Privacy and Encryption
PRIVACY AND ENCRYPTION
Although privacy and its protection are hotly debated in the beginning of the twenty-first century, what is being debated is poorly defined. According to definitions of "privacy" and "private" in Webster's Third New International Dictionary, "privacy" denotes an element of being withheld from public view, of "belonging to oneself," of "freedom from unauthorized oversight or observation of others." Louis Brandeis and Samuel Warren, in a seminal 1890 article, called privacy "the right to be let alone." But whether privacy is a civil right, a property right, a market commodity, or all of these at one time or another is unsettled.
Concerns about privacy at the time of the Brandeis and Warren article focused on intrusive photographers and gossip columns, not the records of business or government. In the late twentieth century, the issue of informational privacy came to the forefront with the rapid development of electronic communication through distributed networks. Companies transacting business on the World Wide Web (WWW) must ask for at least minimal amounts of personally identifiable information in order to receive payment for orders and deliver them. Governments collect data about individuals in order to carry out functions such as collecting taxes, paying social security, and conducting the census. Information collected in the course of doing business or government is organized and stored; it can be readily accessed and used again to carry out additional transactions or for purposes beyond those for which it was gathered. This secondary use and the possibility of misuse of personally identifiable information have many people concerned about the protection of privacy with respect to electronic records. Encryption, or using a code to prevent unauthorized access to information transferred or stored electronically, is seen as one solution to the privacy protection problem.
Privacy would not need protecting if people did not value it. The Universal Declaration of Human Rights, adopted by the United Nations General Assembly in 1948, declared, "Everyone has the right to the protection of the law against" any "arbitrary interference with his privacy, family, home or correspondence" as well as "attacks upon his honour and reputation." The coupling of privacy with home, correspondence, and reputation suggests that it is central to personal relations, some kinds of communication, and even identity. Although the Constitution of the United States does not explicitly claim privacy as a right, the Fourth Amendment addresses the "right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures." There is also a "penumbra" of privacy in the First and Third Amendments. Therefore, many people find a civil right to privacy articulated in the Constitution as well.
Scholars theorize that privacy is necessary for the construction and maintenance of autonomy and integrity and a sense of identity. Within relationships people reveal themselves incrementally to others. They withhold information if they feel their freedom of conscience or of action or their safety would be compromised by self-revelation. The private, or Australian, ballot was instituted to protect voters from threats and pressures from vote seekers. Privacy is necessary to prevent people from becoming vulnerable to coercion or manipulation. For example, the rights of citizens to have free inquiry, association, and communication would be seriously chilled if their inquiries, associations, and conversations could not enjoy a certain degree of privacy.
The right to privacy, however, is not an absolute right. People give up a degree of privacy in exchange for intimacy or friendship. They give up information about themselves in order to achieve something they want or to be responsible citizens. For example, a college applicant divulges a scholastic record for the opportunity to get an education, and a patient releases medical records to an insurance company in order to receive needed care. Citizens reveal income and expenditures to pay taxes. They give up informational privacy.
Informational privacy, or privacy with regard to personally identifiable information, is, as the example of health care illustrates, inextricably bound with other types of privacy, such as privacy of the person. So closely bound are information about individuals and individuals themselves, that the theft and use of another's personally identifiable information is referred to as "identity theft." At least in the marketplace, personally identifiable information in sufficient amounts may equal personal identity.
Computers and Privacy
Widespread concern about privacy in both the United States and in Europe began with governmental development of large-scale computer databases to replace paper files in the 1960s and 1970s. Citizens became concerned that easy access to so much private information left them vulnerable to infringement of their civil liberties. The result of this concern in the United States was the Privacy Act of 1974, which applied to "systems of records" held in government databases. The Privacy Act articulated what has become a widely accepted set of fair information practices, which have also been implemented by the European Data Privacy Directive of 1995. Subsequent legislation has attempted to address such concerns as data matching—the capability of computer systems to locate information about an individual across a number of databases using a common identifier such as a Social Security number.
In the 1990s, as electronic commerce flourished, concerns about privacy focused on the corporate, rather than government, sector. Distributed computing allowed personally identifiable information to be transmitted across networks and stored in hundreds of databases around the country or even the world. That information, easily sorted by any variable, becomes a valuable commodity, not only used internally by the company for tailoring services to its customers or improving its marketing, but also sold to others. Thus, informational privacy itself becomes a commodity, raising the issue of who owns information about an individual. In the electronic marketplace, for example, when information about which parts of a website a person visits is gathered without his or her knowledge or consent, the individual loses the ability to bargain over use of personal data. The market is asymmetric, with the individual at a disadvantage. These secondary uses of information have increased individual concerns about privacy. Because information can be shared without being destroyed, even one transmission of personally identifiable information across data networks means a person loses control over that information.
A growing concern is the vulnerability of networked computer systems to infiltration or "hacking." Technically skilled thieves can break into computer systems and steal passwords or by other means gain access to private information such as credit card or Social Security numbers, addresses, information about purchases, or health data.
The combination of distributed computing and the ease of searching electronic records makes discovery of personal information easier. A skilled Internet searcher can learn a great deal about an individual by aggregating information discovered legitimately. It is not difficult to find WWW sites that sell access to public records that would ordinarily be difficult to find. More than one company sells software to allow any individual to track another's use of the Internet without the other's knowledge, including seeing every message typed in a chat room.
Either authorized or unauthorized use of personally identifiable data can have deleterious results. For example, according to Paul Clayton and Jerry Sheehan (1997), medical records that have historically been poorly protected and widely spread could be used without an individual's knowledge to deny that person employment or access to health insurance.
If business and government are to be conducted on a large scale over the Internet, ways must be found to protect the privacy of records, especially those pertaining to personally identifiable information. In a poll, 80 percent of those who buy products on the Internet said they were concerned about privacy online, and 96 percent of Internet purchasers said that websites should explain how they use information (Maurici, 1998). In order for electronic commerce and government to succeed, privacy concerns must be addressed.
The European Union (EU) has chosen to address concerns over informational privacy, or data protection, with the Data Protection Directive of 1995. The directive incorporates and strengthens the fair information practices found in earlier U.S. legislation but directs its injunctions toward the private sector, whereas U.S. law deals only with data collection by the government. Organizations must state their policies on data collection, use, and transfer, which must conform to the following principles:
- Collection limitation: Data collected must be limited to that which is relevant for its stated purpose.
- Clear and conspicuous notice: Organizations must state clearly in a prominent place who is collecting data, for what purpose, and any third party to whom it might be transferred. Notice must include limits on disclosure of information and the appropriate party to contact to rectify data.
- Informed consent: Before using data, an organization must get the consent of the data subject. Whether the consent takes the form of opting in (positive assent to sharing data) or opting out (assent to sharing data by not acting to withhold it) depends on the sensitivity of the data.
- Disclosure/onward transfer: Organizations must secure informed consent (opt in) before transferring data to a third party.
- Records integrity: Information must be up-to-date, complete, and accurate; data not meeting these standards should be eliminated.
- Security: Organizations must protect data from unauthorized use, manipulation, or modification.
- Access: An individual has the right to review and correct personal data in a timely and affordable manner. The EU Directive also established a Data Protection Commissioner. A number of other countries have a similar official.
The United States, on the other hand, relies on self-regulation by private industry and commerce to protect data privacy, which concerns many privacy advocates. Many companies, however, understand that privacy policies and practices trusted by consumers are prerequisite to thriving electronic commerce. A good many participate in self-regulatory consortia such as Trust-e, which attempts to verify that the companies observe fair information practices. To ensure secure transactions such as the transmission of credit card numbers and other personally identifiable information over the WWW, companies use secure transmission capabilities, including encryption, one way to protect data from unauthorized use.
Encryption is the use of a mathematical algorithm to encode any data transmitted or stored digitally, such as an e-mail message, a contract, or medical records. The code is a string of numbers or bits; the longer the string, the more complex the code, and thus the more computational power and time required to break it. Typical key lengths for strong encryption range from 56 bits to 128 bits. In order to receive and decode an encrypted message, a recipient must possess the right key.
There are two types of encryption: private key encryption and public key encryption. In private key encryption, the sender and the receiver must hold identical keys. Because the key is shared, it is less secure than is the key used in public key encryption. In that case, the sender uses the public key of the recipient to encrypt a message; the recipient uses a personal private key to decode the message. The private key is never shared. This type of encryption can ensure the security of a communication. Public key cryptography such as PGP (Pretty Good Protection) is freely available on the Internet.
The U.S. government has developed its own very powerful encryption system, the Escrowed Encryption System, or "Clipper Chip," which is an algorithm etched into a silicon chip. Because the government is concerned that encryption makes it easier for criminals or terrorists to use the Internet for criminal purposes, with the Clipper Chip the government holds a copy of the key in escrow, splitting it into two parts for security. This escrowed key would allow law enforcement, with proper warrants, to decode encrypted messages if they have evidence that a crime is being planned. Privacy advocates oppose such a system. They also oppose the Carnivore e-mail monitoring system, which was promoted in 2000 for law enforcement's use against organized crime and terrorist groups. Privacy advocates fear the misuse of such invasive technologies. It should be possible, they say, to encode data prior to its encryption by the Clipper Chip, thereby ensuring data privacy and decreasing the power of the government to monitor its citizens closely. Seldom addressed is the possible role of encryption in protecting against commercial misuse of personal data. Law enforcement, commerce, and personal freedom contend as the debate continues over encryption as an important tool to ensure informational privacy.
Agre, Philip E. (1999). "The Architecture of Identity:Embedding Privacy in Market Institutions." Information, Communication and Society 2(1):1-25.
Agre, Philip E., and Rotenberg, Marc, eds. (1997). Technology and Privacy: The New Landscape. Cambridge, MA: MIT Press.
Brandeis, Louis, and Warren, Samuel. (1890). "The Right to Privacy." Harvard Law Review 4:193-220.
Clayton, Paul, and Sheehan, Jerry. (1997). "Medical Privacy in an Electronic World." <http://www4.nationalacademies.org/onpi/oped.nsf/(Op-EdByDocID)/C96108D0BD0B116A852566750073B989?OpenDocument>.
Gellman, Robert. (1996). "Privacy." In Federal Information Policy in the 1990s: Views and Perspectives. Nor-wood, NJ: Ablex.
Kirchner, Jake. (1999). "Your Identity Will Be Digital."PC Magazine 18(12):142-143.
Lane, Carole. (1998). "Know X for Public RecordsSearching." Database 21(5):31-33.
Lehrrer, Dan. (1994). "Clipper Chips and Cypherpunks." The Nation 259(11):376-379.
Maurici, Danielle. (1998). "E-Commerce & Privacy:What Net Users Want." <http://www.pandab.org/E-Commerce%20Exec.%20Summary.html>.
Shaffer, Gregory. (2000). "Globalization and Social Protection: The Impact of EU and International Rules in the Ratcheting Up of US Privacy Standards." Yale Journal of International Law 25(1):1-88.
Louise S. Robbins