ARE PRIVACY CONCERNS ASSOCIATED WITH

CYBERTECHNOLOGY UNIQUE OR SPECIAL?

Concerns about personal privacy existed long before the advent of computers and

cybertechnology. Prior to the information era, for example, technologies such as the

camera and the telephone presented challenges for privacy. Cybertechnology makes it possible to collect and store much more information about

individuals than was possible in the precomputer era. The amount of personal information

that could be collected in the precomputer era was determined by practical

considerations, such as the physical space required to store the data and the time and

difficulty involved in collecting the data. Today, of course, digitized information that can

be stored electronically in computer databases takes up very little storage space and can

be collected with relative ease.

Consider the speed at which information is exchanged and transferred between

databases. At one time, records had to be physically transported between filing destinations;

the time it took to move them depended upon the transportation systemse.g.,

motor vehicles, trains, airplanes, and so forththat carried the records. Now, of course,

records can be transferred between electronic databases in milliseconds through wireless

technologies, high-speed cable lines, or even ordinary telephone lines.

Cybertechnology has also generated privacy concerns because of the kind of

personal information that can now be collected. For example, every time you engage

in an electronic transaction, such as making a purchase with a credit card or withdrawing

money from an ATM, transactional information is collected and stored in several

computer databases; this information can then be transferred electronically across

commercial networks to agencies that request it. Personal information, retrieved from

transactional information that is stored in computer databases, has been used to construct

electronic dossiers containing detailed information about an individuals commercial

transactions, including purchases made and places traveledinformation that can reveal

patterns in a persons preferences and habits.

Additionally, we should note that cybertechnology raises privacy concerns because

of the myriad ways in which it enables our personal information to be manipulated

(e.g., merged,

WHAT IS PERSONAL PRIVACY?

Although many definitions of privacy have been put forth, there is no universally agreed

upon definition of this concept. To illustrate this point, consider some of the metaphors

that are typically associated with privacy. Sometimes we speak of privacy as something

that can be lost or diminished, suggesting that privacy can be understood in terms of a

repository of personal information that can be either diminished altogether or gradually

eroded. Contrast this view with descriptions of privacy as something that can be intruded

upon or invaded, where privacy can be understood in terms of a spatial metaphor, such as

a zone, that deserves protection. Alternatively, privacy is sometimes described as

something that can be violated or breached, when we think of it in terms of either a

right or an interest that deserves legal protection

Accessibility Privacy: Freedom from Unwarranted Intrusion

Many Americans are astonished

to find out that there is no explicit mention of privacy in either the Constitution or its first

ten amendments, the Bill of Rights. However, some legal scholars believe that a right to

privacy can be inferred from the Fourth Amendment, which protects citizens against

unreasonable searches and seizures of personal affects (i.e., papers, artifacts, etc.) by the

government. Many legal scholars believe that the Fourth Amendment also provides legal

grounds for a right to privacy protection from nongovernmental intrusion as well.

Warren and Brandeis also suggested that our legal right to privacy is grounded in our

right to inviolate personality. In part, they were responding to a certain use of a new

technologynot the computer, of course, but rather the camerawhich had begun to

threaten individual privacy in new ways.2 Photographs of people began to appear in

newspapers, for example, in gossip columns, along with stories that were defamatory and

sometimes even false. Warren and Brandeis believed that individuals have a (legal) right

not be intruded upon in this manner. Because this definition of privacy as freedom from

unwarranted intrusion focuses on the harm that can be caused through physical access to

a person or to a persons possessions, Judith DeCew (1997) and others have described

this view as accessibility privacy.

Decisional Privacy: Freedom from Interference in Ones Personal Affairs

Privacy is also sometimes conceived of as freedom from interference in ones personal

choices, plans, and decisions; some refer to this view as decisional privacy. This kind of

privacy has also been associated with reproductive technologies having to do with

contraception. The view of privacy as freedom from external interference into ones personal affairs has since

been appealed to in legal arguments in a series of controversial court cases, such as those

involving abortion and euthanasia .

Informational Privacy: Control over the Flow of Personal Information

Because of the increasing use of technology to gather and exchange personal information,

many contemporary analysts view privacy in connection with ones ability to restrict

access to and control the flow of ones personal information. Privacy concerns are now

often framed in terms of questions such as: Who should have access to ones personal

information?

A Comprehensive Account of Privacy can be gathered, stored, mined, combined, recombined, exchanged, and sold? Central to Moors theory is a distinction between naturally private and normatively

private situations, enabling us to differentiate between the conditions required for

(a) having privacy and (b) having a right to privacy. This distinction, in turn, enables

us to differentiate between a loss of privacy and a violation of privacy. In a naturally

private situation, individuals are protected from access and interference from others by

natural means, for example, physical boundaries such as those one enjoys while hiking

alone in the woods. In this case, privacy can be lost but not violated, because there are no

normsconventional, legal, or ethicalaccording to which one has a right, or even an

expectation, to be protected. In a normatively private situation, on the other hand,

individuals are protected by conventional norms (e.g., formal laws and informal policies)

because they involve certain kinds of zones or contexts that we have determined to need.

Three Views of Privacy

Accessibility privacy -Privacy is defined as ones physically being let alone, or being free from

intrusion into ones physical space.

Decisional privacy- Privacy is defined as freedom from interference in ones choices and

decisions.

Informational privacy- Privacy is defined as control over the flow of ones personal

information, including the transfer and exchange of that information.

Privacy as Contextual Integrity

Nissenbaums privacy framework requires that the processes used in gathering and

disseminating information (a) are appropriate to a particular context and (b) comply

with norms that govern the flow of personal information in a given context.5 She refers to

these two types of informational norms as follows:

1. Norms of appropriateness.

2. Norms of distribution.

Whereas norms of appropriateness determine whether a given type of personal

information is either appropriate or inappropriate to divulge within a particular context,

norms of distribution restrict or limit the flow of information within and across contexts.

When either norm has been breached, a violation of privacy occurs; conversely, the

contextual integrity of the flow of personal information is maintained when both kinds of

norm s are respected.6

WHY IS PRIVACY IMPORTANT?

We might also question whether the current privacy debate needs to be better

understood in terms of differences that reflect generational attitudes. For many so-called

Millennials, who are now college-aged, privacy does not always seem to be of paramount

importance. Most Millennials, as well as many members of Generations Xand Y, seem all

too eager to share their personal information widely on social networking services such as

Facebook, and many also seem willing to post away messages on AIM or Skype that

disclose their whereabouts at a given moment to a wide range of people. But for many

older Americans, including Baby Boomers, privacy is something that is generally still

valued. So the relative importance of privacy may vary considerably among the generations;

however, we will proceed on the assumption that privacy has value and thus is

important. Even in countries such as Israel, with strong

democratic systems but an even stronger priority for national security, individual privacy

may not be as important a value as it is in most democratic nations. So, even though

privacy has at least some universal appeal, it is not valued to the same degree in all

nations and cultures. As a result, it may be difficult to get universal agreement on privacy

laws and policies in cyberspace.

Is Privacy an Intrinsic Value?

While few would argue that privacy is an intrinsic value, desired for its own sake,

others, including Charles Fried (1990), argue that privacy is not merely an instrumental

value or instrumental good. Fried suggests that unlike most instrumental values that are

simply one means among others for achieving a desired end, privacy is also essential, that

is, necessary to achieve some important human ends, such as trust and friendship. We

tend to associate intrinsic values with necessary conditions and instrumental values with

contingent, or nonnecessary conditions; so while privacy is instrumental in that it is a

means to certain human ends, Fried argues that it is also a necessary condition for

achieving those ends

Privacy as a Social Value

we examine how privacy is threatened by three

different kinds of practices that use cybertechnology:

a. Data gathering techniques used to collect and record personal information, often

without the knowledge and consent of users.

b. Data exchange techniques used to transfer and exchange personal data across

and between computer databases, typically without the knowledge and consent

of users.

c. Data mining techniques used to search large databases in order to generate

consumer profiles based on the behavioral patterns of certain groups.

GATHERING PERSONAL DATA: MONITORING, RECORDING,

AND TRACKING TECHNIQUES

Collecting and recording data about people is hardly new. Since the Roman era, and

possibly before then, governments have collected and recorded census information. Not

all data gathering and data recording practices have caused controversy about privacy.

However, cybertechnology makes it possible to collect data about individuals without

their knowledge and consent. In this section, we examine some controversial ways in

which cybertechnology is used to gather and record personal data, as well as to monitor

and track the activities and locations of individuals.

Dataveillance Techniques

Roger Clarke uses the term dataveillance to capture both the surveillance

(data monitoring) and data recording techniques made possible by computer technology.9

There are, then, two distinct controversies about dataveillance: one having to do with

surveillance as a form of data monitoring, and one having to do with the recording and processing of data once the data are collected. First, we should note the obvious, but relevant, point that privacy threats associated

with surveillance are by no means peculiar to cybertechnology. However, surveillance has clearly been exacerbated by

cybertechnology. In the past, it was not uncommon for companies to hire individuals to monitor the

performance of employees in the workplace. Now, however, there are invisible

supervisors, that is, computers, that can continuously monitor the activities of employees

around the clock without failing to record a single activity of the employee. We will

examine workplace monitoring in detail, including some arguments that have been used

to defend and to denounce computerized monitoring,

Internet Cookies

Cookies are files that Web sites send to and retrieve from the computer systems of Web

users, enabling Web site owners to collect information about an individuals online

browsing preferences whenever a person visits a Web site. The use of cookies by Web site

owners and operators has generated considerable controversy, in large part because of

the novel way that information about Web users is collected and stored. Data recorded

about the user are stored on a file placed on the hard drive of the users computer system;

this information can then be retrieved from the users system and resubmitted to a Web

site the next time the user accesses that site.

Those who defend the use of cookies tend to be owners and operators of Web sites.

Proprietors of these sites maintain that they are performing a service for repeat users of a

Web site by customizing the users means of information retrieval. They also point out that, because of cookies, they are able to provide a user with a list of preferences for

future visits to that Web site. Many privacy advocates object to the fact that the default status for most Web

browsers is such that cookies will automatically be accepted unless explicitly overridden

by the user.

RFID technology-Another mode of surveillance made possible by cybertechnology involves the use of

RFID technology. In its simplest form, RFID technology consists of a tag (microchip) and

a reader. The tag has an electronic circuit, which stores data, and an antenna that

broadcasts data by radio waves in response to a signal from a reader. The reader also

contains an antenna that receives the radio signal, and it has a demodulator that

transforms the analog radio information into suitable data for any computer processing

that will be done. Like Internet cookies and other online data gathering and surveillance techniques,

RFIDclearly threatens individual privacy. But unlike surveillance concerns associated with

cookies, which track a users habits while visiting Web sites, RFID technology can be used

to track an individuals location in the offline world.

Cybertechnology and Government Surveillance

Some cybertechnologies, despite their initial objectives and intent, can facilitate

government surveillance. Our purpose in this section has been to briefly

describe how government surveillance of citizens illustrates one more way that cybertechnology

both contributes to and enhances the ability of organizations to gather and

record data about individuals.

EXCHANGING PERSONAL DATA: MERGING AND MATCHING

ELE Much of the personal data gathered electronically by one organization is later

exchanged with other organizations; indeed, the very existence of certain institutions

depends on the exchange and sale of personal information. Some privacy advocates

believe that professional information gathering organizations, such as Equifax, Experion

(formerly TRW), and Trans Union (credit reporting bureaus), as well as the Medical

Information Bureau (MIB), violate the privacy of individuals because of the techniques

they use to facilitate the exchange of personal information across and between databases.

These techniques include computer merging and computer matching.

Merging Computerized Records

Computer merging is the technique of extracting information from two or more

unrelated databases that contain information about some individual or group of individuals,

and then integrating that information into a composite file. It occurs whenever

two or more disparate pieces of information contained in separate databases are

combined.

Matching Computerized Records

Computer matching is a variation of the technology used to merge computerized records.

It involves cross-checking information in two or more unrelated databases to produce

matching records, or hits. In federal and state government applications, this technique

has been used by various agencies and departments for the express purpose of creating a

new file containing a list of potential law violators, as well as individuals who have

actually broken the law or who are suspected of having broken the law.1

MINING PERSONAL DATA

A form of data analysis that uses techniques gained from research and development in

artificial intelligence. has been used to mine personal

data. Formally referred to as Knowledge Discovery in Databases, or KDD, the process

is now more commonly known as data mining. Essentially, data mining involves the

indirect gathering of personal information through an analysis of implicit patterns

discoverable in data. Data mining activities can generate new and sometimes nonobvious

classifications or categories; as a result, individuals whose data are mined can

become identified with or linked to certain newly created groups that they might never

have imagined to exist.

How Does Data Mining Threaten Personal Privacy?

For one thing, privacy laws as well as informal data protection guidelines

have been established for protecting personal data that are

_ explicit in databases (in the form of specific electronic records),

_ confidential in nature (e.g., data involving medical, financial, or academic

records),

_ exchanged between or across databases.

However, virtually no legal or normative protections apply to personal data manipulated

in the data mining process, where personal information is typically

_ implicit in the data,

_ non confidential in nature,

_ not exchanged between databases

Unlike personal data that reside in explicit records in databases, information

acquired about persons via data mining is often derived from implicit patterns in the

data. The patterns can suggest new facts, relationships, or associations about a person,

placing that person in a newly discovered category or group. Also, because most

personal data collected and used in data mining applications is considered neither

confidential nor intimate in nature, there is a tendency to presume that such data

must, by default, be public data

Web Mining

Initially, the mining of personal data depended on large (offline) commercial databases

called data warehouses, which stored the data, consisting primarily of transactional

information. Data mining techniques are now also used by commercial Web sites to

analyze data about Internet users, which can then be sold to third parties. This process is

sometimes referred to as Web mining, which has been defined as the application of

data mining techniques to discover patterns from the Web.16 The kinds of patterns

discovered from Web mining can be useful to marketers in promotional campaigns. The

following scenario, involving Facebook, illustrates one way in which mining can be done

on the Web.

Data Merging A data exchange process in which personal data from two or more sources is

combined to create a mosaic of individuals that would not be discernable

from the individual pieces of data alone.

Data Matching A technique in which two or more unrelated pieces of personal information are

cross-referenced and compared to generate a match, or hit, that suggests a

persons connection with two or more groups.

Data Mining A technique for unearthing implicit patterns in large single databases, or

data warehouses, revealing statistical data that associates individuals with

nonobvious groups; user profiles can be constructed from these patterns.

PROTECTING PERSONAL PRIVACY IN PUBLIC SPACE

This confidential and very personal information is

referred to as nonpublic personal information (NPI). Privacy analysts are now concerned

about a different kind of personal informationpublic personal information (PPI), which

is neither confidential nor intimate and which is also being gathered, exchanged, and

mined using cybertechnology.

PPI includes information about you, such as where you work or attend school or what

kind of car you drive. Even though it is information about you as a particular person, PPI

has not enjoyed the privacy protection that has been granted to NPI.

Search Engines and the Disclosure of Personal Information

Using Search Engines to Acquire Information about People

It is not only the fact that an individuals search requests are recorded and archived by

major companies such as Google that make Internet search engines controversial from

the perspective of personal privacy. Search engine-related privacy issues also arise

because that technology can be used for questionable purposes such as stalking.

We have seen how the use of search engines can threaten the privacy of individuals in

two distinct ways: (1) by recording and archiving records of a users search queries that

reveal the topic of the search and the time the request was made by the user and (2) by

providing users of search engines with personal information about individuals who may

have no idea of the wealth of personal information about them that is available online

(and have no control over how it is accessed and by whom it is accessed). The latter

concern is further complicated by the fact that individuals who are the subject of online

searches enjoy no legal protection because of the presumed public nature of the

personal information about them that is available via online searches.

Accessing Online Public Records

Another kind of personal information that can also be considered public in nature is

information about us stored in records located in municipal buildings, which are

accessible to the general public. Public records have generally been available to anyone. willing to go to those municipal buildings and request hardcopy versions of them. Some

municipalities charge a small fee to retrieve and copy the requested records. Many of

these public records can now also be accessed online. Has this changed anything?

Consider that information merchants were always able to physically or manually

collect all of the public records they could acquire

PRIVACY-ENHANCING TECHNOLOGIES

We have seen how cybertechnology has exacerbated privacy concerns. Ironically,

perhaps, cybertechnology also provides tools that can help users to protect their privacy.

For example, privacy-enhancing technologies or PETs have been developed to help users

protect (a) their personal identity while navigating the Internet and (b) the privacy of

their online communications (such as e-mail). An example of (b) is encryption tools that

encode and decode e-mail messages. Our main focus in this section is on whether PETs

actually accomplish. Many e-commerce sites now provide users with a

stated privacy policy that is backed by certified trustmarks or trust seals

Educating Users about PETs

How are users supposed to find out about PETs? Consider that Web sites are not

required to inform users about the existence of PETs or to make those tools available to

them. Furthermore, online consumers must not only discover that PETs are available, but

they must also learn how to use these tools. So at present, responsibility for learning

about PETs and how to use them is incumbent upon consumers

PETs and the Principle of Informed Consent

Traditionally, the principle of informed consent has been the model, or standard,

in contexts involving the disclosure of ones personal data. However, users who willingly

consent to provide information about themselves for one purpose (e.g., in one transaction)

may have no idea how that information can also be used in secondary applications.

Some in the commercial sector argue that because no one is forcing users to reveal

personal data, the disclosure of such data is done on a completely voluntary basis.

Assume that a user has willingly consented to disclose personal data in an e-commerce

transaction. Some in the e-commerce sector have responded to critics by pointing out that in most

cases, users are provided with the means to either opt-in or opt-out of having their

personal data collected, as well as having those data made available for secondary use.

But the default is such that if no option is specified by the user when he or she discloses

personal data for use in one context, then those disclosed personal data are also available

for secondary use. Hence, the policy is presumed consent, not informed consent.

Because PETs provide users with some ways of protecting their identity and also

provide them some choice in controlling the flow of their personal information, they

would seem to be an empowering rather than a disabling technology. But PETs alone are

insufficient.

PRIVACY LEGISLATION AND INDUSTRY SELF-REGULATION

We saw in the previous section that even though PETs offer users a means to protect their

identity in certain kinds of activities, they are not the magic bullet many of their

staunchest supporters have suggested. Recognizing the limitations of PETs, some privacy

advocates believe that stronger privacy laws will protect consumers, whereas others in the

commercial sector, for example, believe that additional privacy legislation is neither

necessary nor desirable. Instead, they suggest strong industry controls regulated by

standards, for resolving many privacy concerns affecting e-commerce. Generally, privacy advocates have been skeptical of voluntary controls, including

industry standards for self-regulation initiatives. Instead, they argue for stricter privacy

legislation and data protection principles to protect the interests of users. We begin this

section with a look at certain self-regulatory schemes for privacy protection that is

provided to consumers by industry standards.

Industry Self-Regulation Initiatives Regarding Privacy

Some industry representatives who advocate for the use of voluntary controls might

concede that tools such as PETs, in themselves, are not adequate to protect the privacy of

consumers in e-commerce transactions. However, they also believe that alternatives to

additional privacy legislation are possible. These advocates point to the establishment of

industry standards that have already been accepted and implemented. Some of these

standards are similar to PETs in the sense that they are intended to protect a users

privacy, An industry-backed (self-regulatory) initiative called TRUSTe was designed to

help ensure that Web sites adhere to the privacy policies they advertise. TRUSTe uses

a branded system of trustmarks (graphic symbols), which represent a Web sites

privacy policy regarding personal information. Trustmarks provide consumers with the

assurance that a Web sites privacy practices accurately reflect its stated policies.

Through this PET-like feature, users can file a complaint to TRUSTe if the Web site

bearing its trust seal does not abide by the stated policies. Any Web site that bears the

TRUSTe mark and wishes to retain that seal must satisfy several conditions: The Web

site must clearly explain in advance its general information-collecting practices,

including which personally identifiable data will be collected, what the information

will be used for, and with whom the information will be shared.

And web sites displaying trust seals, such as TRUSTe, are subject to periodic and unannounced

audits of their sites.

Critics have pointed out some of the difficulties in implementing TRUSTe. For

example, the amount of information users are required to provide can easily discourage

them from carefully reading and understanding the agreement. Also, the various

warnings displayed may appear unfriendly and thus might discourage users; friendlier

trustmarks, on the contrary, might result in users being supplied with less direct

information that is important for protecting their privacy. But advocates of tools such

as TRUSTe argue that, with these tools, users will be better able to make informed

choices regarding electronic purchasing and other types of online transactions. but unlike PETs in that they are not themselves tools.

Privacy Laws and Data Protection Principles

Generally, U.S. lawmakers have resisted requests from privacy advocates for

stronger consumer privacy laws, siding instead with business interests in the private

sector who believe that such legislation would undermine economic efficiency and thus

adversely impact the overall economy. Critics point out, however, that many of those

businesses who have subsidiary companies or separate business operations in countries

with strong privacy laws and regulations, such as nations in Western Europe, have found

little difficulty in complying with the privacy laws of the host countries; profits for those

American-owned companies have not suffered because of their compliance. In any event,

there has been increased pressure on the U.S. government, especially from Canada and

the European Union (EU), to enact stricter privacy laws, and pressure on American

businesses to adopt stricter privacy polices and practices because of global e-commerce

pressures.

(5)Please write synopsis of this article in your own words