Privacy and Protection of Personal Integrity in the...

11

Privacy and Protection of Personal Integrity

in the Working Place

Privacy and Surveillance Technology Interdisciplinary Perspectives

Gordana Dodig-Crnkovic

Department of Computer Science and Electronics

Mälardalen UniversitySweden

http://www.idt.mdh.se/~gdc

ZiF Centre for Interdisciplinary ResearchUniversity of Bielefeld, Germany

February 10 - 11, 2006

22

CONTENTSCONTENTS

INTRODUCTIONINTRODUCTION

PRIVACY DEFINITIONSPRIVACY DEFINITIONS

MONITORING AND SURVEILLANCEMONITORING AND SURVEILLANCE

SURVEILLANCE TOOLSSURVEILLANCE TOOLS

LEGISLATIONLEGISLATION

WHOSE RESPONSIBILITY? WHOSE RESPONSIBILITY?

THE UNIVERSAL CORE VALUES FOUND ACROSS CULTURESTHE UNIVERSAL CORE VALUES FOUND ACROSS CULTURES

TRUST AND WORKPLACE PRIVACYTRUST AND WORKPLACE PRIVACY

INVENTING SOCIALLY DANGEROUS TECHNOLOGYINVENTING SOCIALLY DANGEROUS TECHNOLOGY

ETHICS OF TRUSTETHICS OF TRUST

LEGITIMACY BY DESIGN AND TRUSTWORTHY COMPUTINGLEGITIMACY BY DESIGN AND TRUSTWORTHY COMPUTING

CONCLUSIONSCONCLUSIONS

33

PRIVACYPRIVACY

Privacy is a fundamental human right recognized Privacy is a fundamental human right recognized in all major international agreements regarding in all major international agreements regarding human rights such as Article 12 of the human rights such as Article 12 of the Universal Declaration of Human Rights (United Universal Declaration of Human Rights (United Nations, 1948). Nations, 1948).

44

WHAT I LEARNED THUS FAR?WHAT I LEARNED THUS FAR?

Michael: privacy as a social constructMichael: privacy as a social construct

Vincent: if humans are not involved, privacy can not be breachedVincent: if humans are not involved, privacy can not be breached

Philip: privacy operationalized Philip: privacy operationalized –– how to do somethinghow to do something

Nadia: radical translation? Nadia: radical translation? ””privacyprivacy”” its meaning in post 9/11, balancing or managing its meaning in post 9/11, balancing or managing prioritiespriorities

Nuala: Identity question at the core of the problem Nuala: Identity question at the core of the problem –– establishing identityestablishing identity

Charles Raab: public policy perspective Charles Raab: public policy perspective –– need for more academic research need for more academic research alongside action research alongside action research –– privacy as a public good, essential for society at large, privacy as a public good, essential for society at large, not only for an individualnot only for an individual

55

PRIVACYPRIVACY

One of characteristics of private is it is not official. One of characteristics of private is it is not official.

Nevertheless, we expect a certain degree of Nevertheless, we expect a certain degree of privacy even in the most official situations. privacy even in the most official situations.

66

INTRODUCTIONINTRODUCTION

Disappearance of boundaries between private and Disappearance of boundaries between private and professional life:professional life:-- ubiquitous computing and ubiquitous computing and -- ambient intelligenceambient intelligence

Privacy protection vs. surveillance of employeesPrivacy protection vs. surveillance of employees

77

MONITORING AND SURVEILLANCE TOOLSMONITORING AND SURVEILLANCE TOOLS

ClosedClosed Circuit Television (CCTV)Circuit Television (CCTV)Night vision systemNight vision systemSmart Smart cardscardsTelephoneTelephone tapstapsComputer Computer usageusage ((EE--mailmail monitoringmonitoring, Internet , Internet monitoringmonitoring and and filteringfiltering, , instantinstant messagemessagemonitoringmonitoring, , keystrokekeystroke logginglogging))CellularCellular radio/radio/SatelliteSatellite interceptioninterceptionRadio Radio FrequencyFrequency IdentificationIdentification (RFID)(RFID)LocationLocation monitoringmonitoring......

88

COMPUTERS AS TOOLS FOR MONITORING COMPUTERS AS TOOLS FOR MONITORING AND SURVEILLANCEAND SURVEILLANCE

StorageStorageSearchingSearching, , SortingSorting, , SimulationSimulation

–– the the fourfour basicbasic SS’’ss of of computingcomputing technology makes technology makes it it unprecedentedunprecedented toolstools for for monitoringmonitoring and and surveillancesurveillance

99

FaceFaceFingerprint / Palm PrintFingerprint / Palm PrintHand and Finger GeometryHand and Finger GeometryHandwritingHandwritingIrisIrisVoice/SpeakerVoice/SpeakerRetinalRetinalMultimodalMultimodal

1010

PacketPacket--sniffing software can intercept, analyze, and archive sniffing software can intercept, analyze, and archive all communications on a network, including employee eall communications on a network, including employee e--mail, chat sessions, file sharing, and Internet browsing. mail, chat sessions, file sharing, and Internet browsing.

Employees who use the workplace network to access Employees who use the workplace network to access personal epersonal e--mail accounts not provided by the company mail accounts not provided by the company are not protected. Their private accounts, as long as are not protected. Their private accounts, as long as they are accessed on workplace network or phone lines, they are accessed on workplace network or phone lines, can be monitored. can be monitored.

Keystroke loggers can be employed to capture every key Keystroke loggers can be employed to capture every key pressed on a computer keyboard. These systems will pressed on a computer keyboard. These systems will even record information is typed and then deleted. even record information is typed and then deleted.

Phone monitoring is pervasive in the American workplace as Phone monitoring is pervasive in the American workplace as well. Some companies employ systems automatically well. Some companies employ systems automatically monitor call content and breaks between receiving calls. monitor call content and breaks between receiving calls.

SPECIFIC METHODS OF WORKER SURVEILLANCESPECIFIC METHODS OF WORKER SURVEILLANCE

1111

Video surveillance is also widely deployed. In a number of Video surveillance is also widely deployed. In a number of cases, video surveillance has been used in employee cases, video surveillance has been used in employee bathrooms, rest areas, and changing areas. bathrooms, rest areas, and changing areas.

Video surveillance, might be acceptable where the camera Video surveillance, might be acceptable where the camera focuses on publiclyfocuses on publicly--accessible areas. However, accessible areas. However, installment in areas where employees or customers installment in areas where employees or customers have a legitimate expectation of privacy, such as inside have a legitimate expectation of privacy, such as inside bathroom stalls, can give the employee a cause of bathroom stalls, can give the employee a cause of action under tort law.action under tort law.


1212

"Smart" ID cards can track an employee's location while "Smart" ID cards can track an employee's location while she moves through the workplace. By using location she moves through the workplace. By using location tracking, an employer can even monitor whether tracking, an employer can even monitor whether employees spend enough time in front of the employees spend enough time in front of the bathroom sink to wash their hands. New employee bathroom sink to wash their hands. New employee ID cards can even determine the direction the ID cards can even determine the direction the worker is facing at any given time. worker is facing at any given time.

Psychometric or aptitude testing to evaluate potential Psychometric or aptitude testing to evaluate potential employees: Such tests purport to assess employees: Such tests purport to assess intelligence, personality traits, religious belief, intelligence, personality traits, religious belief, character, and skills. character, and skills.


1313

TelecommutingTelecommuting

Employees who labor remotely from the Employees who labor remotely from the workplace encounter different privacy workplace encounter different privacy challenges. For instance, how can the challenges. For instance, how can the employer monitor the employee's home employer monitor the employee's home without impinging upon nonwithout impinging upon non--workwork--related related activities? activities?

What limits are there to prevent What limits are there to prevent surveillance of the employee during offsurveillance of the employee during off--hours? What about information collected hours? What about information collected about nonabout non--employee family members employee family members who may use work equipment? who may use work equipment?

http://www.epic.org/privacy/workplace/http://www.epic.org/privacy/workplace/


1414


The Universal The Universal DeclarationDeclaration of Human Rights of Human Rights –– ArticleArticle 1212

““No one shall be subjected to arbitrary No one shall be subjected to arbitrary interference with his privacy, family, home interference with his privacy, family, home or correspondence, nor to attacks upon or correspondence, nor to attacks upon his his honourhonour and reputation. Everyone has and reputation. Everyone has the right to the protection of the law the right to the protection of the law against such interference or attacks.against such interference or attacks.””

UNUN’’s International Covenant on Civil and s International Covenant on Civil and Political Rights (ICCPR)Political Rights (ICCPR)

1515


The Council of Europe's 1981 Convention for The Council of Europe's 1981 Convention for the Protection of Individuals with regard to the Protection of Individuals with regard to the Automatic Processing of Personal Datathe Automatic Processing of Personal Data

The Organization for Economic Cooperation The Organization for Economic Cooperation and Development's Guidelines Governing and Development's Guidelines Governing the Protection of Privacy and the Protection of Privacy and TransborderTransborderData Flows of Personal DataData Flows of Personal Data

1616


PRIVACY AND HUMAN RIGHTS PRIVACY AND HUMAN RIGHTS ReportReport

Personal Information must be:Personal Information must be:obtained fairly and lawfully,obtained fairly and lawfully,used only for the original specified purpose,used only for the original specified purpose,adequate, relevant and not excessive to purpose,adequate, relevant and not excessive to purpose,accurate and up to date, andaccurate and up to date, anddestroyed after its purpose is completeddestroyed after its purpose is completed

1717

FAIR INFORMATION PRACTICES APPLIED BY FAIR INFORMATION PRACTICES APPLIED BY INTERNATIONAL LABOUR ORGANIZATIONINTERNATIONAL LABOUR ORGANIZATION

Employees should have notice of data collection processes. Employees should have notice of data collection processes. Data should be collected and used lawfully and fairly. Data should be collected and used lawfully and fairly. Employers should collect the minimum necessary data required forEmployers should collect the minimum necessary data required for

employment. employment. Data should only be collected from the employee, with informed cData should only be collected from the employee, with informed consent. onsent. Data should only be used for reasons directly relevant to employData should only be used for reasons directly relevant to employment, and ment, and

only for the purposes for which the data were originally collectonly for the purposes for which the data were originally collected. ed. Data should be held securely. Data should be held securely. Workers should have access to data. Workers should have access to data. Data should not be transferred to third parties absent consent oData should not be transferred to third parties absent consent or to comply r to comply

with a legal requirement. with a legal requirement. Workers cannot give up their privacy rights. Workers cannot give up their privacy rights. Medical data is confidential. Medical data is confidential. Certain data, such as sex life and political and religious belieCertain data, such as sex life and political and religious beliefs, should not fs, should not

be collected. be collected. Certain collection techniques, such as polygraph testing, shouldCertain collection techniques, such as polygraph testing, should be be

prohibited. prohibited.

1818

WORKPLACE PRIVACY ISSUESWORKPLACE PRIVACY ISSUES

Fair information practices in relation to employee Fair information practices in relation to employee personal datapersonal data, especially in relation to: , especially in relation to:

application of OECD Guidelinesapplication of OECD Guidelines--conformant principles conformant principles and processes; and processes;

care with sensitive data, such as medical information; care with sensitive data, such as medical information; balanced procedures in relation to evaluative materials; balanced procedures in relation to evaluative materials;

Surveillance of activities using employerSurveillance of activities using employer--provided provided facilitiesfacilities: :

at the level of keystrokeat the level of keystroke--rate; rate; at the level of application usage; at the level of application usage; traffic analysis (e.g. telephonetraffic analysis (e.g. telephone--numbers called and called numbers called and called

from, email correspondents, webfrom, email correspondents, web--sites visited) sites visited) content analysis (e.g. email messages and telephone content analysis (e.g. email messages and telephone

converstionsconverstions, content of web, content of web--pages visited); pages visited);

Fair dealings by employers (trustworthiness)Fair dealings by employers (trustworthiness). A . A fundamental concern has been that the fundamental concern has been that the behaviourbehaviourof some employers is inconsistent with their policy of some employers is inconsistent with their policy statements, e.g. some state that they do not statements, e.g. some state that they do not monitor, when in fact they do; monitor, when in fact they do;

1919

WORKPLACE PRIVACY ISSUESWORKPLACE PRIVACY ISSUES

Intrusions into privacy of the personIntrusions into privacy of the person, such as: , such as: substancesubstance--abuse testing; abuse testing; polygraph ('liepolygraph ('lie--detector') testing; detector') testing; ... ...

Intrusions into privacy of personal Intrusions into privacy of personal behaviourbehaviour, , such as: such as: audio surveillance; audio surveillance; telephonetelephone--number monitoring; number monitoring; telephone conversation telephone conversation monitoringmonitoring; ; video surveillance; video surveillance; ... ...

2020

WHOSE RESPONSIBILITY? WHOSE RESPONSIBILITY? AGENCY AND SURROGATE AGENCYAGENCY AND SURROGATE AGENCY

The layers of trust, The layers of trust, KainulainenKainulainen (2001):(2001):Individual Individual -- machinemachineIndividual Individual -- individualindividualIndividual Individual -- (machine) (machine) -- individualindividualIndividual Individual -- identifiable small groups (social aspect)identifiable small groups (social aspect)Individual Individual -- groups/organizations (authority, higher groups/organizations (authority, higher levels of hierarchy and abstraction)levels of hierarchy and abstraction)Group Group –– groupgroup

Johnson and Powers (2004) study the problem of the Johnson and Powers (2004) study the problem of the responsibility of (autonomous) agents which are responsibility of (autonomous) agents which are used as used as role or "surrogate" mediatorsrole or "surrogate" mediators

2121

WHY VALUE PRIVACY? WHY VALUE PRIVACY? PRIVACY AND DEMOCRACYPRIVACY AND DEMOCRACY

In intruding on privacy, which is closely In intruding on privacy, which is closely related to freedom and autonomy, related to freedom and autonomy, surveillance can be considered to have, surveillance can be considered to have, ultimately, a negative effect on ultimately, a negative effect on democracy. democracy.

2222

THE UNIVERSAL CORE VALUES THE UNIVERSAL CORE VALUES FOUND ACROSS CULTURESFOUND ACROSS CULTURES

Caring for children; Caring for children; Trust;Trust;Prohibitions against murder.Prohibitions against murder.

having the following effects:having the following effects:

Assuring the continuity of population in terms of Assuring the continuity of population in terms of number of individuals and ways of behavior; number of individuals and ways of behavior; Respecting the commonly accepted set of rules, Respecting the commonly accepted set of rules, which provides predictability and stable which provides predictability and stable relationships;relationships;Preventing the extinction of the population.Preventing the extinction of the population.

(Lawrence M. (Lawrence M. HinmanHinman, University San Diego), University San Diego)

2323

TRUSTWORTHINESS AND WORKPLACE PRIVACYTRUSTWORTHINESS AND WORKPLACE PRIVACY

Parallels between Computer Ethics and Medical Parallels between Computer Ethics and Medical Ethics: Ethics: Francis (1993) in the section Francis (1993) in the section ‘‘Ethics of Trust vs. Ethics of Trust vs. Ethics of RightsEthics of Rights’’ discusses autonomy, informed discusses autonomy, informed consent and the rights of patients. consent and the rights of patients.

Basically, Basically, the relation between a specialist and a laythe relation between a specialist and a lay--person is of power and subjection and must be person is of power and subjection and must be grounded on mutual trust. grounded on mutual trust.

2424

THE DESIGN OF COMPUTER SYSTEMSTHE DESIGN OF COMPUTER SYSTEMS

Historically an unconditional trust on the Historically an unconditional trust on the part of the general public in the inherent part of the general public in the inherent goodness of technology has been goodness of technology has been shownshown to be to be unwarrantedunwarranted. .

2525


The design of computer systems has not The design of computer systems has not historically been organized in a democratic historically been organized in a democratic way. Designers and users have had little way. Designers and users have had little interaction, and users have had little control interaction, and users have had little control over the resulting systems, except perhaps over the resulting systems, except perhaps through the indirect routes available to through the indirect routes available to them through resistance in the workplace them through resistance in the workplace and the refusal to purchase relatively and the refusal to purchase relatively unusable systems for their own use. unusable systems for their own use.

2626


Yet over the last ten or twenty years, a growing Yet over the last ten or twenty years, a growing movement, originating in Scandinavia but movement, originating in Scandinavia but now increasingly influential in other now increasingly influential in other industrialized countries, is attempting to industrialized countries, is attempting to reform the design of computer systems in a reform the design of computer systems in a more democratic direction (more democratic direction (BjerknesBjerknes, , EhnEhn, , and and KyngKyng 1987, Schuler and 1987, Schuler and NamiokaNamioka 1993).1993).

AgreAgre (1994) (1994)

2727


““Technology can go a long way toward Technology can go a long way toward protecting the privacy of individuals, protecting the privacy of individuals, but we also need a legal framework to but we also need a legal framework to ensure technology isn't outlawed ensure technology isn't outlawed (Bernstein: (Bernstein: http://http://www.eff.org/bernsteinwww.eff.org/bernstein/.) We can't /.) We can't protect privacy through case law, and protect privacy through case law, and selfself--regulation hasn't worked.regulation hasn't worked.””

Deborah PierceDeborah Pierce

2828

INVENTING SOCIALLY DANGEROUS INVENTING SOCIALLY DANGEROUS TECHNOLOGYTECHNOLOGY

1. Build it as safe as you can, and build 1. Build it as safe as you can, and build into it all the safeguards to personal into it all the safeguards to personal values you can imagine. values you can imagine.

2. Tell the world at large you are doing 2. Tell the world at large you are doing something dangerous.something dangerous.””

WeiserWeiser, 1995, 1995

2929

CODES OF ETHICSCODES OF ETHICS(Primarily Targeting Designers)(Primarily Targeting Designers)

ACM (Association for ACM (Association for ComputingComputingMachineryMachinery) ) BSC (British Computer Society) BSC (British Computer Society) IEEE (IEEE (InstituteInstitute of of ElectricalElectrical and and Electronics Electronics EngineersEngineers) ) DataForumDataForumCF (CivilingenjCF (Civilingenjöörsfrsföörbundet) rbundet)

3030

A PRIVACY CULTUREA PRIVACY CULTURE

Whether or not privacy is protected by law or Whether or not privacy is protected by law or contract, fostering a workplace culture contract, fostering a workplace culture where privacy is valued and respected where privacy is valued and respected contributes to healthy human relations, contributes to healthy human relations, and makes good business sense.and makes good business sense.

3131

LEGITIMACY BY DESIGN AND LEGITIMACY BY DESIGN AND TRUSTWORTHY COMPUTINGTRUSTWORTHY COMPUTING

The first phase of the The first phase of the intentional design for intentional design for democracydemocracy is the explication of the is the explication of the embedded moral significance of ICT while embedded moral significance of ICT while the next is the development of the the next is the development of the corresponding technology (corresponding technology (Yu and Yu and CysneirosCysneiros, 2002), 2002). .

The existing analyses of the state of the art of The existing analyses of the state of the art of privacy issues worldwide (fifty countries in privacy issues worldwide (fifty countries in http://http://www.gilc.orgwww.gilc.org/privacy/survey/privacy/survey) bear ) bear witness to how much work remains to be witness to how much work remains to be done.done.

3232

LAYERS OF TRUSTWORTHINESSLAYERS OF TRUSTWORTHINESS

Trust in the intent of designersTrust in the intent of designersTrust in the quality of workmanshipTrust in the quality of workmanshipTrust in the usersTrust in the users

3333

ETHICS OF TRUSTETHICS OF TRUST

““Trust is like the glue holds society Trust is like the glue holds society together together ---- without it, we crumble without it, we crumble into tiny isolated pieces collide into tiny isolated pieces collide randomly with one another. In a randomly with one another. In a world without trust, individuals world without trust, individuals cannot depend on one another; as cannot depend on one another; as a result, individuals can only be out a result, individuals can only be out for themselves.for themselves.””

HinmanHinman (2002) (2002)

3434

CONCLUSIONSCONCLUSIONS

TRUSTWORTHINESS must be established in the TRUSTWORTHINESS must be established in the use of ICT, where both users and the technology use of ICT, where both users and the technology will be trustworthy. will be trustworthy.

This in the first place presupposes the INFORMED This in the first place presupposes the INFORMED CONSENT of all the parties involved. CONSENT of all the parties involved.

This trust must be established GLOBALLY because This trust must be established GLOBALLY because the data contained in networked computers the data contained in networked computers virtually knows no boundaries.virtually knows no boundaries.

3535

ReferencesReferences

Gordana Dodig-Crnkovic Privacy and Protection of Personal Integrity in the Working Place

Privacy and Surveillance Technology Interdisciplinary Perspectives - Workshop at ZiF Centre for Interdisciplinary Research, University of Bielefeld, Germany, February 10 - 11, 2006

Gordana DodigGordana Dodig--Crnkovic, Virginia HorniakCrnkovic, Virginia HorniakGood to Have Someone Watching Us from a Good to Have Someone Watching Us from a Distance? Privacy vs. Security at the Workplace;Distance? Privacy vs. Security at the Workplace;Ethics of New Information Technology, Ethics of New Information Technology, Proceedings of the Sixth International Conference of Proceedings of the Sixth International Conference of Computer Ethics: Philosophical Enquiry, CEPE 2005 Computer Ethics: Philosophical Enquiry, CEPE 2005 July 17July 17--19, 2005, University of 19, 2005, University of TwenteTwente, , EnschedeEnschede, , The Netherlands ; The Netherlands ; BreyBrey P,GrodzinskyP,Grodzinsky F and F and IntronaIntronaL. Eds. http://cepe2005.utwente.nl/ L. Eds. http://cepe2005.utwente.nl/

3636

The Ethics of Workplace PrivacyThe Ethics of Workplace PrivacySven Sven OveOve HanssonHansson ogog ElinElin PalmPalm

Peter Lang Peter Lang BruxellesBruxelles 2005 186 s. 2005 186 s. BogomtaleBogomtale frafra forlagetforlaget. .

In recent years, new and more intrusive surveillance technology In recent years, new and more intrusive surveillance technology has found its way into workplaces. has found its way into workplaces. New medical tests provide detailed information about workers' biNew medical tests provide detailed information about workers' biology that was previously ology that was previously unthinkable. An increasing number of employees work under cameraunthinkable. An increasing number of employees work under camera surveillance. At the same surveillance. At the same time, computers allow for a detailed monitoring of our interactitime, computers allow for a detailed monitoring of our interactions with machines, and all this ons with machines, and all this information can be electronically stored in an easily accessibleinformation can be electronically stored in an easily accessible format. What is happening in our format. What is happening in our workplaces? Has the trend towards more humane workplaces been brworkplaces? Has the trend towards more humane workplaces been broken? From an ethical point oken? From an ethical point of view, which types and degrees of surveillance are acceptable,of view, which types and degrees of surveillance are acceptable, and which are not? From a and which are not? From a policy point of view, what methods can be used to regulate the upolicy point of view, what methods can be used to regulate the use of surveillance technology in se of surveillance technology in workplaces?workplaces?These are some of the questions that have driven the research reThese are some of the questions that have driven the research reported in this book. Written by ported in this book. Written by an interdisciplinary group of researchers in Computer Ethics, Mean interdisciplinary group of researchers in Computer Ethics, Medical Ethics and Moral dical Ethics and Moral Philosophy, this book provides a broad overview that covers bothPhilosophy, this book provides a broad overview that covers both empirical and normative aspects empirical and normative aspects of workplace privacy.of workplace privacy.

Privacy and Protection of Personal Integrity in the...

Documents

Transcript of Privacy and Protection of Personal Integrity in the...