Embed Size (px)
Citation preview
Privacy as contextual integrity
Helen NissenbaumNew York University
http://www.nyu.edu/projects/nissenbaum
September 6, 2007Ars Electronica, Linz
Support from: NSF ITR-0331542: Sensitive Information in a
Wired World.
Nissenbaum/Ars Electronica '07
the conundrum …
Nissenbaum/Ars Electronica '07
Privacy threats of IT and associated socio-technical
practices• Tracking and monitoring
RFID, EZ Pass, online-tracking, ISP “clickstream” monitoring, CCTV, biometrics, VSCS, auto “black boxes,” DRM, ubicomp, etc.
• Aggregation and analysis
databases, data warehouses, data mining, e.g. LM-Households. ChoicePoint, MATRIX, Census, Credit Bureaus, Rapleaf, etc.
• Publication online public records, e.g. court records,
Social networking sites, e.g. blogs, MySpace, Facebook, flickr, etc.
Nissenbaum/Ars Electronica '07
solutions?
Interest-based scuffles: “the privacy preference” vs. competing claims
Privacy a fundamental human right defined as:
Alan Westin: “the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others.”
Jeffrey Reimann: ”the condition under which others are deprived of access to you at their discretion.”
Michael Froomkin: “the ability to control the acquisition or release of information about oneself.”
Ruth Gavison:”limiting the degree of access others have to you via information, attention, or physical proximity.”
Nissenbaum/Ars Electronica '07
Invoke the private/public dichotomy
The private ~ a realm deserving privacy protection
The public ~ a realm not deserving privacy protection …anything goes?
Public and private what? … actors, realms, information
proves too much and too little
Nissenbaum/Ars Electronica '07
Intuitions, gut reactions …
do not reside primarily at the level of interest based scuffles (privacy is not merely a preference)
nor fully accounted by fundamental, (familiar) moral and political principles.
social contexts as unit of analysis for privacy
Nissenbaum/Ars Electronica '07
Privacy as Contextual Integrity
Contexts …Structured social settings (“Institutions”)Characterized by roles, relationships, power structures, canonical activities, strategies, norms (rules), enforcement mechanisms, and internal values (goals, ends, purposes)E.g. health-care, education, politics, religious observance
Nissenbaum/Ars Electronica '07
more about contexts…
Evolved over time in cultures and societies, subject to historical, cultural, geographic contingencies
May be nested, overlap, conflictMay be more or less explicit,
formalized, institutionalized (e.g. class clown vs judge)
May be more or less “complete”
Nissenbaum/Ars Electronica '07
Among the normscontext-relative Informational NormsIn a context, the flow of information of a certain type about a subject (acting in a particular capacity/role) from one actor (could be the subject) to another actor (in a particular capacity/role) is governed by a particular transmission principle.
key parameters: contexts, attributes, actors, transmission principles
Nissenbaum/Ars Electronica '07
Formal representation of an Informational Norm in Temporal Logic
From:A. Barth, A. Datta, J. Mitchell, and H. Nissenbaum, “Privacy and
Contextual Integrity: Framework and Applications,” Proceedings of the IEEE Symposium on Security and Privacy, Forthcoming 2006
QuickTime™ and aTIFF (LZW) decompressor
are needed to see this picture.
Nissenbaum/Ars Electronica '07
Transmission Principles** some examples:
Consent (subject controls)Notice (subject is/is not aware of
transmission) Compulsion (e.g. earnings to IRS)ConfidentialitySaleReciprocityEntitlement, desert Etc…
Nissenbaum/Ars Electronica '07
Descriptive power of CI
Contextual Integrity is preserved when informational norms of a context are respected; it is violated when any of the norms are breached.
~ When people complain, look for CI violations not preferences!
~ Surveillance is NOT always problematic~ Privacy is NOT control over information about oneself~ Privacy is NOT secrecy; it is appropriate flow
Nissenbaum/Ars Electronica '07
Is CI conservative?Is a violation of CI always a problem?
traditional wisdom, but …
Opportunity Costs“perhaps there is something better…”
Tyranny of the Normal “change can be liberating…”
Nissenbaum/Ars Electronica '07
How to evaluate challenges to entrenched norms??Two key steps …Moral and political considerations
Harm (e.g. stigma, discrimination, identity theft) Justice, balance of power, fair distribution of goods Freedom, autonomy, democracy, property
Countervailing considerations (security, efficiency, etc.)
Relation to values/goals of context healthcare (psychotherapy)
Friendship (Tripp/Lewinsky)Anonymity in democratic electionsTMN and websearch privacy; CASSIE in public librariesMobility on the roads (VSCS)
Nissenbaum/Ars Electronica '07
Technologies
“Cassie”
VSCS
Rapleaf, Choicepoint
Court records online
Nissenbaum/Ars Electronica '07
TMN: Lightweight Firefox plugin for “privacy through obfuscation”… site of resistance
Available at: http://mrl.nyu.edu/~dhowe/TrackMeNot/Or: https://addons.mozilla.org/enUS/firefox/addon/3173
Nissenbaum/Ars Electronica '07
Does CI have all the answers?
