User:AMDomG/sandbox

Electronic Privacy Rights Issues

Electronic privacy rights are the desire for, concern about, and provision of, the security of data exchanged electronically, especially via the Internet.

Several notable areas in which risks are posed to electronic privacy rights are through the use of data mining by search engines and social networks, cyber warfare threats, geosocial networking, the electronic sharing of personal health care information, and cloud computing.

While the Supreme Court has only recently become involved in cases involving electronic privacy rights ^[1](see Ontario v. Quon), there have been previous legislative efforts aimed at strengthening these rights, such as the Privacy for Consumers and Workers Act of 1990 and the Notice of Electronic Monitoring Act of 2000. ^[2]

Watchdog organizations and consumer advocacy groups are calling for an overhaul of the Electronic Privacy Communications Act of 1986 ^[3]. The head of the Federal Trade Commission, Jon Leibowitz, has expressed concern that current privacy disclosure forms on sites are not working. He complains that policies that require consumers to consent to all or nothing are not appropriate but also concedes that multiple requests are tuned out. ^[4] As the amount of information on the web continues to increase, so do the types and severity of privacy concerns.

Data Mining and Facebook

With over five hundred million users, in over seventy languages, spending roughly 700 billion minutes on the site each month, Facebook has become a target of electronic privacy concerns ^[5]. One such concern is data mining, which is the collection of large amounts of information from databases to establish patterns ^[6]. These patterns can then be used to establish forecasts and models for marketing and advertising purposes, but can also be manipulated by computer hackers to target particularly vulnerable audiences for attack ^[7]. Despite these risks, Facebook’s privacy policy contains language that explicitly reserves their right to “use information about you that we collect from other sources, including but not limited to newspapers and Internet sources such as blogs, instant messaging services and other users of Facebook, to supplement your profile” ^[8]. Facebook does however give users the option to opt out of many of these data collection methods. In order to completely opt out of full disclosure, one must navigate through over 50 privacy buttons and then choose among a total of more than 170 additional options ^[9].

The concern over Facebook’s data mining has become more of an issue in light of their privacy policy's right to “share your information with third parties, including responsible companies with which…[they] have a relationship” ^[10]. Many believe this concern over information leaking was justified after July of 2010 when an employee of Skull Security was able to procure information on more than one hundred million users of the site, including names and profile addresses ^[11]. Regardless of initial intent, the information collected by Facebook was then obtained by several large corporations and organizations for interests ranging from marketing and advertising to simple curiosity ^[12]. Many believe that Facebook’s monopoly over the social networking scene has given them power to manipulate data collected from millions of people and hide behind a blanket privacy policy consisting of approximately one thousand more words than the United States Constitution ^[13].

Cyber Warfare

The debate over whether or not cyber warfare is becoming a major threat to our country has been a hot topic for a very long time. Some eye opening thoughts for discussion are whether it is an actual war and whether cyber warfare is a rhetorical and less threatening word than it is thought to be. Control of the Internet has long been an issue of Internet security and electronic privacy. There are indeed Cyber warfare issues surrounding our Internet in addition to the idea of what makes electronic privacy possible for web surfers, and what may be potentially taken away as a result of cyber warfare.

Some of the threats that have occurred and may happen again in the future through cyber space are loss of financial and personal information, which has happened in various IT departments. Other threats are cyber terrorism, which can cause havoc on a nation’s financial, defense and electrical infrastructure. This kind of threat is evidence by the tragedy that occurred on September 11th, 2001. 9/11 in fact, was one of the events that caused a rise in the use of encryption. One company that provides encryption as a form of privacy is Kanecki Associates, Inc. Lastly, there is a risk that hackers who may potentially want to steal information may present themselves as someone else. This of course, is widely known as identity thefts. Cyber attacks as a whole presents itself mostly in the form of bugs. And these bugs have had large economic impacts on varying countries.

Geosocial Networking

The newest trend in Online Social Media is location-based services, known as “checking-in” or "geosocial networking." CNN defines it as “the act of using a GPS-enabled smartphone to share their whereabouts with friends." The security of these sites has been called into question as several sources believe the private information of their users is being compromised and could possibly lead to crime, violence and decline of physical and personal human contact.

“Many accepted the trade off of losing a little privacy for the ease of communication.” (Cordova) The surge of social media's popularity within the past few years has been determined as generational and associated with a population born after 1981 (Miller). The argument that information on social sites is being unfairly accessed by third parties is subjective, as most of the information is already published online. Most social networks are permission-based and are legally required to notify users of the site’s exposure, however, as is the case with most, the privacy rights are under constant revision. Just last month Intel (as a partner with Apple) acquired the computer software and security company McAfee for $7.68 billion in a step combating privacy breaches on cell-based social media applications. Check-in related sites are seen often as unsafe because of how easy it is to release privacy-compromising information without the user thinking too much about it. There is also the possibility that a site like Foursquare or Loopt will be bought in the near future, transferring all user information to the new owners. Situations like these have called into question the benefits of these services as well as their existence.

Google

Google is the biggest search engine with the biggest online presence to date. They have more traffic and more features than any other website. So, they end up controlling 75% of the market. So with this control and their variety of features, they are able to create a privacy policy without worrying about the competition or lack there of. This monopolization creates the ability to cut corners and invade user’s privacy if they desire because these users have nowhere else to go if these private policies brother them.

For example when asked, “How are you going to convince me to trust you?” Google’s Marissa Mayer states that, “The search information we retain we do for quality purposes. We review it only in aggregate. We only do aggregate computations, try to understand how to make searches better. So for example, if you search for football, and click on result number three, we want to use that information so next time we take result number three and make it number one. And so we have to have some retainage in that way in order to better the quality of the search experience.”

Health Care

The health care field has been faced with a concern about electronic privacy rights, such as in the case of the United States Department of Health and Human Services proposing a rule that would secure funds from the American Recovery and Reinvestment Act of 2009 by providing "incentive payments to eligible professionals and eligible hospitals participating in Medicare and Medicaid programs that adopt and meaningfully use certified electronic health record (EHR) technology. ^[14] With the goal of improving the efficiency and quality of administering health care, EHRs would compile patient data such as ethnicity, date of birth, gender, insurance provider, body mass index, and health history. ^[15]

Critics of this proposed rule warn that this proposed federal rule threatens the health privacy of Americans. The Institute for Health Freedom, a nonprofit agency, lists as a major concern that “patients’ consent will not be required before personal health information is compiled in EHRs and exchanged electronically with many third parties including government agencies.” ^[16]

Current electronic privacy policy in regards to health care information is shaped by the Health Insurance Portability and Accountability Act (HIPAA) of 1996 and the HIPAA Privacy Rule enacted on April 14, 2003. The Privacy Rule created a minimum set of rights governing the privacy of medical records. While the Privacy Rule requires that patients receive notices of how their medical information is used and disclosed, patient consent is not required if personal medication information is used or disclosed for treatment, payment, or health care operations, and "private health information can be used for marketing and may be disclosed without your authorization to pharmaceutical companies or businesses looking to recall, repair or replace a product or medication." ^[17]

Cloud Computing

Cloud computing is the use of remote data storage, processing power or software via the Internet ^[18]. Users of cloud computing services do not own the servers or equipment that they are using, instead they are renting space from companies who have invested in servers. The three types of cloud computing are “software as a service” (the use of an application through the internet that would typically be downloaded to a computer), “platform as a service” (the use of a platform to store and develop new applications) and infrastructure as a service (the practice of using the internet as a storage center for information) ^[19]. Examples of cloud computing sites include Gmail, Google Apps, Amazon Web Services and Salesforce.

Legal access to the information and documents housed on cloud computing sites is often disputed. Many cloud computing sites openly state that they will turn over private documents (that would otherwise require a judge issued warrant to access) if given a subpoena by law officials. ^[20]. In addition to the varied and more lax legal access to documents stored in the “cloud” these documents are also vulnerable to the threats of hackers. A hacker recently guessed the password to the Gmail account of a Twitter employee. Since the employee was using Gmail to store documents in the “cloud” the hacker was able to gain access to private company documents and information ^[21].

In addition to threats coming from outside the "cloud" there are also levels of privacy compromised by the actual cloud computing sites. By placing information on a site’s server it becomes subject to their terms of services which may change at any time. ^[22]. These sites may sell user information to third parties for marketing use or withhold a users information from them if they fail to make a payment or adhere to their terms.

References

1. Electronic Privacy and the Supreme Court.
2. Carpe Diem: Privacy Protection in Employment Act.
3. [1],Sullivan, B. (2010 April 13) The constitutional issues of cloud computing, MSNBC.
4. [2], Clifford, S (2010 January 11) F.T.C.: has Internet gone beyond privacy policies? The New York Times.
5. [Statistics. (2010). Facebook. Retrieved on September 13, 2010, from http://www.facebook.com/press/info.php?statistics]
6. [Information security glossary. (2010). State University of New York: University at Albany. Retrieved on September 13, 2010, from http://www.albany.edu/its/glossary.htm]
7. [Information security glossary. (2010). State University of New York: University at Albany. Retrieved on September 13, 2010, from http://www.albany.edu/its/glossary.htm]
8. [Facebook privacy. (2010). Electronic Privacy Information Center. Retrieved on September 14, 2010, from http://epic.org/privacy/facebook/]
9. [Bilton, N. (2010, May 12). Price of Facebook privacy? Start clicking. The New York Times. Retrieved on September 14, 2010, from http://www.nytimes.com/2010/05/13/technology/personaltech/13basics.html?_r=1]
10. [Facebook privacy. (2010). Electronic Privacy Information Center. Retrieved on September 14, 2010, from http://epic.org/privacy/facebook/]
11. [Figueroa, A. (2010, July 30). Privacy issues hit Facebook again. The Christian Science Monitor. Retrieved on September 13, 2010, from http://www.csmonitor.com/Business/new-economy/2010/0730/Privacy-issues-hit-Facebook-again]
12. [Figueroa, A. (2010, July 30). Privacy issues hit Facebook again. The Christian Science Monitor. Retrieved on September 13, 2010, from http://www.csmonitor.com/Business/new-economy/2010/0730/Privacy-issues-hit-Facebook-again]
13. [Bilton, N. (2010, May 12). Price of Facebook privacy? Start clicking. The New York Times. Retrieved on September 14, 2010, from http://www.nytimes.com/2010/05/13/technology/personaltech/13basics.html?_r=1]
14. Medicare and Medicaid programs; Electronic health record incentive program.
15. Medicare and Medicaid programs; Electronic health record incentive program.
16. Health privacy rights are threatened by proposed federal rule for electronic health records (EHRs).
17. [http://www.privacyrights.org/fs/fs8a-hipaa.htm HIPAA Basics: Medical Privacy in the Electronic Age].
18. [3], Cloud Computing, Electronic Privacy Information Center. Retrieved September 28, 2010.
19. [4] Types of Cloud Computing Services, Electronic Privacy Information Center. Retrieved September 28, 2010.
20. [5], Sullivan, B. (2010, August 23). Facebook places: be your friends’ ‘big brother’. MSNBC. Retrieved September 28, 2010.
21. [6], Zittrain, J. Lost in The Cloud, The New York Times. Retrieved September 28, 2010.
22. [7], Cloud Computing Issues, Electronic Privacy Information Center, Retrieved September 28, 2010.

Timeline for the Creation of Our Article

Sunday: Summary of Topics
By the End of Monday Night: React to Summaries and Give Feedback
Wednesday Night: Finished Sections of Articles to Proof and Edit on Thursday