Wednesday, April 13, 2005

Privacy as Contextual Integrity (Part 4): The Impact of new Vehicle Technology

[This is Part 4 of my discussion of the theory of "Privacy as Contextual Integrity"]

The Impact of new Vehicle Technology

When viewed within existing theories of privacy, any potential impact by new vehicle technologies on the flow of personal information could likely fall victim to the conceptual, normative and empirical shortcomings previously mentioned. Many argue that RFID tags or GPS systems shouldn't trigger privacy conerns because one's license plate number is already in view, and people can always see where one is driving - these new technologies only make such information more available.

But, following the theory of contextual integrity, it is more useful to examine how the introduction of such technologies would affect the normative standards of information flow for highway travel rather than trying to fit into the universal prescriptions of existing privacy theories. We must consider how the introduction of such a technology might disrupt the contextual integrity of personal information in the context of highway travel.

Potential Impact on Norms of Appropriateness

Existing norms of appropriateness in the context of highway travel anticipate the sharing of some generally-observable information: non-identifiable information about a vehicle’s occupants, the type of vehicle, observable information about where the vehicle is going, and the vehicle’s license number. The introduction of RFID or GPS technology into the context of highway travel might disrupt these norms of appropriateness for the sharing of personal information.

While existing use of license plates discloses of identifiable information (viewable in person or by cameras), the precision of the transmitted data with RFID or GPS technology eliminates the uncertainty of whether an observer visually read the license plate number correctly, or that the camera had the right lighter or angle to record the plate. The added precision and accuracy of a transmitted identification number enabled by RFID or GPS technology upsets the current norm of only appropriate visual information.

Further, the precision of information regarding a driver’s habits and current status also increases with the introduction of new vehicle technology, such as black-boxes. These devices store the telemetry of the vehicle. Such specific data includes vehicle speed, acceleration (longitudinal, lateral and vertical), heading, yaw-rate, brake position, throttle position and steering wheel angle. Today, without such technologies, observers can only visually estimate as to a vehicles speed or operational status. With the introduction of black-box technology, the range of precise information made available about a vehicle’s performance could potentially disrupt the existing norms of information appropriateness.

Potential Impact on Norms of Distribution

By overcoming some of the natural barriers to mass surveillance of highway traffic, VSC technologies might also disrupt the norms of flow of personal information. Vehicles equipped with RFID or GPS technologies have the potential to be constantly transmitting information about their identity and locaiton to anyone with the proper receiving equipment. Like with traffic cameras, humans no longer need to be positioned in a particular place to visually observe a vehicle – all that is needed is a well-placed receiver and information for all passing vehicles can be recorded. Even more, a series of well-placed receivers could collect information from the same vehicle over a span of miles. RFID & GPS technology has the potential to disrupt the natural barriers that previously limited the ability to track individual vehicles over space and time. Rather than a single piece of information being observed by a person or camera that just happens to be at the right place at the right time, new vehicle technologies might allow information to be gathered and consolidated on a large scale and across a large area.

RFID or GPS technology disrupts the norms of distribution further. While traffic cameras allow the archival and retrieval of video surveillance images, the digital nature of the information provided by VSC applications expands the ability to process, store and distribute vast amounts of personal information about individual vehicles. The processing of digital information can be done electronically, alleviating the need for a human to physically view hours of camera footage, and increasing exponentially the size and complexity of data analyses. Additionally, the digital nature of vehicle data enabled by VSC technology expands the ability and reduces the cost for distributing information to third parties, potentially including insurance companies, marketers, or other government agencies who might have interest in detailed diver data.

Conclusions & Open Issues

By approaching the introduction of new vehicle technologies through the lens of “contextual integrity,” we can see how the design of these systems might alter personal data flows in ways that threaten the value of privacy. When considering the ramifications of the design decisions for RFID, GPS or black-box vehcile technology, a wide range of potential issues and questions arise: What kind of identifiable information will be transmitted? Who has access to these data streams? Could transmissions be archived for later retrieval? Can a driver opt to turn off the system? Who owns this information? Will there be limits on its use? Will driving habits (such as speeding, performance on curves, adherence to traffic signals) be collected and made available to insurance companies? Will service providers be able to sell information on a vehicle’s common travel patterns to marketers? What level of access will law enforcement or other government agencies enjoy? What restraints will exist? Can auto manufacturers or dealers download personal information from the vehicle’s processing computer? The questions go on and on...

It becomes vital, then, for the designers of these new vehicle technologies to consider how the introduction of RFID or GPS technology might disrupt existing values of privacy of personal information in the context of highway travel. How the value of privacy is contextualized is a key factor in designing a technology in a value-sensitive way. Replacing flawed theories of privacy rooted in the "public/private" dichotomy, the theory of “contextual integrity” becomes a powerful tool for understanding how the norms of personal data flows might be disrupted by the introduction of new technology.

For a much more complete discussion of contextual integrity, please visit the PORTIA & NYU website which features Prof. Nissenbaum's original article and other work based on her theory.

Technorati tag: