6.805/STS085: Readings on Privacy Implications of Computer Networks

What do web servers know about
YOU?

This demo illustrates the information that web servers can routinely obtain as soon as a browser references a page on the server.

What kind information is easily available to anyone?

If you're willing to pay $25-$100, can easily get a lot more information (e.g., criminal history checks) from companies that do database searches. Here's one example.

Unlike the previous topics this semester, the privacy issue has not really erupted yet, although there have been a few skirmishes, and there has been a tremendous amount of concern expressed. Since there is not (yet?) any clear privacy story to tell, this part of the class readings remains as isolated topics and resources that should prove useful for your final papers.

General resources on privacy and the Internet

Here are two overview articles that are good ways to get started:

Time Magazine's issue of August 25, 1997, featured a special report on privacy.
Susan Stellin, Privacy in the Digital Age. This is a good overview piece, published by CNET in August 1996.

Commentaries

Marc Rotenberg, Privacy and the Citizen in the Digital Age: The Era of Political Action. Rotenberg is Director of the Electronic Privacy Information Center. This is the text of a speech he gave before the Council of Europe in October, 1996, pointing to the need for political action to address privacy concerns.
Rob Kling, Mark S. Ackerman, and Jonathan P. Allen, "Information entrepreneuralism, information technologies and the continuing vulnerability of privacy" from Computerization and Controversy: Value Conflicts and Social Choices2nd Ed: Rob Kling (Ed). Academic Press, 1995. The authors argue that economic factors alone do not explain the growth of technologies that erode personal privacy, and they point instead to the rise of "information entrepreneuralism" and managerial strategies that rely on intensive data-analysis techniques.
Simson Garfinkel, 2048: Reconsidering Privacy in the Next Century. Garfinkel is a writer and columnist on computer and security issues, who will be our guest speaker on November 25. This is a draft manuscript of his forthcoming book, which he has made available for our class. There are several copies on reserve for the course.

Resources on Privacy

One of the most extensive collections of privacy resources on the net is the Privacy Archive of the Electronic Privacy Information Center (EPIC). Also very useful is the EPIC Online Guide to Privacy Resources.
For information on international privacy issues, see the Web site for Privacy International, which is hosted by EPIC.
Glen Roberts's Stalker's home page is in a class by itself. Don't miss it.
The Platform for Privacy Preferences Project (P3P), sponsored by the World Wide Web Consortium is a labelling scheme that permits web site operators and users to express and control their privacy practices in an interoperable way. It uses an infrastructure similar to PICS.
The Electronic Frontier Foundation's Privacy, Security, Crypto, and Surveillance Archive is a useful collection of source material and pointers to other resources.

Digital payments and electronic cash

One particular area where the internet is bringing privacy concerns to a head revolves around electronic purchases. Records of electronic purchases present opportunities for massive invasions of privacy. Cryptographic techniques make it possible to implement anonymous payment systems that will protect the privacy of buyers and sellers. But, like other uses of cryptography, there's a lot of concern that these systems may protect privacy too well -- leading to the possibility of massive illegal transactions and money-laundering schemes.

Amy Cortese and Barry Levine, The Future of Money, a summer 1996 "Web production" of New York's WNET/wNetStation, is an excellent overview of the continuing development of online payment systems.
David Chaum, Achieving Electronic Privacy, from Scientific American, August 1992, p. 96-101. "Digital cash" is a form of electronic funds transfer which, like cash, permits untraceable payments. Chaum, who is concerned about the privacy implications of ordinary electronic funds transfer, developed the "blind signature" technique that makes one form of digital cash possible. His company, DigiCash, markets this technology. This article describes how blind signatures and digital cash work.
Laurie Law, Susan Sabett, Jerry Solinas, How to make a mint: The cryptography of anonymous electronic cash. This June 1996 study by members of the National Security Agency Office of Information Security Research and Technology describes several anonymous electronic payment systems and some of the risks from the law-enforcement perspective.
Steven Levy, E-Money (That's What I Want), Wired, December 1994. This is an overview of electronic money, with a focus on David Chaum and DigiCash.
Office of Technology Assessment, Information Technologies for the Control of Money Laundering. This 1995 study by the OTA gives an extensive background on electronic funds transfers and money laundering. (These files are in Adobe Acrobat format. You will need a copy of the Acrobat reader in order to look at them.)
J. Orlin Grabbe, Cryptography and Number Theory for Digital Cash, October 1997. This is a technical paper that describes some of the cryptographic protocols, such as "blind signature schemes," that are important in digital cash systems.

Privacy of electronic medical records

Another privacy issue that is generating great concern is access to medical records -- both the insecurity and lax procedures of hospitals and HMOs, but, more troubling, the accumulation of patient information in insurance company data bases.

The National Research Council March 1997 report For the Record: Protecting Electronic Health Information is a comprehensive study of the requirements for privacy of electronic medical records. You can skim the report on-line, but there is also a copy of the published book on reserve for the course.
The Center for Democracy and Technology's Health Information Privacy Issues Page contains information on recent legislative attempts to address medical records privacy issues. xb

MIT policies

MIT student information policy, DRAFT, October 1997.
MIT Information Service practices on privacy of student files

Hal Abelson (hal@mit.edu)
Mike Fischer (mfischer@mit.edu)
Joanne Costello (joanne@mit.edu)

Last modified: December 3 1997, 9:52 AM