Couple of days ago Dr. Helen Nissenbaum < http://www.nyu.edu/projects/nissenbaum/ > of NYU gave an interesting, engaging and stimulating lecture entitled "Privacy in Context" at UC Berkeley.
The audio recording of the lecture is available @ http://groups.sims.berkeley.edu/podcast/audio/Helen_Nissenbaum_UCiSchool_02Apr2008.mp3 Following are some of the notes I took from the lecture. Please feel free to add to these if I missed something. Socio-technical systems: It is not just the technology that causes privacy issues. It is the technology embedded in the social system. e.g. RFID implanted into humans or RFID enabled passports. Three classifications of socio-technical system: 1) Tracking and monitoring systems e.g. Web browser cookies. 2) Systems that aggregate and analyze - Choicepoint, Amazon's personalized recommendation system. 3) Systems that broadcast, disperse, distribute, propagate, publicize and disseminate information. - e.g. making court records, which are public, available online. In this case the web is technical system that disseminate the court records. Controversial vs non-controversial socio-technical systems. Medical devices in use at hospitals are non-controversial and maybe beneficial. However, using information electronic toll collection on freeways to track someone's movement is controversial. Traditional approaches to privacy: 1) Private / Public duality (dichotomy). This is an oversimplified approach. It may be argued that what is public maybe disseminated by any medium. e.g. Google's street view, license plate recognition is not a privacy breach as both streets and license plates are public in nature. Private / Public dichotomy maybe good in political philosophy, but it is problematic in privacy realm. 2) The measure of respect for privacy is the control of information by the subject. i.e. the subject has control over what gets revealed and what does not. 3) Lobbying for what is constitutes as a privacy breach and what doesn't. Especially problematic if the privacy is considered a preference rather then a moral right. 4) Privacy vs. other values (e.g. security). These approaches are limited and do not work. Dr. Nissenbaum's proposed approach: Contextual Integrity. Based on privacy as a human/moral right. Contextual Integrity is a measure of how closely the flow of personal information conforms to context relative information norms. Contextual integrity is breached when these norms are violated and is respected when these norms are enforced. Context relative information flow norms: In a context the flow of information (particular attribute) about a subject from a sender to a recipient is governed by a particular transmission principle. Context (circumstance), attributes (information about the subject), actors (subject (information owner), sender and receiver) and transmission principles are the key parameters. All these parameters must be taken into account when performing a analysis of the information flow. Google street map argument fails because it only takes one principle i.e. attributes (streets are public) into account and ignores the other key principle i.e. the context (distributing it over the web and making it widely available). Fiduciary transmission principle: You trust someone with private information about yourself under the assumption that your private information will be used to benefit you and not harm you. Privacy is not secrecy but rather appropriate flow of information. _______________________________________________ FDE mailing list [email protected] http://www.xml-dev.com/mailman/listinfo/fde
