In this section we examine
privacy, first from its general or common usage and then as it applies in
Aspects of Information Privacy
Information privacy has three aspects:
sensitive data, affected parties, and controlled disclosure. In fact, these
aspects are similar to the three elements of access control from Chapter 5: subject, object, and access rights.
We examine these three in turn.
What is privacy? A good working definition is
that privacy is the right to control who knows certain aspects about you, your
communications, and your activities. In other words, you voluntarily choose who
can know things about you and what those things are. People ask you for your
telephone number: your auto mechanic, a clerk in a store, your tax authority, a
new business contact, or a cute person in a bar. You consider why the person
wants the number and decide whether to give it out. But the key point is you
decide. So privacy is something over which you have considerable influence.
You do not have complete control, however. Once
you give your number to someone else, your control is diminished because it
depends in part on what someone else does. As soon as you give out your number,
you transfer authority and control to someone else. You may say "don't
give my number to anyone else," "use discretion," or "I am
sensitive about my privacy," but you do not control the other person. You have
to trust the other person to comply with your wishes, whether you state them
explicitly or not. This problem is similar to the propagation problem of
computer security: Anyone who has access to an object can copy, transfer, or
propagate that object or its content to others without restriction.
Someone asks you for your
shoe size; you might answer, "I'm a very private person and cannot imagine
why you would want to know such an intimate detail" or you could say
"10C"; some people find that data more sensitive than others. We know
things people usually consider sensitive, such as financial status, certain
health data, unsavory events in their past, and the like, so if you learn
something you consider sensitive about someone, you will keep it quiet. But most
of us are not too sensitive about our shoe size, so we don't normally protect
that if we learn it about someone else. Of course, if a friend told me not to
pass that along, I wouldn't. It is not up to me to question why someone else
considers something private.
Here are examples (in no
particular order) of data many people consider private.
identity, the ownership of private data and the ability to control
finances, credit, bank details
medical conditions, drug use, DNA, genetic predisposition to
voting, opinions, membership in advocacy organizations
preferences: religion, sexuality
biometrics, physical characteristics, polygraph results,
diaries, poems, correspondence, recorded thoughts
privileged communications with professionals such as lawyers,
accountants, doctors, counselors, and clergy
performance: school records, employment ratings
activities: reading habits, web browsing, music, art, videos
air travel data, general travel data, a person's location (present
communications: mail, e-mail, telephone calls, spam
history: "youthful indiscretions," past events
illegal activities, criminal records
Privacy is also affected by
who you are. When you are in a room of people you don't know, perhaps at a
reception, someone may come up to you and say "So you are the man who
baked that beautiful cake over there; I really appreciate your skills as a
pastry chef." It feels kind of nice to get that kind of recognition.
Conversely, a friend was frequently on local television; she far preferred
having dinner at home instead of going to a restaurant because she had grown
tired of people rushing up to her saying "you're [Olga], I see you all the
time on TV." Public personalities cherish the aspects of privacy they
retain. World champion athletes cannot avoid having their results made public,
whereas you might not want everyone to know how poorly you finished in the last
event. Culture also influences what people consider sensitive.
In general, a person's
privacy expectations depend on context: who is affected and what the prevailing
norm of privacy is.
This brings us to another point about privacy:
Individuals, groups, companies, organizations, and governments all have data
they consider sensitive. So far we have described privacy from the standpoint
of a person. Companies may have data they consider private or sensitive:
product plans, key customers, profit margins,
and newly discovered technologies. For organizations such as companies, privacy
usually relates to gaining and maintaining an edge over the competition. Other
organizations, for example, schools, hospitals, or charities, may need to
protect personal data on their students, patients, or donors, or they may want
to control negative news, and so forth. Governments consider military and
diplomatic matters sensitive, but they also recognize a responsibility to keep
confidential data they collect from citizens, such as tax information. We may
use terms like subject or owner to cover privacy issues affecting people,
groups, and the like.
Privacy is an aspect of confidentiality. As we
have learned throughout this book, the three security goals of confidentiality,
integrity, and availability conflict, and confidentiality frequently conflicts
with availability. If you choose not to have your telephone number published in
a directory, that also means some people will not be able to reach you by
To summarize, here are some
points about privacy:
Privacy is controlled disclosure: The subject chooses what personal
data to give out and to whom.
After disclosing something, a subject relinquishes much control to
What data are sensitive is at the discretion of the subject; people
consider different things sensitive. Why a person considers something sensitive
is less important than that it is.
Individuals, informal groups, and formal organizations all have
things they consider private.
Privacy has a cost; choosing not to give out certain data may limit
In the next section we
consider some examples of data that some people consider private.