《PRIVACY IN THE DIGITAL AGE.doc》由会员分享,可在线阅读,更多相关《PRIVACY IN THE DIGITAL AGE.doc(30页珍藏版)》请在三一办公上搜索。
1、Policy 2004: The EDUCAUSE Policy ConferenceWashington, D.C.May 19-20, 2004Point/Counterpoint: Security vs. PrivacyAre We Striking an Appropriate Balance?Part IThe Privacy Part of the Equation:Protecting (And Not Protecting) Digital Privacy on CampusLawrence WhiteChief CounselPennsylvania Department
2、of EducationHarrisburg, PennsylvaniaThis is a revised and updated version of a paper that was originally presented in February, 2000, at Stetson University College of Laws 21st Annual National Conference on Law and Higher Education. The author wishes to thank Stetson University College of Law and St
3、etson Professor Robert D. Bickel for permission to adapt that paper for this EDUCAUSE conference.The author also wishes to thank Margaret ODonnell, Assistant General Counsel at The Catholic University of America, for her help and encouragement in the preparation of this outline.The views expressed i
4、n this outline and during the accompanying presentation are those of the author. They do not necessarily reflect and should not be attributed to the Pennsylvania Department of Education or any PDE officer or official.“You already have zero privacy. Get over it.”Scott McNealy, Chief Executive Officer
5、 of Sun Microsystems, 1999 Quoted in Christian Parenti, The Soft Cage: Surveillance in America 91 (2003).I. INTRODUCTIONA. Americans are slowly waking to the realization that computers pose a threat to their privacy. Computers convert the most intimate of communications and activitieswriting letters
6、, speaking on the telephone, filling prescriptions, taking photographsinto electronic records that are easy to store and easy to access. Computerized surveillance technologies make it simple to track peoples movements and listen in on their private conversations. By networking computers and using th
7、em to exchange files at high speed, a company can aggregate electronic information about the private habits of computer users. We are uneasy about the motives of the companies gathering that information and the uses to which the information is being put. We fear for our privacy in cyberspace.This pr
8、esentation explores some of the privacy problems that have surfaced on college and university campuses at the dawn of the digital millennium. It begins on a technological note by describing various ways in which advances in computer technology jeopardize the privacy rights of computer users and thos
9、e whose movements are tracked by computers. Next, it defines privacy as a legal concept by examining the great Supreme Court landmarks on the constitutionally protected right of privacy. Third, the presentation examines the various waysconstitutional, common law, and regulatoryin which privacy advoc
10、ates seek to protect peoples privacy in the age of computer technology. Last, it turns to the nations college and university campuses. It describes efforts underway to address computer-related privacy concerns, and it touches upon some other, non-computer-related issues involving privacy rights on c
11、ampus.Two important policy questions shape the presentation: Have colleges and universities been sufficiently sensitive to the privacy rights of campus community members? As colleges and universities strive, for perfectly understandable and unassailably correct reasons, to make their campuses more s
12、ecure, are they in the process diminishingwittingly or unwittinglythe privacy rights of campus community members? And if the answer is yesif there is an unavoidable tradeoff between privacy and securitywhat principles should guide the higher education community in striking the balance reasonably?B.
13、Some introductory food for thought: “How cyberspace is is not how cyberspace has to be. There is no single way that the Net has to be; no single architecture defines the nature of the Net.” Lawrence Lessig, Code and Other Laws of Cyberspace 25 (1999) (emphasis in the original). Here, abridged, is th
14、e continuation of that thought: Not all universities have adopted the Net in the same way. At the University of Chicago, if you wanted access to the Internet, you simply connected your machine to jacks located throughout the university. Any machine with an Ethernet connection could be plugged into t
15、hese jacks. Once connected, your machine had full access to the Internetaccess, that is, that was complete, anonymous, and free.The reason for this freedom was a decision by an administratorthe provost, Geoffrey Stone, a former dean of the law school and a prominent free speech scholar. When the uni
16、versity was designing its net, its technicians asked Stone whether anonymous communication should be permitted. Stone, citing the principle that the rules regulating speech at the university should be as protective of free speech as the First Amendment, said yes . From that policy decision flowed th
17、e architecture of the University of Chicagos net.At Harvard the rules are different. If you plug your machine into an Ethernet jack at the Harvard Law School, you will not gain access to the Net. You cannot connect your machine to the net at Harvard unless the machine is registeredlicensed, approved
18、, and verified. Only members of the university community can register their machines. Once registered, all interactions with the network are monitored and identified to a particular machine; the user agreement carries a warning about this practice. Anonymous speech on this net is not permittedit is
19、against the rules. Access can be controlled based on who you are, and interactions can be traced based on what you did. Controlling access was the ideal at Harvard; facilitating access was the ideal at Chicago. Harvard chose technologies that make control possible, while Chicago chose technologies t
20、hat facilitate access. The networks thus differ in the extent to which they make behavior within each network regulable. This difference is simply a matter of codea difference in the software. Regulability is not determined by the essential nature of these networks. It is determined instead by their
21、 architecture. Lessig, supra, pp. 26-27 (emphasis in the original; footnotes omitted. A postscript: It has been five years since Professor Lessig published his book, an eternity in cyber-time. Just a few months ago, the University of Chicago implemented a new computer-use policy that represents a co
22、mplete, 180-degree reversal of the laissez-faire policy described admiringly by Professor Lessig in 1999. See Policy on Regulated Computers: Security and Management Requirements for Computers Housing Sensitive Data on the University Network, http:/security.uchicago.edu/regulated-computers/policy.sht
23、ml. Heres the question for you, as university policymakers, to ponder as you listen to the views expressed by Rick Johnson and me during this presentation: what Internet architecturein other words, what set of protocols and rulesbest and most appropriately strikes the balance between (on the one han
24、d) minimally regulated access to the Web and (on the other) the protection of the privacy rights of Web users?II. A CRASH COURSE (NO PUN INTENDED) ON DIGITAL THREATS TO PRIVACYA. Digitization. The last decade has witnessed an explosion in the amount of information available in digital form. As lette
25、r writing is replaced by word processing, phonograph records by MP3 files, analog television signals by digitized cable transmissions, telephones by computerized telephony, conventional film by camera diskettes and DVD, digitization has revolutionized the way we create and store words, pictures and
26、sounds. “Exponential increases in computing power and dramatic decreases in the physical size and price of computers have created a frenzied cycle in which both individuals and organizations increasingly use computers, spawning phenomenal growth in and dependence on computer-based services, and resu
27、lting in greater demand for and use of computers.” Fred H. Cate, Privacy in the Information Age (Brookings Institution 1997), page 1. (This book is cited below as “Cate 1997.” To the Brookings Institutions credit, the entire text of Professor Cates 1997 book is available online at http:/brookings.na
28、p.edu/books/0815713169/html.)B. Plus Interconnectivity. At just the moment when the amount of digitized information is exploding, so is the number of users (individual and corporate) who can access that information. Today, about 60 percent of American adults have computers connected to the Internet,
29、 up from 49 percent in 2000 and less than 15 percent in 1995. In 1998, U. S. companies did an estimated $92 billion worth of business-to-business Internet commerce; five years later, in 2003, the comparable figure was $2.8 trillion, an astonishing thirty-fold increase in five years. (The figures in
30、this paragraph are taken from two sources: a report by the Pew Internet and American Life Project titled The Ever-Shifting Internet Population: A New Look at Internet Access and the Digital Divide, April 16, 2003, www.pewinternet.org, and a study (undated) by the Boston Consulting Group reported in
31、E-Commerce Times, C. Plus Speed. The exponential growth in computer use is fueled by advances in the speed of computers, increased storage capacity, and improvements in interconnectivity technology. Twenty years ago, a computer with sufficient memory to store the contents of a small telephone book c
32、ost $10,000 and occupied a dedicated room. Today, a personal digital assistant a thousand times more powerful costs less than $500 and fits into a shirt pocket. As one observer has noted:The practical ability to create, manipulate, store, transmit, and link digital information is the single most inf
33、luential innovation of the twentieth century. Computers and the networks that connect them have rapidly become a dominant force in business, government, education, recreation, and virtually all other aspects of society in the United States and throughout the world. No form of communication other tha
34、n face-to-face conversation and handwritten, hand-delivered messages escapes the reach of electronic information technologies. No communication that bridges geographic space or is accessible to more than a few people exists today without some electronic component. And the dominance of electronic com
35、munication is growing at an astonishing pace. Cate 1997, pages 5-6.D. Equals a tangible threat to traditional notions of privacy. The proliferation of computers, our growing dependence on them to perform employment- and household-related tasks, and the ease and low cost with which data about our com
36、puter utilization can be collected and shared with third parties have prompted growing concern about the privacy rights of computer users. As noted privacy advocate Marc Rotenberg observed almost eight years ago, “privacy will be to the information economy of the next century what consumer protectio
37、n and environmental concerns have been to the industrial society of the 20th century.” Quoted in James Gleick, Behind Closed Doors: Big Brother Is Us, New York Times Magazine, September 29, 1996, page 130. See also Fred H. Cate, The Privacy Problem: A Broader View of Information Privacy and the Cost
38、s and Consequences of Protecting It, 4 First Reports (a publication of The Freedom Forums First Amendment Center), March 2003, reprinted at www.law.indiana.edu/directory/-publications/fcate/privacyproblem.pdf (and referred to hereinafter as “Cate 2003”).E. Privacy advocates identify three distinct k
39、inds of threats associated with computer technology: concerns about the sheer volume of digitized information, loss of control over personally identifiable data, and loss of personal privacy through intrusive surveillance technologies. (1) Concerns about the volume of information compiled about indi
40、viduals without their knowledge. As more data are collected in digital format, and as digital information becomes easier and cheaper to store, others know more about us than ever before. The amount of information routinely collected about people and stored in computers is startling and disturbing: E
41、very time a person uses an automated teller machine at a bank, the bank records details about the time, date, and nature of the transaction. At many ATMs, video cameras take pictures of customers. The pictures are digitized and stored along with the transaction record. Supermarkets that offer magnet
42、ically-coded discount cards use those cards to track and store records of their customers purchases. Those records are used to customize advertising and discount coupons to match the purchasing preferences of individual customers. Like almost all such records, they are also sold to other companies f
43、or mailing-list and marketing purposes. “A woman in San Francisco reported that nine months after buying a home pregnancy test from Safeway she began receiving the companys coupons for diapers and baby food, mailed to her home.” Christian Parenti, The Soft Cage: Surveillance in America 100 (2003). E
44、very time a customer makes a telephone call or uses a credit card, an electronic record is created and stored. Those records are sold to companies that use them to tailor mailing lists for advertising purposes. They are also sold to private investigators and given to law enforcement agencies, which
45、use them to track individuals private telephone calls and consumer purchases. Internet service providers assign a unique identifying stamp known as an Internet Protocol address (or “IP address”) to each subscribers account. When a customer accesses the World Wide Web through his or her Internet serv
46、ice provider, the customer leaves digital footprints that enable the ISPor retailers who buy the information from the ISPto trace the customers various destinations in cyberspace. Even if the customer seeks to conceal his or her identity, for example by using a pseudonymous e-mail address, it is rel
47、atively easy for the ISP to crack the alias using the customers IP address. Almost all e-commerce sites on the World Wide Web utilize “cookie” technology to learn basic information about people who visit their site, including Zip code, ISP, what parts of the Web site are visited, and how long the vi
48、sit lasts. Visitors who purchases goods or services from the site are required to divulge other personal information, such as name, e-mail address, and credit card number. All this information is stored and used for marketing purposes. According to a survey conducted for the Federal Trade Commission by the Georgetown Internet Privacy Policy Survey Project, 93 percent of commercial Websites collect at least one type of personally identifying information (for example, name or e-mail address) from each person visiting the site, and 57 percent collect at least one for
