The University of Maine


Calendar  |  Campus Map  | 

About UMaine | Student Resources | Prospective Students
Faculty & Staff
| Alumni | Arts | News | Parents | Research

 President's Messagedivision
 Student Focusdivision
 Lasting Impressiondivision
 UMaine Foundationdivision
 On the Coverdivision

November / December 2004

 Current Issuedivision
 About UMaine Today
 Past Issues
Subject Areasdivision
 UMaine Home



I Spy


I Spy
How do you keep personal information private amid ever-increasing information-gathering capabilities of new technologies?

Links Related to this Story

Every day, with a phone call, a click of a mouse, or a beep of an automatic teller machine, Americans give away more personal details about themselves than ever before. From our buying habits and financial status to our children's names and the books we read, information once considered private has become part of a digital data mecca for businesses and government.

Increasingly, corporations use personal information databases to target marketing activities, calculate insurance risks, manage employees and make loans. Government agencies that traditionally collect data to ensure that we keep licenses current, obey the law and pay our taxes are now under pressure to expand their information-gathering activities in the wake of 9/11. Controversial examples include an airline passenger database, face recognition software, and the Pentagon's Total Information Awareness project.

Just how much private information is really available? Today, for a fee, Web sites will search databases that include real estate records, voter registration, phone records, magazine subscriptions and changes of address. Sites promise to find cell and unlisted phone numbers, peruse military records or "find the dirt" in criminal files.

Wait a minute. Is this really legal? Can't individuals control the accumulated details of their own lives?

Although the United States has a tradition of protecting many individual freedoms, says lawyer Harlan Onsrud, there is no broadly encompassing right to control or limit personal electronic information collected by others. The playing field is thus tilted in favor of those who collect and sell such information as though it were a commodity like grain or pork bellies.

The issue is complicated by a tradition of openness in American society. Access to information, some of it personal, is a hallmark of the court system, media and local government. Even in our public libraries, people have free use of the books, CDs and videos; it's also in these hallowed halls of information access that many librarians have taken a stance against opening their lending databases to scrutiny in the name of homeland security.

With the latest advances in information technology, the question, says Onsrud, is how to keep the control of one's "private" information in the hands of that individual. (Just where the line is between information traditionally considered private and intimate knowledge for the sake of national security is a whole other discussion.)

Onsrud, a professor in the Department of Spatial Information Science and Engineering at the University of Maine, focuses on legal issues related to information systems. With fellow faculty member Silvia Nittel, he hosted a recent research workshop on location privacy to investigate technological, legal and institutional approaches that would give users greater control over the collection, use and storage of information from the electronic devices they use and sensors to which they may be subjected.

Simultaneously, the researchers want to preserve the open information marketplace of American society. Their goal is to restore a balance in social policies to the benefit of both privacy and the marketplace.

"We really do want the marketplace to be effective and efficient," says Onsrud. "We also want to protect privacy. The assumption here is that by protecting privacy, you can make the market grow. My argument has been that information industries can offer more services and make far more money by advancing technological approaches that give consumers direct control over information about them."

In essence, he says, personal information security can give consumers confidence to use new technologies without fearing an invasion of their privacy.

Onsrud and others have proposed that information technologies be designed to automatically include a standard licensing agreement, allowing individuals to define when, where and under what circumstances their personal information is used. As an example, he cites GPS (global positioning system) chips now built into cell phones, which provide location information for emergency responders. Marketers could use the same information to send advertisements for retail stores in a user's proximity.

"Say you're in the market for a certain brand or style of pants. You request your ‘communicator' to notify you when you pass a store meeting your criteria. Or perhaps you request it to notify you when your friends are near. You're in control. However, you don't want it to tell you about other sales and services you haven't requested," he says.

Users also need the option of controlling when and exactly what information will be collected on them, and how long — or if — it will be stored, Onsrud says. They need to be able to change these options easily, continuously, automatically. It's important, he adds, that information technologies be designed to give people choices.

"One promising way you might enforce this is through a contractual relationship — a standard contract that makes preference choices legally enforceable. The preference settings of a ‘communicator' might initially be set to provide maximum privacy protection. In time, as users desire more services, they may be asked by their ‘communicator' if they want to change a setting in order to receive a specific service.

"The choices made are automatically enforced through the technology and are made legally enforceable through the contract that might be with the ISPs (Internet service providers) or through an intermediary. If you discover later that you're getting communications that you're not supposed to be getting, or that information about you has been sold without your permission, then they've breached a contract with you." At that point, he says, an individual can bring a private enforcement action, just as one would with any other contract breach, perhaps resorting to damage amounts pre-specified in the consumer contract.

Nevertheless, the very nature of information makes it difficult to control. Former ambassador, public policy expert and author Harlan Cleveland noted that information is inherently different from other possessions. It travels at the speed of light, expands as it's used and has a tendency to diffuse. Owning information is thus problematic, as copyright holders can attest, but some privacy advocates would still like to rely on the concept of ownership to restore individual control over personal data.

However, the ownership rules that control electronic information are different, Onsrud explains. "Problem is, we're moving into this age where you can no longer give your book away. Now it's in electronic form, controlled by a license rather than by the social bargain struck through traditional copyright law. In day-to-day practical living, you've lost some of the ownership rights that you previously had under copyright."

In the future, new technologies are only likely to increase privacy concerns. The remote access RFID (radio frequency identification) tag, a replacement for the product bar code, is already used to track business inventories. "Potentially, they'll be embedded in virtually everything you buy — from magazines to underwear," says Onsrud.

Segments of the grocery industry have already embraced RFID technology with the goals of reducing overhead and increasing efficiency. In the grocery store of the future, shoppers will not have to wait in checkout lines. They will load up their carts and walk past an RFID scanner that identifies their purchases and sends data to computers that tally the bill and charge a customer's account.

"Once you start looking five to 10 years down the road with these pervasive identification technologies, it gets to be more of a challenge. The way to address it is probably through a combination of legal and technological methods. Quick legal or technological fixes in isolation from each other won't work," Onsrud says.

Such efforts will need to take homeland security into account. The government's ability to spy on individuals has long been constrained by measures to protect privacy. But in a post-9/11 world, those policies are shifting toward greater surveillance.

In a paper delivered at the location privacy workshop earlier this year, Onsrud noted that "privacy is sometimes confused with security." An invasion of privacy arises when personal data is used without an individual's awareness or consent. On the other hand, security breaches involve information access by unauthorized third parties. To guard against the latter, he wrote, technological security measures are needed.

One speaker at the location privacy workshop suggested hypothetically that security may ultimately stem from fostering a small-town culture. "His point was, if you want to protect against terrorism, put the power in the hands of everybody to observe everybody else, because we are a mutually supportive society. We don't need to depend on some overseer. It becomes more of an equity issue that we should all have access to everyone else's business rather than have a corporate or government elite in control," Onsrud says.

Such an approach may face limits in large communities, not to mention an absence of personal privacy, but it harkens back to the nation's roots when most Americans lived in small rural towns. That period also saw an emphasis on the importance of freedom and self-determination, values at the core of what it means to be an American.

Today, availability of personal data raises questions about how we protect such values — what it means to be a free person with the power to exercise self-determination.

A key to being a person, Onsrud has written, is the ability to be autonomous, or self-defining. That's why misuse of personal information can be viewed as a violation of an important human right. "We haven't developed a cohesive body of human rights law in the U.S. such that an individual has a right to the pursuit of happiness versus a corporation that does not," says Onsrud, referencing a treatise by Charles L. Black Jr., of Columbia and Yale law schools.

As a result, legal scholars and technology analysts continue to reconsider the balance between ownership, access to government information and commercial interest, Onsrud says. "The problem is that it is so complex. It's dealing with the whole range of human-computer interaction — how you actually interact with the device. And there are the institutional issues. What are the appropriate institutions, if any, for control and protection of privacy?"

by Nick Houtman
November-December, 2004

Click Here for more stories from this issue of UMaine Today Magazine.


UMaine Today Magazine
Department of University Relations
5761 Howard A. Keyo Public Affairs Building
Phone: (207) 581-3744 | Fax: (207) 581-3776

The University of Maine
, Orono, Maine 04469
A Member of the University of Maine System