contextual integrity as a normative guide for privacy helen nissenbaum new york university * school...
TRANSCRIPT
Contextual Integrity as a Normative Guide for Privacy
Helen NissenbaumNew York University
*School of Information, UC Berkeley
April 2, 2008
*Supported by NSF ITR-0331542:
Sensitive Information in a Wired World (PORTIA)
The privacy conundrum+Controversial socio-technical systems --
track and monitor, aggregate and analyze, and publish and disseminate personal informationE.g. CCTV, RFID, DRM, Choicepoint, public records online, Facebook.
+Non-controversial socio-technical systemsE.g. body function monitoring in hospitals
+Need for a moral/political “justificatory framework”E.g. distinguish oppressive from benign surveillance
Some other approaches
Resort to private/public distinctionE.G Canadian physicians and PIPEDA (2001)
Support control by subjectAll out interest brawl Values tradeoffs
Contextual Integrity{bringing the social layer into view}
is a measure of how closely the flow of personal information conforms to context-relative informational norms. Contextual integrity is violated when these norms are breached.
Contexts …Structured social settings (“Institutions”)Characterized by roles, relationships, power structures, canonical activities, strategies, norms (rules), enforcement mechanisms, and internal values (goals, ends, purposes)E.g. health-care, education, politics, religious observance
more about contexts…
Evolve over time in cultures and societies, subject to historical, cultural, geographic contingencies
May be nested, overlap, conflictMay be more or less explicit,
formalized, institutionalized (e.g. class clown vs. judge)
May be more or less “complete”
Among the normscontext-relative Informational NormsIn a context, the flow of information of a certain type (attributes) about a subject (acting in a particular capacity/role) from a sender (possibly the subject, acting in a particular capacity/role) to a recipient (acting in a particular capacity/role) is governed by a particular transmission principle.
key parameters: contexts, attributes, actors, transmission principles
Transmission Principles** e.g.
Consent (subject controls)Notice (subject is/is not aware of transmission) Compulsion (e.g. earnings to IRS)ConfidentialityFiduciarySaleBarterReciprocityEntitlement, desert NeedSecrecy?Etc…
Contextual Integrity in a nutshell …
Context-Relative Informational Norm expressed in linear temporal logic
A. Barth, A. Datta, J. Mitchell, and H. Nissenbaum, (2006) “Privacy and Contextual Integrity: Framework and Applications,” Proceedings of the IEEE Symposium on Security and Privacy.
QuickTime™ and aTIFF (LZW) decompressor
are needed to see this picture.
Contextual Integrity
Contextual Integrity holds when context-relative informational norms are respected; it is violated when they are breached.
~ When people complain privacy is violated, look for violations of CI!
~ Surveillance is NOT always problematic~ Privacy is NOT control over information about oneself~ Privacy is NOT secrecy; it is appropriate flow~ Many of our privacy laws reach for CI ~The U.S. sectoral approach is NOT a bad thing
Q: Is CI conservative? A: Yes, in a sense.
{problems with the “reasonable expectations” test}
Opportunity Costs“perhaps there is something better…”
Tyranny of the Normal “entrenched practice wins the day …”{engineering away privacy}
I. Evaluating the merits of new practices against entrenched norms …
Moral and political considerations Harms to information subjects (e.g. stigma, discrimination, identity theft)Impacts on justice, balance of power, fair distribution of goodsImpacts on freedoms, autonomy, democracy, property
Impacts on security, efficiency
CI as a normative guide
II. Evaluating the merits of new practices against entrenched norms …
Explore impacts on ends-purposes-values of a context
{The MEANING of impacts within contexts} Healthcare (hospital surveillance, psychotherapy) Workplaces
Friendship (Tripp/Lewinsky)* Democratic elections vs. Congressional votingTMN and websearch privacyCASSIE in public librariesMobility on the roads (VSCS)
CI as a normative guide
Review
When novel practices violate entrenched informational norms,
Presumption favors entrenched norms {Why?}
Novel practices may legitimately overrule entrenched norms if shown to fulfill evaluation requirements
Conclusion: lots more work to be done.
Understand contexts and informational normsExpand understanding of transmission principlesExplore the relation between information flows
and ends-purposes-valuesStudy privacy law through the lens of contextual
integrity (e.g. GLBA, Video Privacy Protection Act, Drivers Privacy Protection Act, FERPA, HIPAA Privacy Rules)
* * *