An invasion of privacy; Home computers, cable TV

By , Donna C. Nash is president of Collingwood Associates Inc., a telecommunications consulting firm in Washington, D.C., and fomerly director of system research at Public Broadcasting Service. David A. Bollier is senior associate at Collingwood Associates.

The television used to be simply a device for bringing news and entertainment from the outside world into our living rooms. But now the family television is being hooked up to other basic information tools--the computer, cable, and telephone--creating an entirely new technology of interactive home media, or "hometech," capable of transmitting information out of, as well as into, homes....

The privacy dangers of hometech are largely unrecognized. This is not surprising: the general public hardly knows what interactive technologies are, and even cable television, the most developed hometech industry in the United States today, downplays the issue. One official of the National Cable Television Association reportedly wants his group to work on the issue "quietly." Another NCTA official concedes that the privacy dangers are real, but notes that the issue "is not being dealt with on an industrywide basis because it hasn't demonstrated itself as a burning fire yet. But it will." As for drawing up voluntary guidelines to assure that the issue is given due recognition, Gustave Hanser, president of Warner-Amex, speaks for many in the industry when he argues that privacy guidelines are "possibly premature" and that cable companies "should just be left alone for a while to creatively find our way to provide what people want..."

What people want in the way of interactive home media is a matter of speculation. But their desire for--and right to--privacy is much more certain. The urgent question. therefore, is how to assure individual privacy as the new technologies develop....

Recommended: FISA 101: 10 key dates in the evolution of NSA surveillance

Consumers risk four types of exposure with interactive home media: intrusion, interception, misuse of information, and aggregation of individual or household information.

Intrusion is made.possible by the constant electronic surveillance provided by some interactive cable systems. For example, Warner-Amex's Qube system in Columbus, Ohio, scans user households every six seconds to record such information as whether a household's TV set is on or off, the integrity of the receiver, the channel being viewed, and the last response button pressed. Other hometech systems use the same polling technique to detect fire, smoke, sound, and movement, monitor energy load, and transmit calls for medical help. Before sending out an alarm, the system repolls the terminal to confirm the signal and then transmits to the central computer any additional relevant information such as a user's medical history, special architectural features of the house, or the presence of hazardous materials....

Interception can occur when an outside party eavesdrops on private communication to the head-end (central cable company) computer. Such interception can occur at several points in the system: during transmission from a home console to the head-end computer; and at the head-end, through unauthorized tapping into data, an improper communications link, or authorized access by an outside agency such as a law-enforcement body.

For example, when a home interactive cable user sends an electronic message to the head-end computer, the message, along with a code number identifying the originating terminal, can be intercepted below the first "bridge gate controller , which controls the upstream and downstream direction of messages. Before this point there are as many as 256 terminals, any of which could potentially pick up a weak signal that might flow back downstream. While normal terminals are designed to ignore such signals, a specially designed terrminal could intercept them. This is improbable considering the necessary effort and expense, but the incentives for interception will grow as more kinds of information are sent over the system...

Misuse of information is possible with interactive home media because much of the data collected by the head-end computer for billing or polling have other marketable uses. Three types of sensitive information are generated by. interactive hometech: viewing choices, viewer responses, and security information. Release of information about individual viewing choices and responses could be embarrassing or damaging. More subtly, a viewer's selection patterns could be used improperly, such as when during the McCarthy era library circulation records were used as incriminating "evidence." Sensors that detect the presence of an intruder in a home could also be used to monitor a homeomer's movements. Personal information supplied during medical emergencies or fires could be used by insurance companies to surreptitiously raise risk factors and thus premiums...

Aggregation of data by household is the fourth type of privacy invasion. Isolated bits of personal information may have little value, but when compiled and compared by individual or household rather than-by group, they can damage a person's privacy. The Privacy Protection Act of 1974 addressed this problem as it relates to the federal data pools.

Another privacy threat could arise if a household "psychographic" profile is assembled from personal information stored in the head-end computer, perhaps supplemented with information from other sources...

Traditional privacy protections such as the law, regulations, voluntary industry guidelines, consumer education, and technical devices are ineffective in dealing with the new dangers of hometech. Accordingly, we must devise a new legal framework that reflects the altered social circumstces...

The two most significant laws for privacy and interactive bome media systems are the Omnibus Crime Control Act and the Privacy Act of 1974. The former deals with electronic surveillance and sets forth the circumstances by which one can legally gain private information about an individual or group. Its principles and provisions might well be extended to cover the interception of data and messages from computer terminals within a public information utility system.

The Privacy Act of 1974 addresses the rights of individuals with regard to personal data contained in federal data banks. Its principles and provisions might also be extended to include privately>1 owned pools of data about individuals, since the potential dangers are nearly identical.

Perhaps the most significant affirmation relevant to the hometech industry was that individuals have the right to know what personal information is in a data bank and to correct any inaccuracies. Second, the type of information that a data handler can collect about an individual and how that information can be combined with other data bases is restricted. Third, information handlers have a fiduciary responsibility to meet the law's provisions. Accountability is served in part through the individual's right of access, but civil measures also deter irresponsible use of personal data.... )

The 1974 law also,established the Privacy Protection Study Commission to report on the act's implementation and other privacy areas that need to be addressed. A major finding of the commission's 1977 report was that the law did not address technological developments--such as interactive home media--that create the possibility of new privacy abuses. The commission noted two areas that especially need more specific legal provisions. First,-explicit regulations or guidelines for protecting privacy during routine information-gathering procedures are needed. Although systems such as Qube have begun to address this area, further efforts must be made by cable operators.

A second concern was the informal collection and sharing of information among organizations. Currently there is little legal protection for the transfer of personal data that are not explicitly confidential. For example, the Qube system may collect information of value to its parent companies, such as American Express. New laws or regulations or at least immediate voluntary industry guidelines, would help curb such uses of information. The commission also pointed out that the enforcement mechanisms of the Privacy Act are not, very effective. Not only are the penalties now, but it is difficult for an individual to prove unauthorized or injurious disclosure of information, especially when more than one vendor is involved.

Thus, legal protections are incomplete and rapid technological development exacerbates the problems...

No community or individual subscriber should affiliate with a hometech system without knowing how individual privacy rights will be treated... m

Share this story:

We want to hear, did we miss an angle we should have covered? Should we come back to this topic? Or just give us a rating for this story. We want to hear from you.

Loading...

Loading...

Loading...