Month: July 2020

The concept of Privacy in the Modern Age

When we talk about Privacy nowadays what comes into our minds is data privacy but what most people know about data privacy is only contextualized into me as a person and what we post online.

Let us define first what is privacy.  It has been suggested that privacy can be divided into four different aspects that is related to a human or juridical person.  These are:

  1. Territorial – which concerns the setting of limits on intrusion into one’s own property such as your house, car and other environments this also includes video surveillance, ID checks on subdivision and Trespassing
  2. Bodily – which concerns the protection of people’s physical selves against invasive procedures such as drug testing, cavity searches and other medical procedures that may violate privacy
  3. Information – this is otherwise known as data privacy and protection; it involves the establishment of policies, process and procedures on the governance of corporation or otherwise known as data controllers and processors on collection, use, storage, handling, retention, destroying and sharing of personal data such as credit information, and medical and government records.
  4. Communication –  covers the security and privacy of communication channels and devices such as radio frequency – include telephone and media, mails – manual and electronic, telephone,  and internet communication; it also involves directives on devices on internet of everything such IOT devices and Internet Protocols and other forms of communication

So, when we talk about Privacy we need to contextualized it.  Privacy is not just about Data Privacy and the Data Privacy Act all over the world can only be classified or categorized into two(2) aspects which are Information and Communication.

It is well to note that Privacy has been a battle cry for oppression and since the 1600s in Europe that can be manifested in the Common Law of the United Kingdom and the landmark case in 1928 over territorial and communication privacy that Justice Louis Brandeis dissented on the case of Olmstead vs the US Government and he said that:  

“The right to be let alone – the most comprehensive of rights and the right most valued by civilized men

[Brandeis J, dissenting in Olmstead v. United States, 277 U.S. 438 (1928)]

The case revolved around the prosecution of Roy Olmstead for attempting to smuggle and sell alcohol after suspecting Olmstead for years the government gathered evidence by wiretapping his office.  Olmstead argued that the police had violated his Fourth and Fifth Amendment rights since the police during that time didn’t obtained a warrant. 

During that time wiretapping was legal and the Supreme Court had a 5-4 decision in favor of the US Government.  The case had become a landmark case not because of the decision but because of the dissent of Justice Brandeis.  He wrote an influential dissent that became the foundation for future privacy.

In it, he attacked the proposition that the government had the power to wiretap phones without warrant, arguing that there is no difference between listening to a phone call and reading a sealed letter. Brandeis argued that the Founders had “conferred against the government, the right to be let alone – the most comprehensive of rights and the right most favored by civilized men.” Furthermore Brandeis advanced the idea that the ‘unclean hands’ principle, which is the idea that courts should not aid a plaintiff who has acted unethically with regards to the subject of the case, applies to the federal government. The government should not violate the laws of states to gather evidence (wiretapping was illegal in many states, including Washington) and then use that evidence to prosecute people.  

After four decades in the 1967 Katz vs U.S. case the Brandeis dissent was widely cited and the Supreme Court has overturned the Olmstead ruling that warrants were in fact required to wiretapping, with Brandeis’ dissent held as a primary influence.  The Katz decision can be compared to the breaking of the Berlin wall that opened privacy as a constitutional right and has so much implications from right to live, abortion rights, press freedom, information / data privacy and now even communication privacy that deals on a connected world on the internet of everything. 

Below are the chronological history from the Harvard Law Review of the “Right to Privacy” of Samuel Warren and Louis Brandeis.

The Scope of Privacy

As Professor Roger Clarke said Privacy is important from a number of different perspective:

  1. Psychologically, people need private space. This applies in public as well as behind closed doors and drawn curtains. We need to be able to glance around, judge whether the people in the vicinity are a threat, and then perform actions that are potentially embarrassing, such as breaking wind, and jumping for joy.
  2. Sociologically, people need to be free to behave, and to associate with others, subject to broad social mores, but without the continual threat of being observed. Otherwise we reduce ourselves to the appalling, inhuman, constrained context that was imposed on people in countries behind the Iron Curtain and the Bamboo Curtain.
  3. Economically, people need to be free to innovate. International competition is fierce, and countries with high labor-costs need to be clever if they want to sustain their standard-of-living. And cleverness has to be continually reinvented. But the chilling effect that surveillance brings with it stifles innovation. All innovators are, by definition, ‘deviant’ from the norms of the time, and they are both at risk, and perceive themselves to be at risk, if they lack private space in which to experiment. 
  4. Politically, people need to be free to think, and argue, and act. Surveillance chills behavior and speech, and undermines democracy.

But there is a tangent for the four scope of privacy this is Philosophical.  The Philosophy of Privacy goes and dives into the concept dignity and integrity.  When we talk about integrity it comes from a Latin word which is “INTEGRA” in plain English it is INTEGER.  An integer is always whole with no fractions so the Philosophy of Privacy is really about ETHICS, DIGNITY and INTEGRITY.

The Sensitivity of Location Data on Digital Contact Tracing

Let me have a stab on location data that will be part of the 2nd edition of the Social and Privacy Impact of Contact Tracing .

In the global standard such as the Global Data Protection Regulation (GDPR) compliance applies whenever the use of location data involves processing of personal data.  It means that any data processed in an electronic form or by an electronic communication service / channel indicating geographic position of the terminal (phone, car, tablet, laptops) in public using GPS or a Cell Tower triangulation.  In EU there is a directive which is called EPrivacy that deals with IOT devices and it also defined that a terminal using GPS needs to be protected and can be linked on the rights of the data subjects in any Data Privacy Act.  In the Philippines and in other countries there is no EPrivacy Directive, but it can be related to the eCommerce Law which is RA 8792, Data Privacy Act of 2012 / RA 10173 and the CyberCrime Law of 2012 / RA 10175.

IOT in the context of EPrivacy Directive requires an individual to give an opt-in consent to use location data to provide a value-added service.

The information requirement for the location data needs to be itemized on a privacy notice and the purpose and duration of the processing must be explicitly stated.  Since, the nature of the location is always shared to a 3rd party or a joint controller the process must also be stated on the notice and in the internal policy.

The last important aspect of location data will be based on our ability to withdraw consent.  As data subjects we have the right to opt-out and the controller and processor needs to show evidence that indeed the location data has been erased on an end to end manner.

Let us relate this to contact tracing and the solutions being provided by most countries in the world to address corona virus.  Digital Contact Tracing as being proposed by most countries such as Singapore, South Korea, Australia among others can be classified as either a Privacy Enhancing Technology (PET) or a Privacy Impacting Technology (PIT).  PET can help us solve the problem such as corona virus with Privacy in mind and has implemented Privacy by Design while PIT is impacting our privacy as data subjects on either by Territorial, Information, Bodily or Communication.

These four domains of Privacy define how we act as a person because Territorial and Bodily answers our right as a human being that goes on our bill of rights and even on the 4th amendment of the US Constitution while the Data Privacy aspects can be answered on Information and Communication.  Information Privacy involves the establishment of rules governing the collection and handling of personal data such as credit information, and medical and government records. Which is commonly know right now as Data Privacy / Data Protection.

But let us put our focus on Communication Privacy which covers the security and privacy of mail, telephones, e-mail and other forms of communication including location data.

————————————————————–

Let’s look at the two sources of location data for modelling:

  1. Location data collected by electronic communication service providers (such as mobile telecommunication operators) during the provision of their service; and
  2. Location data collected by application developer or what EU calls Information society service providers’ whose functionality requires the use of such data (e.g., navigation, transportation services, etc.).

The European Data Protection Board or EDPB states that location data collected from electronic communication providers may only be processed within the remits of Articles 6 and 9 of the EPrivacy Directive. This means that these data can only be transmitted to authorities or other third parties if they have been anonymized by the provider or, for data indicating the geographic position of the terminal equipment of a user, which are not traffic data, with the prior consent of the users.

The EDPB also pointed out with emphasis that when it comes to using location data, preference should always be given to the processing of anonymized data rather than personal data.

Anonymization refers to the use of a set of techniques in order to remove the ability to link the data with a natural person against a “reasonability test”.   We must consider the aspect of the objective of the problem when it was first hatched and the contextual element that may vary from country to country in the case of contact tracing applications.

In contact tracing accountability is very important so the Controller of any Digital Contact Tracing Application should be clearly defined. In other countries these contact tracing apps are sponsored and made by the government and what is unique in the Philippines is that the Private Sector donated these applications without proper vetting from proper authorities (DICT) that is why there are mistrust on contact tracing.  And normally, a contact tracing application is being owned by heath authorities and in the case of the Philippines there are two – the Department of Health (DOH) is using COVID Kaya and IATF / NTF / DILG is using StaySafe and definition of being a controller and processor is vague the parties involve.   And If the  deployment of these apps involves different actors their roles and responsibilities must be clearly established from the onset and must be explained to the users.

In addition, on the principle of purpose limitation, the purpose must be specific enough to exclude further processing to unrelated to the management of the health crisis (e.g. commercial, surveillance or law enforcement purposes).    In the context of a contact tracing application, careful consideration should be given to the principle of data minimization and privacy by design:

  1. Contact tracing apps do not require tracking the location of individual users. Instead, proximity data should be used.
  2. As contact tracing applications can function without direct identification of individuals, mitigating measures should be employed to prevent re-identification.
  3. The collected information should reside on the mobile / terminal of the user and only relevant information should be collected when necessary. (there must be process in place to be triggered by health or local government units)

Recommendations:

  1. According to the PbD and data minimization, the data processed should be reduced to the strict minimum.
  2. The application should not collect unrelated or not needed information, which may include civil status, communication identifiers, messages, call logs, location data, device identifiers, etc.
  3. Data broadcasted by applications must only include some anonymized and pseudonymous identifiers
  4. These identifiers must be renewed regularly with same model on RSA encrypted keys on both private and public tokens
  5. Implementations for contact tracing can follow a centralized or a decentralized approach. 
  6. These approaches must provide adequate security measures.
  7. Consideration must be considered weighing privacy in the process that may impact rights of individuals
  8. Cryptographic techniques must be implemented to secure the data stored in servers and the cloud
  9. Authentication between the application and the server must also be performed by using multi-factor authentication
  10. The reporting of users as COVID-19 infected on the application must be subject to proper authorization.  If confirmation cannot be obtained in a secure manner, no data processing should take place that presumes the validity of the user’s status.

In the end this kind of applications must be strictly voluntary, and it cannot be forced because contact tracing has a thin line on surveillance systems and Individuals must always have full control over their data and the public should be able to choose freely to use such an application.