Skip to main content

Privacy vs. privacy

Lisa Ho, campus privacy officer | February 27, 2015

It’s common to see privacy pitted against security in the form of the question: “How much privacy are we willing to give up for security?” Some call the security vs. privacy debate a false choice, and suggest the debate is actually liberty vs. security, or liberty vs. control, or privacy vs. cooperation.

At UC Berkeley, we are replacing this longstanding polemic with a triptych of interrelated and overlapping terms: autonomy privacy, information privacy, and information security.

Using this new terminology, we are in the midst of reopening well-trodden deliberations about what monitoring controls should be allowed on the campus network. As we assess new technology options using this new language, we are also embarking on a new information risk-governance process.

We aim to carry these discussions from senior technologists in the server room to campus leadership, to engage in the difficult decisions around balancing the multiple and sometimes competing values and obligations of accountability, academic freedom, and transparency.

Terminology

The 2013 report of the University of California Privacy and Information Security Initiative (dubbed the PISI “peezee” Report) defined two types of privacy:

  • Autonomy privacy: an individual’s ability to conduct activities without concern of or actual observation, and
  • Information privacy: the appropriate protection, use, and dissemination of information about individuals.
  • Additionally, information security was defined as the protection of information resources from unauthorized access, which could compromise their confidentiality, integrity, and availability.
diagram

— from PISI Report

Information privacy and autonomy privacy conflicts

In the triptych model, it’s not a zero sum game between security and privacy. Information security supports, and is essential to, autonomy and information privacy. Yet regardless of different terms, the old conundrum remains that common best practices for protecting the information privacy of the students, employees, and other individuals who have entrusted personal information to the University can negatively impact on the autonomy privacy of the users of University networks and systems (sometime the very same individuals whose information privacy we are trying to protect).

For example, analyzing the location of users logging into campus systems might be considered an industry-standard best practice for identifying potentially compromised accounts. Logins from multiple countries simultaneously or within a short time span can be an indication of compromised credentials. Most users who are notified of the possible compromise are very thankful for the warning, others respond that they are travelling or provide some other explanation. The reason is not deemed pertinent to information-security operations, just whether or not it is expected. Additionally, if the location information is stored, it can be useful in determining attack patterns.

On the other hand, on a campus whose members regularly challenge institutions of power, politics, and social norms, storing such location tracking information can be viewed as a “chilling” invasion of autonomy privacy.

Autonomy privacy is an underpinning of academic freedom and is related to concepts such as the First Amendment’s freedom of association, anonymity, and the monitoring of behavior; for example, by identifying with whom an individual corresponds or by building a profile of an individual through data mining.

Academic and intellectual freedoms are values of the academy that help further the mission of the University. These freedoms are most vibrant where individuals have autonomy: where their inquiry is free because it is given adequate space for experimentation and their ability to speak and participate in discourse within the academy is possible without intimidation. Privacy is a condition that makes living out these values possible.   — PISI Report

Although the UC Statement of Privacy Values and Privacy Principles introduced in the PISI Report are recent additions to UC’s canon of ethics, the longstanding priorities from which they emanated are the basis of policy dating back to the year 2000. The UC Electronic Communications Policy (ECP) protects the privacy of electronic communications, including metadata and transactional data, from examination or disclosure without the holder’s consent (with limited exceptions). Because autonomy privacy protections are prone to slow and quiet erosion when weighed against immediate and monetarily costly information-privacy risks, this policy provides a thumb on the scale of autonomy privacy.

Yet, even if the ECP successfully controls access to this information to prevent abuse by campus entities, if we collect it, we do not have similar ability to guard against subpoenas or other requests by law enforcement or federal agencies, such as National Security Letters or subpoenas with gag orders. And there is little assurance that it would not be used to monitor the travel of a student from Iran, undocumented students participating in California DREAM Act programs, or Civil Rights activists agitating for African Americans’ right to vote.

What about the argument that the government has other ways to collect this information, so we are only handcuffing ourselves by not fully using the information? Until the social debate has concluded that such government surveillance is justified, collection by the University would seem to create a spiralling deterioration of protections. (If the University has travel information to detect compromised credentials, why shouldn’t the government have it, for example, to prevent domestic terrorism? If the government has it anyway, why shouldn’t the University keep it to protect security and infrastructure?)

Governance

Decisions about balancing the legal and moral obligations for data stewardship and information privacy against the mission-critical values of academic freedom and autonomy privacy ultimately need to be made by a broadly representative group of campus leaders entrusted to weigh the multiple costs, risks, and benefits to the institution and society and set the University’s vision. To this end, Berkeley’s newly minted Information Risk Governance Committee is poised to take on review of a slate of information-collection proposals in the coming months.

The PISI Report expresses my optimism (and trepidation) as the campus tackles not only approval or rejection of monitoring and/or collection of specific data elements, but also strives to define the principles and campus structures for solving these dilemmas: “How privacy is balanced against the many rights, values, and desires of our society,” it says, “is among the most challenging issues of our time.”

This post was originally published by EDUCAUSE to mark Data Privacy Month (Jan. 28-Feb. 28).

Comments to “Privacy vs. privacy

  1. Great article, it seems that the real concern is who has access to all this collected data, which various organizations can request it and how information can be legally used.

    Can the people you associate with be used to deny a visa, or be utilized by the IRS to pinpoint who to audit.

    We need more explicit communication from the government about which government organizations are allowed to get data about us and their legal use that data.

    Right now the government can get data about you and with a gag order that makes it so that you legally can’t know about it. Meaning, that the organization that provides the data can’t inform you that they have handed over your data.

    Maybe one day this comment will be used by an algorithm to put me on some list. Although, I hope that we don’t devolve to the paranoia of the McCarthy days, and try to make enemies of patriotic citizens.

    The other concern is that all this data that can be stolen and used by who knows who. That’s why I advocate awareness about the data we create and to exercise digital security best practices.

    Which is why I wrote an article about Internet safety and hacked email accounts.

    Hopefully, it can help you become more aware of digital security concerns.

    I also wrote a long answer about internet security on Quora, check out my answer – Digital Security Software and More Digital Security Tips

  2. The criminal violation of the privacy rights of 78.8 million Americans — probably by a foreign nation’s sophisticated hacking gang (see this article, for instance) is stunning in its scope and potential consequences and is a prime recent example of the cybercriminals that threaten all U.S. institutions including UC.

    In the physical world unauthorized entry is called “Trespassing” and is a crime when it has gone beyond an innocuous accidental incursion. And in the physical world the taking of private property a crime called “Theft/Burglary.” And in the physical world the plotting of an illegal activity is a crime called “Conspiracy.”

    So why is the word “crime” missing from this blog post? Why does a search for the word “crime” in the 47-page PISI report turn up zero matches? Why are cybercriminals treated so gently compared to the common criminals who daily clog the court system? What must change to be able to apprehend cybercriminals in foreign countries targeting U.S. institutions including UC?

Leave a Reply

Your email address will not be published. Required fields are marked *

Security Question * Time limit is exhausted. Please reload CAPTCHA.