What Is Privacy?

ASSIGNMENT 6
WHAT IS PRIVACY?

1.1 HOW DOES COMPUTER TECHNOLOGY THREATEN PRIVACY OF OUR DATA

1.1.1 INTRODUCTION

We are currently living in the so-called information age which can be described as an era were economic activities are mainly information based (an age of informationalization). This is due to the development and use of technology. The main characteristics of this era can be summarized as a rise in the number of knowledge workers, a world that has become more open - in the sense of communication (global village/Gutenberg galaxy) and internationalization (trans-border flow of data).

This paradigm shift brings new ethical and juridical problems which are mainly related to issues such as the right of access to information, the right of privacy which is threatened by the emphasis on the free flow of information, and the protection of the economic interest of the owners of intellectual property.

In this paper the ethical questions related to the right to privacy of the individual which is threatened by the use of technology will be discussed. Specific attention will be given to the challenges these ethical problems pose to the information professional. A number of practical guidelines, based on ethical norms will be laid down.

1.1.2 THE CONCEPT OF PRIVACY

Definition of Privacy

Privacy can be defined as an individual condition of life characterized by exclusion from publicity (Neetling et al., 1996, p. 36). The concept follows from the right to be left alone (Stair, 1992, p. 635; Shank, 1986, p. 12)1 . Shank (1986, p. 13) states that such a perception of privacy set the course for passing of privacy laws in the United States for the ninety years that followed. As such privacy could be regarded as a natural right which provides the foundation for the legal right. The right to privacy is therefore protected under private law.

The legal right to privacy is constitutionally protected in most democratic societies. This constitutional right is expressed in a variety of legislative forms. Examples include the Privacy Act (1974) in the USA, the proposed Open Democracy Act in South Africa (1996) and the Data Protection Act in England. During 1994 Australia also accepted a Privacy Charter containing 18 privacy principles which describe the right of a citizen concerning personal privacy as effected by handling of information by the state (Collier, 1994, p. 44-45). The Organization for Economic and Coordination and Development (OECD) also accepted in 1980 the Guidelines for the Protection of Privacy and Transborder Flow of Personal Data (Collier, 1994, p. 41).

Privacy is an important right because it is a necessary condition for other rights such as freedom and personal autonomy. There is thus a relationship between privacy, freedom and human dignity. Respecting a person's privacy is to acknowledge such a person's right to freedom and to recognize that individual as an autonomous human being.

The duty to respect a person's privacy is furthermore a prima facie duty. In other words, it is not an absolute duty that does not allow for exceptions. Two examples can be given. Firstly, the police may violate a criminal's privacy by spying or by seizing personal documents (McGarry, 1993, p. 178)2 . A government also has the right to gather private and personal information from its citizens with the aim of ensuring order and harmony in society (Ware, 1993:205). The right to privacy (as an expression of individual freedom) is thus confined by social responsibility.

Different Categories of Private Information

Based on the juridical definition of privacy, two important aspects which are of specific relevance for the information profession must be emphasized. The first is the fact that privacy as a concept is closely related to information - in terms of the definition of Neethling (1996, p. 35) privacy refers to the entirety of facts and information which is applicable to a person in a state of isolation. The fact that privacy is expressed by means of information, implies that it is possible to distinguish different categories of privacy namely, private communications, information which relates to the privacy of a person's body, other personal information, and information with regard to a person's possessions. Each of these categories will be briefly dealt with.

- Private communications. This category of privacy concerns all forms of personal communication which a person wishes to keep private. The information exchanged during a reference interview between the user and the information professional can be seen as an example.

- Privacy of the body (Westin, 1967, p. 351). This normally refers to medical information and enjoys separate legal protection (Neethling, 1991, p. 35-36). According to this legislation a person has the right to be informed about the nature of an illness as well as the implications thereof. Such a person further has the right to privacy about the nature of the illness and can not be forced to make it known to others. The only exception is when the health, and possibly the lives of others may be endangered by the specific illness - such as the case may be where a person is HIV positive and the chance exists that other people may contract the virus.3 This category of information is of specific importance for an information professional working in a medical library.

- Personal information. Personal information refers to those categories of information which refer to only that specific person, for example bibliographic (name, address) and financial information. This type of information is of relevance to all categories of information professionals.

- Information about one's possessions. This information is closely related to property right. According to this a person does have control over the information which relates to personal possessions in certain instances. For example, a person may keep private the information about the place where a wallet is kept.

The Expressed Will to Privacy

The following important aspect of privacy is the desire for privacy (by means of an expressed will) since this desire is important for the delimitation of privacy. In short, the desire for privacy implies that privacy will only be at issue in cases where there is a clear expression of a desire for privacy. For example, a personal conversation between two persons will be regarded as private as long as there is an expressed will to keep it private. The moment that this will is relinquished the information is no longer regarded as private. The same applies to the other categories of personal and private information. If a person makes a private telephone number (as a form of personal information) known to a company, it is no longer regarded as private information. According to the law it can then even be seen as business information which may legally be traded in. This expressed will to privacy acts therefore as a very important guideline for the information professional regarding the delimitation of privacy.

The Relationship Between Privacy and Confidentiality (Secrecy)

It is also important to distinguish between privacy and confidentiality/secrecy. The confidential treatment of information is not only applicable to the above-mentioned four categories of private and personal information - it may refer to any category of information, such as, inter alia, trade secrets.

1.2 COMPUTER COOKIES

There are two types of computer cookies: temporary and permanent. Temporary cookies, also called session cookies, are stored temporarily in your browser's memory and are deleted as soon as you end the session by closing the browser. Permanent cookies, also called persistent cookies, are stored permanently on your computer's hard drive and, if deleted, will be recreated the next time you visit the sites that placed them there.

Cookie technology addressed the need to keep track of information entered at a site so that if you submitted a registration form for example, the site could associate that information with you as you traveled through the site's pages. Otherwise, every time you clicked on a different page in the site, establishing a new connection, the site would lose the information in reference to you, forcing you to re-enter it.

A temporary cookie solved this problem in the short term by setting aside a little bit of browser memory to save information. However, once the browser was closed, all temporary cookies were lost. Return surfers were not recognized and registration information had to be re-supplied at every visit.

Persistent cookies solved this problem. They allowed a site to recognize a surfer permanently by transferring a text file with a unique ID tag to the visitor's hard disk, matching a file on the server. On subsequent visits, the browser automatically handed this cookie over, allowing the site to pull up their matching cookie. Now cookies could persist for years.

Both temporary and permanent computer cookies can be used for many helpful purposes. Automatic registration logon, preserving website preferences, and saving items to a shopping cart are all examples of cookies put to good use. But permanent cookies also resulted in unanticipated uses, such as Web profiling.

Websites began keeping track of the surfing habits of its visitors, using computer cookies to log when an individual visited, what pages were viewed, and how long the visitor stayed. If he or she returned at a later date, the visitor’s cookie triggered open the log of previous visits and was amended to include the new visit. If personal information was offered on any of these visits, name, address and other information was associated with the "anonymous" ID tag, and consequently, the entire profile.

Marketers developed an even greater advantage for cookie profiling. Having advertising rights on several hundred and even many thousands of the most popular websites, marketers could pass third-party cookies to surfers and subsequently recognize individuals as they traveled across the Web, from site to site, logging comprehensive profiles of people's surfing habits over a period of months and even years. Sophisticated profiling programs quickly sort information provided by computer cookies, categorizing targets in several different areas based on statistical data. Gender, race, age, income level, political leanings, religious affiliation, physical location, marital status, children, pets and even sexual orientation can all be determined with varying degrees of accuracy through cookie profiling. Much depends on how much a person surfs, and where he or she chooses to go online.

As a result of public outcry in response to surreptitious profiling, cookie controls were placed in post 3.x browsers to allow users to turn cookies off — options that were not available in 1995 when permanent cookie technology was first embedded into browsers without public awareness or knowledge of how they could be used. Cookie controls also allow user-created lists for exceptions, so that one can turn cookies off, for example, but exempt sites where computer cookies are put to a useful purpose. Third-party cookies often have their own controls, as they are normally tracking cookies placed by marketers. Cookie contents are encrypted and are only readable by the site that placed them.

1.2 ELECTRONIC PROFILE

Electronic profile is the combining of data in a database that can be sold to the Internet by the company to the interested parties.

This database is in a form such as magazine subscription or product warranty cards that had been filled by online subscribers.

The information in electronic profile includes personal details such as your age, address and marital status.

1.3 SPYWARE

Spyware is a type of malware that is installed on computers and collects little bits of information at a time about users without their knowledge. The presence of spyware is typically hidden from the user, and can be difficult to detect. Typically, spyware is secretly installed on the user's personal computer. Sometimes, however, spywares such as keyloggers are installed by the owner of a shared, corporate, or public computer on purpose in order to secretly monitor other users.

While the term spyware suggests that software that secretly monitors the user's computing, the functions of spyware extend well beyond simple monitoring. Spyware programs can collect various types of personal information, such as Internet surfing habits and sites that have been visited, but can also interfere with user control of the computer in other ways, such as installing additional software and redirecting Web browser activity. Spyware is known to change computer settings, resulting in slow connection speeds, different home pages, and/or loss of Internet or functionality of other programs. In an attempt to increase the understanding of spyware, a more formal classification of its included software types is captured under the term privacy-invasive software.

In response to the emergence of spyware, a small industry has sprung up dealing in anti-spyware software. Running anti-spyware software has become a widely recognized element of computer security practices for computers, especially those running Microsoft Windows. A number of jurisdictions have passed anti-spyware laws, which usually target any software that is surreptitiously installed to control a user's computer. The US Federal Trade Commission has placed on the Internet a page of advice to consumers about how to lower the risk of spyware infection, including a list of "do's" and "don'ts."