Privacy and Surveillance Technology ZiF Centre for Interdisciplinary Research

Interdisciplinary Perspectives University of Bielefeld, Germany

February 10 - 11, 2006

Gordana Dodig-Crnkovic

Department of Computer Science

and Electronics

Privacy and Protection of

Mälardalen University
Sweden Personal Integrity
in the Working Place

http://www.idt.mdh.se/~gdc

1
 CONTENTS

 INTRODUCTION
 PRIVACY DEFINITIONS
 MONITORING AND SURVEILLANCE
 SURVEILLANCE TOOLS
 LEGISLATION
 WHOSE RESPONSIBILITY?
 THE UNIVERSAL CORE VALUES FOUND ACROSS CULTURES
 TRUST AND WORKPLACE PRIVACY
 INVENTING SOCIALLY DANGEROUS TECHNOLOGY
 ETHICS OF TRUST
 LEGITIMACY BY DESIGN AND TRUSTWORTHY COMPUTING
 CONCLUSIONS

2
 PRIVACY

Privacy is a fundamental human right recognized

in all major international agreements regarding
human rights such as Article 12 of the
Universal Declaration of Human Rights (United
Nations, 1948).

3
 WHAT I LEARNED THUS FAR?

 Michael: privacy as a social construct

 Vincent: if humans are not involved, privacy can not be breached

 Philip: privacy operationalized – how to do something

 Nadia: radical translation? ”privacy” its meaning in post 9/11, balancing or managing
priorities

 Nuala: Identity question at the core of the problem – establishing identity

 Charles Raab: public policy perspective – need for more academic research
alongside action research – privacy as a public good, essential for society at large,
not only for an individual

4
 PRIVACY

One of characteristics of private is it is not official.

Nevertheless, we expect a certain degree of

privacy even in the most official situations.

5
INTRODUCTION

Disappearance of boundaries between private and

professional life:
- ubiquitous computing and
- ambient intelligence

Privacy protection vs. surveillance of employees

6
MONITORING AND SURVEILLANCE TOOLS

 Closed Circuit Television (CCTV)

 Night vision system
 Smart cards
 Telephone taps
 Computer usage (E-mail monitoring, Internet
monitoring and filtering, instant message
monitoring, keystroke logging)
 Cellular radio/Satellite interception
 Radio Frequency Identification (RFID)
 Location monitoring
 ...

7
COMPUTERS AS TOOLS FOR MONITORING
AND SURVEILLANCE

 Storage
 Searching,
 Sorting,
 Simulation

– the four basic S’s of computing technology makes

it unprecedented tools for monitoring and
surveillance

8
 Face
 Fingerprint / Palm Print
 Hand and Finger Geometry
 Handwriting
 Iris
 Voice/Speaker
 Retinal
 Multimodal

9
SPECIFIC METHODS OF WORKER SURVEILLANCE

Packet-sniffing software can intercept, analyze, and archive

all communications on a network, including employee e-
mail, chat sessions, file sharing, and Internet browsing.
Employees who use the workplace network to access
personal e-mail accounts not provided by the company
are not protected. Their private accounts, as long as
they are accessed on workplace network or phone lines,
can be monitored.

Keystroke loggers can be employed to capture every key

pressed on a computer keyboard. These systems will
even record information is typed and then deleted.

Phone monitoring is pervasive in the American workplace as

well. Some companies employ systems automatically
monitor call content and breaks between receiving calls.

10
SPECIFIC METHODS OF WORKER SURVEILLANCE

Video surveillance is also widely deployed. In a number of

cases, video surveillance has been used in employee
bathrooms, rest areas, and changing areas.

Video surveillance, might be acceptable where the camera

focuses on publicly-accessible areas. However,
installment in areas where employees or customers
have a legitimate expectation of privacy, such as inside
bathroom stalls, can give the employee a cause of
action under tort law.

11
SPECIFIC METHODS OF WORKER SURVEILLANCE

"Smart" ID cards can track an employee's location while

she moves through the workplace. By using location
tracking, an employer can even monitor whether
employees spend enough time in front of the
bathroom sink to wash their hands. New employee
ID cards can even determine the direction the
worker is facing at any given time.

Psychometric or aptitude testing to evaluate potential

employees: Such tests purport to assess
intelligence, personality traits, religious belief,
character, and skills.

12
SPECIFIC METHODS OF WORKER SURVEILLANCE

Telecommuting

Employees who labor remotely from the

workplace encounter different privacy
challenges. For instance, how can the
employer monitor the employee's home
without impinging upon non-work-related
activities?
What limits are there to prevent
surveillance of the employee during off-
hours? What about information collected
about non-employee family members
who may use work equipment?

http://www.epic.org/privacy/workplace/

13
LEGISLATION

The Universal Declaration of Human Rights

– Article 12

“No one shall be subjected to arbitrary

interference with his privacy, family, home
or correspondence, nor to attacks upon
his honour and reputation. Everyone has
the right to the protection of the law
against such interference or attacks.”

UN’s International Covenant on Civil and

Political Rights (ICCPR)

14
LEGISLATION

The Council of Europe's 1981 Convention for

the Protection of Individuals with regard to
the Automatic Processing of Personal Data

The Organization for Economic Cooperation

and Development's Guidelines Governing
the Protection of Privacy and Transborder
Data Flows of Personal Data

15
LEGISLATION

PRIVACY AND HUMAN RIGHTS Report

Personal Information must be:
obtained fairly and lawfully,
used only for the original specified purpose,
adequate, relevant and not excessive to purpose,
accurate and up to date, and
destroyed after its purpose is completed

16
FAIR INFORMATION PRACTICES APPLIED BY
INTERNATIONAL LABOUR ORGANIZATION

Employees should have notice of data collection processes.

Data should be collected and used lawfully and fairly.
Employers should collect the minimum necessary data required for
employment.
Data should only be collected from the employee, with informed consent.
Data should only be used for reasons directly relevant to employment, and
only for the purposes for which the data were originally collected.
Data should be held securely.
Workers should have access to data.
Data should not be transferred to third parties absent consent or to comply
with a legal requirement.
Workers cannot give up their privacy rights.
Medical data is confidential.
Certain data, such as sex life and political and religious beliefs, should not
be collected.
Certain collection techniques, such as polygraph testing, should be
prohibited.
17
WORKPLACE PRIVACY ISSUES

Fair information practices in relation to employee

personal data, especially in relation to:
application of OECD Guidelines-conformant principles
and processes;
care with sensitive data, such as medical information;
balanced procedures in relation to evaluative materials;

Surveillance of activities using employer-provided

facilities:
at the level of keystroke-rate;
at the level of application usage;
traffic analysis (e.g. telephone-numbers called and called
from, email correspondents, web-sites visited)
content analysis (e.g. email messages and telephone
converstions, content of web-pages visited);

Fair dealings by employers (trustworthiness). A

fundamental concern has been that the behaviour
of some employers is inconsistent with their policy
statements, e.g. some state that they do not
monitor, when in fact they do;

18
WORKPLACE PRIVACY ISSUES

Intrusions into privacy of the person, such as:

substance-abuse testing;
polygraph ('lie-detector') testing;
...
Intrusions into privacy of personal behaviour,
such as:
audio surveillance;
telephone-number monitoring;
telephone conversation monitoring;
video surveillance;
...

19
WHOSE RESPONSIBILITY?
AGENCY AND SURROGATE AGENCY

The layers of trust, Kainulainen (2001):

 Individual - machine
 Individual - individual
 Individual - (machine) - individual
 Individual - identifiable small groups (social aspect)
 Individual - groups/organizations (authority, higher
levels of hierarchy and abstraction)
 Group – group

Johnson and Powers (2004) study the problem of the

responsibility of (autonomous) agents which are
used as role or "surrogate" mediators

20
 WHY VALUE PRIVACY?
PRIVACY AND DEMOCRACY

In intruding on privacy, which is closely

related to freedom and autonomy,
surveillance can be considered to have,
ultimately, a negative effect on
democracy.

21
THE UNIVERSAL CORE VALUES
FOUND ACROSS CULTURES

 Caring for children;

 Trust;
 Prohibitions against murder.
having the following effects:
 Assuring the continuity of population in terms of
number of individuals and ways of behavior;
 Respecting the commonly accepted set of rules,
which provides predictability and stable
relationships;
 Preventing the extinction of the population.
(Lawrence M. Hinman, University San Diego)

22
TRUSTWORTHINESS AND WORKPLACE PRIVACY

Parallels between Computer Ethics and Medical

Ethics:
Francis (1993) in the section ‘Ethics of Trust vs.
Ethics of Rights’ discusses autonomy, informed
consent and the rights of patients.

Basically, the relation between a specialist and a lay-

person is of power and subjection and must be
grounded on mutual trust.

23
THE DESIGN OF COMPUTER SYSTEMS

Historically an unconditional trust on the

part of the general public in the inherent
goodness of technology has been
shown to be unwarranted.

24
THE DESIGN OF COMPUTER SYSTEMS

The design of computer systems has not

historically been organized in a democratic
way. Designers and users have had little
interaction, and users have had little control
over the resulting systems, except perhaps
through the indirect routes available to
them through resistance in the workplace
and the refusal to purchase relatively
unusable systems for their own use.

25
THE DESIGN OF COMPUTER SYSTEMS

Yet over the last ten or twenty years, a growing

movement, originating in Scandinavia but now
increasingly influential in other industrialized
countries, is attempting to reform the design
of computer systems in a more democratic
direction (Bjerknes, Ehn, and Kyng 1987,
Schuler and Namioka 1993).
Agre (1994)

26
THE DESIGN OF COMPUTER SYSTEMS

“Technology can go a long way toward

protecting the privacy of individuals,
but we also need a legal framework to
ensure technology isn't outlawed
(Bernstein:
http://www.eff.org/bernstein/.) We can't
protect privacy through case law, and
self-regulation hasn't worked.”

Deborah Pierce

27
INVENTING SOCIALLY DANGEROUS
TECHNOLOGY

1. Build it as safe as you can, and build

into it all the safeguards to personal
values you can imagine.

2. Tell the world at large you are doing

something dangerous.”
Weiser, 1995

28
CODES OF ETHICS
(Primarily Targeting Designers)

 ACM (Association for Computing

Machinery)
 BSC (British Computer Society)
 IEEE (Institute of Electrical and
Electronics Engineers)
 DataForum
 CF (Civilingenjörsförbundet)

29
A PRIVACY CULTURE

Whether or not privacy is protected by law or

contract, fostering a workplace culture
where privacy is valued and respected
contributes to healthy human relations,
and makes good business sense.

30
LEGITIMACY BY DESIGN AND
TRUSTWORTHY COMPUTING

The first phase of the intentional design for

democracy is the explication of the
embedded moral significance of ICT while
the next is the development of the
corresponding technology (Yu and
Cysneiros, 2002).

The existing analyses of the state of the art of

privacy issues worldwide (fifty countries in
http://www.gilc.org/privacy/survey) bear
witness to how much work remains to be
done.

31
LAYERS OF TRUSTWORTHINESS

 Trust in the intent of designers 　

 Trust in the quality of workmanship 　
 Trust in the users 　

32
ETHICS OF TRUST

“Trust is like the glue holds society

together -- without it, we crumble
into tiny isolated pieces collide
randomly with one another. In a
world without trust, individuals
cannot depend on one another; as a
result, individuals can only be out
for themselves.”
Hinman (2002)

33
CONCLUSIONS

TRUSTWORTHINESS must be established in the

use of ICT, where both users and the technology
will be trustworthy.

This in the first place presupposes the INFORMED

CONSENT of all the parties involved.

This trust must be established GLOBALLY because

the data contained in networked computers
virtually knows no boundaries.

34
 References

Gordana Dodig-Crnkovic Privacy and Protection of

Personal Integrity in the Working Place
Privacy and Surveillance Technology
Interdisciplinary Perspectives - Workshop at ZiF
Centre for Interdisciplinary Research, University
of Bielefeld, Germany, February 10 - 11, 2006

Gordana Dodig-Crnkovic, Virginia Horniak

Good to Have Someone Watching Us from a
Distance? Privacy vs. Security at the Workplace;
Ethics of New Information Technology,
Proceedings of the Sixth International
Conference of Computer Ethics: Philosophical
Enquiry, CEPE 2005
July 17-19, 2005, University of Twente,
Enschede, The Netherlands ; Brey P,Grodzinsky
F and Introna L. Eds. http://cepe2005.utwente.nl/
35
 The Ethics of Workplace Privacy
Sven Ove Hansson and Elin Palm
Peter Lang Bruxelles 2005

In recent years, new and more intrusive surveillance technology has found its way into workplaces. New
medical tests provide detailed information about workers' biology that was previously unthinkable. An
increasing number of employees work under camera surveillance. At the same time, computers allow for a
detailed monitoring of our interactions with machines, and all this information can be electronically stored
in an easily accessible format. What is happening in our workplaces? Has the trend towards more humane
workplaces been broken? From an ethical point of view, which types and degrees of surveillance are
acceptable, and which are not? From a policy point of view, what methods can be used to regulate the use
of surveillance technology in workplaces?
These are some of the questions that have driven the research reported in this book. Written by an
interdisciplinary group of researchers in Computer Ethics, Medical Ethics and Moral Philosophy, this book
provides a broad overview that covers both empirical and normative aspects of workplace privacy.

A. J. Westregård, Integritetsfrågor i arbetslivet (Personal Privacy and the Workplace)

PhD Thesis, Date of issue: 2002-09-13 Lund University

36