Privacy Study Guide

📖 Core Concepts Privacy – the right to keep personal affairs, information, or physical space from unwanted observation; a form of personal control over information flow. Control over Information – ability to decide when, how, and to what extent personal data is shared. Privacy vs. Security – overlap exists, but privacy is about limiting access, while security is about protecting data from unauthorized use. Bodily Integrity – privacy includes protecting the physical self from intrusion. Four Classical States – Solitude (physical separation), Intimacy (close relationship in seclusion), Anonymity (public privacy without identification), Secrecy (concealing information that could be used against you). Contextual Integrity (Nissenbaum) – privacy is appropriate information flow that conforms to contextual norms. Fourth‑Amendment Reasonable Expectation – legal standard protecting privacy of persons, homes, papers, and effects from unreasonable searches. --- 📌 Must Remember Key Legal Cases United States v. Jones (2012) – warrantless GPS tracking = violation. Riley v. California (2014) – cell‑phone searches need a warrant. Carpenter v. United States (2018) – cell‑phone location records require a warrant. Kyllo v. United States (2001) – thermal imaging without a warrant violates privacy. GDPR – requires informed consent before personal data collection; guarantees right to be forgotten. Privacy Paradox – people say they care about privacy but often act otherwise; driven by low awareness, default settings, and trade‑offs with impression management. Metadata Risks – browsing logs, search queries, and Likes can infer sexual orientation, race, religion, intelligence, etc. Encryption Standards – PGP/S/MIME for email; Signal provides end‑to‑end encryption with perfect forward secrecy. Anonymizing Networks – Tor/I2P hide IP addresses; VPNs hide activity from ISPs but not from the VPN provider. --- 🔄 Key Processes Obtaining a Warrant for Digital Surveillance Identify reasonable expectation of privacy → file affidavit → judicial review → issue warrant → conduct search. Encrypting Email (PGP/S‑Mime) Generate public/private key pair → share public key → encrypt message with recipient’s public key → send → recipient decrypts with private key. Location‑Privacy via Blurring User’s device sends precise coordinates → server replaces with a blurred region (e.g., 5‑km radius) → only blurred data stored/shared. De‑anonymization Attack Collect multiple data points (likes, timestamps) → apply linkage algorithms → match to a unique identifier → re‑identify the individual. --- 🔍 Key Comparisons Privacy vs. Security – Privacy limits who can see; Security protects how data is kept safe. Anonymity vs. Pseudonymity – Anonymity: no identifier attached; Pseudonymity: consistent identifier that can be linked back under certain conditions. (Outline mentions anonymity but not pseudonymity; inference applied.) Physical vs. Organizational Privacy – Physical: walls, fences, clothing; Organizational: legal protections (trade secrets, executive privilege). --- ⚠️ Common Misunderstandings Privacy = Secrecy – privacy also covers control over information that may be shared, not only hidden. If I consent, I’m protected – consent does not guarantee adequate safeguards; consent can be uninformed. Metadata is harmless – metadata can reveal highly sensitive traits. Deleting a post erases all data – copies may persist in backups, logs, or third‑party caches. --- 🧠 Mental Models / Intuition “Privacy Fence” – imagine a fence around your personal data; each gate (consent, encryption, anonymization) controls who passes. Information Flow Diagram – think of data moving through “pipes” that should only connect when the contextual norm (who, what, why) is satisfied. --- 🚩 Exceptions & Edge Cases Public Spaces – No reasonable expectation of privacy unless a temporary expectation is created (e.g., a fenced garden). Corporate Infrastructure – Private companies own most Internet hardware, limiting governmental privacy guarantees. Warrantless Digital Tracking – GPS tracking (Jones) and cell‑site records (Carpenter) are exceptions requiring warrants despite being digital. GDPR vs. US Law – GDPR provides explicit rights; US relies on Fourth Amendment & sector‑specific statutes. --- 📍 When to Use Which Encryption vs. VPN – Use encryption for protecting content (messages, emails); use VPN when you need to hide metadata (IP address) from ISP. Anonymizing Network vs. Private Browsing – Tor/I2P when you need strong unlinkability; private mode only prevents local storage, not network observation. Consent vs. Legal Requirement – Rely on consent for routine data collection; invoke legal safeguards (e.g., Fourth Amendment) for government‑initiated searches. --- 👀 Patterns to Recognize Data Aggregation → De‑anonymization – multiple “harmless” data points often combine to identify an individual. Privacy Paradox Indicator – high self‑reported concern and frequent use of default settings = likely paradox. Court Trend – Supreme Court increasingly extends Fourth‑Amendment protections to digital footprints (GPS, cell‑phone data). --- 🗂️ Exam Traps Distractor: “Privacy is only about physical space.” – Wrong; privacy also covers digital information control. Distractor: “All metadata is non‑identifying.” – Incorrect; metadata can infer sensitive traits. Distractor: “Consent automatically satisfies GDPR.” – False; consent must be informed, specific, and freely given. Distractor: “VPNs provide the same anonymity as Tor.” – Misleading; VPNs expose traffic to the VPN provider, while Tor hides it from all observers. ---