Index
A
Access to health data, 216–227
HIPAA legislation, and privacy, 138, 145, 172, 219–223, 331
industry self-regulation, 216–219, 391
patient perspectives on privacy, 223–226
Access to information
to data elements, 41
improper, by law enforcement, 7
insider, 330
literature on equitable, vii
Accountability, 68
ACHR. See American Convention on Human Rights
ACLU. See American Civil Liberties Union
Ad blockers, 326
Advocates. See Privacy advocates
Affinity cards, 5
African Charter on Human and People’s Rights, 381, 394
Aggregators. See Data aggregators
AIDS. See HIV status
Algorithms
for data mining, 6
strong encryption, 267
Allen-Castellito, Anita, 62, 68
Altman, Irwin, 81
AMA. See American Medical Association
American Civil Liberties Union (ACLU), 135, 165
American Convention on Human Rights (ACHR), 381
American Law Institute, 130
American Library Association, 235, 238, 240, 244
American Medical Association (AMA), Ethical Force program, 216–218, 221
Anchoring vignettes, 86–87, 179–182, 191–192, 202, 211–215, 218–219, 228–229, 254–255, 307
Anonymity, 2, 24, 45–48, 46n.20, 59, 62
k-anonymity, 110
Anonymizers, 6, 109, 220–221, 325
pressures to resist use of, 108
Antiwar movement, surveillance focused on, 357, 361
AOL. See America Online
APEC. See Asia-Pacific Economic Cooperation
APPCC. See Asia-Pacific Privacy Charter Council
Ashcroft, John, 133
Asia-Pacific Economic Cooperation (APEC), 385, 389
Asia-Pacific Privacy Charter Council (APPCC), 388
Asia Pacific Telecommunity (APT), Guidelines on the Protection of Personal Information and Privacy, 388
Assault on Privacy, The, 167
Assignment of property rights, to individuals, 73–74
Audits
automated, 330
to uncover improper access by law enforcement, 7
AUMF. See Authorization for Use of Military Force
Australia, 377, 379n.74, 385, 393, 393n.151
Authorization for Use of Military Force (AUMF), 288–289
Avian (bird) flu, 38
B
Bank Secrecy Act, 134
Banking Act, 190
Bankruptcy Abuse Prevention and Consumer Protection Act, 332
Bartnicki v. Vopper, 126, 281n.22
Barton, Joe, 159
BBBOnline, 328
Behavioral economics, privacy and, 75–78
Bell Code of Privacy, 332
Bill of Rights, 123, 260, 293, 351, 354.
See also individual amendments
Biometric identification, 32, 106–107, 268–271, 270n.14
debate over, 271
Biotechnologies, viii, 106–107
Blank and impute process, 112
“Boilerplate” language, in notices, 78
Book checkout systems, self-service, 238
Bork, Robert H., 139, 159, 171n.53
Bowers v. Hardwick, 128
Boyd v. United States, 123
Brandeis, Louis D., 30, 88, 129, 147, 359
Breard v. Alexandria, 126
Brin, David, 159
Buckley Amendment. See Family Educational Rights and Privacy Act
Bureau of Labor Statistics, 111
C
Cable Communications Policy Act, 135–136
Cairo Declaration on Human Rights in Islam, 381
CALEA. See Communications Access for Law Enforcement Act
California Security Breach Information Act, 150
California Supreme Court, 125
Caller-ID, blocking, 326
Calling records, 289
Canada, 127, 332, 376, 385, 391, 396
Capt, J. C., 295
CCTV. See Closed-circuit television
CDC. See Credit Data Corporation
Census. See U.S. Census Bureau
Center for Social & Legal Research, 172
Centers for Disease Control and Prevention, 111
Certified Information Privacy Professional credentialing program, 172
Charities. See Nonprofit organizations
Child Online Protection Act (COPA), 104–105, 104n.13
Children’s Internet Protection Act, 240
Children’s Online Privacy Protection Act, 139, 144–145, 169
China, People’s Republic of, 394
ChoicePoint, 25–26, 197–198, 198n.19, 199, 206
Choices
default, 338
informed, 338
Church, Frank, 167
Church Committee Hearings, 3, 163, 163n.25, 167
CIPSEA. See Confidential Information Protection and Statistical Efficiency Act
Circuit-based networks, 265
Civil rights movement, 319
Claims, verifying, 34
Closed-circuit television (CCTV), 256n.3, 364
Code of Fair Information Practices, 48–49
CoE Convention. See Council of Europe Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data
Coherence, in the concept of privacy, 14, 62–66, 333–336
Coke, Sir Edward, 351
Cold War, America during, 350, 360–363
Collective privacy, 343
Columbia University, 241
Commission of the European Communities (European Commission), 391
Commodification, of personal information, 27, 69–70
Commodity Futures Trading Commission, 144
Common Rule, 222n.6
Communications, and data storage, 259–266
Communications Access for Law Enforcement Act (CALEA), 136, 263–264
Communitarian view of privacy, 68
Complexity of privacy issues, 4–5, 13
respecting, 324
Computer Fraud and Abuse Act, 139
Computer Matching and Privacy Protection Act, 167
Computing power, advances in, 90–91, 91n.1, 360
Concealing information, 72
Concepts related to privacy, 38–52, 366–371
coherence in, 14, 62–66, 333–336
fair information practices, 15, 48–50, 334, 395
false positives, false negatives, and data quality, 43–45, 120, 270, 299
personal information, sensitive information, and personally identifiable information, 39–43, 42n.15
privacy and anonymity, 2, 24, 45–48, 59, 62
reasonable expectations of privacy, 50–52, 328, 337
Conceptual underpinnings of privacy, 55, 57–87
an integrating perspective, 84–87
economic perspectives on privacy, 1, 69–78
Concerns. See Privacy concerns;
Psychological concerns;
Social concerns;
Unconcern over privacy
Conditioned disclosure, 315–316
Condon decision. See Reno v. Condon
Confidential Information Protection and Statistical Efficiency Act (CIPSEA), 142–143
Confidentiality, 2
an application of cryptography, 107–108
federal laws relevant to, 142–143
guarantees of, 335
Conformity, 309
Congressional Research Service, 242n.16
Connecticut, 162
Connectivity.
See also Interconnectedness
ubiquitous, 99
Consent, 15, 49, 77, 206, 217–218, 338
Constitutional Convention, 353
Constitutional foundations, 57, 122– 129, 149, 275–276, 293–294, 354.
See also Bill of Rights;
individual amendments
First Amendment, 125–127, 201, 240
Fourth Amendment, 51, 122–125, 258n.5, 260–261, 294
Fifth Amendment, 351
Fourteenth Amendment, 123
Sixteenth Amendment, 358
voting on, 352n.3
Consumer Credit Reporting Reform Act, 134–135
Consumer proprietary network information (CPNI), 78n.38
Consumers, 164
of information, 361
Content distribution industries, mass media and, 201–203
See also Privacy context
Continental Congress, 353
Continuity. See Discontinuities in circumstance and current events
Cooley, Thomas, 131
COPA. See Child Online Protection Act
Corporate policy, formulation of, 171–173
Costs
associated with unfavorable publicity, 14
Council of Europe Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (CoE Convention), 367n.7, 382–383, 388
Cox Broadcasting Corp. v. Cohn, 126
CPNI. See Consumer proprietary network information
Credit
reporting of, 359
Credit card information, 200
Credit Data Corporation (CDC), 361
Cruzan v. Missouri Health Dep’t, 129
Cryptography, 267
confidentiality application of, 107–108
techniques for, 107, 112–113, 119
Cryptosystems, public-key, 267
Customer loyalty cards, 192
D
DARPA. See Defense Advanced Research Projects Agency
Data.
See also Microdata
analysis and integration of, 306
individual-level, 163
projected persistence of, 32n.8
seemingly innocuous, 31
Data Accountability and Trust Act, 150
Data aggregators, 26, 116, 196–200, 334, 361
Data collections, protected, 24
Data-correcting techniques, 327
Data dissemination, 306
Data elements
accessibility of, 41
values of, 40
Data flows, trans-border, 153, 398
Data gathering, 306
for national security, legal limitations on, 280–284
Data-gathering systems
large-scale public, 6
technologies combined into, 94, 101–102
algorithms for, 6
false positives and false negatives, 43–45
Data search companies, 102–106
Data storage, 306
Databanks in a Free Society: Computers, Record-keeping and Privacy, 167–168
Databases
aggregating information, 361
customer, 201
De-identification of data, 220–221
Death of Privacy, The, 167
DeCew, Judith, 63
Declaration of Independence, 293
Deep privacy, 77
Default choices, 338
Defense Advanced Research Projects Agency (DARPA), 287, 290
Definitions of privacy, 1–4, 21–25, 39–40, 59–62, 305–308
connotations, 1
Demonization, avoiding in discussion, 13, 323–324
Descriptive identification, 82–83
Details, limiting, 111
DHHS. See U.S. Department of Health and Human Services
DHS. See U.S. Department of Homeland Security
Digital Millennium Copyright Act (DMCA), 246–247
Digital rights management technologies (DRMTs), 9–10, 99–100, 100n.9, 203, 242, 244, 246, 249–250
“Digital shadows,” 272
Digitized information, 30, 116, 203
Direct Marketing Association, 172, 328
Directive on Data Protection (European Commission), 152
Disasters, natural, 96
Disclosure limitation, 2, 11, 61
statistical techniques for, 111–112
Discrimination, 84
associated with certain medical conditions, 11
Disease, and pandemic outbreak, 37–38
Distribution industries, for content, mass media and, 201–203
DMCA. See Digital Millennium Copyright Act
DNA analysis, 10–11, 32, 40–41, 106–107, 214–215, 269, 317, 320, 364
DOJ. See U.S. Department of Justice
Domestic wiretapping, 147
Dorman, David, 248
DoubleClick, 173
Douglas, William O., 128
DPPA. See Driver’s Privacy Protection Act
DRMTs. See Digital rights management technologies
discontinuities in circumstance and current events, 36–38
information transformed and the role of technology, 29–33
societal shifts and changes in institutional practice, 33–36
E
E-911 service, on cell phones, 89, 256
E-commerce, permitting collection of personal information, vii
E-Government Act, 142–143, 298, 330
ECHR. See European Convention on Human Rights and Fundamental Freedoms
Economic perspectives on privacy, 1, 69–78.
See also Behavioral economics
the economic impact of privacy regulation, 74–75
privacy and behavioral economics, 75–78
privacy and the assignment of property rights to individuals, 73–74
privacy literature oriented toward, vii
ECPA. See Electronic Communications Privacy Act
Educational and academic research institutions, 183–188
personal information collected for research purposes, 187–188
student information collected for administrative purposes, 183–187
EEA. See European Economic Area
Electronic Communications Privacy Act (ECPA), 136
Electronic fare cards, 31
Electronic Freedom of Information Act (E-FOIA) Amendments, 137
Electronic Frontier Foundation, 165, 327, 340
Electronic medical records, 230
Electronic Privacy Information Center (EPIC), 165, 327, 340, 392n.144
Eligibility, establishing, 34
Emerging technologies, and privacy in libraries, 244–248
Employee Polygraph Protection Act of 1988, 167
Employers, seeking information about employees, 34–35
Encryption, 6–7, 107, 115, 259–260, 264–266, 325–326, 329
Enforcement, 143, 329–330, 397.
See also Law enforcement
Environmental Protection Agency, 227, 340
EPIC. See Electronic Privacy Information Center
Epidemiological research, 228, 319, 338
Equifax, 197
Ethical Force program, 216–218, 216n.2,3, 217n.5, 221
Ethics of privacy, 186.
See also Puritan ethic
E.U. Directive. See Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data
European Commission, 152, 398.
See also Commission of the European Communities
European Convention on Human Rights and Fundamental Freedoms (ECHR), 381–382
European Court of Justice, 387
European Economic Area (EEA), 383
European Union (E.U.), 151–152, 152n.20, 157, 376, 398n.176
“legislating for the world,” 384
Exclusionary rule, 276
Executive Order 13145, 146
Executive Order 13181, 146
Expectations of privacy, reasonable, 50–52
Experian, 197
F
Face-identification systems, 106–107, 269–270
Facebook.com, 344
Fair and Accurate Credit Transactions Act, 144
Fair Credit Reporting Act (FCRA), 134, 144, 188–189, 197, 336, 362
Fair information practices, 15, 48–50, 167, 334, 395
False information, providing, 5, 327
False light, 130
False positives and negatives, 43–45, 120, 270, 299
Family Educational Rights and Privacy Act (FERPA), 139, 160–161, 184
Fare cards, electronic, 31
FBI. See Federal Bureau of Investigation
FCRA. See Fair Credit Reporting Act
Federal Aviation Administration, 204
Federal Bureau of Investigation (FBI), 243, 275, 356
Library Awareness program, 244
Federal laws
relevant to confidentiality, 142–143
relevant to individual privacy, 133–142
FERPA. See Family Educational Rights and Privacy Act
Financial Crimes Enforcement Network, 189
Financial institutions, 144n.15, 188–191
Financial Modernization Act. See Gramm-Leach-Bliley Act
Financial Privacy Rule, 144
Fingerprinting, 32, 53, 106, 268–269, 271
FIP. See Fair Information Practices guidelines
Firewalls, 325
First Amendment, 125–127, 201, 240
FISA. See Foreign Intelligence Surveillance Act
The Florida Star v. B.J.F., 126
FOIA. See Freedom of Information Act
Foreign Intelligence Surveillance Act (FISA), 135, 167, 243, 282–283, 283n.23, 288–289
Foucault, Michel, 81
Fourteenth Amendment, 123, 280n.19
Fourth Amendment, 51, 51n.27, 122–125, 258n.5, 260–261, 294
France, 368
Free Speech Movement, 132
Freedom of information
federal laws relating to confidentiality, 142–143
federal laws relating to individual privacy, 133–142
Freedom of Information Act (FOIA), 132–133, 137, 204, 362
FTC Act, 133.
See also U.S. Federal Trade Commission
“Fundamentalist” approach to privacy, 60
G
Gag provisions, 127
Gallagher, Cornelius, 362
Gavison, Ruth, 62
Genome. See Human genome
Geo-demographic targeting, 36
German Americans, surveillance focused on, 357
Germany, 151, 160n.18, 368–370, 372–373, 396–397
Giddens, Anthony, 81
Glass-Steagall Act. See Banking Act
Global Networks and Local Values, 161
Global positioning system (GPS) locators, 89, 256
automobiles containing, 94
Government abuse, post-Watergate revelations of, 3, 29, 163, 167, 363
GPS. See Global positioning system locators
Gramm-Leach-Bliley Act, 135, 144, 159, 172, 190, 222
The Great Depression, 358
Griswold v. Connecticut, 61, 127, 363
Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data (OECD Guidelines), 384, 385n.101, 388
Guidelines on the Protection of Personal Information and Privacy, 388
H
Harm, intangible, 26
Health care services, 34
receiving, spillover privacy implications of, 226
Health insurance, availability of, 228
Health Insurance Portability and Accountability Act (HIPAA) privacy regulations, 138, 145, 172, 331
improper interpretation and unintended consequences of, 225–226
Health privacy, vii–viii, 175–176, 209–230
addressing issues in access to and use of health data, 216–227
information and the practice of health care, 209–211
HEW report. See U.S. Department of Health, Education, and Welfare
HIPAA. See Health Insurance Portability and Accountability Act privacy regulations
Hippocratic databases, 113
History.
See also Medical history;
Mental health history
unlawful disclosure of, 127
Hondius, Frits W., 367n.5
Human genome, mapping of, 215, 364
Humidity sensors, 97
I
ICCPR. See International Covenant on Civil and Political Rights
Identification.
See also De-identification of data
biometric, 32
indexical, 82
nominal, 82
“Identity,” defining, 47n.21
Identity theft, 140–141, 308–309
Identity Theft and Assumption Deterrence Act, 139
ILO. See International Labor Organization
Immunity, doctrine of sovereign, 346
Incentivized disclosure, 315
Indexical identification, 82
India, 394
Individual-level data, 163
Individual privacy.
See also Recourse
and the assignment of property rights to, 73–74
federal laws relevant to, 133–142
law enforcement and national security, 293–301
technologies for enhancing, 107–109
unilateral actions for, 5
Individuals
accountability of, 108
direct interests of, 9
liberty of, 354
participating in everyday life, 33
protecting their own privacy, 14
Industry self-regulation. See Self-regulation
Information.
See also Access to information;
Electronic information;
Personal information
analysis of, 31
concealing, 72
consumers of, 361
creation of, 30
credit card, 200
databases aggregating, 26, 116, 196–200, 197n.16, 198n.19, 334, 361
keeping private, x
proprietary, 2
providing incomplete, 327
searches for, 30
seemingly innocuous, 31
specific uses for, 4
unannounced acquisition of, 316
“Information age,” 27–29, 178n.1
contemporary infrastructures of, 26
and growing privacy concerns, 19
Information collection, 31, 72n.22, 74, 193n.12
cryptographic techniques, 112–113
fine-grained, 10
information flow analysis, 114
information security tools, 115–116
privacy-enhancing technologies for use by, 109–116
privacy-sensitive system design, 114–115
statistical disclosure limitation techniques, 111–112
user notification, 113
Information Security and Privacy Advisory Board, 342
Information technology
and national security, 277–293
and the practice of health care, 209–211
Information Technology for Counterterrorism, 278
Informed choice, 338
Infrared detectors, 258
Infrastructures, of the contemporary “information age,” 26
Insiders
access by, 330
threats to privacy from, 329–330
Institutions
changes in practice, and societal shifts, 33–36
private sector, 34
use of information by, 178–183
Instrumentalist view of privacy, 66–67
Insurance companies.
See also Health insurance
information used to deny coverage, 11
Integrity. See “Contextual integrity”
Intellectual approaches to privacy, 55, 57–87
an integrating perspective, 84–87
economic perspectives on privacy, 1, 69–78
philosophical theories of privacy, 1, 58–69
sociological approaches, 1, 79–84
Intellectual property, literature on, vii
Intelligence activities. See Church Committee Hearings
Internal abuses, prevention of, 7
Internal Revenue Service, 204, 294, 335, 358, 361
International Association of Privacy Professionals, 172
International Biometric Group, 270
International Covenant on Civil and Political Rights (ICCPR), 381–382
International Labor Organization (ILO), 386
International perspectives
on privacy policy, 151
Internet, 30, 172, 239–241, 262
sexually explicit material on, 240
Interpretation, of HIPAA privacy regulations, improper, 225–226
Intimacy, 59
Intrusion, 129
Islam. See Cairo Declaration on Human Rights in Islam
J
Japan, 393
Japanese-Americans, internment of, 294–295, 319, 332–333
Junk mail, 178
K
K-anonymity, 110
Kalven, Harry, 131
Kastenmeier, Robert, 159
Katz v. United States, 50, 52, 123
Kennedy, Anthony M., 128
Kenya, 395
Key escrow systems, 266, 266n.10
Kilbourn v. Thompson, 123
Korea, 393
Kyllo v. United States, 258n.5
L
Lamont v. Postmaster General, 125
aggregation and data mining, 271–275
audits to uncover improper access by, 7
communications and data storage, 259–266
and information technology, 252–277
national security and individual privacy, 37, 293–301
potential abuses by, 275
technology and identification, 266–271
technology and physical observation, 254–259
use of criminal databases by, 7
Law of privacy. See Privacy laws
Lawrence v. Texas, 128
Legal landscape in the United States, 14, 56, 122–154
common law and privacy torts, 129–131
constitutional foundations, 122–129
executive orders and presidential directives, 146–147
freedom of information and open government, 131–146
impact of non-U.S. law on privacy, 151–154
international perspectives on privacy policy, 151
Legal limitations, on national security data gathering, 280–284
Legislation.
See also U.S. Congress;
individual laws
Liberal ideals, 376
Liberty, 367
individual, 354
emerging technologies in, 244–248
and privacy, 7–9, 235–238, 235n.6, 245n.20
privacy since September 11, 2001, 242–244
Licensing practices, 33
Long, Edward, 362
Los Angeles Police Department v. United Reporting Publishing Co., 132
Lunt, Teresa, 109
Lyon, David, 80
M
Madison, James, 376
“Mail cover,” 260n.7
Mandated disclosure, 315
Marketable rights, and privacy, vii
Marketing personal information, collecting for, vii
Marketplace, global, 334
Markey, Ed, 159
Markle Foundation, 169
Mass media, and content distribution industries, 201–203
McIntyre v. Ohio Elections Comm’n, 125
Medical Information Bureau (MIB), 361
addressing issues in access to and use of health data, 216–227
information and the practice of health care, 209–211
Medical records, electronic, 230
Megan’s Law, 138
Mental health history, 214
MIB. See Medical Information Bureau
Microdata, 47
Mill, John Stuart, 376
Miller, Arthur, 167
Misappropriation, of name or likeness, 130
Money laundering, inhibiting, 34
MySpace.com, 344
N
NAACP v. Alabama, 201
National Center for Education Statistics (NCES), 143, 204, 294n.31
National Center for Health Statistics, 204
National Credit Union Administration, 144
National Education Statistics Act, 143
National privacy commissioner, establishing, 15, 341–342
National Research Council, viii, xi, 20, 161
National Science Foundation, 331
National security, viii
and law enforcement, 23–24, 37
law enforcement and individual privacy, 37, 293–301
tensions with privacy, 292–293
National Security Agency (NSA), 288–291, 319
National security and information technology, 277–293, 279n.18
legal limitations on national security data gathering, 280–284
national security and technology development, 280
tensions between privacy and national security, 292–293
NCES. See National Center for Education Statistics
Networks, of cell phones, 94
New England, colonial, 350–353
New York Civil Service Commission, 356
Noise, adding, 111
Nominal identification, 82
Non-U.S. law, impact on privacy, 151–154
Nonprofit organizations, 200–201
privacy advocates in, viii
Normative theories of privacy, 66–69
Notices
“boilerplate” language in, 78
difficult-to-read, 344
Notification
NSA. See National Security Agency
Nuremberg Code, 187n.8
O
Odor recognition, 270
OECD. See Organisation for Economic Co-operation and Development
OECD Guidelines. See Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data
Office of Civil Rights, 222
Office of Technology Assessment, 167
Olmstead v. United States, 123, 261
Omnibus Crime Control and Safe Streets Act, 135, 362–363
Online privacy
dearth of analytical work on, viii
practices of businesses and government agencies, vii
Online Privacy Alliance, 165
Online service providers (OSPs), 246–247
Open government
federal laws relevant to confidentiality, 142–143
federal laws relevant to individual privacy, 133–142
and freedom of information, 131–146
“Opt-in” or “opt-out” approaches, 70, 77, 339, 393n.152
Organisation for Economic Co-operation and Development (OECD), 48, 50, 153, 167
Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data, 384
Organizations.
See also Institutions;
Private foundations
OSPs. See Online service providers
Oversight, 397
U.S. Congress providing special, 15
P
P3P. See Platform for Privacy Preferences
Packet-based networks, 265
Pandemic outbreak
global, 3
Paperwork Reduction Act, 204
Patient perspectives on privacy, 223–226
improper interpretation and unintended consequences of HIPAA privacy regulations, 225–226
privacy implications of greater patient involvement in health care, 224–225
spillover privacy implications of receiving health care services, 226
Patients
accessing their own records, 217
cooperation from, 211
Paul v. Davis, 124
PCs. See Personal computers
Pearl Harbor attack, 3, 29, 295
Penalties, for improper access, 7
Pentagon attack. See September 11, 2001, attacks
“Penumbral” protection for privacy, 127
People’s Republic of China, 394
Persistence of data.
See also Transience of data elements
projected, 32n
Personal computers (PCs), 89
Personal identification number (PIN) schemes, 374
collected by business and management experts, vii
collected by economists, vii
collected for research purposes, 187–188
collecting for marketing, vii
demand for and supply of, viii, 33
e-commerce and technologies permitting collection of, vii
as an economic good, 70
exploitation of, 13, 86n.56, 314
life cycle of, 13
multidimensional nature of, 65
new sources of, 343
protection of, 380–399, 380n.80, 392n.91
repurposing of, 15, 180, 214, 270, 314, 338
Personally identifiable information (PII), 39–43
Personnel Security System and Photo Identification Card System, 331n
“Persons of interest,” 253, 271
Pew Internet and American Life Project, 166
PGP. See Pretty Good Privacy
Phillips, David, 82
Philosophical theories of privacy, 1, 58–69, 58n.1
coherence in the concept of privacy, 62–66
normative theories of privacy, 66–69
privacy as control versus privacy as restricted access, 59–62
“Phishing” attacks, 108, 108n.22, 224, 326, 342
Photo identification, 226
Physical observation, technologies and, 254–259, 266
PIAs. See Privacy impact assessments
PII. See Personally identifiable information
PIN. See Personal identification number schemes
Platform for Privacy Preferences (P3P), 113
Policy. See Corporate policy;
Privacy policy;
Public policy
Political-loyalty surveillance, 353
Politics of privacy policy in the United States, 56, 155–173
formulation of corporate policy, 171–173
formulation of public policy, 155–162
public opinion and the role of privacy advocates, 162–166
shifts in, 8
Pop-up blockers, 326
Pornography
on the Internet, 240
privacy issues concerning, 8
Portia project, 112
Post, Robert, 62
Potential surveillance, 311
Power relationships, differential, 316
Pragmatic approach to privacy, 60
Preference factor, 76, 218, 364
Presidential directives, executive orders and, 146–147
“Pretexting,” 135
Pretty Good Privacy (PGP), 267
Principles of privacy, xi, 13–14, 38–52, 323–325
fair information practices, 48–50
false positives, false negatives, and data quality, 43–45
personal information, sensitive information, and personally identifiable information, 39–43, 42n.15
reasonable expectations of, 50–52
Privacy
and the assignment of property rights to individuals, 73–74
and behavioral economics, 75–78
benefits of, 340
coherence in the concept of, 14, 62–66, 333–336
collective, 343
compromising, vii
current environment for, 4
defining, 1–4, 21–25, 39–40, 59–62, 305–308, 367n.4, 369n.24
economic perspectives on, 1, 69–78
emerging technologies and libraries, 244–248
ethics of, 186
guarantees of, 75
in health and medicine, vii–viii, 209–230
impact of non-U.S. law on, 151–154
impact of technology on, 88–90
important concepts and ideas related to, 38–52
individuals protecting their own, 14
international perspectives on, 366–399
large-scale factors affecting, 28
law enforcement and information technology, 252–277
law enforcement and national security, 251–301
managing the patchwork of approaches, 14, 161, 333–334
marketable rights in, vii
multidimensional nature of, 22
national security and information technology, 277–293
public debates about, 13
reasonable expectations of, 50–52
tensions with national security, 292–293
of thoughts, 90
in the United States, short history of, 349–365
value of, 66, 308–312, 324n.7, 327
Privacy & American Business, 172
Privacy Act, 137, 159, 159n.14, 165, 168, 170, 204, 336, 362–363
Privacy advocates
groups, vii
role of, and public opinion, 162–166
Privacy and Freedom, 59–61, 167
Privacy and organizations, 175, 177–208
financial institutions, 188–191
institutional use of information, 178–183
mass media and content distribution industries, 201–203
nonprofits and charities, 200–201
retail businesses, 35, 191–196
statistical and research agencies, 203–205
Privacy approaches in the information age, 323–346
organization-based actions, 328–332
public policy actions, 332–346
intellectual approaches and conceptual underpinnings, 57–87
legal landscape in the United States, 122–154
politics of privacy policy in the United States, 155–173
Privacy commission, establishing a standing, 15, 341–342, 344–345
Privacy concerns
analyzing causes for, viii, 20
growing in the United States, vii
in the “information age,” 19
over pornography, 8
in health and medicine, 4, 209–230
in law enforcement and national security, 251–301
social, 63
taking into account, 13
Privacy enhancers
for use by individuals, 107–109
for use by information collectors, 109–116
Privacy fundamentalists, 60
Privacy impact assessments (PIAs), 298–301, 330–331
Privacy implications
of greater patient involvement in health care, 224–225
of receiving health care services, 226
Privacy International, 392n.144
Privacy laws.
See also Common law
respecting the spirit of, 14, 335–336
by state, 148
state and local, 334
Privacy literature, vii
economics-oriented, vii
See also Politics of privacy policy in the United States;
Public policy
correction of, 7
international perspectives on, 151, 153–154, 374n.50, 377n.63, 378n.68
limiting information collected and stored, 6–7
limiting outsider access to
information, 7
making easily readable, 179n.2, 328
prevention of internal abuse, 7
Privacy pragmatists, 60
Privacy Protection Act, 167
economic impact of, 74–75, 75n.29
Privacy rights
as marketable, vii
Privacy Rights Clearinghouse, 165
Privacy-sensitive system design, 114–115, 114n.32
Privacy torts, common law and, 129–131
Private foundations, privacy advocates in, viii
Probable cause standard, 124
Problems
incidence of actual, viii
unsolved, as privacy enhancers, 116–118
“Profiling” of people, 21, 389n.131
statistical techniques for, 343
Property rights, privacy and the assignment of, to individuals, 73–74
Proprietary information, 2
Propriety, social and cultural norms regarding, 317
Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data (E.U. Directive), 383–384, 388, 390, 398, 398n.177
Protests, protecting the right to plan and participate in, 12
Proxies, 325
Pruning methods, 118n.35
Psychological concerns, 26
Public advocates, for privacy, 339–345
Public data-gathering systems, large-scale, 6
Public debates about privacy, 13
Public disclosure of private facts, 129–130
Public Health Service Act, 143
Public-key cryptosystems, 267
Public opinion, and the role of privacy advocates, 162–166
Public policy
controversy since September 11, 2001, 12
Public policy actions, 322n.6, 323, 332–346
establishing the means for recourse, 345–346
managing the privacy patchwork, 14, 161, 333–334
public advocates for privacy, 339–345
relevance of fair information practices today, 336–339
respecting the spirit of the law, 335–336
reviewing existing privacy law and regulations, 334–335
Public protest. See Protests
Public surveillance, 309
Public trust, maintaining, 328
Publicity, costs associated with unfavorable, 14
Punch-card-tabulating machine, 356
Q
Quality of data. See Data quality
R
Radio-frequency ID (RFID) tags, 31, 95, 194–196, 194n.13, 195n.15, 206, 242, 244, 248–249
Real ID Act, 142
Records
bureaucracies relying heavily on, 357
keeping private, 259
Records, Computers and the Rights of Citizens, 48, 188
Recourse, establishing the means for, 15, 299, 331, 345–346
Regan, Priscilla M., 80, 156, 158
Registered traveler program, 332
Regulations
framework within United States, 14
restricting information access, 7
Regulatory agencies.
See also Privacy regulation
work on privacy from, vii
Rehnquist, William, 171
Reiman, Jeffrey, 61
Re-mailers, 325
Remote identification techniques, 269
Repurposing of personal information, 15, 180, 214, 270, 314, 338
Research purposes, personal information collected for, 187–188
Reserve, 59
Restatement of the Law of Torts, 130–131
Restrictions on information access, 7
Retail businesses, 35, 191–196
Retail Credit Company, 361
Retinal pattern scans, 32
RFID. See Radio-frequency ID tags
RFPA. See Right to Financial Privacy Act
Rhizomic surveillance, 364–365
Right to Financial Privacy Act (RFPA), 134, 167, 189
Rights. See Privacy rights
Roosevelt, Franklin D., 358
Rosenberg, Jerry, 167
Rosenfeld v. Department of Justice, 132
S
“Safe harbor” approach, 152, 337, 392
Safeguards Rule, 144
Sarbanes-Oxley Act, 189n.10
SARs. See Suspicious activity reports
Scam letters, 224
Schema definitions, 116
Search engine services, 102, 196, 224
Secrecy, 62
greater need for, 293
Secret ballots, 310
Secret courts, 245
Secure e-mail, 326
Secure shell (SSH) utilities, 267
Securities and Exchange Commission, 144
Security screening, expedited, 332
Security tools, for information, 115–116
Self-help for privacy, personal unilateral actions, 5
“Self-realization,” 371
Self-regulation, 14
by industry, 216–219, 328–332, 391
Self-service book checkout systems, 238
Semayne’s Case, 122
Sensing technologies, 93–94, 97, 106–107
September 11, 2001, attacks, 23, 37, 51, 64, 132–133, 163, 169, 242, 297, 317, 365, 378.
See also USA PATRIOT Act
libraries and privacy since, 242–244
public policy controversy since, 12
as a sentinel event, 13
Sexual offender status, 35, 317
Sexually explicit material, on the Internet, 240
Singapore, data privacy regime of, 394
Sixteenth Amendment, 358
Social norms, 317
Social science data archives, 24
Social Security number (SSN), 40, 142, 339, 358–359, 361
inappropriate use of, 185, 326
Social sorting, 84
and changes in institutional practice, 3, 33–36
Sociological approaches to study privacy, 1, 79–84, 79n.39,40
Sorting. See Social sorting
Sound-editing technologies, 30–31
South African Bill of Rights, 394
South African Constitution, 395
Sovereign immunity, doctrine of, 346
Speech, freedom of, 90
Spyware programs, 108
SSH. See Secure shell utilities
SSN. See Social Security number
State perspectives on privacy regulation, 147–150
State-sponsored surveillance, 365
Statistical disclosure limitation techniques, 111–112
Statistical profiling techniques, 343
Stigma, 310
associated with certain medical conditions, 11, 41
Storing electronic information, expansion of capabilities for, 91–93
Strong encryption algorithms, 267
Student information, collected for administrative purposes, 183–187
Stuntz, William, 297
Surveillance.
See also Antisurveillance statutes
bureaucratic, 359
defining, 349
evolution of, over time, 103
political loyalty, 353
potential, 311
routine, 349
state-sponsored, 365
traditional, 101
video, 4–5, 31, 34–35, 94, 106, 251n.1, 255–258, 256n.3, 309, 321, 374
workplace, 181n.4, 276n.16, 310
Surveillance in the United States, short history of, 349–365
Surveillance technologies, 359
Suspicious activity reports (SARs), 189
SWIFT banking communications network, 180n.3
Switzerland, 369
T
Talley v. California, 125
Targeted suppression, 111
Technological drivers, 2–3, 6, 28, 55–56, 88–121
biological and other sensing technologies, 106–107
data search companies, 102–106
impact of technology on privacy, 88–90
increased connectivity and ubiquity, 97–100
privacy-enhancing technologies, 107–116
risks to personal information, viii
unsolved problems as privacy enhancers, 116–118
Technologies.
See also Emerging technologies;
Information technology
combined into a data-gathering system, 101–102
fears about, 120
permitting collection of personal information, vii
and physical observation, 254–259
for protecting privacy, 33
for surveillance, 359
Technology development, national security and, 280
Telecommunications Act, 136, 359
Telemarketing and Consumer Fraud and Abuse Prevention Act, 136
Telephone Consumer Protection Act, 136
Temperature sensors, 97
See also Counterterrorism
“war against,” 365
Terrorist operations.
See also September 11, 2001, attacks
identifying, 96
preventing, 292
reactions to, 336
Thailand, 393
Thermal-imaging surveillance, 124, 258n.5
Thompson, Judith Jarvis, 62
TIA. See Total Information Awareness program
Title III Wiretap Act, 135
Toll-free numbers, 326
Top-coding, 111
Torts. See Privacy torts
Total Information Awareness (TIA) program, 287, 287n.28, 290–291
Trade associations, work on privacy from, vii
Trade practices, 346
Trade secrets, 2
Tradeoffs, 4–5, 7–11, 12–13, 20–24, 228, 320
clear articulation of, 334
Traditional surveillance, 101
Trans-border data flows, 153, 398
Trans Union Corporation, 197
Transformation of information, and the role of technology, 29–33
Transience of data elements, 41–42
Transparency, enhancing, 320–321, 338
Transportation Security Administration, 332
Treatise on the Law of Torts, 131
public, maintaining, 328
TRUSTe, 328
“Trusted traveler” cards, 21
U
Ubiquitous connectivity, 97–100
UDHR. See Universal Declaration of Human Rights
Unconcern over privacy, 60
Unfavorable publicity, costs associated with, 14
Unintended consequences, 21
of HIPAA privacy regulations, 225–226
United Nations (UN) Guidelines Concerning Computerized Personal Data Files, 385
United States Department of Justice v. Reporters Committee for Freedom of the Press, 132
Universal Declaration of Human Rights (UDHR), 381
Unlisted phone numbers, 326
U.S. Census Bureau, 111, 204, 272, 294, 295n.33, 335, 357, 361
constitutional call for decennial, 354
public-use files, 24
U.S. Congress, 145–146, 149, 189, 220, 358, 362
Continental, 353
providing special oversight, 15, 339
U.S. Constitution. See Constitutional foundations
U.S. Department of Commerce
Baldrige awards program, 342
Information Security and Privacy Advisory Board, 342
U.S. Department of Defense, 194
U.S. Department of Health, Education, and Welfare, 48, 167, 337
U.S. Department of Health and Human Services (DHHS), 145, 220
Office of Civil Rights, 222
U.S. Department of Homeland Security (DHS), 290, 298–301, 331
Data Privacy and Integrity Advisory Committee, 340, 342
U.S. Department of Justice (DOJ), 104, 133
U.S. Department of State, 278
U.S. Department of the Interior, 357
U.S. Department of Treasury, 189
U.S. Federal Trade Commission (FTC), 25, 49, 78, 133–134, 134n.11, 141, 143, 169
U.S. military, 361.
See also Authorization for Use of Military Force
U.S. National Security Agency, 146
U.S. Postal Service, 260
U.S. Supreme Court, 57, 122–129, 132, 149–150, 160, 170–171, 201, 258, 261, 360, 363
US-VISIT, 331n.15
USA PATRIOT Act, 23, 136, 138, 143, 189, 243–244, 250, 288–290, 294n.31, 317, 365
Additional Reauthorizing Amendments Act, 242n.16
Improvement and Reauthorization Act, 243
librarian’s view of, 245
User notification, 113
V
Value of privacy, 66, 308–312, 327
Verified Identity Pass, Inc., 332
Video Privacy Protection Act (VPPA), 139, 160
Video surveillance, 4–5, 31, 34–35, 94, 106, 255–258, 309, 321, 374
Vignettes. See Anchoring vignettes
Voice-over-IP phone service, 136, 262
Voice recognition technologies, 270
Voluntary disclosure, 316
Vote buying, 310
VPPA. See Video Privacy Protection Act
W
Walking. See Gait analysis
War.
See also Antiwar movement civil liberties in times of, 53
Warranty cards, 163
Washington, George, 352n.3
Washington Post, 223
Washington v. Glucksberg, 128
Watch lists, 310
“Watchfulness,” neighborly, 350
Watchtower Bible & Tract Soc’y v. Stratton, 126
Watergate scandals, 3, 163, 167, 363
Weber, Max, 81
Westin, Alan, 59–61, 165, 167, 362, 367n.3, 371
Wilson, James Q., 157
domestic, 147
warrantless, 23
Withholding information, 5, 72
Workplace surveillance, 310
World Trade Center. See September 11, 2001, attacks
World War II, 294, 319, 333, 350, 358
World Wide Web, 8, 29, 102, 104, 239–240, 262, 333
Y
Yahoo!, 102, 104, 152–153, 152n.22
Z