Difference between revisions of "Confidentiality of Online Data"

Revision as of 09:50, 18 April 2019

Confidentiality refers to a set of rules (usually contractual agreements) used to govern the sharing, exchange, and disclosure of information. In the internet realm, confidentiality, integrity and authenticity are the three major components of information security^[1][2] that inform policy decisions. As technology has become an important part in helping human’s with their everyday activities, the growing concern surrounding how an individual’s personal data is being used by corporations or other institutions resulting in the leaking and misuse of personal data. This increased concern with the protection of personal data has lead to the creation of many laws and legal actions in order to protect this information.

Overview

Though confidentiality was traditionally applied in the medical, defense, and legal fields; it is has evolved to govern interactions on the internet as well. On the internet, confidentiality applies to information shared, produced, or consumed on the web between entities. Confidentiality deals with the privacy of this information as it travels between two or more entities on the Internet. As the internet’s role as a platform for interaction continues to grow, the role of confidentiality between entities has gained more attention and been subjected to increasing scrutiny.

Background

Historically, policies and laws regarding confidentiality have been viewed through the lens of client interactions, primarily in the field of medicine. Medical consultation by its nature requires the divulgence of private and sensitive information to external entities and therefore requires a framework of rules and legal procedures to protect this information. This concept was later adopted by the legal system in the form of attorney-client privilege^[3] for similar reasons.

The internet has supplanted itself as one of the primary platforms of 21st-century interaction. The internet has replaced traditional physical interactions in many cases and has even created novel virtual ones. Interactions on such platforms have increasingly required the adoption of guidelines for confidentiality.

Philosophy

Just as is the case for any set of rules, norms or policies, confidentiality is fundamentally supported by philosophy and ethical theory. There is friction between the philosophical arguments underpinning confidentiality, and the ethical framework applied to confidentiality in practice.

Traditionally, confidentiality has been argued for in the vein of deontological ethics^[4], in which the morality of an action is judged based on the intrinsic nature of the action itself, as opposed to the consequences of said action. Philosophers from the time of Plato have argued that the right to privacy is one such intrinsically virtuous principle so any action to conserve this principle is in itself virtuous. In history, this has mostly been the guiding principle of ethics^[5], thought and policy regarding confidentiality and more broadly, privacy. However, in practice, this is not always the case. There are many situations in which state or other authorities have the power to break confidentiality agreements in order to further utilitarian benefits. This historical debate of the ethics of confidentiality has now extended to the internet in unforeseen ways.

Legal Cases

Apple - FBI

In December 2015, the terrorist attacks in San Bernardino, California re-invigorated the conversation about data confidentiality. In 2016-2017, Apple received and challenged more than ten court orders from the United States District Court for the Central District of California^[6] to assist in decrypting the work phones of the perpetrators of the attacks as well as creating a backdoor to Apple's Operating System to aid in future investigations^[7]. However, Apple argued that creating such a back door would be an unconstitutional violation of customers privacy and confidentiality, and set a dangerous precedent for future cases. CNBC reports^[8] that the FBI dropped the case as they had successfully found a 3rd party to assist with the decryption. Moreover, Apple released a statement that they will continue assisting FBI investigations as they have done while continuing to strengthen their security of user’s data.

Facebook - Cambridge Analytica

In early 2018, it was revealed that the Data Brokering company Cambridge Analytica mined millions of personal Facebook profiles, without the user's consent, potentially violating confidentiality and privacy agreements for their own use. Facebook has confirmed that the dataset contained more than 80 million users’ profiles. However, the legalities of said violation, are still being worked out. Though the information is proprietary data to Facebook according to their data policy^[9], CNN^[10] claims Facebook has violated agreements with the United Kingdom’s Information Commissions Officer under Britain’s data protection laws. Furthermore, this revelation proved to be a watershed moment in the public’s view of data privacy on the internet, sparking a novel and important conversation regarding the ethics of data privacy and confidentiality. Since March of 2018, when the news of CA’s dealings and practices first broke, there has been a drastic increase in mention of online data privacy and security, questions surrounding such ethics, and how our personal data is being accessed and used to influence our behaviors and actions.

Phone Carriers

In 2018, 4 of the largest U.S cell carriers were caught not only sending, but selling their customer's real-time location data to other companies.^[11] The companies to whom they sold data sold it on to others, the data could be potentially used to track anyone within seconds. The 4 cell carriers: Verizon, T-mobile, AT&T, and Sprint sold their customers private information to a company LocationSmart. LocationSmart would use the data to track down phone owners without their permission as well as leak the data. As the cell carries sold customers locations they effectively broke the phone owners confidentiality and their promise to protect customer data. They have since promised to stop sharing customer data after they were caught.It is now evident they have not stuck to their promise since user's location data is still being sold. Motherboard, Vice's website, is continuing to investigate this breach of confidentiality.

Ethics

Because the internet is primarily a platform of human interaction, it largely deals with proprietary data. From user’s private information to the company’s website usage information, even to specific Internet Service Provider's web traffic. Every aspect of the information on the internet is owned by some entity. The discrepancy between who owns the documentation of these interactions and the parties involved in the interactions is the source and roots of the evolving debate about informational ethics online.

Data Ownership

Throughout history, property ownership has consistently been a point of contention and debate. From copyright laws to intellectual property violations, ownership policies and laws are in constant need of revision. This is especially true in the case of online data ownership.^[12] Data on the internet includes photos, videos, messages and text uploaded by a user, usage statistics, websites visited and transactional information. Though this data is generated by users themselves, as of today, private companies on the internet that provide platforms for users have the right to dictate their own policies regarding the ownership of this data. New conversation regarding the ethics of such data ownership policies are beginning to take shape, resulting in policies that better preserve users interests such as the GDPR policy introduced in Europe ^[13]. Implemented on May 25, 2018, GDPR is a regulation that provides data protection and privacy for all individuals in the European Union, with the aim to provide individuals with control over their personal data, in addition to the simplification of regulation of international business, by placing the EU in control of such regulations.

Breach of Confidentiality

Expungement

Expungement in the age of social and mass media has grown into a debated topic in the realm of online data confidentiality. Laws on Expungement differ state to state, with some former criminals able to apply for expungement after 5 years from an encounter with the law. While the time frame for applicability varies, implementation can be slow and full expungement can take years. Expungement is granted to relatively few applicants each year, and when granted, usually takes longer to implement than the 5 year minimum for application.It can prove difficult to fully remove the records from the internet due to the development of data brokers. Data-brokers scrape the internet for records on individuals, storing that data and allowing companies and individuals to view backgrounds of whomever they desire. Often, these data-broking sites pull data on an individual once and fail to update individual records for years^[14]. It is possible for an individual with a first-time minor offense could be locked out of future employment opportunity due to the criminal background searches conducted via outdated data-brokers^[14]. The concern surrounding future employment among individuals applying for expungement is grave, as there can be as much as a 20% increase in employ-ability post-expungement as compared to pre-expungement^[15]. In certain cases, it should be and sometimes is, possible to remove oneself from Google searches, and data-brokers, online (called delinking). As Luciano Floridi describes, it is possible to remove oneself from Google within several European nations but as Florida argues, it should occur solely within national boundaries, not across international borders^[16]. Floridi argues that those searching for an individual through Google are almost always searching from within the same nation^[16], as is the case in the U.S. with employers looking at criminal records of almost exclusively U.S. citizens.

Justified Legal Breach

Medical guidelines state that medical professionals have the right to breach confidentiality when disclosing evidence of attempted or future serious self-harm, the harm of others, physical or mental abuse or neglect, or violation of other certain other laws.^[17]. However such guidelines do not exist for governing confidentiality of information online. Private companies create their own policies regarding data privacy and confidentiality, that can often differ quite drastically from one another. For example, Facebook's privacy policy^[18] indicates that they maintain the right to sell the data collected on their users, as opposed to Apple's privacy policy^[19] which does not. However, in the USA, all private companies are legally obligated to share information with authorities if a warrant or adequate criteria is presented.

Violation of Confidentiality

Legally unjustified violation of confidentiality can take place when a contract, agreement or policy is violated by either party in cases of non-extenuating circumstances. The penalty of such a violation can differ in intensity depending on the specific consequences and circumstances. Organizations such as the FTC^[20] play a major role in safeguarding customers against data breaches, in the form implementing policies, enforcing privacy and confidentiality laws and public education.

Ethics of breaches

Apart from legal justifications for maintaining the confidentiality of data, there are ethical and moral considerations as well. Though much of the data generated by users on the internet becomes proprietary data owned and used by the various platform and service providers on the internet, there is a tacit and at times explicit agreement to uphold the privacy of their users. As the internet continues to evolve, many of the traditional ethical frameworks have failed to keep up with the public’s changing interaction with information. However, philosophers and policy makers are beginning to reconsider the ethical ramifications of such ownership of information given the evolving role the internet plays in people’s lives. A study^[21] by MIT reveals that the average American spends around 23 hours on the internet per week. In his book Ethics of Information^[22], ethicists and philosopher Luciano Floridi^[22] argues for a re-utilization of the infosphere that we exist within and rethinking the policies and laws surrounding information.

See Also

References

1. ↑ “Information Security.” Wikipedia, Wikimedia Foundation, 7 Apr. 2019, en.wikipedia.org/wiki/Information_security.
2. ↑ “Confidentiality, Integrity, and Availability.” MDN Web Docs, developer.mozilla.org/en-US/docs/Web/Security/Information_Security_Basics/Confidentiality,_Integrity,_and_Availability.
3. ↑ Busby, John C. “Attorney-Client Privilege.” Legal Information Institute, Legal Information Institute, 15 Oct. 2018, www.law.cornell.edu/wex/attorney-client_privilege.
4. ↑ Alexander, Larry, and Michael Moore. “Deontological Ethics.” Stanford Encyclopedia of Philosophy, Stanford University, 17 Oct. 2016, plato.stanford.edu/entries/ethics-deontological/.
5. ↑ Mandal, Jharna, et al. “Utilitarian and Deontological Ethics in Medicine.” Tropical Parasitology, Medknow Publications & Media Pvt Ltd, 2016, www.ncbi.nlm.nih.gov/pmc/articles/PMC4778182/.
6. ↑ “Central District of California.” Central District of California | United States District Court, www.cacd.uscourts.gov/.
7. ↑ Moser, Robert, and Patrick McDonald. “The FBI & Apple Security vs. Privacy.” Ethics Unwrapped, ethicsunwrapped.utexas.edu/case-study/fbi-apple-security-vs-privacy#additional-resources.
8. ↑ Kharpal, Arjun. “Apple vs FBI: All You Need to Know.” CNBC, CNBC, 29 Mar. 2016, www.cnbc.com/2016/03/29/apple-vs-fbi-all-you-need-to-know.html.
9. ↑ “Data Policy.” Facebook, www.facebook.com/policy.php.
10. ↑ “Cambridge Analytica Scandal: Facebook Broke the Law and Faces Maximum Fine, UK Watchdog Says.” CNNMoney, Cable News Network, money.cnn.com/2018/07/10/technology/facebook-britain-ico-cambridge-analytica-fine/index.html.
11. ↑ Wittaker, Zack. “Despite Promises to Stop, US Cell Carriers Are Still Selling Your Real-Time Phone Location Data.” Techcrunch, Jan. 2019. https://techcrunch.com/2019/01/09/us-cell-carriers-still-selling-your-location-data/
12. ↑ Tisne, Martin. “It's Time for a Bill of Data Rights.” MIT Technology Review, MIT Technology Review, 18 Dec. 2018, www.technologyreview.com/s/612588/its-time-for-a-bill-of-data-rights/.
13. ↑ “The EU General Data Protection Regulation (GDPR) Is the Most Important Change in Data Privacy Regulation in 20 Years.” EUGDPR Home Comments, eugdpr.org/.
14. ↑ ^{14.0 14.1} Wayne, Logan Danielle. “THE DATA-BROKER THREAT: PROPOSING FEDERAL LEGISLATION TO PROTECT POST-EXPUNGEMENT PRIVACY.”
15. ↑ J.J., and Sonja B. Starr. “The Case for Expunging Criminal Records.” The New York Times, 20 Mar. 2019.
16. ↑ ^{16.0 16.1} Floridi, Luciano. “Should You Have The Right To Be Forgotten On Google? Nationally, Yes. Globally, No.” New Perspectives Quarterly, vol. 32, no. 2, 2015, pp. 24–29., doi:10.1111/npqu.11510.
17. ↑ Blightman, and Griffiths. “Patient Confidentiality: When Can a Breach Be Justified?” OUP Academic, Oxford University Press, 28 Aug. 2013, academic.oup.com/bjaed/article/14/2/52/271401.
18. ↑ “Data Policy.” Facebook, www.facebook.com/policy.php.
19. ↑ “Legal - Privacy Policy - Apple.” Apple Legal, www.apple.com/legal/privacy/en-ww/.
20. ↑ “Federal Trade Commission.” Federal Trade Commission, 9 Apr. 2019, www.ftc.gov/.
21. ↑ Condliffe, Jamie. “The Average American Spends 24 Hours a Week Online.” MIT Technology Review, MIT Technology Review, 23 Jan. 2018, www.technologyreview.com/the-download/610045/the-average-american-spends-24-hours-a-week-online/.
22. ↑ ^{22.0 22.1} “Main Menu.” Luciano Floridi | Philosophy of Information, www.philosophyofinformation.net/books/the-ethics-of-information/.