Digital privacy is often used in contexts that promote advocacy on behalf of individual and consumer privacy rights in e-services and is typically used in opposition to the business practices of many e-marketers, businesses, and companies to collect and use such information and data. Digital privacy can be defined under three sub-related categories: information privacy, communication privacy, and individual privacy.
Digital privacy has increasingly become a topic of interest as information and data shared over the social web have continued to become more and more commodified; social-media users are now considered unpaid 'digital labors', as one pays for 'free' e-services through the loss of their privacy. For example, between 2005 and 2011, the change in levels of disclosure for different profile items on Facebook show that, over the years, people want to keep more information private. However, observing the seven-year span, Facebook gained a profit of $100 billion through the collection and sharing of their users' data to the third-party advertisers.
The more a user shares over social networks, the more privacy is lost. All of the information and data one shares is connected to clusters of similar information. As the user continues to share their productive expression, it gets matched with the respective cluster and their speech and expression are no longer only in the possession of them or of their social circle. This can be seen as a consequence of bridging social capital: as people create new and diverse ties on social networks, data becomes linked. This decrease of privacy continues until bundling appears (when the ties become strong and the network more homogenous).
Some laws allow filing a case against breach of digital privacy. In 2007, for instance, a class-action lawsuit was lodged on behalf of all Facebook users that led Facebook to close its advertising system "Beacon." In a similar case in 2010, the users sued Facebook once again for sharing personal user information to advertisers through their gaming application. Laws are based on consumers' consent and assume that the consumers are already empowered to know their own best interest. Therefore, for the past few years, people have been focusing on self-management of digital privacy through rational and educated decision-making.
Types of privacy
In the context of digital privacy, information privacy is the idea that individuals should have the freedom to determine how their digital information is collected and used. This is particularly relevant for personally identifiable information.
The concept of information privacy has evolved in parallel to the evolution of the field of Information Technology (IT). The rise of networking and computing led to the dramatic change in the ways of information exchange. The baseline for this concept was put forward in the late 1940s, and the third era of privacy development began in the 1990s.
The European Union has various privacy laws that dictate how information may be collected and used by companies. Some of those laws are written to give agency to the preferences of individuals/consumers in how their data is used. In other places, like in the United States, privacy law is argued by some to be less developed in this regard. By example, some legislation, or lack thereof, allow companies to self-regulate their collection and dissemination practices of consumer information.
In the context of digital privacy, communication privacy is the notion that individuals should have the freedom, or right, to communicate information digitally with the expectation that their communications are secure—meaning that messages and communications will only be accessible to the sender's original intended recipient.
In the context of digital privacy, individual privacy is the notion that individuals have a right to exist freely on the internet, in that they can choose what type of information they are exposed to, and more importantly, that unwanted information should not interrupt them. An example of a digital breach of individual privacy would be an internet user receiving unwanted ads and emails/spam, or a computer virus that forces the user to take actions, which otherwise they would not. In such cases, the individual does not exist digitally without interruption from unwanted information; thus their individual privacy has been infringed upon.
Some internet users proactively work to ensure information can not be collected, this is the practice of attempting to remain anonymous. There are many ways for a user to stay anonymous on the internet, including onion routing, anonymous VPN services, probabilistic anonymity, and deterministic anonymity.
For a user to keep their information anonymous when accessing the web, onion routing can be used to ensure the protection of their personally identifiable information.
Onion routing was originally developed by the U.S. Naval Research Lab and was intended to anonymize web traffic. The system created a path to any TCP/IP server by creating a pathway of onion routers. Once a pathway has been established, all information that is sent through it is anonymously delivered. When the user has finished utilizing the pathway it was essentially deleted which freed the resources to be used for a new pathway within onion routing. The Onion Routing Project developed into what is today known as Tor, a completely open-sourced and free software. Unlike its predecessor, Tor is able to protect both the anonymity of individuals as well as web providers. This allows people to set up anonymous web servers that in effect provide a censorship-resistant publishing service.
While the previously mentioned information anonymity system can also potentially protect the contents of communications between two people, there are other systems that directly function to guarantee that communication remains between its intended recipients.
One of these systems, PGP (i.e., Pretty Good Privacy), has existed in various forms for many years. It functions to protect email messages by encrypting and decrypting them. It originally existed as a command-line-only program, but it has evolved in recent years to have its own full interface, and a multitude of email providers now offer built-in PGP support. Users can also install PGP-compatible software and manually configure it to encrypt emails on nearly any platform.
SSL (i.e., Secure Sockets Layer) and TLS (i.e., Transport Layer Security) are measures to secure payments online. While these systems are not immune from breaches or failure, many users benefit greatly from their use as every major browser program has built-in support for it.
There are additional methods that work to provide anonymity and, by extension, protect the user's data.
As IP addresses can frequently be traced back to a specific physical location, and likewise can identify someone as well, changing one's IP address can help users remain anonymous by providing access to a multitude of servers in various geographic locations around the world, allowing them to appear as if they are physically located in a selected area, even when they are not. This is an example of a method/service that works to allow for information and communication anonymity. IP-address changers are one such service, which an internet user typically pays a fee to use.
The Virtual Private Network (VPN) is a technology that provides users secured connection over a non-secure public network such as the Internet through several tunneling protocols, handling, and encapsulating traffic at different levels to ensure communication security. VPN is also effective in securing data and privacy over the cloud and data-center environments because it is capable of protecting IPs from exposure to different kinds of attacks. This technology can be categorized into SSL VPN and IPSec VPN, which are methods of data communication from a user device to a VPN gateway using a secure tunnel. There is also the case of the VHSP mechanism, which protects the exposure of an IP address by assigning a temporal IP for the VPN gateway and its services.
The use of network address translation (NAT) allows users to hide connections passing through a gateway behind the gateway through the use of a sensible hiding IP address that is routable to the issuing gateway.
The (no) harm principle
Following the (no) harm principle of John Stuart Mill, private references must be respected: one can do whatever they want as long as others do not suffer from the consequences of it. In one's private space, alone, a person is free to do whatever they desire.
With the advent of photojournalism, the invasion of celebrities' private lives arose along with the notion of right-to-privacy—or what Samuel D. Warren and Louis Brandeis branded in 1890 as "the right to be left alone." Today's "privacy incidents" do not exclusively concern celebrities and politicians, as most people are connected and share data: people are not online to be left alone.
The economic value of data
According to Alessandro Acquisti, Curtins Taylor and Liad Wagman in The Economics of Privacy (2015), individual data can be seen as having two types of value: a commercial value and a private value. The fact that data is collected can have both positive and negative effects, and can cause a violation of privacy and a monetary cost. As per Acquisti, Taylor, and Wagman, there are further and further concerns about the progress of collecting data as data analysis becomes increasingly more efficient.
Regulations such as the EU Data Protection Directive, the U.S. Children's Online Privacy Protection Act, and many more are being put in place;however, the IT industry is always evolving and requires the users to be empowered and focus on self-management of the online privacy. As such, it is very important for the lawmakers to continue focusing on the right balance between the use of the internet and the economics of privacy.
Privacy and information breaches
Methods can be purposely crafted to obtain one's personal information illegally. These directed attacks are commonly referred to as hacking, though that term refers to the general practice and does not address specific hacking methods and implementation. Various hacking methods as it pertains to the invasion of one's digital privacy are outlined below. As it pertains to intent, within hacking, there are two categories of invasion:
- Directed attacks against someone individually, and
- Directed attacks against groups.
With the latter category, however, a hacker could effectively obtain a specified/particular individual's information through first targeting a larger group. An example of this possibility could be as follows: if a hacker, named individual-A, wishes to obtain a particular person's information, individual-B, they could first target a platform or group that has individual-B's information already, such as a credit agency, or they could likewise target a group that individual-B has previously relinquished/provided their data to, like a social media network or a cloud based data service. Through targeting one of those groups, individual-A could effectively obtain individual-B's information by first hacking all data the group has, including the data of other individuals. Once obtained, the hacker could simply identify individual-B's information within the data and disregard the rest.
Phishing is a common method of obtaining someone's private information. This generally consists of an individual (often referred in this context as a hacker), developing a website that looks similar to other major websites that a target person commonly uses. The phishing website may look identical to the legitimate site, but its URL could have a variation in spelling or a different domain such as .org instead of .com. The target person can be directed to the site through a link in a "fake" email that is designed to look like it came from the website they commonly use. The user then clicks on the URL, proceeds to sign in, or provide other personal information, and as opposed to the information being submitted to the website that the user thought they were on, it is actually sent directly to the hacker. Phishing attacks commonly obtain bank and financial data as well as social networking website information.
There tools can help users protect their information from phishing attacks and these include the Web browser extensions, which are capable of flagging suspicious websites and links.
Development and controversy
Digital privacy is a trending social concern. For example, over the past decade, the usage of the phrase digital privacy has increased by more than fivefold in published books. A TED talk by Eric Berlow and Sean Gourley following the 2013 mass surveillance disclosures cast a shadow over the privacy of cloud storage and social media. While digital privacy is concerned with the privacy of digital information in general, in many contexts it specifically refers to information concerning personal identity shared over public networks.
As the secrecy of the American Foreign Intelligence Surveillance Act becomes widely disclosed, digital privacy is increasingly recognized as an issue in the context of mass surveillance. Prior to the Edward Snowden disclosures concerning the extent of the NSA PRISM program were revealed in 2013, the public debate on digital privacy mainly centered on privacy concerns with social-networking services, as viewed from within these services. Even after 2013, scandals related to social-media privacy issues have continued to attract public attention. The most notable of these is the coverage of the Facebook–Cambridge Analytica data scandal in 2018, which led to a 66% decrease in public trust of Facebook.
The use of cryptographic software to evade prosecution and harassment while sending and receiving information over computer networks is associated with crypto-anarchism, a movement intending to protect individuals from mass surveillance by the government.
- TEDx Talks (2016-01-21), Privacy in the Digital Age | Nicholas Martino | TEDxFSCJ, retrieved 2018-11-28
- Rice, James C.; Sussan, Fiona (2016-10-01). "Digital privacy: A conceptual framework for business". Journal of Payments Strategy & Systems. 10 (3): 260–266.
- Hung, Humphry; Wong, Y.H. (2009-05-22). "Information transparency and digital privacy protection: are they mutually exclusive in the provision of e‐services?". Journal of Services Marketing. 23 (3): 154–164. doi:10.1108/08876040910955161. hdl:10397/20138. ISSN 0887-6045.
- Scholz, Trebor (2012-10-12). Digital Labor: The Internet as Playground and Factory. Routledge. ISBN 978-1-136-50669-7.
- Stutzman, Fred; Gross, Ralph; Acquisti, Alessandro (2013-03-01). "Silent Listeners: The Evolution of Privacy and Disclosure on Facebook". Journal of Privacy and Confidentiality. 4 (2). doi:10.29012/jpc.v4i2.620. ISSN 2575-8527.
- Tubaro, Paola; Casilli, Antonio A; Sarabi, Yasaman (2014). "Against the Hypothesis of the End of Privacy". SpringerBriefs in Digital Spaces. doi:10.1007/978-3-319-02456-1. ISBN 978-3-319-02455-4. ISSN 2193-5890.
- D. Grubbs, Amelia (May 2011). "Privacy Law and the Internet using Facebook.com as a Case Study".
- Boerman, Sophie C.; Kruikemeier, Sanne; Zuiderveen Borgesius, Frederik J. (2018-10-05). "Exploring Motivations for Online Privacy Protection Behavior: Insights From Panel Data". Communication Research: 0093650218800915. doi:10.1177/0093650218800915. ISSN 0093-6502.
- "Information Privacy Research: An Interdisciplinary Review". ResearchGate. Retrieved 2020-12-01.
- "Privacy Law in the United States, the EU and Canada: The Allure of the Middle Ground 2 University of Ottawa Law & Technology Journal 2005". heinonline.org. Retrieved 2018-11-28.
- "What is a man-in-the-middle attack?". us.norton.com. Retrieved 2020-10-10.
- Kemp, Katharine. "94% of Australians do not read all privacy policies that apply to them – and that's rational behaviour". The Conversation. Retrieved 2018-11-28.
- Meijer, Ronald; Conradie, Peter; Choenni, Sunil (2014). "Reconciling Contradictions of Open Data Regarding Transparency, Privacy, Security and Trust". Journal of Theoretical and Applied Electronic Commerce Research. 9 (3): 32–44. doi:10.4067/S0718-18762014000300004. hdl:1854/LU-5671907. ISSN 0718-1876.
- Grahn, Kaj J.; Forss, Thomas; Pulkkis, Göran. "Anonymous Communication on the Internet". InSITE 2014: Informing Science + IT Education Conference. 14: 103–120.
- Acquisti, Alessandro; Gritzalis, Stefanos; Lambrinoudakis, Costos; Vimercati, Sabrina di (2007-12-22). Digital Privacy: Theory, Technologies, and Practices. CRC Press. ISBN 9781420052183.
- "Anonymous connections and onion routing - IEEE Journals & Magazine". CiteSeerX 10.1.1.728.3577. doi:10.1109/49.668972. Cite journal requires
- Edman, M. and Yener, B. 2009. On anonymity in an electronic society: A survey of anonymous communication systems. ACM Comput. Surv. 42, 1, Article 5 (December 2009), 35 pages. DOI = 10.1145/1592451.1592456, http://doi.acm.org/10.1145/1592451.1592456
- Zimmermann, Philip R. (1999). "Why I Wrote PGP". Essays on PGP. Philip Zimmermann.
- "Survey and taxonomy of IP address lookup algorithms - IEEE Journals & Magazine". doi:10.1109/65.912716. Cite journal requires
- Technology Analysis Branch of the Office Privacy Commissioner of Canada (May 2013). "What an IP Address Can Reveal About You" (PDF). Office Privacy Commissioner of Canada. Cite journal requires
- Doss, Robin; Piramuthu, Selwyn; Zhou, Wei (2016). Future Network Systems and Security: Second International Conference, FNSS 2016, Paris, France, November 23-25, 2016, Proceedings. Cham: Springer. p. 3. ISBN 9783319480206.
- Kim, Kuinam (2015). Information Science and Applications. Berlin: Springer. p. 1053. ISBN 9783662465776.
- Simonis, Drew; Pincock, Corey; Kligerman, Daniel; Maxwell, Doug; Amon, Cherie; Keele, Allen (2002). Checkpoint Next Generation Security Administration. Rockland, MA: Elsevier. pp. 498. ISBN 978-1928994749.
- Warren, Samuel D.; Brandeis, Louis D. (1890). "The Right to Privacy". Harvard Law Review. 4 (5): 193–220. doi:10.2307/1321160. ISSN 0017-811X. JSTOR 1321160.
- Acquisti, Alessandro; Taylor, Curtis R.; Wagman, Liad (2015). "The Economics of Privacy". SSRN Working Paper Series. doi:10.2139/ssrn.2580411. ISSN 1556-5068. S2CID 7745229.
- Koumourou, Xenophon. Hacking analysis and protection: Hacking analysis and protection methods. CreateSpace Independent Publishing Platform. ISBN 978-1463764944.
- Dubovitskaya, Maria, Take back control of your personal data, retrieved 2018-12-12
- Chiew, Kang Leng; Yong, Kelvin Sheng Chek; Tan, Choon Lin (2018-09-15). "A survey of phishing attacks: Their types, vectors and technical approaches". Expert Systems with Applications. 106: 1–20. doi:10.1016/j.eswa.2018.03.050. ISSN 0957-4174.
- Hassan, Nihad; Hijazi, Rami (2017). Digital Privacy and Security Using Windows: A Practical Guide. New York: Apress. p. 69. ISBN 9781484227985.
- Lacey, David; Salmon, Paul; Glancy, Patrick (2015-01-01). "Taking the Bait: A Systems Analysis of Phishing Attacks". Procedia Manufacturing. 3: 1109–1116. doi:10.1016/j.promfg.2015.07.185. ISSN 2351-9789.
- Acquisti, Alessandro; Gritzalis, Stefano; Lambrinoudakis, Costos; di Vimercati, Sabrina (2007). Digital Privacy: Theory, Technologies, and Practices. Boca Raton, FL: Auerbach Publications. p. 14. ISBN 9781420052176.
- Gourley, Eric Berlow and Sean, Mapping ideas worth spreading, retrieved 2018-11-27
- "Privacy". Electronic Frontier Foundation (in Spanish). Retrieved 2018-11-27.
- Roberts, Jeff (2013-08-22). "Google and Microsoft's plea on NSA requests moves slowly in secret court". gigaom.com. Retrieved 2018-11-27.
- Trust in Facebook has dropped by 66 percent since the Cambridge Analytica scandal