Privacy Versus In-Your-Face Big Government

2007-08-30

Course overview; Buzzword Jeopardy. Exemplar for individual class projects (to organize research on privacy issues throughout semester) is the ACLU Pizza Ad (requires flash player.)

Assigned reading for next class: Constitution and BOR.

2007-09-04

What are rights and where do they come from? We must understand the system before we can determine whether we enjoy a particular right - like one to privacy. Study of the US Constitution and Bill of Rights, their origin and the world/political backdrop to their formation. Constitutional versus statutory rights. Philosophical basis for the Founders' actions. What elements of the BOR might be the implicit basis for some to argue a 'right of privacy.'

Post-class reflection: "For a Nation of Buttes: The Glory of Federalism", Jonah Goldberg, National Review On-Line.

Assigned reading for next time: Begin working through the packet of provided materials. These are: James Moor, "Toward a Theory of Privacy for the Information Age". Elgesem's "The Structure of Rights in Directive 95/46/EC on the Protection of Individuals with Regard to the Processing of Personal Data and the Free Movement of Such Data". Tavani and Moor, "Privacy Protection, Control of Information and Privacy-Enhancing Technologies". Vedder, "KDD, Privacy, Individuality, and Fairness". Fulda, "Data Mining and Privacy". And Introna, "Workplace Surveillance, Privacy and Distributive Justice." From: Readings in CyberEthics, Second Edition

2007-09-06

Alternate models of a 'right to privacy.' Quickstart Quiz. Discussion of Moor paper, "Toward a Theory of Privacy for the Information Age". Introduces privacy interests from the perspective of an ethical framework (rather than the constitutional approach.) Instrumental versus intrinsic value is distinguished, and normative (as opposed to natural) privacy (which has elements of both intrinsic and instrumental value) is described as enabled by means of an individual maintaining control over his information. (Enforcement mechanisms for control are not discussed at this time.) The overlap betwen rights-based verus ethically-justified privacy is explored. Moor's three proposed principles of privacy are explored, and current examples of privacy policies (e.g. internet web sites) are evaluated by these criteria.

2007-09-11

European Union model of privacy. Quickstart Quiz. Continuing discussion on previously assigned papers, starting with Elgesem. Introduces privacy interests from the European Union perspective, that of a bare social contract. Discussion on merits and flaws of same, through the example of Directive 95/46/EC of the European Parliament concerning processing of personal data. Brief discussion on directive's later amendments. Observation, that while the EU directive is the first 'comprehensive' government policy on protection of individual privacy interests, the exceptions (some said "loopholes") are substantial (e.g., research) and moreover the document presumes that the state (not individual) retains control and determination of what is appropriate (i.e., privacy from government is not as comprehensively addressed.) Brief treatment of PETs (privacy enhancing technologies) and knowledge discovery.

2007-09-13

Option day. Your choice: Observe the holiday, flee campus football mania, join campus football mania, or attend Biometric Consortium Conference in Baltimore.

2007-09-18

Basics of computer organization. An overview of computer hardware and software organization, definition of terminology to be used in upcoming lectures on technology, initial description of ways these systems are vulnerable to invasions of privacy, initial description of how these systems facilitate greater mining of personal information on people.

2007-09-19

Movie Night! Sept 19 (wednesday), 6PM, 1115 AVW. "Enemy of the state" starring Will Smith and Gene Hackman. How much of that 1998 fiction is real today? Unlimited supply of popcorn provided while we study the question!

2007-09-20

Basics of computer organization II. More discussion about what are databases, how are they used, what is the "join" that helps turn data into information. What are cookies and how do they help connect data. Examples are given to illustrate using voting and campaign donation data, and underscore the key punch line: as our ability to deal with complexity of data increases, our ability to maintain personal privacy decreases. Assignment for next time: Find three "non-obvious" web sites that might expose personal data of interest to someone doing profiling, then write up an example (hypothetical is fine - you need not intrude on a real person's privacy for purposes of this exercise!) to illustrate how the combination of these data can paint a realistic picture of part of someone's life. Non-obvious means: the site was not already cited in the lecture, and does not advertise itself as an 'search' resource. Some obvious search resources will shortly be posted on this site in case they help you. Email your document to purtilo@cs.umd.edu before next class. (Best to include the string "HONR 239" in the subject line to help get through spam filters. It would be nice, but not necessary, if you sent by monday night so references can be collected and used in lecture on tuesday, thanks.)

2007-09-25

Odds and ends. Review and presentation of good links submitted as part of previous assignment, discussion of same. This starts to calibrate our expectations for what issues to look for in the coming weeks with guests coming to give presentations. With the same goal of calibrating our expectations of what to look for in the news, a sampling of articles recently saved on privacy topics is available here for at least temporary access and review. See if you agree that these topics are relevant or inspire you to consider researching the thread further in the form of your semester project.

2007-09-27

FOIA and MPIA. Brief history of Freedom of Information Act, and the several modifications to it over the years. Discussion of its scope, limitations, and practical use. Case study given, involving local elected officials. Same outline for Maryland Public Information Act, with scope and limitations identified. Several example applications sited. Guide to PIA.

Reading in preparation for this class: Find and read the Freedom of Information Act, and know something about its history and practical application. Same for the Maryland Public Information Act.

2007-10-02

Biometrics. Guest lecture by Jeff Dunn, Co-chairman of the Biometrics Consortium. Definition of "biometrics", overview of the spectrum of technologies used. Case studies of use with discussion of policy associated with each application area (government, private and commercial.)

Reading in preparation for this class: "Privacy and Biometrics: Building a Conceptual Foundation", NSTC Committee on Technology, 2006.

2007-10-04

Mid-term Exam. Open mind, closed book.

2007-10-09

Discussion. Questions from recent exam were reviewed in detail. Followup points raised by recent speaker were considered. Details of semester assignments are presented.

2007-10-11

The Economics of Information. Guest lecture by John Lott, University of Maryland. Discussion on a sequence of simple case studies introduce the notion that we can look to the market to telegraph the actual utility of policy decisions or folklore. (Auto insurance companies versus Lojack mandates, gasoline price fixing, expectations v. reality in used car market, salary comparisons of teachers from country to country.) This is no less true when the market concerns our personal information. Assignment: What might we learn about the value or utility of information policy based on indicators from the market? Applying the economic notions introduced by today's guest speaker, address this question in a short (approx two page) essay. What do we or could we learn about some information policy (pick your domain) based on whether the market? (Email to purtilo239 @ cs.umd.edu by end of the day on 15 October.)

2007-10-16

Identity Credentials. Guest lecture by Daniel Theunissen, Mitre Corporation.

The variety of either common or emerging credentialing systems is reviewed in detail. What is the RealID act, its extent of implementation and cost vs. benefits. How do identity credentials vary in technology, complexity or use depending on their role in government vs. commercial domains. (Slides)

Reading in preparation for this class:

• General ID cards, read down through "Arguments for" and "Arguments against"
• Form I-9, see last page "List of Acceptable Documents"
• Identity documents to obtain driver's license:
  Virginia
  District of Columbia
  Maryland
• News article on CA driver license forgeries
• ReadID FAQ
• Virginia RealID Task Force Report, read all paragraphs with "TASK FORCE RECOMMENDATION:"
• DHS subcommittee report on The Use of RFID for Human Identification, read Executive Summary
• Privacy and Security Blogs (recommended to read every day):
  Threat Level, Ryan Singel and Kevin Poulsen
  (Bruce) Schneier on Security
  Freedom to Tinker, Ed Felton
  Leadership Journal, Michael Chertoff

2007-10-17

Movie Night! October 17 (wednesday), 6PM, 1115 AVW. "Minority Report" starring Tom Cruise. In the future, criminals will be caught before the crimes they commit - or so suggests author Philip K. Dick in this sci fi thriller released in 2002. Unlimited supply of popcorn provided while we peek at a fanciful image of future, then ask: how much of that goal is possible using today's technology?

2007-10-18

Privacy and the Federal Government. Guest lecture by Charissa Smith, Mitre Corporation.

History of the Privacy Act's role and enforcement, with discussion of the interlocking missions of OMB, FTC and GAO with regard to privacy. Where are the opportunities for individuals to affect privacy policies. What is the process of proposing and approving a "system of records." What are the common ways personal information becomes inappropriately disclosed, and what safeguards are in place to preduce inappropriate disclosures. What are the similarities and differences of US privacy policy with respect to the European system or other systems in the world. (Slides)

Assignment in preparation for this class: Find and read the Privacy Act of 1974; find the FTC's website and determine what is the FTC's role privacy protection; and review the OMB's website, then prepare a short statement summarizing what is OMB's role in privacy protection.

2007-10-23

Privacy and Politics in Maryland. Guest lecture by State Senator David Brinkley. Discussion of impact on state policy from federal 9-11 response (privacy, budget, regulation). Legislative process and costs discussed, examples of state privacy-related bills reviewed to illustrate system. Leveraging speaker's experience as a licensed investment counselor, discussion of effect on commerce from post 9-11 rules on red-flagging suspicious behavior encountered in the course of doing business.

2007-10-25

Discussion Day. Quickstart quiz. Review and evaluate main points expressed by speakers to date. Revisit original hypothesis of the class, that "information is a weapon" - are we more or less inclined to believe this based on content so far? How so? What are the trends? Introduce discussion questions on medical records, foreshadowing of upcoming material to cover - what are costs versus benefits of disclosing certain kinds of medical information about people. At what point does a public service become an abuse of rights? Review class project proposals so far, and green-light the topic selections with tips on how to focus each. (Important: While not a requirement, we strongly and cheerfully suggest that you draft a short mission statement and outline of your topic, then bring it by Dr. Purtilo's office for individual discussion. Let's iterate on your research statement and refine it as you go along.)

2007-10-30

Banking as the Business of Information Intermediation. Guest lecture by Richard Riese, Director, Center for Regulatory Compliance, American Bankers Association. Recent history of banking laws and regulation, starting from role of the CRA as a response to disintermediation, and US v. Miller case in 1976, affirming that banks own client information. Overview of present information sharing obligations in financial institutions, emphasizing details of CTRs and SARs. Detailed case study of role these regulations played in a specific prosecution on terrorism. Slides available with the kind permission of our speaker.

Readings in preparation for this class:

• Interagency BSA Exam Manual: See in particular ...
  • Suspicious Activity Reporting at p. 60
    
  • Information Sharing at p. 86
    
  • Customer Identification and Customer Due Diligence at 45 and 56
• Proposal on Illegal Internet Gambling
• Summary of ID Theft Red Flag Rule

2007-11-01

Privacy and the War Against the New Totalitarianism. Guest lecture by Peter Huessy, President of GeoStrategic Analysis. Outline of topics presented is available.

Post class reflection: The timely article by Bill Gertz, Inside the Ring.

Reading in preparation for this class: Find and read the PATRIOT Act. Then review each of the following, which give a sense of just some of the many issues that flow from and relate to homeland security:

• The Patriot Act Reader, Fosenzweig, Kochems and Carafano (2004, Heritage Foundation).
• Fact Sheet: National Strategy for Homeland Security, President George Bush (October 9, 2007).
• National Strategy for Homeland Security, Homeland Security Council (October 2007).
• Listening For Terrorists: Surveillance Programs—Lessons Learned and the Way Ahead, Carafano, Gaziano, et al. (April 2007, Heritage Foundation).
• 9/11: Five Years Later--Gauging Islamist Terrorism, Brookes (September 2006, Heritage Foundation).
• The Senate Immigration Bill: A National Security Nightmare, Kobach (June 2007, Heritage Foundation).
• How to "Connect the Dots", Andrew McCarthy (January 13, 2006, National Review Online).
• FISA and Ordinary Crime, Andrew McCarthy (April 6, 2006, National Review Online).

2007-11-06

Private Detectives and Privacy: A Different Perspective. Guest lecture by Kathy Morris, President of Fax, Inc, and Legislative Chair for Maryland Investigators and Security Association (MISA). Slides are available.

Speaker-recommended web sites for research:

• United States Fleet Command
• Navy Freedom of Information Act
• Marine Freedom of Information Act
• Air Force FOIA
• Department of Defense FOIA (Army)
• Army Reference Library
• Pagebull - Visual Internet Search Engine
• Maryland State Commission on Criminal Sentencing Policy
• Delaware Court Records
• Canada Public Records
• Maryland Division of State Documents (COMAR - Regulations)
• Maryland Annotated Code (Statutory Law)
• Federal Rules of Civil Procedure re: Discovery and IT
• Department Of Homeland Security - Real I.D. Act
• Search Engine to locate - initially free
• The Official Blog of P.I.Magazine
• Free People Search
• Watchdog Group on Surveillance and Privacy Invasions by Gov. and Corps.
• Search Jobs, Company and People Profiles
• Learn How Many People have the Same Name

2007-11-08

Use of Information and Intelligence to Ensure Domestic Security. Guest lecture by Jerry Walsh, Director, Defense Domains, Office of the Assistant Secretary of Defense for Homeland Defense and Americas' Security Affairs. This talk is jointly hosted by the Intelligence Community Club at the University of Maryland.

2007-11-13

Discussion day. Recap of points raised by recent speakers - integrate their points into main topics of the class.

2007-11-15

Discussion day. Review of recent news related to privacy. Illustrate how one might analyze topical material and relate it to the main topics of the class. Assign two short writing exercises, to extend these points (due next time.)

2007-11-20

Discussion day. Get progress reports on term papers, review draft outlines, get group input on possible angles to try on each topic. Some discussion about technology and resources for doing the multi-media assignment. General cautions about the timeliness of getting PIA and FOIA requests submitted.

2007-11-22

Thanksgiving

2007-11-27

FISA, Homeland Security and Personal Information. Guest lecture by Congressman Wayne Gilchrest, Maryland's First Congressional District.

Readings suggested by speaker:
"Treacherous Alliance: The Secret Dealings of Israel, Iran, and the United States", by Trita Parsi.
"Silence of the Rational Center: Why American Foreign Policy Is Failing", by Stefan Halper and Jonathan Clarke.

2007-11-29

Spying on the Homefront. A Frontline video with subsequent discussion.

2007-12-04

Medical Care in the Era of HIPAA. Guest lecture by Grace Wiechman, Fellow, R&D Engineer, Boston Scientific CRM. Slides are available.

Readings in preparation for this class:

• HIPAA privacy rules, part 7 (start on page "82798" which is page 38 of 50) and part 8. Consider the commentaries on same.
• European Union privacy directive, the "Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data"

2007-12-06

From Myspace to Homeland Security: Privacy and the Totalitarian Urge. A rebroadcast of the talk by Cory Doctorow given 22 February 2007 at Duke University. This is an excellent example of progressing from (entertaining) exposition of technology through discussion of policy implications. Good stuff!

2007-12-11

Last day of class! Wrapup. Term papers, multi-media exercises and all FOIA/MPIA materials are due.

2007-12-18

Final exam. 1:30 - 3:30 PM in regular classroom.