隐私和四类信息技术

1、Executive SummaryPeople use the word “privacy” to describe many different human values. The strongest sense of privacy is control of personal information, which peo- ple use to fashion their personae and roles in soci- ety. Fairness is an equally important value, as people should get what is due the

2、m, even when comput- ers and software are making decisions. Personal and financial security are privacy issues, in a sense, because these values can be threatened by information misuse.Privacy is also the enjoyment of solitude or peace and quiet, simply being left alone.In the American constitutiona

3、l sphere, privacy has been used to denote autonomy, particularly in the area of sensitive medical and family issues. For some, pri- vacy is defense against commodification, the reduction of what should be meaningful living to endless com- mercialism. Privacy also relates to protection of repu- tatio

4、n because false personal information can offend and harm people.In varying ways and degrees, these values are threat- ened by advancements in four distinct categories of information technology: sensing, storage, transfer, and processing. Sensing is the transformation of real-world information into d

5、igital data. Storage is collection of that data in media from which it can be recovered. Transfer is the movement of data across distance. And processing is the use of data. The number of potential uses for data is nearly infinite.The interactions between these values and these technologies are comp

6、licated, and different inter- ventions will respond more or less well to threats. Understanding information technology and the val- ues it affects can help policymakers fashion rules that empower people in their self-protective efforts and that protect them directly.Privacy and the Four Categories o

7、f Information TechnologyJim HarperIn recent years, contested policies and practices at information-based companies such as Facebook and Google have stirred hot political controversy. A major revision to European privacy regulations called the General Data Protection Regulation has caused compa- nies

8、 to revise their data practices and most major web- sites globally to post prominent notices about cookies. Legislation aimed at protecting privacy has been pro- posed in many other jurisdictions and passed in some. These developments may signal a coming wave of reg-ulatory control over the informat

9、ion economy.A wave is a good metaphor, because debates about technology policy in Washington, DC, and other cap- itals are agitation on the surface of a deep ocean of technological change and related social change. When it comes to understanding and navigating the cur- rents, the ocean is more impor

10、tant than the froth. Continuing advancements in information technology are changing the way information moves in society. They are changing the consequences of interacting online. And they are changing the behaviors peo- ple might take in response. Everyone from ordi- nary consumers to top policymak

11、ers would do well to understand these currents, which are sometimes crosscutting.The capacities of information technology have advanced and will continue to do so in ways that have consequences for privacy and related values. The advances have taken place in four usefully distinct cat- egories: sens

12、ing, storage, transmission, and process- ing.1 Sensing is the conversion of real-world analog information into much more powerful and useful dig- ital data. Storage is the recording and maintenance of data in digital formats for later access. Transmissionis the movement of data from place to place.

13、And pro- cessing is the automated use of datain ways that seem limited only by the imagination.Simple or obvious as the march of progress in these categories sounds, the consequences are both profound and varied. Together, technologies in these four categories are delivering tremendous economic and

14、social progress, including greater wealth and well-being to people worldwide. These benefits are often given short shrift, as the problems technology creates are more interesting. We give the benefits short shrift here, too, focusing on how information technology threatens important values.Privacy i

15、s the enjoyment of control over personal information. It is but one of the values at stake when people go online to learn, interact, be entertained, and trade. Other values, often referred to as “privacy,” include personal security, financial security, fairness, peace and quiet, autonomy, integrity,

16、 and reputation. The intersection between the four categories of information technology and these values is not a clean line. Different information technologies affect each value differently. Sensing and privacy are utterly linked, for example, because the most direct way to control personal informa

17、tion is to prevent it from being digitized. Fairness is more clearly at stakeand threatenedby data processing. Threats to certain types of security are often mitigated by personal dataprocessing that inures against fraud.Given the differences among technologies rela- tionship to values, different in

18、terventions might respond more or less well to the threats each type of information technology poses. How best to address the effects of advancing technology on each valueis a complex challenge reserved for exploration in a later report. The policy recommendation that springs from this report is sim

19、ply to avoid trying to address a multiplicity of values in any one effort. That is unfor- tunately the approach of “privacy” legislation and reg- ulation in many jurisdictions.But understanding information technology at a high level can help people protect their own privacy and all the other values

20、that often go by that name. Greater knowledge can help policymakers fashion rules that empower people in their self-protective efforts and protect people directly. Ideally, what would result is the maximum possible technology implementation that is consistent with citizens and consumers actual desir

21、es, both for their personal circumstances and for the society in which they wish to live.Technology is interesting and important, but human values are what matter. So I begin by anchor- ing the analysis in privacy and related values. After that, I survey how sensing, storage, transmission, and proce

22、ssing affect privacy, fairness, security, and the other values at stake in the burgeoning online envi- ronment. Many distinct values are at play indeed.Privacy and Related ValuesHuman interests and values are not fixed in stone, but they change slowly relative to technology. Indeed, much of the priv

23、acy “problem” is arguably born out of adopting information technologies faster than society can develop the capacity to comprehend, absorb, and integrate them. So consider human values, if not terra firma, conceptual stones that changing technologies sweep over, scour, and sometimes shift.The most c

24、ommon expression of concern in infor- mation policy debates is with privacy. But the word “privacy” stands in for many different interests and values that differ from one another and sometimes conflict. Some of these values are similar to one another, and some differ from others quite mark- edly. Ha

25、ving information about oneself under con- trol is the essence of privacy in the strongest sense of the word. Related values include fair treatment,personal security, financial security, peace and quiet, autonomy, integrity against commodification, and reputation.This is a diverse conceptual landscap

26、e. Differences among these values can be illustrated by examining what offends each value and the subjective experience of people suffering offense. How does wrongdoing look, and how does it affect people? I begin this brief survey of information-related human values with pri- vacy as control of per

27、sonal information.Privacy. The essence of privacy is control of informa- tion about oneself. In his seminal 1967 book Privacy and Freedom, Alan Westin characterized privacy as “the claim of individuals, groups, or institutions to deter- mine for themselves when, how, and to what extent information a

28、bout them is communicated to others.”2 A tighter, more legalistic definition is: the subjective condition people enjoy when they have power to con- trol information about themselves and when they exercise that power consistent with their interests and values.3 Privacy is protected when one has contr

29、ol over information, whether that means keeping information entirely to oneself, sharing it in an environment that inhibits further sharing, or sharing it subject to infor- mal or formal restrictions on further sharing.Nuances of these definitions invite questions about how the power to control info

30、rmation (and thus maintain privacy) is protected or undermined by law and legislation. Some laws support privacy-protective decisions. Much legislation strips privacy away so it can do its work. The Fourth Amendment to the US Constitution can be thought of as a rule meant to guarantee people control

31、 of themselves, their things, and information about themselves vis-vis govern- ment actors.But privacys subjectivity is important to recognize as well. People define privacy for themselves, and it reflects their own interests and values. Peoples pri- vacy interests are based in culture, upbringing,

32、and experience, which are not readily summarized or cap- tured, certainly not once and for all time.It is certainly possible to generalize about pri- vacy preferences. Most people prefer to conceal the appearance of most of their bodies, for example, whilerevealing other parts. Most people keep thei

33、r finances and sexual lives mostly to themselves. But exceptions abound, and across larger groups of people, general- izations become more riddled with exceptions.Illustrating how privacy interests can vary, a 2018 World Bank report found wide national differences in privacy preferences. Among Chine

34、se people surveyed, 38 percent expressed unreserved willingness to share personal data in exchange for benefits such as lower costs and personalization. At the other extreme, only 8 percent of Japanese respondents were so willing. The percentage of respondents in the United States welcoming data sha

35、ring was 25 percent, just below the global average of 27 percent. In northern Euro- pean countries and the rest of the Anglosphere, the percentage of respondents embracing personal data sharing clustered in the teens.4Because of its subjectivity, privacy preferences are apt to change over time, both

36、 at the individual level and in gross. Some may find many benefits from revealing and trading information about themselves. They may want to seek more publicity and informa- tion sharing over their lifetimes. Others, chastened by negative experiences or more cautious with age, may become more protec

37、tive of their privacy.Technological and economic circumstances may strongly influence privacy mores in the aggregate. In agrarian times, there may have been little privacy for most people, as everyone knew everyone elses business in the single social network known as the “village.” Urban settings an

38、d the age of ready trans- portation have offered more privacy, as one can inter- act relatively anonymously and move seamlessly among networks of people without bringing along ones biography.The reasons privacy is important are as many as there are commentators, but it is both foundational and funct

39、ional. Privacy is an expression of autonomy that individualists see as basic to being ones own self. Privacy exists when people decide for themselves what others know and do not know about them. That is an essential part of being a free and self-directed individual.Just as much, privacy is a tool fo

40、r shaping ones soci- ety and roles in it. Business leaders and psychologistsgenerally keep their personal lives to themselves, for example, so that knowledge of their humanity does not distract from professional and organizational priorities. Salespeople and bartenders share more to create a rapport

41、 with customers. Privacy has imme- diately practical benefits as well, such as protecting people from potential threats and unwanted or inap- propriate contact.Privacy is an expression of autonomy that individualists see as basic to being ones own self.The mechanics and experience of privacy invasio

42、n help distinguish privacy from similar values going by the name. A loss of privacy or privacy invasion occurs when controls on personal information collapse or when someone defeats them. Events as varied as hav- ing a split in ones pants, a conversation overheard, document theft, wiretapping, and c

43、orporate malfea- sance with data all threaten privacy in their own ways. The experience of privacy invasion may differ quite widely with context, but it can include embarrass- ment or anticipation of the same, fear of the extent and consequences of exposure, and dismay, frustra- tion, or anger at an

44、others betrayal of confidences. A privacy invasion may also require a person to take steps to mitigate wider-than-expected dissemination of information. The victim of a privacy invasion may have to urgently react to stop further dissemination of information, formulate an admission or partial admis-

45、sion of weakness or wrongdoing, request forgiveness or respect, or take other actions designed to preempt or avoid others anticipated responses to new infor- mation. The possibilities are mind-bogglingly myriad because peoples choices around sharing and hidinginformation are endless.There are intere

46、sting and undecided questions in privacy. One is whether privacy is lost whenprotections for information are defeated, when pri- vate information is actually shared, or when a person learns that his or her private information has been shared. When a backup tape containing thousands of peoples financ

47、ial records was lost, did that invade pri- vacy because information about them was no longer under control, or did it merely create the risk of a pri- vacy invasion, which may or may not manifest later? Not knowing that ones risqu vacation pictures have been circulated is protection of a sort, but i

48、t may pres- age even worse psychological injury when one learns that intimate personal information has been available to others for some time.Whatever precise information people keep private, and however they respond to a privacy loss, privacy is most clearly understood as a condition obtained by co

49、ntrolling personal information. There are many equally important values, including fairness.Fairness. Across both the government and corpo- rate sectors, more decision-making is being auto- mated. Computer systems supplied with data can be programmed to resolve issues that once relied on humans to d

50、ispose of. Credit reporting is a superlative example, in which the literal paper credit file made available to lenders in the 1970s has been replaced by digital files and automated systems that produce scores indicating the financial acumen of potential borrowers. Technological change may obscure th

51、ings, but it does not change the basic relevance of fairness, the sense that people should be accorded what they are due when they are the subject of someone elses decision.Giving definition to “fairness” is not easily done. The US constitutional concept of “due process” epit- omizes this. The rule

52、of due process is that the peo- ple who are objects of government decision-making should get the process that is due them. That is utterly circular. Absent logical grounding, the rule is rooted in historical practice. The process that courts have accorded to criminal suspects over recent decades and

53、 centuries, for example, is the process that is “due” and thus the process that is fair. Over time, we must hope, the courts have developed proce- dural rules that are designed to discover the truth andthat almost always arrive at a close approximation of the truth. Suspects should get their due in

54、terms of substantive justice.Whether in criminal courts, reputation systems, or elsewhere, fairness seems to boil down to giving the individual what he or she deservespunishment, reward, opportunity, credit, or whatever it may bein light of the relevant facts and circumstances.A few principles might

55、 put flesh on an otherwise thin appeal for justice in a data-centric world. For one, the data used in decision-making should be accurate. If it is not, that could prevent a person from getting fair treatment. The data used should also be relevant, which is part of having a decision rule appropriate

56、to the circumstances. The logic of decision-making should be designed to arrive at the right result, and it should often do so, though one cannot guarantee it always does. All three principlesaccurate data, relevant data, and an appropriate decision ruleare highly contingent. Pour them into any circ

57、umstance, though, and they are a rough guide to data fairness.A lot of damage can be done without fairness. Again the criminal law context leads the way: Putting innocent people in jail or to death is a wrong so pro- found that criminal procedure is appropriately biased toward acquitting the guilty

58、rather than convicting the innocent. Unfairness can also perpetuate social wrongs such as racism or classism. Consider a credit scoring system that treats the accoutrements of race or poverty as definitive. That denies individuals mer- its, and that is unfair.Fairness is quite distinct from privacy,

59、 as the mechanics and the nature of victimization show. A privacy violation occurs when personal informa- tion is revealed to others; fairness is at issue when already-revealed information is used. The informa- tion is either out of the subjects control or it has been shared with the decision maker

60、consistent with the preferences of the subject. Unfairness is not wrong- ful release of information. Unfairness occurs when someone is denied something they should have, when they are punished for something they did not do, or when they lose opportunities they should have.Further illustration of the