To help the reader sort through the barrage of terms thrown around in the privacy debate, here's a glossary that we've divided into two sections: commonly understood notions, and related technological terms.
More
Computerworld
QuickStudies
Notions of Privacy
Within the context of the Internet, the right to privacy is still being defined. Generally, it involves a person's right to control what information about himself is revealed and to whom, as well as what others may do with that information. It's not the same thing as secrecy, but the distinction is sometimes murky. Privacy isn't an absolute right, since it's often trumped by laws and overriding social needs. For example, law enforcement officials may obtain warrants that allow them to intercept communications or search physical areas, activities that otherwise would be forbidden.
Anonymity There are times when we're willing to supply personal information, provided it's not connected directly to us. When we respond to a survey, for example, we may feel comfortable about revealing personal information, such as income and lifestyle choices, because we believe that our answers won't be linked in any way to our names or other identifying information. And there are other times when anonymity can be desirable -- for example, when reporting a crime.
Online, we can use an Internet site called a remailer that reposts a message from the site's own address, thus concealing the originator of the message. However, remailers have a tarnished image, since many spam distributors also use remailers. (See also anonymizer, below.)
Confidentiality Despite the absence of legal compulsions, most of us expect to be able to hold at least some personal information in confidence, and if we give that information to someone -- such as when filling out a loan or employment application -- we expect the other party to take security measures to protect that information and not to share it with others.
Privacy in the law The Privacy Act of 1974 asserts that an agency of the U.S. government must not conceal the existence of any personal data record-keeping system, and each agency that maintains such a system must describe publicly both the kinds of information in it and the manner in which it will be used. The law defines eight principles on which to base and enforce privacy policy: openness, individual access, individual participation, collection limitation, use limitation, disclosure limitation, information management and accountability.
Pseudonymity This concept originated in the field of cryptography. Pseudonymity is the ability to prove a consistent identity without revealing one's actual name, instead using an alias or pseudonym. Pseudonymity combines many of the advantages of both a known identity and anonymity. In anonymity, one's identity isn't known, but pseudonymity creates a separate, persistent "virtual" identity that can't be linked to a specific person, group or organization. Pseudonymous remailers, called "nym servers," take messages addressed to the pseudonym and resend them to the pseudonym's real e-mail address, and they can also forward messages to others as though they came from the pseudonym's address on the server. And unlike with anonymous e-mail, users can reply to a pseudonymous sender, and pseudonyms can establish reputations in the digital world.
Privacy-related Terms
Anonymizer Sometimes called a Web anonymizer, this privacy service lets a user visit Web sites while preventing those sites from gathering information about the user (including IP address, browser and operating system identification, and cookie-stored data) or which sites he has visited. Anonymizers usually work by using a proxy server to process HTTP requests. When the user clicks on a hyperlink or types a URL, the anonymizing server intervenes and gets the information for the user. The Web site whose page is being requested gets only information about the anonymizer server, not the user's computer. An anonymizer makes a user feel that his privacy is better protected on the Internet, but it also prevents personalization, so sites can't tailor their content to suit the user, and he may have to re-enter personal identification repeatedly (such as when making purchases).
Opt-in/Opt-out An important distinction in the privacy debate concerns the terms under which e-mail marketers (legitimate ones, not spammers that ignore ethical and legal concerns) can contact users. Opt-in is the consumer-friendly position, where companies can send e-mail only to people who have directly given their consent for such communications, typically by signing up at a Web site. Opt-out is the marketer-preferred alternative under which marketers can e-mail to anyone who hasn't specifically told them not to. Unfortunately, spammers have used opt-out replies as a way of verifying valid e-mail addresses.
The Internet Direct Marketing Bureau has endorsed opt-in e-mail as the best practice for its marketer members.
Privacy policy Most Web sites have a page describing in detail the site's privacy practices and what the site's owners will do with any information they collect.
P3P Short for "Platform for Privacy Preferences Project," this is a standard XML format adopted by the World Wide Web Consortium for Web sites to use to encode their privacy policies [see QuickLink 33484]. P3P recommends practices that will let users define and share personal information with Web sites that they agree to share it with. Using software that adheres to the P3P recommendations, users can create a personal profile and make it (or parts of it) accessible to a Web site as the user directs.
RFID Now on the verge of becoming a widespread supply chain tool, radio frequency identification tags are getting smaller and cheaper, and privacy concerns are being raised. It may not be long before such tags are built into individual items (such as clothing), not just shipping pallets, allowing an unprecedented amount of automated monitoring of people's habits, behaviors and locations.
Spyware Any technology that aids in gathering information about persons or organizations without their knowledge. On the Internet, spyware is programming that's secretly installed in a computer to gather information about the user and relay it to advertisers or other interested parties. Spyware can infiltrate a computer as a virus or as a surprise result of installing a new program. Data-collecting programs installed with the user's knowledge aren't spyware as long as the user fully understands what data is being collected and with whom it will be shared. If your computer has spyware in it, be aware that you have a "live" server sending information about your surfing habits to a remote location.
Web beacons Also called Web bugs, pixel tags or clear GIFs, these file objects (typically a single transparent pixel invisible to the user) are used along with cookies to help track the behavior of Web site visitors. Users can set their browsers to accept or decline a cookie, but a Web bug always arrives; it’s just another graphic on the page. Turning off cookies will prevent tracking your specific activity, but the Web beacon can still record an anonymous visit through your IP address. Web beacons are typically used by a third party to centralize monitoring from a number of different sites. Web bugs can be put to positive use, such as to track copyright violations on the Web.
Kay is a Computerworld contributing writer in Worcester, Mass. Contact him at russkay@charter.net.
See additional Computerworld QuickStudies
Compliance Headaches
Stories in this report
- Compliance Headaches
- Privacy Potholes
- Outsourcing: Losing Control
- Chief Privacy Officers: Hot or Not?
- Privacy Glossary
- The Almanac: Privacy
- The RFID Privacy Scare is Overblown
- Test Your Privacy Knowledge
- Five Key Privacy Principles
- Privacy Payoff: Better Customer Data
- California Privacy Law a Yawner So Far
- Learn (Almost) Anything About Anybody
- Five Steps Your Company Can Take To Keep Information Private