In this section we examine privacy, first from its general or common usage and then as it applies in technological situations.
Aspects of Information Privacy
Information privacy has three aspects: sensitive data, affected parties, and controlled disclosure. In fact, these aspects are similar to the three elements of access control from Chapter 5: subject, object, and access rights.
We examine these three in turn.
What is privacy? A good working definition is that privacy is the right to control who knows certain aspects about you, your communications, and your activities. In other words, you voluntarily choose who can know things about you and what those things are. People ask you for your telephone number: your auto mechanic, a clerk in a store, your tax authority, a new business contact, or a cute person in a bar. You consider why the person wants the number and decide whether to give it out. But the key point is you decide. So privacy is something over which you have considerable influence.
You do not have complete control, however. Once you give your number to someone else, your control is diminished because it depends in part on what someone else does. As soon as you give out your number, you transfer authority and control to someone else. You may say "don't give my number to anyone else," "use discretion," or "I am sensitive about my privacy," but you do not control the other person. You have to trust the other person to comply with your wishes, whether you state them explicitly or not. This problem is similar to the propagation problem of computer security: Anyone who has access to an object can copy, transfer, or propagate that object or its content to others without restriction.
Someone asks you for your shoe size; you might answer, "I'm a very private person and cannot imagine why you would want to know such an intimate detail" or you could say "10C"; some people find that data more sensitive than others. We know things people usually consider sensitive, such as financial status, certain health data, unsavory events in their past, and the like, so if you learn something you consider sensitive about someone, you will keep it quiet. But most of us are not too sensitive about our shoe size, so we don't normally protect that if we learn it about someone else. Of course, if a friend told me not to pass that along, I wouldn't. It is not up to me to question why someone else considers something private.
Here are examples (in no particular order) of data many people consider private.
· identity, the ownership of private data and the ability to control its disclosure
· finances, credit, bank details
· legal matters
· medical conditions, drug use, DNA, genetic predisposition to illnesses
· voting, opinions, membership in advocacy organizations
· preferences: religion, sexuality
· biometrics, physical characteristics, polygraph results, fingerprints
· diaries, poems, correspondence, recorded thoughts
· privileged communications with professionals such as lawyers, accountants, doctors, counselors, and clergy
· performance: school records, employment ratings
· activities: reading habits, web browsing, music, art, videos
· air travel data, general travel data, a person's location (present and past)
· communications: mail, e-mail, telephone calls, spam
· history: "youthful indiscretions," past events
· illegal activities, criminal records
Privacy is also affected by who you are. When you are in a room of people you don't know, perhaps at a reception, someone may come up to you and say "So you are the man who baked that beautiful cake over there; I really appreciate your skills as a pastry chef." It feels kind of nice to get that kind of recognition. Conversely, a friend was frequently on local television; she far preferred having dinner at home instead of going to a restaurant because she had grown tired of people rushing up to her saying "you're [Olga], I see you all the time on TV." Public personalities cherish the aspects of privacy they retain. World champion athletes cannot avoid having their results made public, whereas you might not want everyone to know how poorly you finished in the last event. Culture also influences what people consider sensitive.
In general, a person's privacy expectations depend on context: who is affected and what the prevailing norm of privacy is.
This brings us to another point about privacy: Individuals, groups, companies, organizations, and governments all have data they consider sensitive. So far we have described privacy from the standpoint of a person. Companies may have data they consider private or sensitive:
product plans, key customers, profit margins, and newly discovered technologies. For organizations such as companies, privacy usually relates to gaining and maintaining an edge over the competition. Other organizations, for example, schools, hospitals, or charities, may need to protect personal data on their students, patients, or donors, or they may want to control negative news, and so forth. Governments consider military and diplomatic matters sensitive, but they also recognize a responsibility to keep confidential data they collect from citizens, such as tax information. We may use terms like subject or owner to cover privacy issues affecting people, groups, and the like.
Privacy is an aspect of confidentiality. As we have learned throughout this book, the three security goals of confidentiality, integrity, and availability conflict, and confidentiality frequently conflicts with availability. If you choose not to have your telephone number published in a directory, that also means some people will not be able to reach you by telephone.
To summarize, here are some points about privacy:
· Privacy is controlled disclosure: The subject chooses what personal data to give out and to whom.
· After disclosing something, a subject relinquishes much control to the receiver.
· What data are sensitive is at the discretion of the subject; people consider different things sensitive. Why a person considers something sensitive is less important than that it is.
· Individuals, informal groups, and formal organizations all have things they consider private.
· Privacy has a cost; choosing not to give out certain data may limit other benefits.
In the next section we consider some examples of data that some people consider private.