Track Report

Jacques N. Catudal, Ph.D.

• Introduction
• Seeking a Clearer Understanding of “Privacy” and “Confidentiality”
• The Use and Abuse of Electronic Mail and Electronic Bulletin Boards
• Electronic Databases and Privacy
• Conclusions

Conclusions

Reaction to problems of privacy and confidentiality seem to be driven by recourse to technological and economic considerations rather than to normative ones. The dominant way of dealing with problems is also explained (but not justified) by political factors, since adopting normative policies is interpreted as politically risky. Problems are dealt with on a case-by-case basis, not on the basis of an overarching policy. If an overarching policy is preferred, it might be preferable to pursue a federal approach, rather than a local or state approach. In Canada, there exists the Office of the Privacy Commissioner whose function it is to apprise national policy makers of potential problems and issues. In any case, the development of an overarching policy need not and ought not lead to the creation of a large bureaucracy to oversee computer associated privacy and confidentiality problems (as may or may not happen in Europe). The issues of what information ought to be made public about one’s self, and how that information may be used, seems best left to individuals themselves, assuming the development and passage of legislation sufficient to allow individuals to record and enforce their preferences.

While some uses of computer technologies threaten the privacy and confidentiality of individuals, we ought not loose sight of the fact that different uses of the same technology may provide us with new and better ways of safeguarding privacy and confidentiality. And this is the point: it really is a matter of how we use the technologies. For example, consider the case where a proximity identification system is used to limit access to certain buildings; students with the right cards gain access, those without do not. But the same technology can be used to track students, in effect, to determine where and with whom they congregate. License plate readers make passage through toll booths a speedier affair, thereby eliminating long lines. But the same technology can be used by Immigration and Naturalization officers to track “undesirables.”

With the aim of realizing a better understanding of the problems of privacy and confidentiality and, ultimately, with the aim of promoting an ethical practice of computing, the NCCV Working Group on Privacy and Confidentiality offers the following recommendations and policies:
First, the Research Center on Computing and Society should:

1. Conduct research to determine (a) the kind of information that is being gathered about individual Americans, (b) the uses to which the information is being put, (c) the extent to which the information is being propagated, and (d) the amount of revenue that is being generated through the sale of such information.
2. Identify existing laws that bear on issues of privacy and confidentiality. If such studies already exist, as is reasonable to suppose, they should be collected. While some individuals believe that sufficient privacy and confidentiality protection already exists in the Bill of Rights, the advantages and disadvantages of an “Electronic Bill of Rights” for the home, school, and work place should be examined.
3. Pursue avenues of research into the practices of the private sector with special emphasis on the retention and disposal of information about individuals, and the extent to which stored information is stale or outdated.
4. Investigate the effect of adequate privacy policy on the private sector’s ability to be competitive worldwide.
5. Pursue the issue, pro and con, of whether there can ever be a morally justifiable exception to the rule that data ought never be used for purposes other than that for which it was originally collected.
6. Pursue the moral, technological and economic feasibility of notifying persons whenever information about them is being used.
7. Determine ways in which individuals can preserve anonymity in a technologically advanced society without greatly diminishing one’s quality of life.

Second, the National Science Foundation should:

1. Press for a presidentially or congressionally funded national commission, with staff, to produce a report on all relevant aspects of computing, privacy, and confidentiality. Such a report should issue in policy options.
2. Independently of the national commission, NSF should sponsor a “micro-commission” addressed to issues of privacy and confidentiality in academia.
3. Institutions seeking funds from NSF for purposes of attaching to a network should include with their requests an institutional policy statement regarding issues of privacy and confidentiality. NSF should refuse to disburse funds until such time as privacy and confidentiality policies have been adopted at the requesting institution.
4. NSF should encourage studies seeking to determine the ways in which computer technologies may enhance equitable access while preserving privacy and confidentiality whenever appropriate.
5. NSF should sponsor cross-generational computer-centered projects, perhaps under the title “Creating Our Computer Futures.” Such projects should bring young and old together, and exploit excitement for the technology while drawing upon a deeper understanding and appreciation of moral conduct and values. Young and old would produce and learn to use correctly such tools as electronic bulletin boards, thereby addressing the need for greater education.
6. NSF should fund or sponsor summer institutes for teachers at all levels of education on the topic of privacy and confidentiality in computing. The objective would be to equip teachers with current knowledge and techniques needed to immerse their students in the issues.

Finally, the Working Group supports the following policies.

1. Producers of databases should be obligated to date their data and to specify the source of the information. They should also state the period of validity of the data, and if unable to do so, should provide visible, unambiguous and otherwise adequate disclaimers.
2. Database owners, developers, and users should be obligated to act in a manner consistent with the “Code of Fair Information Practices.” In particular, data should never be used for purposes other than that for which it was collected, unless the individual about whom the data is collected is informed and gives consent.
3. All persons who use computer services such as e-mail, bulletin boards, etc., should be provided with “upfront” information regarding such actions as whether her files may or may not be searched, and the types of files to be searched; whether messages and advertisements are edited and/or censored, in part or in whole, etc; and what the methods of enforcement and penalties are, as well as appeal procedures whenever one is judged to have breached system policy.

Back to the top

Home > Research Resources > Computing and Privacy > Track Report

HOME | IN THE NEWS | RESEARCH RESOURCES
TEACHING RESOURCES | STUDENT RESOURCES
LINKS | THE GALLERY | STAFF

The Research Center on Computing & Society
at Southern Connecticut State University
501 Crescent Street • New Haven, CT 06515
Director: (203) 392-6790 • e-mail: webmaster@computerethics.org

© 2000 – 2007 – Research Center on Computing & Society