Article

Impact of private data mining on personal privacy from agents of government

Authors:
To read the full-text of this research, you can request a copy directly from the author.

Abstract

The balance of power between the individual and the government has been tipped in favor of the government. Recent advances in technology have led to the commoditization of personal information. The vast amounts of information collected and the ease with which they can be transferred to other parties has led to the rise of personal profile data mining. Due to Supreme Court decisions in the 1970s, the government can easily use or buy these profiles. Therefore, personal privacy from agents of government is being reduced due to data mining. This paper will explore the causes, implications, and potential solutions to this problem. It will explain the value of privacy and why it should be a value that is protected. Then, it will discuss the primary problems associated with data mining, particularly how those problems will impact individuals when the information obtained is used by the government. Next it will describe the current landscape of privacy protections. Finally, it will examine many proposed solutions using a stakeholder/method perspective model to comparatively analyze the solutions. With that analysis, it will describe the findings and implications of that analysis.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the author.

ResearchGate has not been able to resolve any citations for this publication.
Article
Full-text available
The government's ability to obtain and analyze recorded information about its citizens through the process known as data mining has expanded enormously over the past decade. Although the best-known government data mining operation (Total Information Awareness, more recently dubbed Terrorism Information Awareness) supposedly no longer exists, large-scale data mining by federal agencies devoted to enforcing criminal and counter-terrorism laws has continued unabated. This paper addresses three puzzles about data mining. First, when data mining is undertaken by the government, does it implicate the Fourth Amendment? Second, does the analysis change when data mining is undertaken by private entities which then make the data or data analysis available to the government? Third, if the Fourth Amendment does impose some restrictions on government data mining, what might they look like? Current Fourth Amendment jurisprudence appears to leave data mining completely unregulated, while most commentators have called for stringent regulation or a prohibition on large-scale operations such as TIA. This paper takes an intermediate position on these issues. The proposed framework requires attention to the type of records obtained via the data mining, the extent to which they can be connected to particular individuals, and the government's goal in obtaining them. Based on proportionality reasoning that I have applied in other contexts, the highest degree of justification for data mining should be required when the data is private in nature and sought in connection with investigation of a particular target. In contrast, data mining that relies on impersonal or anonymized records, or that is sought in an effort to identify a perpetrator of a past or future event, need not as strictly regulated. In aid of this project, I describe a study that investigated lay views on data mining.
Conference Paper
Full-text available
We investigate legal and philosophical notions of privacy in the context of artificial agents. Our analysis utilizes a nor- mative account of privacy that defends its value and the extent to which it should be protected: privacy is treated as an interest with moral value, to supplement the legal claim that privacy is a legal right worthy of protection by society and the law. We argue that the fact that the only entity to access my personal data (such as email) is an artificial agent is irrelevant to whether a breach of privacy has occurred. What is relevant are the capacities of the agent: what the agent is both able and empowered to do with that informa- tion. We show how concepts of legal agency and attribution of knowledge gained by agents to their principals are crucial to understanding whether a violation of privacy has oc- curred when artificial agents access users' personal data. As natural language processing and semantic extraction used in artificial agents become increasingly sophisticated, so the corporations that deploy those agents will be more likely to be attributed with knowledge of their users' personal infor- mation, thus triggering significant potential legal liabilities.
Book
Full-text available
Book
Privacy is a growing concern in the United States and around the world. The spread of the Internet and the seemingly boundaryless options for collecting, saving, sharing, and comparing information trigger consumer worries. Online practices of business and government agencies may present new ways to compromise privacy, and e-commerce and technologies that make a wide range of personal information available to anyone with a Web browser only begin to hint at the possibilities for inappropriate or unwarranted intrusion into our personal lives. Engaging Privacy and Information Technology in a Digital Age presents a comprehensive and multidisciplinary examination of privacy in the information age. It explores such important concepts as how the threats to privacy evolving, how can privacy be protected and how society can balance the interests of individuals, businesses and government in ways that promote privacy reasonably and effectively? This book seeks to raise awareness of the web of connectedness among the actions one takes and the privacy policies that are enacted, and provides a variety of tools and concepts with which debates over privacy can be more fruitfully engaged. Engaging Privacy and Information Technology in a Digital Age focuses on three major components affecting notions, perceptions, and expectations of privacy: technological change, societal shifts, and circumstantial discontinuities. This book will be of special interest to anyone interested in understanding why privacy issues are often so intractable. © 2007 by the National Academy of Sciences. All rights reserved.
Article
Fifty years ago, in 1984, George Orwell imagined a future in which privacy was demolished by a totalitarian state that used spies, video surveillance, historical revisionism, and control over the media to maintain its power. Those who worry about personal privacy and identity--especially in this day of technologies that encroach upon these rights--still use Orwell's "Big Brother" language to discuss privacy issues. But the reality is that the age of a monolithic Big Brother is over. And yet the threats are perhaps even more likely to destroy the rights we've assumed were ours. Database Nation: The Death of Privacy in the 21st Century shows how, in these early years of the 21st century, advances in technology endanger our privacy in ways never before imagined. Direct marketers and retailers track our every purchase; surveillance cameras observe our movements; mobile phones will soon report our location to those who want to track us; government eavesdroppers listen in on private communications; misused medical records turn our bodies and our histories against us; and linked databases assemble detailed consumer profiles used to predict and influence our behavior. Privacy--the most basic of our civil rights--is in grave peril. Simson Garfinkel--journalist, entrepreneur, and international authority on computer security--has devoted his career to testing new technologies and warning about their implications. This newly revised update of the popular hardcover edition of Database Nation is his compelling account of how invasive technologies will affect our lives in the coming years. It's a timely, far-reaching, entertaining, and thought-provoking look at the serious threats to privacy facing us today. The book poses a disturbing question: how can we protect our basic rights to privacy, identity, and autonomy when technology is making invasion and control easier than ever before? Garfinkel's captivating blend of journalism, storytelling, and futurism is a call to arms. It will frighten, entertain, and ultimately convince us that we must take action now to protect our privacy and identity before it's too late.
Article
In the wake of the California energy crisis of 2000-2001, the California Energy Commission and California Public Utilities Commission are aggressively pursuing "demand response" energy programs aimed at reducing peak energy demand. Demand response systems convey information about market conditions through pricing or reliability signals to customers, who in turn, hopefully, alter their electricity consumption choices. One complication with such systems is that they radically increase the amount of information about activities inside the home that the electricity company can see. In some parts of California, smart meters are being installed that will send information in intervals ranging from 15 minutes to one hour. This is 750-3000 times more information than the monthly meter read that has been the norm for many years. The case law generally considers information held by utilities to be "business records," subject to far less privacy protections than information kept inside the home. In this Article, Deirdre Mulligan and Jack Lerner argue that courts and policymakers should take "the long view" of technology that reveals information about activities inside the home, and give greater protection to such information - whether it is held by utilities or by an individual.
Article
This book chapter provides a brief history of information privacy law in the United States from colonial times to the present. It discusses the development of the common law torts, Fourth Amendment law, the constitutional right to information privacy, numerous federal statutes pertaining to privacy, electronic surveillance laws, and more. It explores how the law has emerged and changed in response to new technologies that have increased the collection, dissemination, and use of personal information.
Article
The shift to a digital information environment has brought many changes to law enforcement access to personal data. Now, by visiting a single website, such as www.cpgov.com, law enforcement can obtain a comprehensive dossier on almost any adult. That website was custom-tailored for law enforcement by ChoicePoint, Inc., a commercial data broker (CDB). CDBs make available a wide variety of personal information, from arrest and court records to notice that a suspect has opened a private mailbox. Access to private sector databases has significantly altered the balance of power between law enforcement and the individual. This new power has been made possible by the confluence of fast network connections; the availability of public records, both electronic and paper, that are rich with personal information; a regulatory environment that has turned a blind eye to private sector collection of personal information for marketing and other purposes; and the alacrity of companies that have become very profitable from selling personal data to the government. This article summarizes the findings of three years of research into the relationship between CDBs and the federal government. The federal Freedom of Information Act was employed to obtain over 1,500 documents from nine federal agencies concerning ChoicePoint and other CDBs. Findings are presented from the requests, and concerns are raised regarding law enforcement access to personal information. The documents led to six major findings. First, the documents show that law enforcement can quickly obtain a broad array of personal information about individuals. Second, although broad requests for documents were filed, there was almost no evidence of controls to prevent agency employees from misusing the databases. It appears as though auditing employee use of the databases is either impossible or simply not done. Third, the database companies are extremely solicitous to the government and actually design the databases for law enforcement use. Fourth, ChoicePoint expanded significantly in 2000 by starting to acquire and sell personal information of non-citizens. That discovery has led to strong international dissent. Fifth, many of the contracts with CDBs are sole-sourced, meaning the contracts are not open to competitive bidding. Sixth, the FBI has a secret, sole-source contract with ChoicePoint to develop an information service prototype. Based on these documents, the author concludes that the Privacy Act should apply to CDBs. The Privacy Act of 1974 establishes a comprehensive set of Fair Information Practices for government collection of personal information, but does not substantially affect the data practices of these private companies. Because of this lack of coverage, government entities have performed an end-run around the protections of the Privacy Act by allowing the private sector to amass troves of personal information that the government would ordinarily not be allowed to collect. Essentially, commercial data brokers are big brother's little helpers - private sector companies that have escrowed personal information that is customized for law enforcement and other government agencies. The author also concludes that public policy makers should not draw distinctions between commercial and government collection of personal information. Libertarians and conservatives have employed persuasive arguments to stave off privacy regulation that affects the commercial sector. They have argued that government collection, use, and disclosure of information presents more risk than commercial collection because the government has the power to arrest, imprison, and even to execute citizens. But this article shows that this distinction between the risks of government and commercial privacy risk is no longer tenable. Commercial actors provide personal information to the government in a number of contexts, and often with astonishing alacrity. Finally, policymakers should revisit policies surrounding access to public records. Much of the personal information made available to law enforcement originates from public records. In a variety of contexts, the government compels individuals to reveal their personal information, and then pours it into the public record for anyone to use for any purpose. The private sector has collected the information, repackaged it, and brought it back to the government full circle. While public records are supposed to provide a window for a citizen to check abusive government activities, increasingly, they are used to leverage more control for powerful institutions against the common man.
Article
Does encrypting Internet communications create a reasonable expectation of privacy in their contents, triggering Fourth Amendment protection? At first blush, it seems that the answer must be yes: A reasonable person would surely expect that encrypted communications will remain private. In this paper, Professor Kerr explains why this intuitive answer is entirely wrong: Encrypting communications cannot create a reasonable expectation of privacy. The reason is that the Fourth Amendment regulates access, not understanding: no matter how unlikely it is that the government will successfully decrypt ciphertext, the Fourth Amendment offers no protection if it succeeds. As a result, the government does not need a search warrant to decrypt encrypted communications. This surprising result is consistent with Fourth Amendment caselaw: it matches how courts have resolved cases involving the reassembly of shredded documents, recovery of deleted files, and the translation of foreign languages. The Fourth Amendment may regulate government access to ciphertext, but it does not regulate government efforts to translate ciphertext into plaintext.
Article
Seven days a week, twenty-four hours a day, electronic databases are compiling information about you. As you surf the Internet, an unprecedented amount of your personal information is being recorded and preserved forever in the digital minds of computers. For each individual, these databases create a profile of activities, interests, and preferences used to investigate backgrounds, check credit, market products, and make a wide variety of decisions affecting our lives. The creation and use of these databases-which Daniel J. Solove calls "digital dossiers"-has thus far gone largely unchecked. In this startling account of new technologies for gathering and using personal data, Solove explains why digital dossiers pose a grave threat to our privacy. The Digital Person sets forth a new understanding of what privacy is, one that is appropriate for the new challenges of the Information Age. Solove recommends how the law can be reformed to simultaneously protect our privacy and allow us to enjoy the benefits of our increasingly digital world. The first volume in the series EX MACHINA: LAW, TECHNOLOGY, AND SOCIETY.
Article
Americans care deeply about their Internet privacy. But if they want to know how federal law protects the privacy of their stored Internet communications, they'll quickly learn that it's surprisingly difficult to figure out. The federal statute that protects the privacy of stored Internet communications is the Stored Communications Act (SCA), passed as part of the Electronic Communications Privacy Act of 1986 and codified at 18 U.S.C. section 2701-11. But courts, legislators, and even legal scholars have had a very hard time understanding the method behind the madness of the SCA. The statute is dense and confusing, and that confusion has made it difficult for legislators to legislate in the field, reporters to report about it, and scholars to write scholarship in this very important area. This Article presents a user's guide to the SCA. It explains in relatively simple terms the structure and text of the Act so that legislators, courts, academics, and students can understand how it works - and in some cases, how it doesn't work. I hope to explain the basic nuts and bolts of the statute and show that the statute works reasonably effectively, although certainly not perfectly. My second goal is to show how Congress needs to amend the SCA. I recommend three ways that Congress should rethink the SCA to better protect the privacy of stored Internet communications, clarify its protections, and update the statute for the present. Specifically, I argue that Congress should raise the threshold the government must satisfy to compel the contents of certain Internet communications; that it should simplify the statute dramatically by eliminating the confusing categories of electronic communication service and remote computing service, and eliminating redundant text; and that it should restructure the remedies scheme for violations of the statute.
Article
The new frontier of the Fourth Amendment is the search and seizure of computer data. Created to regulate entering homes and seizing physical evidence, the Fourth Amendment's prohibition on unreasonable searches and seizures is now called on to regulate a very different process: retrieval of digital evidence from electronic storage devices. While obvious analogies exist between searching computers and searching physical spaces, important differences between them will force courts to rethink the basic meaning of the Fourth Amendment's key concepts. What does it mean to search computer data? When is computer data seized? When is a computer search or seizure reasonable? This article offers a normative framework for applying the Fourth Amendment to searches of computer data. It begins by exploring the basic differences between physical searches of physical property and electronic searches of digital evidence. It then proposes an exposure theory of Fourth Amendment searches: any exposure of data to an output device such as a monitor should be a search of that data, and only that data. The exposure approach is then matched with a rule for computer seizures: while copying data should not be deemed a seizure of that data, searches of copies should be treated the same as searches of the original. In the final section, the article proposes a rethinking of the plain view exception in computer searches to reflect the new dynamic of digital evidence investigations. The plain view exception should be narrowed or even eliminated in digital evidence cases to ensure that digital warrants that are narrow in theory do not devolve into general warrants in practice. Tailoring the doctrine in light of the new realities of computer investigations will protect the function of existing Fourth Amendment rules in the new world of digital evidence.
Article
In this article, Professor Solove develops a theory to reconcile the tension between transparency and privacy in the context of public records. Federal and state governments maintain public records containing personal information spanning an individual's life from birth to death. The web of state and federal regulation that governs the accessibility of these records generally creates a default rule in open access to information. Solove contends that the ready availability of public records creates a significant problem for privacy because various bits of information when aggregated paint a detailed portrait of a person's life that Solove refers to as a digital biography. A growing number of private sector organizations assemble these digital biographies, which are used in a number of disturbing ways that are not in line with the purposes of freedom of information laws. To combat this problem, Solove argues, commercial access and use restrictions must be imposed on public record systems, and a federal baseline of protection must be established. Information privacy must be reconceptualized to abandon the secrecy paradigm, the longstanding notion that there is no claim to privacy when information appears in a public record. Privacy must be understood as an expectation of a limit on the degree of accessibility of information. Engaging in an extensive analysis of the applicability of the Constitution to public record systems, Solove contends that attempts to limit the use and accessibility of public records do not run afoul of the First Amendment rights to access government information and to freedom of speech and press. Therefore, viewed in light of Solove's theory of information privacy, the regulation of public record regimes must be substantially rethought.
Article
Philosophical and legal theories of privacy have long recognized the relationship between privacy and information about persons. They have, however, focused on personal, intimate, and sensitive information, assuming that with public information, and information drawn from public spheres, either privacy norms do not apply, or applying privacy norms is so burdensome as to be morally and legally unjustifiable. Against this preponderant view, I argue that information and communications technology, by facilitating surveillance, by vastly enhancing the collection, storage, and analysis of information, by enabling profiling, data mining and aggregation, has significantly altered the meaning of public information. As a result, a satisfactory legal and philosophical understanding of a right to privacy, capable of protecting the important values at stake in protecting privacy, must incorporate, in addition to traditional aspects of privacy, a degree of protection for privacy in public.
Article
Use of the concept of `areasonable person and his or her expectations'is widely found in legal reasoning. This legalconstruct is employed in the present article toexamine privacy questions associated withcontemporary information technology, especiallythe internet. In particular, reasonableexpectations of privacy while browsing theworld-wide-web and while sending and receivinge-mail are analyzed.
Article
Access control models protect sensitive data from unauthorized disclosure via direct accesses, however, they fail to prevent indirect accesses. Indirect data disclosure via inference channels occurs when sensitive information can be inferred from non-sensitive data and metadata. Inference channels are often low-bandwidth and complex; nevertheless, detection and removal of inference channels is necessary to guarantee data security. This paper presents a survey of the current and emerging research in data inference control and emphasizes the importance of targeting this so often overlooked problem during database security design.
Article
Revisions to the federal Electronic Communications Privacy Act (ECPA), improvement and clarity in industry policies in the US for stored data, and user education is required to avoid risks of online storage and protecting user privacy. The ECPA and the Fourth Amendment are the traditional sources of legal privacy protections for electronic data. The Fourth Amendment protects a person's home and the content of telephone calls from unreasonable search and seizure. ECPA should be amended to clarify that ISP can read subscribers' email only to provide the service, to protect the ISP's rights or property, or in other limited circumstances. Legal reform, improved industry practices, and consumer education are also necessary to meet consumers' privacy expectations as their personal communications and records are remotely, digitally stored.
Article
The Fourth Amendment to the United States Constitution prohibits unreasonable searches and seizures. Yet as interpreted by the United States Supreme Court, the Amendment places no restriction on police combing through financial records; telephone, e-mail and website transactional records; or garbage left for collection. Indeed there is no protection for any information knowingly provided to a third party, because the provider is said to retain no reasonable expectation of privacy in that information. As technology dictates that more and more of our personal lives are available to anyone equipped to receive them, and as social norms dictate that more and more information is provided to third parties, this restriction threatens to render the Fourth Amendment a practical nullity. By reviewing some modern technologies (e-mail, millimeter wave concealed weapons detectors, off-the-window eavesdropping, and TEMPEST receivers) we can appreciate the magnitude of the issue and determine how Fourth Amendment jurisprudence must be altered in order to better balance privacy and security in the post-9/11 United States. We must craft definitions of search and reasonableness that account for the impending world in which all information is available to those equipped to receive it. Although restricting the Supreme Court's third party doctrine is a step in the right direction, a better solution is to jettison the doctrine entirely and to rely on a totality-based doctrine of reasonableness. Only in this manner can courts preserve the aims of the Fourth Amendment despite dramatic changes in the technological backdrop.
Article
For at least thirty years the Supreme Court has adhered to its third-party doctrine in interpreting the Fourth Amendment, meaning that so far as a disclosing party is concerned, information in the hands of a third party receives no Fourth Amendment protection. The doctrine was controversial when adopted, has been the target of sustained criticism, and is the predominant reason that the Katz revolution has not been the revolution many hoped it would be. Some forty years after Katz the Court's search jurisprudence largely remains tied to property conceptions. As I have demonstrated elsewhere, however, the doctrine is not the universal constitutional rule in the United States. Eleven states reject the doctrine, providing some constitutional search and seizure protection to information in the hands of third parties, and another eleven give some reason to believe they might reject it.But it is one thing to urge that some third-party information should by protected, and quite another to articulate how and when different information should be accessible to police. To answer this question it makes sense to turn to the most robust source of practical applications we have, namely those states that have diverged from the federal doctrine. Although state courts often employ a gestalt jurisprudence that defies precise delineation, an analysis of many cases reveals a set of relevant factors that would seem to be consistently useful in determining whether law enforcement access should be restricted, and if so in what manner. What such analysis does not reveal is a tidy system of bright-line delineations, seemingly at odds with two thoughtful alternatives to the current federal doctrine proposed by Daniel Solove and Christopher Slobogin.Part I of this article frames the discussion via recent events. The realization that the National Security Agency has been parsing phone conversations, dialing records, and banking records since the terrorist attacks of September 11, 2001, demonstrates that the third-party doctrine is very much a contemporary concern. The decision last term in Georgia v. Randolph demonstrates that five members of the Supreme Court are willing to depart from the doctrine, at least in the context of the home. Part II then utilizes the existing state (and to a limited extent federal) jurisprudence to determine and explain what factors are relevant in determining whether to constitutionally restrict law enforcement access. This yields an uncertain calculus that also logically challenges the essentially unrestricted ability of law enforcement to probe the recollection of a recalcitrant witness. In Part III I compare my approach to the seemingly more administrable proposals of Professors Solove and Slobogin. I conclude with a tentative defense of the current multi-faceted - and therefore necessarily uncertain - jurisprudence. Although its administrability is imperfect, it more appropriately distinguishes between and among different types and amounts of third-party information.
Constitutionalizing Email Privacy by Information Access
  • Manish Kumar
Kumar, Manish. Constitutionalizing Email Privacy by Information Access. Minnesota J.L. Science and Technology 9(1), 257-286. 2008.
In government we trust: exchanging information for public health services. Paper presented at the annual meeting of the American Association for Public Opinion Research
  • M K Mccoy
McCoy, M. K. In government we trust: exchanging information for public health services. Paper presented at the annual meeting of the American Association for Public Opinion Research, Sheraton Music City, Nashville, TN. 16 August 2003. 6 February 2009 from http://www.allacademic.com/meta/p116339_index.html
Data Mining: What is Data Mining? Data Mining. Spring 1996. Anderson Graduate School of Management at UCLA
  • Bill Palace
Palace, Bill. Data Mining: What is Data Mining? Data Mining. Spring 1996. Anderson Graduate School of Management at UCLA. 19 March 2009. http://www.anderson.ucla. edu/faculty/jason.frand/teacher/technologies/palace/datamining.htm
The Largely Non-Existent Legal Framework for Government Mining of Commercial Data
  • Privacy's Gap
Privacy's Gap: The Largely Non-Existent Legal Framework for Government Mining of Commercial Data. Center for Democracy and Technology. 28 May 2003. Available at: http://www.cdt.org/security/usapatriot/030528cdt.pdf
  • Joel R Reidenberg
  • Trans-Atlantic E-Commerce
  • Privacy
Reidenberg, Joel R. E-Commerce and Trans-Atlantic Privacy, 38 Hous. L. Rev. 717, 730 (2001).
The Silent Crime: What You Need to Know about Identity Theft
  • Steffen Schmidt
  • Michael Mccoy
Schmidt, Steffen and Michael McCoy. The Silent Crime: What You Need to Know about Identity Theft. USA: Twin Lakes Press, 2008.
Why Data Mining Won't Stop Terror
  • Bruce Schneier
Schneier, Bruce. Why Data Mining Won't Stop Terror. Wired. 9 March 2006. 15 March 2009. http://www.wired.com/politics/security/commentary/securitymatters/
An Introduction to Data Mining: Discovering Hidden Value in Your Data Warehouse
  • Karl Thearling
Thearling, Karl. An Introduction to Data Mining: Discovering Hidden Value in Your Data Warehouse. 15 March 2009. http://www.thearling.com/text/dmwhite/dmwhite.htm
Privacy and freedom (Fifth ed.)
  • Alan Westin
Westin, Alan. Privacy and freedom (Fifth ed.). New York, U.S.A.: Atheneum, 1968.