- 21.1. Legislative frameworks for protecting privacy
- 21.2. Privacy enhancing technologies (PETs)
something that is difficult to define because it is a subjective
matter. Some people have a wish, for personal reasons, to move
through society anonymously, without interference in their affairs.
Others have no problems giving out information about themselves
in order to access information, goods or services. For most people,
privacy is an issue of simplicity and security. People like to
access services without complicated forms and reference checks,
and may be willing to allow information systems track their movements
Security is closely related to privacy. A secure information
system does not disclose information when it is not appropriate
to do so. The disclosure of information is not a neutral act.
People collect, or process information for a purpose. It is the
intention of those who collect personal information, or who trade
it and put it on a database, to create profiles of individuals
for certain purposes. How we mange the disclosure, use and storage
of personal information will decide whether information technology
become a source of empowerment or of repression.
In considering how privacy is measured and protected, we must distinguish between different types of privacy:
For most people, privacy means 'personal privacy' - the right of individuals not to have their home, private life or personal property interfered with. This can be considered as 'real world' privacy.
A related aspect of this is 'bodily privacy' - the right of individuals to protect themselves from medical or genetic testing, and to have information about their health or personal well-being protected by those with access to such information (doctors, employers, insurers, etc.).
- ‘Privacy of communications’ refers to protection
from interference with communication over the phone or the
internet. Respect for the privacy of communications is an essential
prerequisite for the maintenance of human relationships via
technological communications media.
- ‘Information privacy’ is perhaps the most widely
debated aspect of the use of computers and information systems.
Information systems are able to hold and process information
about large numbers of people at high speed. It is important
to ensure that information will only be used for the purposes
for which it was gathered, and that it will not be disclosed
to others without the consent of the relevant individuals.
| The Code of Fair Information Practices
The Code of Fair Information Practices was the
central contribution of the HEW (Health, Education,
Welfare) Advisory Committee on Automated Data Systems.
The Advisory Committee was established in 1972,
and the report released in July. The citation for
the report is as follows: U.S. Department of Health,
Education and Welfare, Secretary’s Advisory
Committee on Automated Personal Data Systems, Records,
computers, and the Rights of Citizens viii (1973).
The Code of Fair Information Practices is based
on five principles:
There must be no personal data record-keeping
systems whose very existence is secret.
There must be a way for a person to find out
what information about the person is in a record
and how it is used.
There must be a way for a person to prevent
information about the person that was obtained
for one purpose from being used or made available
for other purposes without the person's consent.
There must be a way for a person to correct
or amend a record of identifiable information
about the person.
Any organization creating, maintaining, using,
or disseminating records of identifiable personal
data must assure the reliability of the data
for their intended use and must take precautions
to prevent misuses of the data.
21.1. Legislative frameworks for protecting privacy
There are different legal frameworks
for the protection of privacy. The legislative framework of most
states deals with information privacy and to a lesser extent
with bodily privacy. The protection of personal privacy is usually
a civil matter. This means that infringements of privacy must
be contested by individuals in the courts, and the state will
not act on their behalf.
In some states, individuals are wholly responsible for monitoring
their privacy, and seeking legal redress when it is infringed.
The problem with this model is that if individuals do not have
the means to police their privacy, such as the financial security
to bring a case to court, then they have no privacy. In other
states, the burden for protecting privacy is placed on the holder
of the information. Although this takes the burden off the individual,
it can also lead to a false sense of security because it is assumed
that the holders of the information, or the regulatory bodies
that are set up to police them, will protect interests of the
The region with the strongest information privacy laws is the
European Union. Following the introduction of various laws in
the 1980s and 1990s on the protection of personal data1 there
is now a strong framework to protect the information held on
computers. Over the next five years, this legal framework will
also be extended to certain types of paper-based records. To
back up the legislative framework, each state in the EU also
has its own agency, with legal powers, to police the holding
of personal information. Holders and processors of personal information
must obtain a permit from this agency.
The approach of the European Union contrasts with that of other
states such as the USA and Singapore. These states primarily
opt for self-regulation within different sectors of industry,
or they legislate very narrowly to protect only certain aspects
of personal privacy. In the USA especially, the structure of
privacy laws means that information held by bodies other than
the state is open to be used and traded by anyone, unless a law
specifically exists to protect it.
The problem with self-regulation is that it addresses the needs
of the data processing industry rather than the interests of
the individual. Codes of practice that create ‘burdens’ on
organisations, or affect their ability to trade or operate, may
only be grudgingly implemented. The lack of any transparency
in the application of such codes also makes it difficult to establish
that they are properly applied in all cases. These systems are
also subject to ‘functional creep’, as new processes
are added that are not specifically controlled by self-regulation
procedures. This is significant in the context of the Internet.
The sale of personal information is, for many Internet companies,
a major income stream. As new on-line services have developed
so the opportunities for the gathering and trading of personal
information have increased.
With regard to communications privacy, the introduction of digital
communications, whilst enabling a boom in cheap telephone and
computer-based communications, has at the same time lessened
the protection for personal communications. While the content
of our communications is secret, unless intercepted by the state,
the collection and retention of traffic data represents a less
serious but still damaging invasion of privacy. The potential
uses of retained communications data, and its value when forming
data profiles on individuals, has not received wide public attention – even
though data retention forms the core of the measures enacted
as part of the so-called ‘war on terrorism’.
For those interested in protecting their privacy, the simplest
advice is to meet their needs for information services in states
that have strong data protection laws. This may be very difficult
for people who are not residents in such states, though. At the
same time people should seek to restrict the information that
they give out about themselves as part of consumer surveys, or
in response to purchases at stores.
Organisations should be careful with the way they process personal
information. The impact of junk mail, faxes and text messages
has led the public to develop a negative perception of organisations
that trade or sell personal data. For those organisations that
are involved with political or social causes, the protection
of personal data is increasingly important given recent legislative
changes on data retention. If data is not held securely, and
transmitted securely, then the organisation risks disclosing
information about its supporters or partners.
Rights Activists in South Korea start Hunger Strike
against National Education Information System (NEIS)
- A giant digital database established by the government
to gather the private information of students,
parents, and teachers" * [Press Release] People
requests to halt the implementation of NEIS immediately
Seoul, South Korea -- June 18th, 2003, nine human rights activists
in South Korea starts hunger strike struggle on the street against
National Education Information System (NEIS) for an indefinite
period. They stressed that NEIS, which is a giant database of people's
private information, is to infringe basic human rights including
privacy very seriously, and requested that the government should
halt the implementation of NEIS and delete the section of private
information in NEIS. They also condemned that the government is
trying to gather lots of private information into this system without
any agreements from people, so it is absolutely illegal and unconstitutional.
Korean Progressive Network(Jinbonet), Sarangbang group for Human
Rights, Center for Human Rights Dasan, Peace & Human Rights
Coalition, Chunbuk Peace & Human Rights Coalition, Catholic
Human Rights Committee, and Minkakyup Human Rights Group, Won Buddhism
Human Rights Committee participate in this hunger strike struggle.
Copyleft by www.base21.org
21.2. Privacy enhancing technologies (PETs)
The development of digital communications
technologies has improved our ability to communicate. But we
do so at the cost of generating a long trail of information.
For people dealing with sensitive information who must avoid
disclosure, or who need anonymity, communicating presents new
challenges. However, alongside the development of digital communications,
there has been a parallel development of systems that allow communication
to take place more securely. These are collectively known as ‘privacy
In the mainstream, some internet-based services have sought to
develop privacy within information services. The World Wide Web
Consortium (W3C) has recently developed a ‘Platform for
Privacy Preference’s (P3P).2 This works within the user’s Web browser, and for those
sites that are P3P compatible. The user’s privacy preferences
are communicated to the web server as part of web browsing,
or submitting information to web sites. This enables those
gathering information to know precisely how to deal with
the information gathered from Web users.
In relation to on-line trading, systems have also been developed
to allow people to have an on-line method of verifying their
identity. The leading system at the moment is Microsoft’s
Passport – although it has been plagued by problems
related to the unintended disclosure of personal information.
These systems work by establishing a verifiable identity
that can be securely accessed by internet servers, rather
than requiring you to submit information such as passwords
yourself. However, like P3P, Pass-port is a system for secure
information sharing rather than for allowing users to supervise
the information that is gathered and held about them by a
particular on-line service.
that actively protect privacy have been promoted by independent
software developers. There are two general types of systems:
that use encryption to secure the content of the communication,
or that use encryption to digitally sign information
to prove its authenticity;
that use a proxy – the forwarding of information
on-line without creating traffic data – in order
to prevent the disclosure of its true source.
A large number of options are available
for improving privacy on-line. They generally rely either on
using a proxy or on encryption/digital signatures. Details can
be found in a document developed by the Association for Progressive
Communications, as part of a project with civil society groups,
entitled ‘Participating With Safety’.3
By using a proxy system the source
of an on-line communication can be disguised. A proxy server
erases all information that discloses the source of a message
or packet and then forwards the packet onto its destination using
its own identity. On receipt of a reply, it replaces the correct
identity of the requesting address, and returns it. In this way
the ‘chain’ of data retention between the user and
a server is broken. However, care must be taken to ensure that
the proxy used is trusted and secure.
Various types of proxy services operate on the internet.4 If
the proxy server keeps no logs, it can disguise the source of
the data, though most commercial services keep logs to allow
tracing should there be any legal queries about a particular
data transaction. The few proxies that keep no logs, and operate
in a truly anonymous manner, are at risk of legal actions undertaken
by parties offended by the information that gets relayed through
them. Most of the anonymous proxies have closed. Others often
operate for a short time before closing down to avoid legal action.
Many states have begun to enact laws that require communication
information to be collected, stored, and turned over to authorities
upon request, and it is becoming more difficult to find a legal
jurisdiction where a proxy server may operate.
Encryption systems are a valuable tool to preserve privacy and
confidentiality. Built-in encryption systems, like the ‘secure
shell’ function in web browsers, and some weak encryption
systems like those that scramble your word processor file with
a password, are considered acceptable. But many states have now
legislated to control the use of strong encryption systems, like
those used to generate digital signatures or to scramble documents
for transmission over the Internet. Each state has a slightly
different legal requirement. Some states, like the Russian Federation,
will not allow encrypted material to be brought into the country.
Some, like Ireland, allow encryption to be used, but in case
of legal action you must produce an unencrypted copy of any document
requested. The UK, like a number of other states, requires that
in the case of a police investigation you turn over all your
encryption keys and passwords or face prosecution.
In a system where data flows are ‘open’ to anyone
able to intercept them, encryption is the only means of guaranteeing
the privacy of the communication. Encryption is the only guaranteed
method of protecting sensitive information from disclosure if
your computer is lost or stolen. Therefore it is essential that
the right to encrypt information remains. If we cannot use encryption
because it is legally banned, the public will suffer. Those who
wish to break the law will continue, for their own reasons, to
encrypt and hide their data to prevent disclosure.
Another useful implementation of encryption is the protection
of the content of a computer’s hard disk. When the machine
starts up the user must enter a password to access an encrypted
partition on the hard drive. The information is then available
for use. This method means that if the computer is stolen, the
information on it cannot be retrieved. There are some potential
problems – for example if the data on the disk is corrupted,
in which case you might lose all of it. But as long as you keep
a secure system of backups, disk encryption is a means of protecting
information held on computers, and especially laptops (which
are more vulnerable to theft).
The benefit of strong encryption systems is that you can put
information beyond the reach of anyone who is not allowed to
access it, and prevent digital signatures for emails or files
from being altered and passed-off as the original. For those
who work with sensitive information, or who need to securely
transmit sensitive information over the ‘Net, encryption
and digital signatures represents a means of guaranteeing privacy
The final strand in ‘privacy technology’ is the security
of computer systems. Computers are a very efficient means of
storing and manipulating information but they can be-come a security
liability. An effort to protect privacy or confidentiality must
begin with securing computer systems. A comprehensive beginners
guide, Introducing Information Security, is available as part
of the APC’s Participating With Safety briefings
Privacy law as a means of silencing criticism
On occasions, laws that protect citisen's privacy rights have been used to close controversial websites. For example, when the Association Against Torture in Spain published the names of those police officers and prison guards formally accused in Spanish courts of having tortured or mistreated prisoners, the ISP that hosted the site was threatened with thousands of euros in fines if it did not take the site down. Whilst opposed to what it interpreted as political censorship, the ISP was forced to comply for fear of being bankrupted by the fine.
Source: Asociación Contra la Tortura,
Electronic Frontier Foundation Urges
DoubleClick to Adopt Opt-In Privacy Protections
June 6, 2001
San Rafael, CA — Judge Lynn O’Malley Taylor ruled today that a lawsuit
seeking to prevent DoubleClick from invading individuals’ privacy moved
one step closer to trial. The class-action claims in the privacy lawsuit against
DoubleClick focus on DoubleClick’s practice of tracking and profiling people
without their consent as they browse the Web. She indicated that, unless the
parties reach a settlement, the trial will be held in January 2002, despite DoubleClick’s
attempt to derail the lawsuit.
“DoubleClick is invading people’s privacy by collecting personal
information without first asking permission,” said EFF staff attorney Deborah
Pierce. “We are glad that Judge Taylor recognizes that DoubleClick’s
practices may be in violation of privacy rights guaranteed by the California
“California’s Constitution protects the general public against the
massive, unauthorized accumulation of sensitive information,” said Ira
Rothken, lead plaintiff’s attorney in the case. “DoubleClick’s
behavior is outrageous. DoubleClick’s business model is flawed. And we
are going to obtain a remedy from the court to stop them.”
DoubleClick, an online advertising company, places banner ads and other website
advertisements on behalf of its clients. The dispute concerns DoubleClick’s
Individuals are often unaware these technologies exist, what they can do to avoid
a cookie or a web bug, or how they can prevent companies like DoubleClick from
placing cookies on their computer hard drives.
The lawsuit alleges that by using cookies DoubleClick can store personally identifying
information, resulting in a profile of individuals based on their surfing history.
Online profiling and aggregation of data from different sources allows others
to form opinions, to market items, and to discriminate based on a profile that
may or may not be accurate. Unwanted disclosure of information may have harmful
consequences, ranging from simple embarrassment to serious problems such as harassment,
violence, insurance cancellation, loss of job or home, and relationship issues
with family and friends.
The Electronic Frontier Foundation (EFF), along with the Privacy Rights Clearinghouse
(PRC) and the Electronic Privacy Information Center (EPIC), have been acting
as advisors in the case, formally called Judnick v. DoubleClick.
Source: Electronic Frontier Foundation Media Release: http://www.eff.org/Legal/Cases/DoubleClick_cases/
5 steps to better on-line privacy
Only conduct business, visit sites or become involved
with web sites that have adequate privacy policies
- To whom your information will be passed onto
- Why the information is being collected
- How the information will be used
- Who will have access to it
- How you can access the information
Install and use privacy enhancing software
Opt out of all further contact with the organisation
when filling in on-line forms
Only give as much personal information as you are
Use an on-line identity and free email service
Privacy Tools”, Australian Privacy Commissioner,