Confidentiality of Online Data

Confidentiality refers to a set of rules [usually contractual agreements] used to govern the sharing, exchange and disclosure of information. In the internet realm, Confidentiality, Integrity and Availability form the major factors that define information security and inform policy decisions.

Overview

Though confidentiality was traditionally applied in the Medical^[1], Defense and Legal fields, today it is has evolved to govern interactions on the internet as well. On the internet, confidentiality applies to information shared, produced or consumed on the web between entities. As the internet’s role as a platform for interaction continues to grow, the role of confidentiality between entities has gained more attention and scrutiny.

Background

Throughout history, policies and laws regarding confidentiality have been viewed through the lens of client interactions, primarily in the field of Medicine. Medical consultation by its nature requires the divulgence of private and sensitive information to external entities, and hence requires a framework of rules and legal procedures to protect this information. This was later adopted by the legal system commonly known as attorney-client privilege for similar reasons. The internet has supplanted itself as one of the primary platforms in which we interact with each other. Not only replacing traditional physical interactions, but creating novel human interactions, all of which have required a similar adoption of rules of confidentiality.

Philosophy

Just as is the case for any set of rules, norms or policies, confidentiality too is fundamentally supported by philosophy and ethical theory. However there is some friction between the philosophical arguments underpinning confidentiality, and the ethical framework applied to confidentiality in practice. Traditionally, confidentiality has been argued for in the vein of deontological ethics, in which the morality of an action is judge based on the intrinsic nature of the action itself, as opposed to consequences of said action. Philosophers from the time of Plato, have argued that the right to privacy is one such intrinsically virtuous principle, and hence any action to conserve this principle is in itself virtuous. In history this has mostly been the guiding principle of ethics, thought and policy regarding confidentiality and more broadly, privacy. However, in practice this is not always the case. There are many situations in which state or other authorities have the power to break confidentiality agreements in order to further consequentialist benefits. This historical debate of the ethics of confidentiality, has now extended to the internet in novel ways.

Ethics

Because the internet is primarily a platform of human interaction, it largely deals with proprietary data. From user’s private information, to company’s website usage information, to even ISP’s web traffic every aspect of information on the internet is owned by some entity.

Proprietary Data

Proprietary data is information owned and controlled solely by an individual or organization. In order to protect the privacy and interests of an individual or group, such data is governed by a set of rules and policies to prevent the breach or violation of data confidentiality.

Breach of Confidentiality

Justified Legal Breach

The policies and legalities of confidentiality breaching by authority establishments differ in countries. However in general, the state maintains the right to breach confidentiality in cases of disclosure of evidence of attempted or future serious self harm, harm of others, physical or mental abuse or neglect, or violation of other laws. Though these general rules apply mainly to doctor-patient and attorney-client interactions, similar rules have emerged for governing online interactions. On the internet confidentiality primarily applies to financial, security related or social media interactions. This confidentiality contracts too can be breached in such extenuating circumstances.

Violation of Confidentiality

Legally unjustified violation of confidentiality can take place when a contract, agreement or policy is violated by either party in cases of non-extenuated circumstances. The penalty of such a violation can differ in intensity depending on the specific consequences and circumstances. Organizations such as the FTC play a major role in safe guarding customers against data breaches, in the form implementing policies, enforcing privacy and confidentiality laws and public education.

==== Ethical breaches of confidentiality ====

Apart from legal justifications for maintaining confidentiality of data, there are ethical and moral considerations as well. Though much of the data generate by users on the internet becomes proprietary data owned and used by the various platform and service providers on the internet. There is a tacit and at times explicit agreement to uphold privacy of their users. As the internet continues to evolve, many of the tradition ethical frameworks have failed to keep up with the public’s changing interaction with information. However philosophers and policy makers are beginning to reconsider the ethical ramifications of such ownership of information given the evolving role the internet plays in people’s lives. A study by MIT reveals that the average American spends around 23 hours on the internet per week. In his book Ethics of Information, ethicists and philosopher Luciano Floridi argues for a re-ontolization of the infosphere that we exist within, and rethinking the policies and laws surrounding information.

Cases:

Apple - FBI:

In December 2015, the terrorist attacks in San Bernardino, California re-invigorated the conversation of data confidentiality. In 2016-2017, Apple received and challenged more than 10 court orders from the United States District Court for the Central District of California to assist in decryption the work phones of the perpetrators of the attacks as well as in creating a backdoor to the Operating System to assist in future investigations. However Apple argued that creating such a back door would be an unconstitutional violation of customers privacy and confidentiality, and moreover set a dangerous precedent for future cases. CNBC reports the FBI dropped the case as they successfully found a 3rd party to assist with the decryption. Moreover Apple released a statement that they have will continue assisting FBI investigations as they have done, while continuing th strengthen security of their user’s data.

Facebook - Cambridge Analytica

In early 2018, it was revealed that the Data Brokering company Cambridge Analytica mined millions of profiles of Facebook data, without users consent, potentially violating confidentiality and privacy agreements for their own use. Facebook has confirmed that the dataset contained more than 80 million users’ profiles. Though the legalities of such a violation are still ongoing. Though the information is proprietary data belonging to Facebook, Facebook has violated agreements with the United Kingdom’s Information Commissions Officer under Britain’s data protection laws. Furthermore, this revelation proved to be a watershed moment in the public’s view of data privacy on the internet, sparking a novel and important conversation regarding the ethics of data privacy and confidentiality.

References

{{{{{1}}}{{{2}}}|Pdf|Doc}} https://depts.washington.edu/bioethx/topics/confiden.html https://developer.mozilla.org/en-US/docs/Web/Security/Information_Security_Basics/Confidentiality,_Integrity,_and_Availability https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4778182/ https://en.wikipedia.org/wiki/Information_security https://www.cnbc.com/2016/03/29/apple-vs-fbi-all-you-need-to-know.html

1. ↑ Article in The New York Times