34 Privacy Issues

Ms.Vinodini Kapoor

epgp books

 

 

  1. Learning Outcome:
  • Develop an understanding of the concept of Privacy.
  • Understand the significance of Privacy issues in context of Information technology and Information Systems.
  • Understand the various issues that affect privacy on the Internet
  • Understand the Laws related to Privacy as defined in the Indian Constitution.
  • Discuss the concept of Computer Libel and Censorship.
  1. Introduction

 

In a world where information is available at the instant click of a mouse, information privacy and security are elements under crossfire. There is a surging demand for access to personal information in order to generate products suited to the tastes of people; security requires proactive knowledge of records and movements of transactions as a perquisite for monitoring and control by the authorities.

 

Information security and privacy pose a challenge for any organization on account of corporate governance. This is because the information is defined as the strategic asset and source of value to capitalize new business strategies. Privacy refers to safeguarding of the individual’s rights when it comes to information.

 

Considering the case where everything one does online, over the phone, with a credit card can be monitored and recorded. If this information is used abusively, in a manner where one might feel being tapped all the time, it compromises our ability to think and act naturally and freely.

 

Hence, privacy can be defined as an individual condition of life in isolation or characterized by exclusion from publicity. It is the right to be free from secret surveillance and to determine whether, when, how, and to whom, one’s personal or organizational information is to be revealed.

 

In specific, privacy may be divided into four categories depicted in figure 1.

 

 

  1. Physical: It refers to restriction being imposed on others to enable a person to work in seclusion with interference through one or more of the human senses.
  2. Informational: Privacy restriction on searching or revealing facts that are unknown to others about oneself, situations in which one could acquire information, technology that shall generate or disseminate information about oneself.
  3. Decisional: Privacy concerns dealing with restriction on interfering in decisions that are exclusive to an entity.
  4. Dispositional: It refers to restriction on attempts to know about what an individual’s state of mind is pointing to.

 

Technology has a substantial impact on gathering, storage, retrieval and dissemination of information. The authorized access to information is a crucial factor as information readily available can easily be manipulated. It creates the possibility of wider and simultaneous access to information. Technological advancements hinder privacy and have reduced control over proprietary information. Access to personal data can be very damaging and has numerous negative implications on business.

 

Computer information systems if not protected and monitored can be vulnerable to physical attacks, electronic hacking, and natural disasters. With computer information systems serving as the vital life blood of many organizations, managers must be aware of the both the risks and the opportunities to minimize the risks to information systems.

  1. Privacy Issues

 

The impact of the use of technology has a crucial role to play in many areas. These include the following:

  • The electronic monitoring of people in the workplace. This is done by so called electronic eyes. The justification by companies for the use of such technology is to increase productivity.
  • The interception and reading of Email messages. This poses an ethical problem which relates to the private communication of an individual. It is technically possible to intercept Email messages, and the reading thereof is normally justified by companies because they firstly see the technology infrastructure (Email) as a resource belonging to the company and not the individual, and secondly messages are intercepted to check on people to see whether they use the facility for private reasons or to do their job.
  • Databanking – It refers to the practice of integrating personal information from a variety of databases into one central data warehouse or repository. The main issue is that individuals are unaware of their personal information being archived into a central database. The purpose(s) for which this information can be used or manipulated, or by whom or for whose benefit the new database is constructed and whether the information is accurate. To counter these problems the Government passed the Privacy Protection Act.
  • Frequent Shopper Cards – Inside such a card lies a computer chip is buried that records every item purchased along with a variety of personal information of the buyer. This information obtained from the card enables marketing companies to do targeted marketing to specific individuals because the buying habits as well as other personal information of people are known.
  • Another major threat to privacy is posed by hackers and crackers who break into computer systems with an intention to steal, change or destroy information, often by installing dangerous malware without knowledge to the user. Their tactics and detailed technical knowledge help them access information sensitive information. Computer hackers can remotely access the computer and private information if the user’s system is not protected with a firewall. They can also snoop into chat room conversations or personal web pages. Predators can compel users into revealing sensitive personal and financial information, or much worse.

 

3.1 Computer Monitoring – Computers are used to monitor the productivity and behavior of millions of employees while they work. Computer Monitoring is used by employers to collect productivity and efficiency data and build statistics about the productivity of each employee. This is generally criticized by workers as it violates their privacy and personal freedom. There are random checks conducted on the desktops and laptops of the employees to check what information they possess. Computer Monitoring is widely criticized as it is an invasion of privacy and they do not know that they are being monitored and how this information is being utilized.

 

To exemplify, considering the situation that when an individual calls a hotel manager for a reservation, the manager may be timed on the number of seconds he took per caller, the time between calls and the breaks taken to respond with the confirmation of bookings. The conversation may also be monitored for quality checks and satisfaction. Working under constant surveillance is seen to increase the stress level of employees and hinders their performance at peak hours.

 

 

3.2 Computer Matching – Computer profiling and mistakes in computer matching of personal data are controversial threats to privacy. Individuals tends to be mistakenly arrested and convicted and denied credit because their physical profiles or personal data have been used by profiling software to match them incorrectly with unethical and wrong individuals. Being subjected to promotional material, broadcast messages and sales contacts the privacy is violated.

  1. Privacy on the Internet

 

While internet technology is a boon in a countless ways it may prove to be disastrous if there is infiltration by notorious users. It poses new challenges for the protection of individual privacy. Information that is shared over web may cross many terminals before it reaches the final destination. Each of these systems is capable of monitoring, tampering, manipulating and storing communications that pass through it.

 

It is possible to record every click of the mouse on the internet. These include, the web searches been conducted, web sites and web pages visited, the online content a person has accessed, the items inspected or purchased over the web. Much of this tracking is done without the visitor’s knowledge. Various advertising networks such as Adsense, Yahoo, Double Click that are capable of tracking the browsing behavior for numerous web sites. A commercial demand for this information is virtually insatiable. It also enables the organizations to aggregate data on customer responses to their products and services online and the visitor count.

 

Instagram Case: In December 2012, Instagram said it had the inherent right to sell users’ photographs for advertising purposes without payment or notification. However, after a serious reaction from users Instagram eventually backed down.

 

Aspects that deal with privacy on the internet have been discussed below:

  • Cookies – These are small text files deposited on a computer hard drive when a user visits web Cookies identify the visitor’s web browser software and track visit to the web site. When a visitor returns to a site that has stored a cookie, the web site software will search the visitor’s computer, find the cookie and know what the person has done in the past. This enables website to customize their content for each visitor’s interest. There is a manual as well as automated mechanism of clearing data from cache memory and delete cookies as shown in exhibit 7.

 

Web sites that use cookies cannot directly pick or trace visitor’s names and addresses. However, if a person registers at a site, the information can be combined with cookie data to identify the visitor

 

  • Web Beacons – Web marketers use web beacon as another tool to capture web behavior over a Web beacons are tiny objects visibly embedded in the email messages and web pages designed to monitor the behavior of the user entering visiting the site or sending email. It captures the IP (internet protocol) address of the user, the time of view of the web page and the duration, the type of browser and previously set cookie values.
  • spyware – These secretly install themselves on an internet user’s computer by attaching themselves on larger applications. Once installed, the spyware call entices a web sites to send ad banners and unsolicited web material. It also reports user’s activity, accessed history and movements on the internet to other computers.
  • Photographs on it internet – Pictures taken by most phones and tablets can attach the latitude and longitude of the picture taken through metadata unless this function is manually disabled. It further prompts the user to push these over to the web. Face recognition technology can be used to gain access to a person’s private data.
  • Search Engines – Search engines have the ability to track a user’s searches. Personal information can be retrieved via random checks on the user’s computer, account, IP address being linked to the search terms used. A search engine profiles each of the users and assigns each one a specific ID number. Those in control of the database generally tap where on the internet each member has browsed. The search engine retains the information entered for a period of three fourths of year before it becomes obsolete for public usage. The like of Yahoo!, Bing and Google deletes user information after a period of ninety days.

 

Case Study: In November 2007, Facebook pushed the limit of online marketing by introducing a controversial marketing ploy, the Beacon tool. Using Beacon to track monitor browsing data and purchases from partner sites, Facebook then broadcast this information to the user’s network. The tool grabbed negative attention and distrust from the online community, claiming violation of privacy and breach of user agreement by the company. The moral issue of the case centers on privacy concerns of the new online advertising tool, Beacon, which is embedded into a Facebook partner’s website.

 

The tool mapped Facebook user’s internet activity and transmitted this to Facebook server, which then publicized it across a user’s Facebook network. Beacon was associated with all users by default, and then users were prompted to opt-out with a discrete opt-out notice to block Beacon’s 3rd party data communication. If the user did not opt-out immediately, sensitive user activity was broadcasted to a Facebook user’s News Feed. Users also had to visit each of the Beacon affiliate web sites nearly 45 in number, and opt out of the program on each site individually to stop those partner sites from transmitting user data back to Facebook. They could not disable all data sharing activity and Beacon tracked activity every time Facebook users accessed a partner website.

 

Source: http://wayan.com/files/Facebook_Beacon_Case_Study.pdf

 

  1. Privacy Laws
  • IT Act 2000 India’s Ministry of Communications and Information Technology notified the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 under the Information Technology Act, 2000. Various sections of the Act under purview are stated as under:

 

1.  Section 43 (Penalty and Compensation for damage to computer systems) – This section provides protection against unauthorized access of the computer system by imposing heavy penalty up to One Crore. This section envisages civil liability in terms of penalty and compensation. If any person without permission of the owner or any other person who is in charge of a computer, computer system or computer network – accesses or secures, downloads, copies or extracts, introduces or causes to be introduced a computer virus, damages or causes to be damaged, disrupts or causes disruption, destroys, deletes or alters any information or computer or computer systems he shall be liable to pay damages by way of compensation to the person so affected.

2.  Section 65 – It is the penal provision, as tampering with computer source documents, whichestablishes imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with both, who knowingly or intentionally conceals, destroy, or alter any computer source code used for a computer, computer program, computer system or computer network, when the computer source code is required to be kept or maintained by law for the time being in force.

3.  Section 66 – Protection against hacking has been provided under this section. As per this section hacking is defined as any act with an intention to cause wrongful loss or damage to any person or with the knowledge that wrongful loss of damage will be caused to any person and information residing in a computer resource must be either destroyed, deleted, altered or its value and utility get diminished. This section imposes the penalty of imprisonment of three years or fine up to two lakh rupees or both on the hacker.

4.  Section 70 – This section provides protection to the data stored in the protected system. Protected systems are those computers, computer system or computer network to which the appropriate government, by issuing gazette information in the official gazette, declared it as a protected system. Any access or attempt to secure access of that system in contravention of the provision of this section will make the person accessed liable for punishment of imprisonment which may extend to ten years and shall also be liable to fine.

5.  Section 72 – This section provides protection against breach of confidentiality and privacy of the data. As per this, any person upon whom powers have been conferred under IT Act and allied rules to secure access to any electronic record, book, register, correspondence, information document of other material discloses it to any other person, shall be punished with imprisonment which may extend to two years or with fine which may extend to one lakh rupees or both.

6.  Law of Contract – These days’ companies are relying on the contract law as a useful means to protect their information. The corporate houses enters into several agreements with other companies, clients, agencies or partners to keep their information secured to the extent they want to secure it. Agreements such as ‘non circumvention and non-disclosure’ agreements, ‘user license’ agreements, ‘referral partner’ agreements etc. are entered into by them which contains confidentiality and privacy clauses and also arbitration clauses for the purpose of resolving the dispute if arises. These agreements help them in smooth running of business. BPO companies have implemented processes like BS 7799 and the ISO 17799 standards of information security management, which restrict the quantity of data that can be made available to employees of BPO and call centers.

 

7.  Indian Penal Code – It imposes punishment for the wrongs which were expected to occur till the last decade. But it failed to incorporate within itself the punishment for crimes related to data which has become the order of the day.

 

The Privacy (Protection) Bill, 2011 – A Bill to provide for the right to privacy to citizens of India and regulate the collection, maintenance, use, and dissemination of their personal information and provide for penalization for violation of such right and for matters connected therewith or incidental / hereto.

 

The bill says, “every individual shall have a right to his privacy — confidentiality of communication made to, or, by him — including his personal correspondence, telephone conversations, telegraph messages, postal, electronic mail and other modes of communication; confidentiality of his private or his family life; protection of his honor and good name; protection from search, detention or exposure of lawful communication between and among individuals; privacy from surveillance; confidentiality of his banking and financial transactions, medical and legal information and protection of data relating to individual. The bill gives protection from a citizen’s identity theft, including criminal identity theft (posing as another person when apprehended for a crime), financial identify theft (using another’s identity to obtain credit, goods and services), etc.

 

The bill mandates the establishment of a Data Protection Authority of India, whose function is to monitor development in data processing and computer technology; to examine law and to evaluate its effect on data protection and to give recommendations and to receive representations from members of the public on any matter generally affecting data protection.

 

The Authority can investigate any data security breach and issue orders to safeguard the security interests of affected individuals in the personal data that has or is likely to have been compromised by such breach.

  1. Computer Libel and Censorship

 

The reciprocal of the privacy debate is the very right administered to people to know about what matters and what others may want keep private (freedom of information), the right of people to express their opinions about such issues and publish these opinions (freedom of the press). The common access areas in their context are electronic bulletin boards, email boxes and online files of the internet and public information networks. The tools used are spamming, flame mail, libel laws and censorship.

  • Spamming – It refers to the indiscriminate sending of unsolicited email messages (spam) to many internet users. Spamming is undertaken by mass mailers of unsolicited advertisements and mail. This technique is used by cyber criminals to spread viruses and infiltrate computer systems.
  • Flaming – It is the practice of sending extremely critical, deliberate and obscene email messages or news feeds to internet users. Flaming is prevalent on some of the internet’ special interest newsgroups.

 

There are many incidents of defamatory messages on the web sites that have led to calls for censorship and lawsuits for libel. The presence of explicit material on the internet triggers lawsuits and censorship actions by groups and government.

 

7. Summary

 

The inherent nature of privacy and associated problems are experience in the today’s world in various faculties. Every click of button on a device connected to a network such as a tablet, PC, smartphone creates a data point. Hackers can trace this very easily and misuse it . One can easily get carried away and unknowingly agree to such collecting and sharing whenever you sign up for an online service and accept its privacy policy. Privacy and security is a major road block which poses a serious threat to the adaptation of e-commerce. It is a critical issue which businesses cannot ignore because privacy concerns are blocking revenue from the internet. Organizations intending to do business on the web platform need to manage and meet their consumers’ expectations where privacy is concerned. A web site with a privacy statement tells consumers that their privacy right is being considered. As big data grows, enterprises need privacy policies and practices in place ahead to curb security breaches and maintain a healthy business oriented ecosystem. The internet spans a very large periphery and everything must be developed for a network that doesn’t have any defined national border or security force. Generally, users approve a privacy policy without reading it, and many of these policies are vague guidelines. But what does not impossible foresee is the intensity of damage it can do to the data.

you can view video on Privacy Issues

Web Resources

 

  1. http://www.legalserviceindia.com/article/l37-Data-Protection-Law-in-India.html
  2. http://cis-india.org/internet-governance/blog/privacy/safeguards-for-electronic-privacy
  3. www.legalservicesindia.com/article/article/right-to-privacy-under-article-21-and-the-related-conflicts-1630-1.html