Table of contents
Part 1
What are ICT and internet policies?
Part 2
The internet, markets and access
Part 3
National ICT and internet policy and regulation
Part 4
Specific issues in internet policy and regulation
Part 5
Appendices
Organisations active in ICT
Glossary
Bibliography


  21. Privacy and security
 

- 21.1. Legislative frameworks for protecting privacy
- 21.2. Privacy enhancing technologies (PETs)

‘Privacy’ is something that is difficult to define because it is a subjective matter. Some people have a wish, for personal reasons, to move through society anonymously, without interference in their affairs. Others have no problems giving out information about themselves in order to access information, goods or services. For most people, privacy is an issue of simplicity and security. People like to access services without complicated forms and reference checks, and may be willing to allow information systems track their movements or purchases.

Security is closely related to privacy. A secure information system does not disclose information when it is not appropriate to do so. The disclosure of information is not a neutral act. People collect, or process information for a purpose. It is the intention of those who collect personal information, or who trade it and put it on a database, to create profiles of individuals for certain purposes. How we mange the disclosure, use and storage of personal information will decide whether information technology become a source of empowerment or of repression.

In considering how privacy is measured and protected, we must distinguish between different types of privacy:

  • For most people, privacy means 'personal privacy' - the right of individuals not to have their home, private life or personal property interfered with. This can be considered as 'real world' privacy.

  • A related aspect of this is 'bodily privacy' - the right of individuals to protect themselves from medical or genetic testing, and to have information about their health or personal well-being protected by those with access to such information (doctors, employers, insurers, etc.).

  • ‘Privacy of communications’ refers to protection from interference with communication over the phone or the internet. Respect for the privacy of communications is an essential prerequisite for the maintenance of human relationships via technological communications media.
  • ‘Information privacy’ is perhaps the most widely debated aspect of the use of computers and information systems. Information systems are able to hold and process information about large numbers of people at high speed. It is important to ensure that information will only be used for the purposes for which it was gathered, and that it will not be disclosed to others without the consent of the relevant individuals.
Privacy threats on the web

When you are surfing the web you may think you are anonymous, but there are various ways that information about you or your activities can be collected without your consent:

Source: “Protecting your Privacy on the Internet”, Australian Privacy Commissioner, http://www.privacy.gov.au/internet/internet_privacy/index.html


The Code of Fair Information Practices

The Code of Fair Information Practices was the central contribution of the HEW (Health, Education, Welfare) Advisory Committee on Automated Data Systems. The Advisory Committee was established in 1972, and the report released in July. The citation for the report is as follows: U.S. Department of Health, Education and Welfare, Secretary’s Advisory Committee on Automated Personal Data Systems, Records, computers, and the Rights of Citizens viii (1973).

The Code of Fair Information Practices is based on five principles:

  1. There must be no personal data record-keeping systems whose very existence is secret.

  2. There must be a way for a person to find out what information about the person is in a record and how it is used.

  3. There must be a way for a person to prevent information about the person that was obtained for one purpose from being used or made available for other purposes without the person's consent.

  4. There must be a way for a person to correct or amend a record of identifiable information about the person.

  5. Any organization creating, maintaining, using, or disseminating records of identifiable personal data must assure the reliability of the data for their intended use and must take precautions to prevent misuses of the data.

Source: http://www.epic.org/privacy/consumer/code_fair_info.html


21.1. Legislative frameworks for protecting privacy

There are different legal frameworks for the protection of privacy. The legislative framework of most states deals with information privacy and to a lesser extent with bodily privacy. The protection of personal privacy is usually a civil matter. This means that infringements of privacy must be contested by individuals in the courts, and the state will not act on their behalf.

In some states, individuals are wholly responsible for monitoring their privacy, and seeking legal redress when it is infringed. The problem with this model is that if individuals do not have the means to police their privacy, such as the financial security to bring a case to court, then they have no privacy. In other states, the burden for protecting privacy is placed on the holder of the information. Although this takes the burden off the individual, it can also lead to a false sense of security because it is assumed that the holders of the information, or the regulatory bodies that are set up to police them, will protect interests of the individual.

The region with the strongest information privacy laws is the European Union. Following the introduction of various laws in the 1980s and 1990s on the protection of personal data1 there is now a strong framework to protect the information held on computers. Over the next five years, this legal framework will also be extended to certain types of paper-based records. To back up the legislative framework, each state in the EU also has its own agency, with legal powers, to police the holding of personal information. Holders and processors of personal information must obtain a permit from this agency.

The approach of the European Union contrasts with that of other states such as the USA and Singapore. These states primarily opt for self-regulation within different sectors of industry, or they legislate very narrowly to protect only certain aspects of personal privacy. In the USA especially, the structure of privacy laws means that information held by bodies other than the state is open to be used and traded by anyone, unless a law specifically exists to protect it.

The problem with self-regulation is that it addresses the needs of the data processing industry rather than the interests of the individual. Codes of practice that create ‘burdens’ on organisations, or affect their ability to trade or operate, may only be grudgingly implemented. The lack of any transparency in the application of such codes also makes it difficult to establish that they are properly applied in all cases. These systems are also subject to ‘functional creep’, as new processes are added that are not specifically controlled by self-regulation procedures. This is significant in the context of the Internet. The sale of personal information is, for many Internet companies, a major income stream. As new on-line services have developed so the opportunities for the gathering and trading of personal information have increased.

With regard to communications privacy, the introduction of digital communications, whilst enabling a boom in cheap telephone and computer-based communications, has at the same time lessened the protection for personal communications. While the content of our communications is secret, unless intercepted by the state, the collection and retention of traffic data represents a less serious but still damaging invasion of privacy. The potential uses of retained communications data, and its value when forming data profiles on individuals, has not received wide public attention – even though data retention forms the core of the measures enacted as part of the so-called ‘war on terrorism’.

For those interested in protecting their privacy, the simplest advice is to meet their needs for information services in states that have strong data protection laws. This may be very difficult for people who are not residents in such states, though. At the same time people should seek to restrict the information that they give out about themselves as part of consumer surveys, or in response to purchases at stores.

Organisations should be careful with the way they process personal information. The impact of junk mail, faxes and text messages has led the public to develop a negative perception of organisations that trade or sell personal data. For those organisations that are involved with political or social causes, the protection of personal data is increasingly important given recent legislative changes on data retention. If data is not held securely, and transmitted securely, then the organisation risks disclosing information about its supporters or partners.

Human Rights Activists in South Korea start Hunger Strike against National Education Information System (NEIS)


"NEIS - A giant digital database established by the government to gather the private information of students, parents, and teachers" * [Press Release] People requests to halt the implementation of NEIS immediately

Seoul, South Korea -- June 18th, 2003, nine human rights activists in South Korea starts hunger strike struggle on the street against National Education Information System (NEIS) for an indefinite period. They stressed that NEIS, which is a giant database of people's private information, is to infringe basic human rights including privacy very seriously, and requested that the government should halt the implementation of NEIS and delete the section of private information in NEIS. They also condemned that the government is trying to gather lots of private information into this system without any agreements from people, so it is absolutely illegal and unconstitutional.

Korean Progressive Network(Jinbonet), Sarangbang group for Human Rights, Center for Human Rights Dasan, Peace & Human Rights Coalition, Chunbuk Peace & Human Rights Coalition, Catholic Human Rights Committee, and Minkakyup Human Rights Group, Won Buddhism Human Rights Committee participate in this hunger strike struggle.

Copyleft by www.base21.org


21.2. Privacy enhancing technologies (PETs)

The development of digital communications technologies has improved our ability to communicate. But we do so at the cost of generating a long trail of information. For people dealing with sensitive information who must avoid disclosure, or who need anonymity, communicating presents new challenges. However, alongside the development of digital communications, there has been a parallel development of systems that allow communication to take place more securely. These are collectively known as ‘privacy enhancing technologies’.

In the mainstream, some internet-based services have sought to develop privacy within information services. The World Wide Web Consortium (W3C) has recently developed a ‘Platform for Privacy Preference’s (P3P).2 This works within the user’s Web browser, and for those sites that are P3P compatible. The user’s privacy preferences are communicated to the web server as part of web browsing, or submitting information to web sites. This enables those gathering information to know precisely how to deal with the information gathered from Web users.

In relation to on-line trading, systems have also been developed to allow people to have an on-line method of verifying their identity. The leading system at the moment is Microsoft’s Passport – although it has been plagued by problems related to the unintended disclosure of personal information. These systems work by establishing a verifiable identity that can be securely accessed by internet servers, rather than requiring you to submit information such as passwords yourself. However, like P3P, Pass-port is a system for secure information sharing rather than for allowing users to supervise the information that is gathered and held about them by a particular on-line service.


Systems that actively protect privacy have been promoted by independent software developers. There are two general types of systems:

  • Systems that use encryption to secure the content of the communication, or that use encryption to digitally sign information to prove its authenticity;

  • Systems that use a proxy – the forwarding of information on-line without creating traffic data – in order to prevent the disclosure of its true source.

A large number of options are available for improving privacy on-line. They generally rely either on using a proxy or on encryption/digital signatures. Details can be found in a document developed by the Association for Progressive Communications, as part of a project with civil society groups, entitled ‘Participating With Safety’.3

By using a proxy system the source of an on-line communication can be disguised. A proxy server erases all information that discloses the source of a message or packet and then forwards the packet onto its destination using its own identity. On receipt of a reply, it replaces the correct identity of the requesting address, and returns it. In this way the ‘chain’ of data retention between the user and a server is broken. However, care must be taken to ensure that the proxy used is trusted and secure.

Various types of proxy services operate on the internet.4 If the proxy server keeps no logs, it can disguise the source of the data, though most commercial services keep logs to allow tracing should there be any legal queries about a particular data transaction. The few proxies that keep no logs, and operate in a truly anonymous manner, are at risk of legal actions undertaken by parties offended by the information that gets relayed through them. Most of the anonymous proxies have closed. Others often operate for a short time before closing down to avoid legal action. Many states have begun to enact laws that require communication information to be collected, stored, and turned over to authorities upon request, and it is becoming more difficult to find a legal jurisdiction where a proxy server may operate.

Encryption systems are a valuable tool to preserve privacy and confidentiality. Built-in encryption systems, like the ‘secure shell’ function in web browsers, and some weak encryption systems like those that scramble your word processor file with a password, are considered acceptable. But many states have now legislated to control the use of strong encryption systems, like those used to generate digital signatures or to scramble documents for transmission over the Internet. Each state has a slightly different legal requirement. Some states, like the Russian Federation, will not allow encrypted material to be brought into the country. Some, like Ireland, allow encryption to be used, but in case of legal action you must produce an unencrypted copy of any document requested. The UK, like a number of other states, requires that in the case of a police investigation you turn over all your encryption keys and passwords or face prosecution.

In a system where data flows are ‘open’ to anyone able to intercept them, encryption is the only means of guaranteeing the privacy of the communication. Encryption is the only guaranteed method of protecting sensitive information from disclosure if your computer is lost or stolen. Therefore it is essential that the right to encrypt information remains. If we cannot use encryption because it is legally banned, the public will suffer. Those who wish to break the law will continue, for their own reasons, to encrypt and hide their data to prevent disclosure.


Another useful implementation of encryption is the protection of the content of a computer’s hard disk. When the machine starts up the user must enter a password to access an encrypted partition on the hard drive. The information is then available for use. This method means that if the computer is stolen, the information on it cannot be retrieved. There are some potential problems – for example if the data on the disk is corrupted, in which case you might lose all of it. But as long as you keep a secure system of backups, disk encryption is a means of protecting information held on computers, and especially laptops (which are more vulnerable to theft).

The benefit of strong encryption systems is that you can put information beyond the reach of anyone who is not allowed to access it, and prevent digital signatures for emails or files from being altered and passed-off as the original. For those who work with sensitive information, or who need to securely transmit sensitive information over the ‘Net, encryption and digital signatures represents a means of guaranteeing privacy and/or security.

The final strand in ‘privacy technology’ is the security of computer systems. Computers are a very efficient means of storing and manipulating information but they can be-come a security liability. An effort to protect privacy or confidentiality must begin with securing computer systems. A comprehensive beginners guide, Introducing Information Security, is available as part of the APC’s Participating With Safety briefings 5

Privacy law as a means of silencing criticism

On occasions, laws that protect citisen's privacy rights have been used to close controversial websites. For example, when the Association Against Torture in Spain published the names of those police officers and prison guards formally accused in Spanish courts of having tortured or mistreated prisoners, the ISP that hosted the site was threatened with thousands of euros in fines if it did not take the site down. Whilst opposed to what it interpreted as political censorship, the ISP was forced to comply for fear of being bankrupted by the fine.

Source: Asociación Contra la Tortura,

 


Electronic Frontier Foundation Urges
DoubleClick to Adopt Opt-In Privacy Protections

June 6, 2001
San Rafael, CA — Judge Lynn O’Malley Taylor ruled today that a lawsuit seeking to prevent DoubleClick from invading individuals’ privacy moved one step closer to trial. The class-action claims in the privacy lawsuit against DoubleClick focus on DoubleClick’s practice of tracking and profiling people without their consent as they browse the Web. She indicated that, unless the parties reach a settlement, the trial will be held in January 2002, despite DoubleClick’s attempt to derail the lawsuit.

“DoubleClick is invading people’s privacy by collecting personal information without first asking permission,” said EFF staff attorney Deborah Pierce. “We are glad that Judge Taylor recognizes that DoubleClick’s practices may be in violation of privacy rights guaranteed by the California state constitution.”

“California’s Constitution protects the general public against the massive, unauthorized accumulation of sensitive information,” said Ira Rothken, lead plaintiff’s attorney in the case. “DoubleClick’s behavior is outrageous. DoubleClick’s business model is flawed. And we are going to obtain a remedy from the court to stop them.”

DoubleClick, an online advertising company, places banner ads and other website advertisements on behalf of its clients. The dispute concerns DoubleClick’s use of cookies and web bugs to track the web browsing behavior of individuals. Individuals are often unaware these technologies exist, what they can do to avoid a cookie or a web bug, or how they can prevent companies like DoubleClick from placing cookies on their computer hard drives.

The lawsuit alleges that by using cookies DoubleClick can store personally identifying information, resulting in a profile of individuals based on their surfing history. Online profiling and aggregation of data from different sources allows others to form opinions, to market items, and to discriminate based on a profile that may or may not be accurate. Unwanted disclosure of information may have harmful consequences, ranging from simple embarrassment to serious problems such as harassment, violence, insurance cancellation, loss of job or home, and relationship issues with family and friends.

The Electronic Frontier Foundation (EFF), along with the Privacy Rights Clearinghouse (PRC) and the Electronic Privacy Information Center (EPIC), have been acting as advisors in the case, formally called Judnick v. DoubleClick.

Source: Electronic Frontier Foundation Media Release: http://www.eff.org/Legal/Cases/DoubleClick_cases/ 20010606_eff_doubleclick_pr.html

5 steps to better on-line privacy

Only conduct business, visit sites or become involved with web sites that have adequate privacy policies that cover:

  • To whom your information will be passed onto
  • Why the information is being collected
  • How the information will be used
  • Who will have access to it
  • How you can access the information

Install and use privacy enhancing software including:

Opt out of all further contact with the organisation when filling in on-line forms

Only give as much personal information as you are comfortable with

Use an on-line identity and free email service

Source: “On-line Privacy Tools”, Australian Privacy Commissioner,

http://www.privacy.gov.au/internet/tools/index.html


1For a review of data protection in the European Union and related issues see http://www.internetrights.org.uk/

2See the W3C's Platform for Privacy Preferences Project (P3P) overview – http://www.w3.org/P3P/

3The Participating With Safety materials are available at http://secdocs.net/manual/lp-sec/

4See APC Participating with Safety briefing no.6, Using the Internet Securelyhttp://secdocs.net/manual/lp-sec/scb6.html

5APC Participating with Safety briefing no.1, Introducing Information Securityhttp://secdocs.net/manual/lp-sec/scb1.html

<< Back | Next >>