Difference between revisions of "Confidentiality of Online Data"

Revision as of 22:47, 30 March 2019

Confidentiality refers to a set of rules [usually contractual agreements] used to govern the sharing, exchange and disclosure of information. In the internet realm, confidentiality, integrity and availability are the major components of information security^[1][2] that inform policy decisions.

Overview

Though confidentiality was traditionally applied in the medical^[3], defense and legal fields, today it is has evolved to govern interactions on the internet as well. On the internet, confidentiality applies to information shared, produced or consumed on the web between entities. As the internet’s role as a platform for interaction continues to grow, the role of confidentiality between entities has gained more attention and been subjected to increasing scrutiny.

Background

Historically, policies and laws regarding confidentiality have been viewed through the lens of client interactions, primarily in the field of medicine. Medical consultation by its nature requires the divulgence of private and sensitive information to external entities, and therefore requires a framework of rules and legal procedures to protect this information. This concept was later adopted by the legal system in the form of attorney-client privilege^[4] for similar reasons.

The internet has supplanted itself as one of the primary platforms of 21st century interaction. The internet has replaced traditional physical interactions in many cases, and has even created novel virtual ones. Interactions on such platforms have increasingly required adoption of guidelines for confidentiality.

Philosophy

Just as is the case for any set of rules, norms or policies, confidentiality is fundamentally supported by philosophy and ethical theory. However there is some friction between the philosophical arguments underpinning confidentiality, and the ethical framework applied to confidentiality in practice.

Traditionally, confidentiality has been argued for in the vein of deontological ethics^[5], in which the morality of an action is judged based on the intrinsic nature of the action itself, as opposed to the consequences of said action. Philosophers from the time of Plato have argued that the right to privacy is one such intrinsically virtuous principle so any action to conserve this principle is in itself virtuous. In history this has mostly been the guiding principle of ethics^[6], thought and policy regarding confidentiality and more broadly, privacy. However, in practice this is not always the case. There are many situations in which state or other authorities have the power to break confidentiality agreements in order to further utilitarian benefits. This historical debate of the ethics of confidentiality, has now extended to the internet in unforeseen ways.

Ethics

Because the internet is primarily a platform of human interaction, it largely deals with proprietary data. From user’s private information, to company’s website usage information, to even ISP’s web traffic. Every aspect of information on the internet is owned by some entity. The discrepancy between who owns the documentation of these interactions and the parties involved in the interactions is the source of the issue of informational ethics online.

Data Ownership

Throughout history, property ownership has consistently been a point of contention and debate. From copyright laws, to intellectual property violations ownership policies and laws are in constant need of revision. This is especially true in the case of online data ownership^[7]. Data on the internet includes photos, videos, messages and text uploaded by a user, usage statistics, websites visited and transactional information. Though this data is generated by users themselves, as of today, private companies on the internet that provide platforms for users have the right to dictate their own policies regarding the ownership of this data. New conversation regarding the ethics of such data ownership policies are beginning to take shape, resulting in policies that better preserve users interests such as the GDPR policy introduced in Europe ^[8].

Breach of Confidentiality

Justified Legal Breach

Medical guidelines state that medical professionals have the right to breach confidentiality when disclosing evidence of attempted or future serious self harm, harm of others, physical or mental abuse or neglect, or violation of other certain other laws.^[9]. However such guidelines do not exist for governing confidentiality of information online. Private companies create their own policies regarding data privacy and confidentiality, that can often differ quite drastically from one another. For example, Facebook's privacy policy^[10] indicates that they maintain the right to sell the data collected on their users, as opposed to Apple's privacy policy^[11] which does not. However, in the USA, all private companies are legally obligated to share information with authorities if a warrant or adequate criteria is presented.

Violation of Confidentiality

Legally unjustified violation of confidentiality can take place when a contract, agreement or policy is violated by either party in cases of non-extenuating circumstances. The penalty of such a violation can differ in intensity depending on the specific consequences and circumstances. Organizations such as the FTC^[12] play a major role in safeguarding customers against data breaches, in the form implementing policies, enforcing privacy and confidentiality laws and public education.

Ethics of breaches

Apart from legal justifications for maintaining confidentiality of data, there are ethical and moral considerations as well. Though much of the data generated by users on the internet becomes proprietary data owned and used by the various platform and service providers on the internet, there is a tacit and at times explicit agreement to uphold privacy of their users. As the internet continues to evolve, many of the tradition ethical frameworks have failed to keep up with the public’s changing interaction with information. However philosophers and policy makers are beginning to reconsider the ethical ramifications of such ownership of information given the evolving role the internet plays in people’s lives. A study^[13] by MIT reveals that the average American spends around 23 hours on the internet per week. In his book Ethics of Information^[14], ethicists and philosopher Luciano Floridi^[15] argues for a re-ontolization of the infosphere that we exist within, and rethinking the policies and laws surrounding information.

Cases

Apple - FBI

In December 2015, the terrorist attacks in San Bernardino, California re-invigorated the conversation about data confidentiality. In 2016-2017, Apple received and challenged more than 10 court orders from the United States District Court for the Central District of California^[16] to assist in decrypting the work phones of the perpetrators of the attacks as well as in creating a backdoor to Apple's Operating System to assist in future investigations^[17]. However Apple argued that creating such a back door would be an unconstitutional violation of customers privacy and confidentiality, and set a dangerous precedent for future cases. CNBC reports^[18] that the FBI dropped the case as they had successfully found a 3rd party to assist with the decryption. Moreover Apple released a statement that they will continue assisting FBI investigations as they have done, while continuing to strengthen security of their user’s data.

Facebook - Cambridge Analytica

In early 2018, it was revealed that the Data Brokering company Cambridge Analytica mined millions of profiles of Facebook data, without users consent, potentially violating confidentiality and privacy agreements for their own use. Facebook has confirmed that the dataset contained more than 80 million users’ profiles. However, the legalities of said violation, are still being worked out. Though the information is proprietary data to Facebook according to their data policy^[19], CNN^[20] claims Facebook has violated agreements with the United Kingdom’s Information Commissions Officer under Britain’s data protection laws. Furthermore, this revelation proved to be a watershed moment in the public’s view of data privacy on the internet, sparking a novel and important conversation regarding the ethics of data privacy and confidentiality.

See Also

Privacy in the Online Environment

Cambridge Analytica

Facebook Privacy policy

References

1. ↑ https://en.wikipedia.org/wiki/Information_security
2. ↑ https://developer.mozilla.org/en-US/docs/Web/Security/Information_Security_Basics/Confidentiality,_Integrity,_and_Availability
3. ↑ https://depts.washington.edu/bioethx/topics/confiden.html
4. ↑ https://www.law.cornell.edu/wex/attorney-client_privilege
5. ↑ https://plato.stanford.edu/entries/ethics-deontological/
6. ↑ https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4778182/
7. ↑ https://www.technologyreview.com/s/612588/its-time-for-a-bill-of-data-rights/
8. ↑ https://eugdpr.org/
9. ↑ https://academic.oup.com/bjaed/article/14/2/52/271401
10. ↑ https://www.facebook.com/policy.php
11. ↑ https://www.apple.com/legal/privacy/en-ww/
12. ↑ https://www.ftc.gov/
13. ↑ https://www.technologyreview.com/the-download/610045/the-average-american-spends-24-hours-a-week-online/
14. ↑ http://www.philosophyofinformation.net/books/the-ethics-of-information/
15. ↑ http://www.philosophyofinformation.net/
16. ↑ https://www.cacd.uscourts.gov/
17. ↑ http://ethicsunwrapped.utexas.edu/wp-content/uploads/2016/10/21-The-FBI-Apple-Security-vs.-Privacy.pdf
18. ↑ https://www.cnbc.com/2016/03/29/apple-vs-fbi-all-you-need-to-know.html
19. ↑ https://www.facebook.com/policy.php
20. ↑ https://money.cnn.com/2018/07/10/technology/facebook-britain-ico-cambridge-analytica-fine/index.html