Privacy in a Conflicted World

By Taber Shimono

Kevin Cahill
CST 373
3/14/2014
Shimono 1

In a previous paper, I was assigned to define what my personal concept of privacy was
and the circumstances of which it was formed throughout my life. One of the key factors that I
had mentioned that influenced my current definition was the tragedy of the World Trade Center
on September 11, 2001. Summarized, my view of privacy is that privacy must be respected
unless there is fairly substantial evidence pointing towards some action that will inflict harm on
another person. In this paper, I will attempt to compare my personal definition with the definition
of privacy from Amitai Etzioni's book The Limits of Privacy, published in 1999 using post
September 11 sources like Bill Tancer's book, Click.
If one read's Etzioni's book without reading the introduction, they would probably be a bit
confused with the message being conveyed. The main reason is because Etzioni wrote his book
to give the reader both sides of the argument. For example, in one of the chapters in his book, he
discusses the topic of virtual encryption. For this topic, the issue he brings up is the idea that US
would force companies to design a backdoor into the program to avoid hindering
investigations (81-82). The government would be able to simply input a password or some other
security measure and all encryption would be decrypted for them. He states for pros that if these
companies were forced to do this, this would make it easier for law enforcement to catch
criminals and even prevent some crimes (78-80). Another argument that he does not point out
that I would argue would be the point that if people do not have anything to hide, then it would
not matter if the government reads these online information transfers because there would be no
implications or arrests on these citizens. On the flip side however, he brings up arguments for the
con side of the argument, and not necessarily in direct contrast to pro arguments. One of the
points he brings up is the issue in the economical and practical realm, where companies would
Shimono 2

argue that if they were forced to put backdoors into their programs, users, both for good or
bad, would just simply purchase their foreign counterparts that have no intentional decryption
method due to the counter intuitive idea of having an already hacked encryption program (84).
The reason that he poses both sides of the issue at hand is not to confuse the reader, or
even to have the reader choose one side or the other necessarily. The reason for this is to show
the reader that both sides have valid points that need to be addressed, and therefore, some sort of
compromise needs to be made that balances the conflicting values of safety and privacy.
However, even with these arguments and reasons, I do not know if he even anticipated the
tragedy that would happen two years later on September 11. If he had, maybe he would have
tried to advocate that these issues needed to be taken into account quickly.
In the aftermath of the fall of the World Trade Center, the US quickly shifted its focus to
security over privacy. The intention of the government was to prevent another catastrophe like
this from ever happening again. One of the responses to increasing security was the
memorandum proposed to the FOIA (Freedom of Information Act) where the Attorney General
put an emphasis on the protection of national security, sensitive business information, and
personal privacy (Uhl 261). The memorandum specifically states that 'the Department of
Justice will defend your decisions unless they lack a sound legal basis or present an unwarranted
risk of adverse impact on the ability of other agencies to protect other important records' (261).
A more blunt way to phrase this memorandum is that all government agencies could classify and
censor any information that they wanted to unless there was not a law or court enforcement
directly opposing it or if their protection interfered with the protection of another agencies
information.
Shimono 3

Now this might not necessarily sound terrible innately, but once examined further, this
means that the government is able to censor information from the public as long as they are able
to justify a sound reason as to why it is being censored. If taken to the extreme, this could mean
that people would not even have knowledge as to what the government was doing, although
arguably most people never know that anyway. The government has already taken precautions to
keep information out of the public. The government has created large off limit areas for buildings
that are performing tasks and surveillance outside of the public realm (Priest & Arkin 10-11).
These buildings are teeming with security measures like security monitors, thermal cameras,
keypad access soundproof rooms, and even fidget monitors, all in the name of helping to catch
terrorists (11). These kinds of actions would make most people suspicious of what exactly the
government is doing behind these closed doors. Combine this with the leak of information from
Snowden, and that is a recipe for outrage and even further distrust for the government.
Last year, Snowden directly leaked information about the NSA's Internet espionage and
surveillance for the entire world to hear. As an employee of NSA, he was living a pretty good
life. With a secure job paying around $200,000 yearly as well as family and a girlfriend in
Hawaii, he voluntarily disclosed this information without withholding his name and fled to Hong
Kong (Greenwald, Askill, & Poitras 2). While he was staying in Hong Kong, he rarely left the
confines of the hotel that he was staying at and cracks and holes in his room were covered with
pillows to prevent eavesdropping (3). Whenever he connected to his computer, he would cover
his laptop and head with red cloth (3). The reason for all of these measures was because he knew
exactly what he was up against. He knew the organization, the country, and the technology that
was going to be used against him. However, despite these factors, he leaked the information
Shimono 4

because it went against his conscience, knowing that the government was trying to make every
single conversation known to only themselves (6). His reasons were not to cause harm though, as
the government may have tried to prove otherwise. He carefully looked over every document and
chose specific ones that would show what the government was doing without bringing harm (8).
The government says all of this is to catch terrorists and protect the common good of the
citizens of the United States, but the big problem is defining to what extent can these intrusions
go unquestioned. PRISM, one of the NSA's main programs, is one such program that has come
under scrutiny due to the leak of information about the NSA. This program is the one who has
been requesting conversations and data from big corporations such as Google and Verizon. The
information PRISM wants are all consumer conversations that are involved with anyone outside
of the US, whether it is a business that has outside sourcing, or just a conversation with a friend
in a foreign country (Greenwald & MacAskill 3). The irony is the organization itself cannot
directly do anything by itself in terms of acting on this information. It basically just takes
information from these private companies, without explicit permission to seize them, and passes
it to other agencies (5). Although it says that it is only watching foreign conversations, there is
nothing in the policy itself saying that it cannot watch domestic conversations as well (5). Not
only that, but for the information that the government does obtain, what information is defined as
relevant or important is completely up to the agency's subjective criteria, and therefore, is
difficult categorize as relevant or irrelevant (Pozen 25-26). Due to the subjective and dangerous
nature of this kind of information, even the courts are hesitant to delegate over how this
information should be classified and hand over all delegation on how to define and handle this
information to the agencies themselves, essentially handing unrestrained power over to one
Shimono 5

governing group of people (26). This is a clear violation of the original framework for the US
government because no check or balance would exist for these agencies who are now allowed to
do as they please.
There is now a bit of a calling for all information to be made private from the
government's intrusions, but the strange thing about this is that although these people are
opposed to having the government have their information, they are willing to give out this
information to anyone on the web itself. With social networking sites, people are posting all the
information that anyone could ever want, where they are at a given time in the day, what they are
currently doing, and even who they are currently with through tweets, photos, posts, and the like.
Of course, many people set their accounts to private so that only befriended people can see them,
but what many people do not understand is that anything posted to the Internet is up for grabs if
the person is knowledgeable enough about computers and software. As a result, some of these
people publicize too much information about their personal lives, even if it is private. As a result,
some cyberstalkers are able to gain more information on their targets that would normally not be
available to them (Barnes). Not only that, but some companies and schools have used these
social networks to monitor how employees/students behave outside of their professional
environment, and in some cases, have actually lead to reprimands or dismissal by these
establishments because of inappropriate or illegal behavior that have been captured and posted
on these types of sites (Barnes). In this case, the question is how far can these parties view and
use this private information before it is classified as intrusive, since technically this
information is being posted onto a public domain like the Internet. Individuals advocate that
companies and institutions should not be able to punish them for these types of incidents since
Shimono 6

they are the private lives of the individual and, therefore, out of the jurisdiction of these
institutions. The argument for the institutions is that these people are direct representatives of
themselves and, therefore, anything defaming or hurting the institution's reputation can be called
into account. This is still an issue being debated today, but this is not the only form of monitoring
that exists. Unfortunately for these people, not only are social sites being used to monitor
behavior, but pretty much all online activity is monitored by someone, and these would be data
miners.
The concept of data mining is not new according to Bill Tancer in his book Click. The
oldest forms of data collection can actually be dated back to the beginning of the existence of
humans. When people went to certain shops or trading partners, usually it was for a certain set of
items. If the same person kept going back to them for the same products, a person would
naturally be able to figure out a trend. Based off of this, they would then be able to market of
products that they believe would be in the consumer's general interest. Not only that, but
commerce is heavily based on this idea due to the nature of predicting the market. If the interest
of a certain item went up, then the market for that item would increase supply and prices in order
to not only meet the incoming demand, but to make the most profit from it as well. However, in
the past, this was a slow process, often taking years of experience, interactions, and lucky
guesses. With the Internet and the vast information that is literally available at their fingertips,
these types of trends and predictions can be made almost instantaneously, just by modeling
online behavior. However, these data miners can track everything that people do online, whether
it be something as harmless as searching for the next season's fashion trends or something more
risqu like visiting adult websites, everyone wants this information.
Shimono 7

With the movement of information from files and paper to online databases, the big issue
is how much information these databases hold and who has access to these databases. From
medical records to sign ups for grocery store member cards, information is constantly being
stored about consumers, whether they like it or not. Online shopping is no different either, and
arguably could be worse considering that credit card information needs to be transferred to the
company's database. This information provides revenue for the miners, companies, and the
government. With the demand for information, miners can just sit and gather information for
online traffic and make money by selling this information. For companies, they want this
information so that they can market more goods to consumers, either through direct purchases or
advertisements, or to perform background checks on potential employees. The government and
law enforcement wants this information in order to monitor potential threats to domestic security.
So with all this information, many people are concerned about the content of this information
that is being given mined.
In response to these issues, most professional data mining companies have some form of
regulations involved with their data mining processes and who views the data. One of the
methods that have been implemented to aid the privacy issues surrounding the analysis of data is
a process called selective revelation. This process works by trying to implement a security barrier
between the data and the analyst (Fienberg 150). The barrier is said to consist of three
components: inference control to prevent unauthorized users access to personal information,
access control to return sensitive information only to authorized users, and an immutable audit
trail so that those analyzing the data can be held accountable should a breach occur (150).
Problems that arise with this method are the definitions of who authorized and unauthorized
Shimono 8

users are and how the security measures for the barrier would be implemented (150).
Another issue that Etzioni discusses and is still in debate in the US today is the usage of
national ID cards. For the pro side of this argument, he states that if these cards were
implemented, safety would increase significantly while social and economic costs would
decrease (103-104). Many illegal activities could be either prevented or stopped should the
system be implemented. The ones that he explicitly states are tracking criminal fugitives,
tracking child abuse and sex offenders, income tax fraud, child support evasion, illegal gun sales,
illegal immigration, welfare fraud, social security fraud, and identity theft (104-110). The reasons
that this would aid these areas would be because these cards would store all identifying
information on these people much like a drivers license. These cards would also be tamper
proof, so one would not be able to modify any of the information stored on these cards. Not only
that, but when scanned, if there are any current arrest warrants for this person, authorities would
be able to track these people down much easier. However, Etzioni also points out arguments
against using these cards. One of the issues brought up is the idea of big brother being able to
constantly monitor people. If the government were to store all this data, personal information
about people could be accessed without their knowledge (121). Another reason is that they say
that this would encourage discrimination, since some people do not look like their own
nationality and some people are fooled, never knowing the difference (123). The implementation
of these cards would eliminate that factor, specifically in the employment realm (123). Another
factor that I think would come into play as well would actually be the points on Megans Law
that he discusses earlier in the book. If information on sex offenders were stored on these cards
as well, it would basically enhance the problem that Megans Law is addressing now. The
Shimono 9

problem with Megans Law is that it is a permanent mark on these people that will never go
away, much like a scarlet letter (58). This also brings up the issue with vigilantism against these
former sex offenders, which can often times harm other people instead of the actual offender and
harming either weighs the same in a court of law (64-65). The innate problem is that this law
seems to almost pose the idea of a person experiencing double jeopardy where, although they
have already been tried for an offense or offenses, they are being punished for the exact same
crime or crimes after serving their sentences (53). The level of privacy for these cards and laws
are still hazy and must be well defined before they can be successfully implemented, but that is
not easy.
With these issues coming to light in recent years, people are split between the never
ending tug of war between privacy and security. Although, in my opinion, the way that people go
about this argument a bit comical. On the side that is siding with data collection, their main
reason for going along with it is that they do not care if others have access to their information
because they have nothing to hide from them and can sometimes help. This seems more of an
apathetic approach to the argument because their reason is not based on the good and bettering of
society, but on the fact that they are too lazy to give any thought into the matter because it is not
directly affecting them. When I think of these people, my thought is that if guilt by association
happens when you are physically there for a crime, what happens if they are affiliated with
someone who performs a crime virtually because of tracking? On the other side, there are people
that are so blindly devoted to total privacy that my thoughts to them are things like would you
like to have a convicted felon live next door to you without your knowledge? To me, there has to
be some sort of balance between the two. However, the US is not the only country that is dealing
Shimono 10

with these types of privacy issues. Countries like China, Japan, and the European Union
(granted, a collection of countries) are dealing with these same types of issues.
For China, their idea of online privacy stems from their definition of privacy in the real
world. Prior to the late 1900s, there were only certain types of topics that were deemed private,
mostly ones concerning the government itself. This has shifted towards people being able to
invoke a right to privacy, no matter what the content of the conversation is (Yao-Huai 8) . In
other words, if one does not want to talk about something, all they have to say is that it is a
private matter, and the conversation must be dropped. This has even translated to children
invoking rights to privacy by parents having to get permission to enter their rooms or people
outside of marriage finding out about extramarital affairs (8). They have set up guidelines in how
online privacy should be conducted and protected. Their guidelines identify four primary ethical
principles. The first is the principle for respect, which basically means respect the privacy of
individuals (11). Second is the principle for consent, which means that data collectors must get
the consent of the people and tell them exactly what information is being collected (11). Third is
the principle of equilibrium, which means to balance personal privacy and public safety (11). In
order to do this, they record all conversations so that relevant organizations can check them to
ensure public safety (11). Lastly is the principle of social rectification, which is the idea that if
there is some infringement on privacy in a network, that society is responsible for rectifying the
problem in order to promote social peace and stability (11). This seems slightly different from
the US in the sense that data collectors must inform people about the information that is being
collected on them and that if privacy is invaded, it is society's job to fix it, but similar in the
sense that there needs to be a balance between privacy and safety and that all conversations are
Shimono 11

being monitored to deem whether or not it is a potential harm to society. China has its share of
problems, but how is a heavily Western influenced country like Japan handling this problem?
For Japan, the issue is no different, but the way that they are handling the situation is.
Japan's government has established the Private Information Protection Law which was supposed
to protect the individual's private information from government abuse (Abe 5). However, the law
was rewritten to protect the government from being scrutinized by media institutions for
unlawful actions. However, strangely enough, there is not a whole lot of outcry rallying to the
media's side. The reason behind it is that the people of Japan actually trust neither the media nor
the government, so they are doubtful of either side (5). The surveillance technology that has been
implemented in Japan has been introduced and used in situations where there was a criminal at
large, and therefore, public opinion was not necessarily against it (7-8). Due to this apathetic and
oblivious nature of the people towards both media and government, not to mention the way that
the laws are formed, most of the Japanese people just accept this situation for what it is and
choose to live with the reality (8-9). So China is somewhat similar to the US, Japan is reluctantly
accepting, but what about the western powerhouse known as the European Union?
In terms of privacy, the EU is very far ahead of all other countries in protecting the data
privacy of its citizens (Levin & Nicholson 374). The reason for this may be because of their right
to privacy in general has been outlined as a human right in their Convention for the Protection of
Human Rights and Fundamental Freedoms (374). Not only that but they have already
implemented technology like smart passports and Eurodac, a Europe-wide fingerprint ID system
(Levi & Wall 202). Long before the explosion of the Internet, the EU had already outlined a
basic data privacy policy that all information that was collected must be of a specific use and
Shimono 12

only for that use, individuals must be made aware of exactly what kind of information was going
to be collected, it must be stored and protected and only for the duration of the use of the
information, and individuals would have access to the information in order to correct it if
necessary (Levin & Nicholson 374-375). As the Internet gained popularity, the EU simply
translated these definitions over to online data policies where companies are now directly held
responsible for all information by regulated controls both before and after the use of the
information. Companies must also inform consumers when their data is used, the purpose, and
who is going to use it (376). Some forms of data cannot even be collected, such as religious
affiliations, health data, and political opinions (376). Their Privacy Directive also specifies that
consumers must be informed if their information is going to be shared with a third party for the
first time and be given the option to refuse the use or disclosure of the information (376). This
not only translates to domestic data, but to international as well. The Privacy Directive also says
that the EU Commission can ban data transfers to another country if that country does not have
sufficient data privacy protection (377).
Privacy is a difficult topic for anyone, especially when you have to consider the safety
and protection of society as a whole as well. Personally, I do not believe there will ever be a
perfect way to handle both sides at the same time because they are inherently opposing in nature.
I believe that the US needs to definitely take action and define what rights to privacy individuals
have and the government has on monitoring for the safety of the country. However, my
recommendation is not only to government, but to individuals as well. People today need to sit
down, do some research, and think about what they can do to stop posting too much information.
This can then lead to movements towards more privacy from government and data miners
Shimono 13

because people will be more educated and knowledgeable to the issues at hand. My opinion on
privacy still has not changed, which is that privacy needs to be respected unless probable cause is
found otherwise, but I know that even that statement is subjective as well. However, all countries
struggle with this argument, but if the people of the US were to educate themselves on the issues
and policies currently in place, I believe that this country could become a leader in the technical
realm not only in technology, but also in legal and political action.
Shimono 14

Works Cited
Abe, K. (2004). Everyday Policing in Japan Surveillance, Media, Government and Public
Opinion. International Sociology, 19(2), 215-231.
Barnes, S. B. (2006). A privacy paradox: Social networking in the United States. First Monday,
11(9).
Etzioni, A. (2008). The limits of privacy. Basic Books.
Fienberg, S. E. (2006). Privacy and confidentiality in an e-commerce world: Data mining, data
warehousing, matching and disclosure limitation. Statistical Science, 143-154.
Greenwald, G., & MacAskill, E. (2013). NSA Prism program taps in to user data of Apple,
Google and others. The Guardian, 7(6), 1-43.
Greenwald, G., MacAskill, E., & Poitras, L. (2013). Edward Snowden: the whistleblower behind
the NSA surveillance revelations. The Guardian, 9.
Levi, M., & Wall, D. S. (2004). Technologies, Security, and Privacy in the Post 9/11 European
Information Society. Journal of law and society, 31(2), 194-220.
Levin, A., & Nicholson, M. J. (2005). Privacy law in the United States, the EU and Canada: the
allure of the middle ground. U. OTTAWA L. & TECH. J., 2, 357.
Pozen, D. E. (2005). The mosaic theory, national security, and the freedom of information act.
The Yale Law Journal, 628-679.
Priest, D., & Arkin, W. M. (2010). Top Secret America--A Washington Post Investigation A
Hidden World, Growing Beyond Control The government has built a national security
and intelligence system so big, so complex and so hard to manage, no one really knows if
it's fulfilling its most important purpose: keeping. Washington Post.
Shimono 15

Tancer, B. (2008). Click: What millions of people are doing online and why it matters. Hyperion.
Uhl, K. E. (2003). Freedom of Information Act Post-9/11: Balancing the Public's Right to Know,
Critical Infrastructure Protection, and Homeland Security. Am. UL Rev., 53, 261.
Yao-Huai, L. (2005). Privacy and data privacy issues in contemporary China. Ethics and
Information Technology, 7(1), 7-15.