Transparency vs Privacy in the US

Transparency vs Privacy in the US

The Current State of Transparency vs Privacy in the US

Most Americans* are concerned about their personal privacy and believe that it has worsened over the past five years (Pew Research). And this concern is understandable. Today, people are more interconnected than ever to potential privacy risks, ranging from their smartphone to their smart thermostat (New York Times). For instance, in January (2023), T-Mobile announced a data breach of 37 million active users (National Cyber Security Alliance).  Unfortunately, massive data breaches like T-Mobile is fairly common, giving Americans good reason to be wary of privacy related issues.

At the same time, Americans are more likely to lean towards data collection in specific cases of national security (Pew Research).

Pew Research

In this case, Americans justify a reduced sense of privacy and greater transparency for physical and national security. This suggests that Americans view individual privacy rights as important until a significant threat exists. 

However, when we shift away from privacy and transparency of the individual, towards government privacy and transparency, we witness a distinct tension. I think the tension exists between transparency and privacy because it is reflective of the tension between individual rights and government involvement. This has been a historic issue since the draft of America's first laws emerged. How much should a government intervene with individuals due to a matter of security, administration and overall societal benefit? Governments have legitimate concerns to maintain some level of intrusiveness over their constituents. Further, governments have legitimate reasons to keep documents, plans, etc. private from the public. 

But many argue that a well run democracy is one that is transparent (White House, Former President Obama). So, how do we reconcile both government concern with transparency vs privacy and individual rights for privacy?

The prompt has asked me to predict our world in 20 years in terms of privacy and transparency. At best, I think I can predict future issues and some preventive measures which I've laid out below:

Issue 1: The Intersection Between Privacy and Civil Rights

Privacy and Civil Rights is a concern globally but has significant cases in the US. In the 1950s and 1960s, the federal government surveilled Black Americans who fought against structural racism (Lai & Tanner, 2022). The US government used the FBI's counterintelligence program to target Dr. Martin Luther King, Jr. and members of the Black Panther Party (Lai & Tanner, 2022).

Current day issues include access to abortion and reproductive healthcare. Samantha Lai and Brooke Tanner, researchers at Brookings found that "judges have based past convictions of abortion seekers on evidence collected from people’s location data, text messages, and online activity" (Lai & Tanner, 2022). In 2017, a Mississippi woman's online search for abortion drugs were submitted and used as evidence in a trial on the death of her fetus (Washington Post, 2022). Other current day civil rights issues include the LGBTQ+ community, activists, and policing. 

Issue 2: The Global Conundrum: Balancing State Responsibility and Human Rights  

Most states (talking about countries now, not US states) are members of the United Nations. Implied in their signature, and hopeful ratification of treaties (makes treaties legally binding), is a commitment to transparency. An essential component of UN member states is transparency. It's part of the UN's good governance policy (OHCHR). Without it, policing and reports are limited. However, states obviously have an obligation to their constituents and may have legitimate reasons for tighter privacy. In the future, I see more ethical and legal situations regarding privacy and transparency on the global stage (Draper, 2012). 

Issue 3: In an Age of Technology: Genetic Transparency and Privacy

With the exponential rise of genetic technology, the medical and legal community are quickly having to adapt and form privacy and transparency measures (Dreyer, 2016). The GENA (Genetic Information Nondiscrimination Act, 2008) was the first significant US measure to address genetic related privacy concerns. But the field of genomics and genetic research has taken off so fast and been applied so liberally to all fields, privacy and ethical issues are becoming a major concern (Tyranny of the Gene, James Tabery). Using genetic testing for embryos to identify the most "viable" (likeliness for disease and more often Polygenic Risk Scores which are probabilistic) has become a hot topic for ethics and privacy. Lastly, there's ideas in the academic field for genetic testing to assign "pathways" for school children (Shero, 2021). ie. A child shows a "genetic propensity" for math and is placed in Honors Math. 

Preventive Measures

• Robust Data Collection and Sharing Rights
• Currently in the US privacy and data collection rights are fragmented across states. Having federal laws would ease operational concerns for companies and, if well drafted, protect consumers.
• Opt-in Consent
• The UK GDPR requires positive opt-in consent for all organizations (Information Commissioner's Office). The US could adopt a similar policy.
• Non-discrimination Act
• A company should not discriminate against a user exercising their privacy rights. For instance, a company can't block information from a user that exercises their privacy rights. 

Obviously it's difficult to predict the future but I don't think (and truly hope) that personal privacy will be a thing of the past. More likely, there will be pulls on the metaphorical balance of transparency vs privacy. Some policies and social movements will lead towards more privacy and vice versa. Overall, I doubt neither transparency nor privacy rights will disappear. 

I'd love to hear what you all think. In 20 years, what will the world look like in terms of privacy and transparency? Will personal privacy become obsolete in the face of advancing technology?

*(not sure how diverse or representative the study sample was)

QUESTION OF THE WEEK NO. 12

 Do you agree with the following statement? “Privacy as we know it is essentially dead and we must learn to live in a totally transparent world where every aspect of our lives, except for our unexpressed thoughts, are an open book.” Briefly explain your answer.

QUESTION OF THE WEEK NO. 11

 Should any generative AI app or platform come with a warning that a user's privacy is not protected?

My Reflections for Week Thirteen - May Herring

 May Herring

Randy Dryer

Privacy In A Digital Age

4/5/24

My Reflections for Week Thirteen

(Health Privacy April 2nd - 4th)

This week we talked about Health Privacy, with the question of the week being whether medical personnel such as physicians should be able to freely share information with other medical personnel without requiring consent from the patient. The blog post focused on whether or not establishing a national DNA registry would be good public policy. Although my classmates and I were united in our answers of no to both of these questions, during class, debate was sparked over the best policies we think should be enacted.

When discussing the blog post, the class was provided with two options, one was a set of rules and regulations that would be observed if the U.S. were to establish a national DNA registry. Everyone agreed that this proposal was a good plan, although it was observed that it may be a little too vague. Secondly, we were provided a scenario where DNA would be collected from every baby born in a U.S. hospital, and used to create a registry that would only be accessed with a super warrant if need be. At the time, we collectively agreed this may work, but we had doubts. 

After having some time to think it over, I’ve concluded that this plan would be a bad idea, and I don’t agree with it. One reason is that it may cause unsafe birthing environments. The DNA would only be collected from babies who are born and medicated in a U.S. hospital. This may have the unintended consequence of parents performing home births instead of seeking a professional environment- in hopes of avoiding their child’s DNA collection. Parents also may be more reluctant to get their children vaccinated, causing health risks to society at large.

After ruminating on the exercises and discussions we’ve had in class over this past week, I’ve had some new realizations about my stance on privacy involving citizens' DNA. If I could go back in time after this week’s unit, I don’t think I would have participated in 23 & Me. Furthermore, I don’t believe minors should be allowed to have their DNA analyzed until they turn eighteen.

Privacy and AI

                                                            Privacy and AI

The power struggle between privacy and the freedom of AI

By Turner Cox

April 5 2024

In the age of rapid technological advancements, artificial intelligence has become a noticeable force in several industries. Some common examples of products using AI include “Large Language Models” (LLMs) such as OpenAI’s ChatGPT and Google’s Gemini, as well as IoT devices integrated with AI technology to help the user have a more seamless experience. From automation to digital personal assistants, the integration of AI into the daily lives of people is rampant. However, because of the great power that AI holds, it also raises several privacy concerns. AI models need vast amounts of data in order to train themselves, and that data is a valuable commodity, which causes businesses to put their focus on data collection.

The following are areas in which issues arise between AI and privacy.

Use of User Data: When users interact with AI systems, there is a chance that the data inputted by the user will be used later for training purposes. This can be a privacy risk because the data inputted by the user may be sensitive, and in training use, the sensitive data may be seen by many people who were not originally supposed to see the data. For example, if an employee of a government agency uses an AI integrated tool to summarize a classified document, and the document is saved and used later for training purposes, this can be a great security risk. 

Limited Regulation: There are no universal set of laws governing AI’s boundaries, therefore companies can essentially create their own boundaries. There are best practices available to users to mitigate the privacy risks, but there are no clear boundaries for this technology so far.

Biometric Data: Technologies that integrate AI and biometrics, such as some facial recognition technologies, have access to an even more important type of data - a person’s biometrics. This of course can be used for malicious purposes such as discrimination.

Metadata Collection: AI enables companies to collect metadata (the data containing much of the information behind an image or other digital file), allowing for precise content targeting without users' full understanding or consent.

Data Storage Periods: There is not much transparency when it comes to the time period in which companies retain user data. Users may not know how long their data is retained and under what circumstances it is accessed.

Web Scraping and Crawling: For the purpose of training AIs such as LLMs, a common strategy is web scraping or web crawling. These are processes that involve using web information such as social media or metadata as resources to train AI with. Unbeknownst to many, each public post a person has made may be used by AI for training purposes and seen by people that were not meant to see it.

Counter Arguments:

One could argue that AI is simply an advanced tool, and that one should understand how to use it in order to protect their privacy. If they are negligent, it is their own fault. For example, in the case of a government employee accidentally leaking a classified document to an AI model, one could argue that this is a negligent act, and the employee should not be so careless with the classified information. Furthermore, web scraping or web crawling is simply the process of searching through publicly available information. While it is perhaps creepy that an AI is rummaging through millions of posts that humans may have even forgotten about, it is legal as of now, and one could argue that it is merely a clever solution to the problem of training these AI models. Finally, putting restrictions on AI may impede the progress of development of this new technology. If too many restrictions are put upon AI too early, we may not realize its full potential. 

Solutions for AI and Privacy Concerns:

Use Policy: Organizations should define clear policies on how AI tools can be used and who/what/when/where/why/how the data can be used.

Security Tools: Tools such as extended detection and response (XDR) can help protect data from unauthorized access and misuse.

 

Questions:

Should the government be involved in regulating AI and its collection of data? If so, to what extent? How can balance be maintained between privacy and freedom of AI?

Conclusion:

As AI continues to improve and become more useful for the lives of all individuals, these issues become even more complex. It is incredibly difficult to balance the usefulness of AI with the concerns of privacy violations. However, by abiding by best practices, and perhaps the intervention of government, AI could become a valuable tool to make the lives of all much easier.

Works Cited

Hiter, Shelby. “AI and Privacy Issues: What You Need to Know.” EWEEK, 20 Sept. 2023, www.eweek.com/artificial-intelligence/ai-privacy-issues/.

Office of the Victorian Information Commissioner. “Artificial Intelligence and Privacy - Issues and Challenges.” Office of the Victorian Information Commissioner, Aug. 2018, ovic.vic.gov.au/privacy/resources-for-organisations/artificial-intelligence-and-privacy-issues-and-challenges/.

Pearce, Guy. “Beware the Privacy Violations in Artificial Intelligence Applications.” ISACA, 28 May 2021, www.isaca.org/resources/news-and-trends/isaca-now-blog/2021/beware-the-privacy-violations-in-artificial-intelligence-applications.

Sher, Gai, and Ariela Benchlouch. “The Privacy Paradox with AI.” Reuters, 31 Oct. 2023, www.reuters.com/legal/legalindustry/privacy-paradox-with-ai-2023-10-31/.

Sullivan, Morgan. “Examining Privacy Risks in AI Systems.” Transcend Blog, 1 Dec. 2023, transcend.io/blog/ai-and-privacy.

QUESTION OF THE WEEK NO. 10

 Healthcare providers are moving to a system of electronic health records where an individual’s entire medical history, diagnoses, treatments, medications and other health information are maintained in a digital form.  

In order to provide better and more timely health care to individuals, should physicians and other healthcare providers be able to freely access and share this information with each other without a patient’s consent?

A National DNA Registry - Good or Bad Policy?

 

A National DNA Registry IS sound public Policy

 Background

              The United States currently maintains a DNA database, called the Combined DNA Index System (CODIS) which host the National DNA Index System (NDIS). NDIS includes DNA profiles from federal, state, and local investigations.[1] DNA submitted to NDIS must fulfill strict regulatory requirements. For instance, the government is only authorized to collect DNA samples from sex offenders or those committed of major crimes.

While the US has restrictive standards for DNA collection, the United Kingdom maintains a significantly broader DNA database, called the National DNA Database (NDNAD). With over 3 million DNA profiles, "5.2% of the UK population is on the Database, compared with… 0.5% in the USA."[2] The UK has found many benefits from this larger database. In this blog post, I will argue that the creation of a database with the mandatory collection of DNA from every American citizen is good public policy.

Argument #1: Better crime fighting

              With a national DNA registry, law enforcement's ability to solve crimes would increase significantly. In the US, less than 25% of all violent crimes and only 7% of all property crimes are solved.[3] That is absurdly low. A national DNA registry that includes DNA from all citizens, however, could play a huge role in solving these crimes. DNA is powerful. In 2018, the Golden State Killer was caught after investigators searched a database which contained several of the killer's distant relatives.[4] When DNA has been added to criminal investigations: "More than twice as many suspects were identified… [and] arrested."[5]

Not only would a national DNA registry assist in solving crimes, but it may also reduce the number of crimes that are committed. Studies have found that "DNA profiling makes violent offenders 17% less likely to reoffend, and makes property offenders 6% less likely to reoffend."[6] With a national DNA registry, we could achieve a reduction in first offenses as well.

Argument #2: A national DNA database would reduce discrimination

              Another potential benefit of a national DNA database is that it could reduce racial discrimination. It could accomplish this in two primary ways. First, it would create a more racially representative DNA database. While only 13% of Americans are black, up to 49% of CODIS DNA profiles are from black people.[7] As a result, the DNA system we currently use is more likely to contain the DNA of a black person than of a white person, and thus more likely to lead to additional arrests of black people. With a national DNA registry, DNA analysis would not be disproportionately likely to implicate racial minorities.

              Second, a national DNA registry would provide evidence necessary for the exoneration of many wrongfully imprisoned individuals. Unfortunately, there is evidence that black people are wrongfully convicted at disproportionate rates, as 50% of exonerees are black.[8] Thus, by providing a more representative database and by facilitating the exoneration of many individuals, a national DNA registry would reduce the discrimination that continues to plague our criminal justice system.

Argument #3: Non-crime benefits

              While a national DNA registry would be useful in solving crimes, it is important to consider the other potential benefits. For instance, a massive database of DNA could aid further research in genetics. It could also be used to "define paternity… and identify victims of crime, disasters, and war."[9]

Rebuttal: But a national DNA registry is a huge invasion of privacy

              This is a totally reasonable concern. However, I think the benefits of a national DNA registry supersede the privacy risks. If giving up my genetic profile means that I get to live in a society that is safer, more equitable, and more likely to catch criminals, then I would be willing to make that trade. At the same time, I think there are reasonable steps we could take that would decrease the privacy risk associated with a national DNA registry. For instance, we could require that, except in extreme cases, the DNA database could only be used to confirm, rather than to find, a suspect.

Conclusion

              There are many benefits to a national DNA registry. With the creation of a DNA profile of every American citizen, law enforcement would be better equipped to fight crimes, criminal activity would decrease, discrimination in arrests would decrease, and many wrongfully convicted individuals would be exonerated. Obviously, such a database has inherent privacy concerns. While it is reasonable to be concerned about the collection of one's DNA, the resulting benefits are well worth the costs. The creation of a national DNA registry is good public policy.

---

[1] https://www.fbi.gov/services/laboratory/biometric-analysis/codis/codis-and-ndis-fact-sheet

[2] https://webarchive.nationalarchives.gov.uk/ukgwa/20081023094216/http://www.homeoffice.gov.uk/documents/DNAExpansion.pdf

[3] https://www.pewresearch.org/fact-tank/2017/03/01/most-violent-and-property-crimes-in-the-u-s-go-unsolved/

[4] https://www.science.org/content/article/we-will-find-you-dna-search-used-nab-golden-state-killer-can-home-about-60-white

[5] https://www.ojp.gov/pdffiles1/nij/224084.pdf

[6] https://www.forbes.com/sites/quora/2017/05/16/can-dna-databases-reduce-crime-rates/?sh=378f48ef5712

[7] https://blog.petrieflom.law.harvard.edu/2019/01/14/ethical-concerns-of-dna-databases-used-for-crime-control/

[8] https://innocenceproject.org/how-racial-bias-contributes-to-wrongful-conviction/

[9] https://www.hudsonalpha.org/forensics-and-dna-how-genetics-can-help-solve-crimes/

 Introduction

A national DNA database would collect data from millions of citizens across the country and store each individual’s genetic sequencing in an online registry for various purposes. There have been debates about whether or not a DNA registry with access to every citizens’ DNA should be implemented.  Many nations across the world already store some form of DNA, such as fingerprints, iris scans, etc.  For example, the United Kingdom has one of the largest DNA databases in the world and collects data from anyone who has been convicted.  The collected DNA information is also stored in the system permanently.  However, if one has only been arrested and not convicted, their information remains in the database for a minimum of 6 years, which is renewable on subsequent arrests [1]. As this technology grows, the government wants to expand the reach of the DNA registry and the information it holds.   “In the last ten years alone we have gone from collecting DNA only from convicted sex offenders to now including people who have been arrested but never convicted of a crime.” [2]. The creation of a national DNA database consisting of DNA from every citizen collected through a mandatory collection program is not good public policy because it contains sensitive information, infringes on our 4th amendment rights, and can lead to false incarcerations of suspects.

Data Collection Risks

DNA that has been collected for a database doesn’t expire, meaning it can be stored for an infinite amount of time (if it is not manually deleted).  They contain sensitive information such as family relations, susceptibility to disease (including hereditary), and even behavioral tendencies [3].  This capability for indefinite storage and unlimited sharing creates a huge privacy risk.  There is also the issue of people not wanting to participate in this mandatory DNA collection program.  What would happen to individuals that don’t want the government to have their DNA?  Would they be arrested, restricted, or targeted in any way? People should have the right to choose whether or not they want to distribute their DNA and its confidentiality instead of forcibly giving it to the government for a national database.  Some may consider this an infringement of our 4th amendment rights if the police are able to access the database without a search warrant.  The national database is also at risk from hackers which have the capability of leaking millions of people’s data online.  The company MyHeritage is an example of such hacking where over 92 million accounts were hacked, resulting in emails and passwords being exposed.  Despite DNA data not being breached, this type of hacking is definitely cause for concern [4].  A national DNA database would be a huge risk because of the sensitive information that our DNA contains, hacking threats, and the possibility it is unrightfully accessed by law enforcement.

Contamination Concerns

DNA evidence can be contaminated when DNA from another source gets mixed with DNA relevant to the case.  During an investigation, the contamination of DNA can occur when it is collected, transported, or stored.  DNA analysis can also be inaccurate and unreliable.  In 2015, news about a San Francisco Police Department lab had several “irregularities” or missing gaps in the DNA, which were then filled in by an analyst to complete.  The lab went ahead with this poor DNA to search the database to identify potential suspects [5].  This procedure was a violation of the rules implemented by California state laws (as only good quality DNA samples can be sent for analysis) and it’s projected that this misconduct affected as many as 1,400 cases [6].  If DNA samples collected from crime scenes are not being properly processed, it leads to the false incarceration of a suspect.  This instance is an example of why there needs to be more restrictions put in place to ensure that DNA is properly handled, processed, and investigated before it is cross referenced with other DNA samples.  If every single person’s DNA is in a database, then the probability of more incorrect matches and false prosecutions would increase drastically.

Conclusion

I support a database that collects DNA of convicted criminals, members of the military (for identification purposes), missing persons, and other select cases.  However, I do not support the move towards collecting every person’s DNA because it is too invasive.  Collecting the DNA information of every citizen is a privacy risk where the ends do not justify the means.  The possibility of hackers breaching the data of millions and exposing their DNA profiles is too risky.  If the data is stored indefinitely then that makes even more profiles subject to harm or breaches.  Police departments with access to the registry may try and access it without following proper protocols, either violating 4th amendment rights or state laws in an attempt to match suspects with poor DNA.  It is for these reasons that a DNA registry that collects the data of every civilian should not be implemented and is poor public policy.

Sources

[1] https://www.legislation.gov.uk/ukpga/2010/17/crossheading/retention-destruction-and-use-of-fingerprints-and-samples-etc/enacted

[2] https://www.aclu.org/press-releases/dna-databases-hold-more-dangers-meet-eye-aclu-says

[3]  https://www.theguardian.com/science/2008/apr/27/genetics.cancer 

[4]https://us.norton.com/internetsecurity-emerging-threats-myheritage-data-breach-exposes-info-of-more-than-92-million-user.html

[5]https://www.sfgate.com/crime/article/DNA-lab-irregularities-may-endanger-hundreds-of-6165643.php

[6]https://www.eff.org/cases/dna-collection