Fred H. Cate

Bio: Fred H. Cate is an academic researcher from Indiana University. The author has contributed to research in topics: Data Protection Act 1998 & Information privacy. The author has an hindex of 17, co-authored 101 publications receiving 1159 citations.

Privacy in the Information Age

Abstract: Electronic information networks offer extraordinary advantages to business, government, and individuals in terms of power, capacity, speed, accessibility, and cost But these same capabilities present substantial privacy issues With an unprecedented amount of data available in digital format--which is easier and less expensive to access, manipulate, and store--others know more about you than ever beforeConsider this: data routinely collected about you includes your health, credit, marital, educational, and employment histories; the times and telephone numbers of every call you make and receive; the magazines you subscribe to and the books your borrow from the library; your cash withdrawals; your purchases by credit card or check; your electronic mail and telephone messages; where you go on the World Wide Web The ramifications of such a readily accessible storehouse of information are astonishingGovernments have responded to these new challenges to personal privacy in a wide variety of ways At one extreme, the European Union in 1995 enacted sweeping regulation to protect personal information; at the other extreme, privacy law in the United States and many other countries is fragmented, inconsistent, and offers little protection for privacy on the internet and other electronic networksFor all the passion that surrounds discussions about privacy, and the recent attention devoted to electronic privacy, surprisingly little consensus exists about what privacy means, what values are served--or compromised--by extending further legal protection to privacy, what values are affected by existing and proposed measures designed to protect privacy, and what principles should undergird a sensitive balancing of those valuesIn this book, Fred Cate addresses these critical issues in the context of computerized information He provides an overview of the technologies that are provoking the current privacy debate and discusses the range of legal issues that these technologies raise He examines the central elements that make up the definition of privacy and the values served, and liabilities incurred, by each of those components Separate chapters address the regulation of privacy in Europe and the United States The final chapter identifies four sets of principles for protecting information privacy The principles recognize the significance of individual and collective nongovernmental action, the limited role for privacy laws and government enforcement of those laws, and the ultimate goal of establishing multinational principles for protecting information privacyPrivacy in the Information Age involves questions that cut across the fields of business, communications, economics, and law Cate examines the debate in provocative, jargon-free, detail

Notice and consent in a world of Big Data

Abstract: Nowadays individuals are often presented with long and complex privacy notices routinely written by lawyers for lawyers, and are then requested to either ‘consent’ or abandon the use of the desired service.The over-use of notice and consent presents increasing challenges in an age of ‘Big Data’.These phenomena are receiving attention particularly in the context of the current review of the OECD Privacy Guidelines.In 2012 Microsoft sponsored an initiative designed to engage leading regulators, industry executives, public interest advocates, and academic experts in frank discussions about the role of individual control and notice and consent in data protection today, and alternative models for providing better protection for both information privacy and valuable data flows in the emerging world of Big Data and cloud computing.

The Failure of Fair Information Practice Principles

Abstract: Modern data protection law is built on "fair information practice principles." At their inception in the 1970s and early 1980s, FIPPS were broad, aspirational, and included a blend of substantive (e.g., data quality, use limitation) and procedural (e.g., consent, access) principles. They reflected a wide consensus about the need for broad standards to facilitate both individual privacy and the promise of information flows in an increasingly technology-dependent, global society. As translated into national law in the United States, Europe, and elsewhere during the 1990s and 2000s, however, FIPPS have increasingly been reduced to narrow, legalistic principles (e.g., notice, choice, access, security, and enforcement). These principles reflect a procedural approach to maximizing individual control over data rather than individual or societal welfare. As theoretically appealing as this approach may be, it has proven unsuccessful in practice. Businesses and other data users are burdened with legal obligations while individuals endure an onslaught of notices and opportunities for often limited choice. Notices are frequently meaningless because individuals do not see them or choose to ignore them, they are written in either vague or overly technical language, or they present no meaningful opportunity for individual choice. Trying to enforce notices no one reads has led in the United States to the Federal Trade Commission's tortured legal logic that such notices create enforceable legal obligations, even if they were not read or relied upon as part of the deal. Moreover, choice is often an annoyance or even a disservice to individuals. In addition, many services cannot be offered subject to individual choice. Requiring choice may be contrary to other activities important to society, such as national security or law enforcement, or to other values, such as freedom of communication. Enforcement of notice, choice, and the other FIPPS is uneven at best. Situations likely to threaten greatest harm are often subject to the least oversight, while innocuous or technical violations of FIPPS may be prosecuted vigorously if they are the subject of a specific law or obligation and they can be used to generate popular or political pressure. In short, the control-based system of data protection, with its reliance on narrow, procedural FIPPS, is not working. The available evidence suggests that privacy is not better protected. The flurry of notices may give individuals some illusion of enhanced privacy, but the reality is far different. The result is the worst of all worlds: privacy protection is not enhanced, individuals and businesses pay the cost of bureaucratic laws, and we have become so enamored with notice and choice that we have failed to develop better alternatives. The situation only grows worse as more states and nations develop inconsistent data protection laws with which they attempt to regulate increasingly global information flows. This paper reflects a modest first step at articulating an approach to privacy laws that does not reject notice and choice, but does not seek to rely on it for all purposes. Drawing on other forms of consumer protection, in which standards of protection are not negotiable between providers and consumers, I propose that national governments stop subjecting vast flows of personal data to restraints based on individual preferences or otherwise imposing the considerable transaction costs of the current approach. Instead, the paper proposes that lawmakers reclaim the original broader concept of FIPPS by adhering to Consumer Privacy Protection Principles (CPPPS) that include substantive restrictions on data processing designed to prevent specific harms. The CPPPS framework is only a first step. It is neither complete nor perfect, but it is an effort to return to a more meaningful dialogue about the legal regulation of privacy and the value of information flows in the face of explosive growth in technological capabilities in an increasingly interconnected, global society.

The Limits of Notice and Choice

Abstract: The US Federal Trade Commission (FTC) has embarked on a series of three workshops on exploring privacy. The first, in December 2009 in Washington, DC, focused on market and regulatory issues; the second, in January in Berkeley, California, examined technological issues; and the third, scheduled for March in Washington again, will focus on possible solutions. But after hearing from more than 70 speakers at two standing-room only workshops, at least one theme is emerging: notice and choice are inadequate tools for protecting information privacy or security.

The Challenge of "Big Data" for Data Protection

Abstract: Data protection, like almost everything else in our lives, is challenged by the advent of ‘big data’. The Economist reports in its 2012 Outlook that the quantity of global digital data expanded from 130 exabytes in 2005 to 1,227 in 2010, and is predicted to rise to 7,910 exabytes in 2015. An exabyte is a quintillion bytes. If you find that hard to visualize, consider this: someone has calculated that if you loaded an exabyte of data on to DVDs in slimline jewel cases, and then loaded them into Boeing 747 aircraft, it would take 13,513 planes to transport one exabyte of data. Using DVDs to move the data collected globally in 2010 would require a fleet of more than 16 million jumbo jets. And exabytes are rapidly becoming passe. The volume of stored information in the world is growing so fast that scientists have had to create new terms, including zettabyte and yottabyte, to describe the flood of data. The importance of big data is not just a result of its size or how fast it is growing (about 60 per cent a year), but also the reality that the data come from an amazing array of sources. The Internet captures lots of data. Facebook alone has more than 800 million active users, more than half of whom log in every day, where they generate more than 900 million web pages and upload more than 250 million photos every day. In 2010, a lifetime ago in Internet time, Google sites were used by more than 1 billion unique visitors every month who spent a collective 200 billion minutes on its sites. Google-owned YouTube passed 1 trillion video playbacks in 2011. Email, IM, VOIP calls, and other communications generate tens of trillions of recorded messages every year. Credit and debit cards, checks, and other financial activities provide a steady stream of billions of financial transactions recorded every month. And increasingly sensor networks—video surveillance cameras, embedded computers in automobiles, the more than 5 billion cell phones we carry—record locations, movements, and activities. We can now talk meaningfully about ubiquitous data collection, in which almost everything we do results in data being captured and stored by one or more third parties. It is significant that those data are digital. They can be stored, shared, searched, combined, and duplicated with extraordinary speed and at very little cost. And they are accompanied by metadata—data about when and where and how the underlying information was generated. Some experts estimate that there may be five times more metadata than the information we are aware of creating, and this metadata can be extraordinarily revealing. We used to define ‘big data’ as being data sets so large that a supercomputer was needed to process them, but another aspect of big data has been that not only has analytical capacity soared, but also become far more inexpensive and widely distributed. It is not just that today’s mobile devices have more computing power than the desktop machines of a decade ago, but also that we can now link data and computers virtually so that huge computational tasks can be undertaken affordably and conveniently. In fact, we are witnessing the movement of more of that computational power, as well as storage of the tidal wave of data we are generating and collecting, into the ‘cloud’. Cloud computing is all the rage, but despite the overuse and misuse of the term, it is increasingly clear that many of the data and resources we used to believe that we had to possess locally—in computers, handheld devices, entertainment systems, and business record systems—can now be provided with greater security and reliability (and at lower cost) remotely. When thinking about the importance of ‘big data’, it is critical to remember that access to so much data, from so many different sources, and to the computing

Information privacy research: an interdisciplinary review

Abstract: To date, many important threads of information privacy research have developed, but these threads have not been woven together into a cohesive fabric. This paper provides an interdisciplinary review of privacy-related research in order to enable a more cohesive treatment. With a sample of 320 privacy articles and 128 books and book sections, we classify previous literature in two ways: (1) using an ethics-based nomenclature of normative, purely descriptive, and empirically descriptive, and (2) based on their level of analysis: individual, group, organizational, and societal. Based upon our analyses via these two classification approaches, we identify three major areas in which previous research contributions reside: the conceptualization of information privacy, the relationship between information privacy and other constructs, and the contextual nature of these relationships. As we consider these major areas, we draw three overarching conclusions. First, there are many theoretical developments in the body of normative and purely descriptive studies that have not been addressed in empirical research on privacy. Rigorous studies that either trace processes associated with, or test implied assertions from, these value-laden arguments could add great value. Second, some of the levels of analysis have received less attention in certain contexts than have others in the research to date. Future empirical studies-both positivist and interpretive--could profitably be targeted to these under-researched levels of analysis. Third, positivist empirical studies will add the greatest value if they focus on antecedents to privacy concerns and on actual outcomes. In that light, we recommend that researchers be alert to an overarching macro model that we term APCO (Antecedents → Privacy Concerns → Outcomes).

Delete: The Virtue of Forgetting in the Digital Age

Abstract: Delete looks at the surprising phenomenon of perfect remembering in the digital age, and reveals why we must reintroduce our capacity to forget. Digital technology empowers us as never before, yet it has unforeseen consequences as well. Potentially humiliating content on Facebook is enshrined in cyberspace for future employers to see. Google remembers everything we've searched for and when. The digital realm remembers what is sometimes better forgotten, and this has profound implications for us all. In Delete, Viktor Mayer-Schnberger traces the important role that forgetting has played throughout human history, from the ability to make sound decisions unencumbered by the past to the possibility of second chances. The written word made it possible for humans to remember across generations and time, yet now digital technology and global networks are overriding our natural ability to forget--the past is ever present, ready to be called up at the click of a mouse. Mayer-Schnberger examines the technology that's facilitating the end of forgetting--digitization, cheap storage and easy retrieval, global access, and increasingly powerful software--and describes the dangers of everlasting digital memory, whether it's outdated information taken out of context or compromising photos the Web won't let us forget. He explains why information privacy rights and other fixes can't help us, and proposes an ingeniously simple solution--expiration dates on information--that may. Delete is an eye-opening book that will help us remember how to forget in the digital age.

Principles of Emergency Planning and Management

Abstract: Principles of emergency planning and management , Principles of emergency planning and management , کتابخانه الکترونیک و دیجیتال - آذرسا

A Contextual Approach to Privacy Online

Abstract: Recent media revelations have demonstrated the extent of third-party tracking and monitoring online, much of it spurred by data aggregation, profiling, and selective targeting. How to protect privacy online is a frequent question in public discourse and has reignited the interest of government actors. In the United States, notice-and-consent remains the fallback approach in online privacy policies, despite its weaknesses. This essay presents an alternative approach, rooted in the theory of contextual integrity. Proposals to improve and fortify notice-and-consent, such as clearer privacy policies and fairer information practices, will not overcome a fundamental flaw in the model, namely, its assumption that individuals can understand all facts relevant to true choice at the moment of pair-wise contracting between individuals and data gatherers. Instead, we must articulate a backdrop of context-specific substantive norms that constrain what information websites can collect, with whom they can share it, and under what conditions it can be shared. In developing this approach, the paper warns that the current bias in conceiving of the Net as a predominantly commercial enterprise seriously limits the privacy agenda.

Predictive Policing: The Role of Crime Forecasting in Law Enforcement Operations

Abstract: Predictive policing is the use of analytical techniques to identify targets for police intervention with the goal of preventing crime, solving past crimes, or identifying potential offenders and victims. These tools are not a substitute for integrated approaches to policing, nor are they a crystal ball. This guide assesses some of the most promising technical tools and tactical approaches for acting on predictions in an effective way.