better, and potentially in intruding on our privacy. Students should discuss the ideas in this section.