Santa Clara University

Traces of Ourselves: The Ethics and Politics of Databases

Questions to consider from a Science & Technology Studies perspective:

 

Privacy

 

• Does private, personal information have an “expiration date”? How long should any organization that holds data on others be allowed to keep it? Should there be a “statute of limitations” on the number of years an individual’s data is kept by others?
• Is the mere convenience of data gathering on individuals a good-enough reason to do it?
• Should government agencies be allowed to collect and use private information that goes beyond what public companies can do? Does the preservation and interests of the government (e.g., security) trump all other considerations?

 

Data Security

 

• Data in electronic form is not always secure—it can be stolen, lost, or “hacked” into. Beyond simple notification that their personal information may be compromised, should the parties responsible for the data be held accountable for any possible damages resulting to individuals (e.g., from identity theft)?
• Is database technology making our society more just, fair, humane, and economically efficient? Or does it make our society more unjust, less humane, and less economically equitable?
• Does society at large benefit from all the data gathered, or are only a few companies and organizations benefiting? Should individuals be allowed to “opt out” of the data collection system?

 

Data Policy

 

• Is it best to allow each country (or region, as in the case of the European Union) to set its own standards for data privacy, or should there be a single international standard?
• Should individuals have access to their personal information held by third-party entities (private companies, government agencies) and to correct errors?
• Are issues of privacy and security of databases better addressed through technology-based approaches (e.g., better firewalls, improved data encryption) or through social-based approaches (e.g., privacy policies, user education)? Do we have to choose among these options or should society actively pursue both strategies?

 

For additional information about the Center for Science, Technology, and Society please visit our website, http://www.scu.edu/sts

 

 

Unavoidable Ethical Questions About Databases

These questions follow the Markkula Center for Applied Ethics "Framework for Ethical Decision Making," available on line at www.scu.edu/ethics/practicing/decision/framework.html.

 

From a Utilitarian Perspective

 

Various proposals in Congress have sought to create a new kind of intellectual property protection for databases, which proponents believe will foster innovation in fields such as science by creating more financial incentives to collect such information.  Others argue that restricting access to databases will seriously impede scientific efficiency.  Which strategy will produce the greatest balance of benefits over harms?

 

From a Rights Perspective

 

One of the most frequently discussed ethical issue in regards to databases is the potential of data mining to intrude on the right to privacy.  (This issue is treated more fully on the back of this sheet.)  The storage of information in databases also raises issues of autonomy.  To what extent do we control our personal information?  If, for example, our genetic profile is stored in a database containing information gleaned from blood samples, should we have the right to say who has access to that information and for what purpose?

 

From a Fairness Perspective

 

Those who mine databases are often looking for propensities for certain behaviors; that is, they want to know who in a group might be most likely to buy a particular car or commit a particular crime.  In one case, police tracked electricity and water usage in a certain zip code to identify likely suspects in a meth lab crackdown.  But there is nothing inherently illegal about using a lot of water and electricity.  Is the use of such mining technology fair to all persons in the wide net it casts and in the significant risk of false positives?

 

From a Common Good Perspective

 

Databases and data mining open possibilities for tremendous advances.   Correlating health outcomes to genetic information might pinpoint the origin of many diseases, which would benefit the common good.  Tracking data related to financial transactions might identify the movement of money within terrorist organizations, improving our collective security.  How much of our individual autonomy should we give up to advance the common good?

 

From a Virtue Perspective

 

The collection of data demands prudence, with very strong safeguards for the security of what is collected.  Recent security breaches of databases at universities, banks, and businesses have exposed millions to identity theft. Is it enough to trust those who gather and store this information, or do these technologies oblige us to rethink what trust requires? More broadly, virtue ethics asks us to consider the question, What effect will the collection of huge quantities of information have on who were are and the kind of people we become? 

 

Data Mining and Privacy

 

While we all value our privacy, we accept abrogations of privacy rights under certain circumstances.  What principles could we use to determine when an infringement of privacy is warranted? The following general questions about privacy were developed by SCU Associate Professor of Philosophy William Parent.*  Here we apply them to the issue of data mining.

 

1. For what purpose is the…personal knowledge sought?

This is always the first step of ethical analysis:  Get the facts.

 

2. Is this purpose a legitimate and important one?

Many people might be willing to forgo some measure of privacy to ensure greater national security or better medical care, but not for more commercial purposes, such as giving retailers more information about their buying habits.  A purpose that protects the common good will probably garner more support than one that benefits just a few.

 

3. Is the knowledge sought through invasion of privacy relevant to its justifying purpose?

One of the problems with data mining is that it culls through enormous amounts of information, much of which is irrelevant to even so important a purpose as national security.  For example, if every e-mail to an address in an Arab country is monitored, many purely personal messages having no impact on security will be scanned.  Is there a sliding scale of significance within the types of information that can be collected in databases; for instance, is it more of an invasion to eavesdrop on a phone call, less to know what number was called, and still less simply to know that a call was placed?  With today’s technology, which allows small, anonymous pieces of data to be matched and compiled into an identity, do even “insignificant” infringements of privacy appear in a more sinister light?

 

4. Is invasion of privacy the only or the least offensive means of obtaining the knowledge?

Proponents argue that no technique is better at identifying suspicious patterns of communication than data mining.  Recently, for example, such monitoring pinpointed a drug smuggling operation at a Minnesota prison.  Others argue that data mining turns up so much information that it is often difficult for analysts to “see the forest for the trees” and that older methods of on-the-ground data collection work better.

 

5. What restrictions or procedural restraints have been placed on the privacy-invading techniques?

This has been one of the most contentious areas in the debate over data mining and national security.  What should be the role of the courts (FISA and others) in issuing warrants for data collection? Are there other regulations that might ensure that privacy violations occur only when absolutely necessary?

 

6. How will the personal knowledge be protected once it has been acquired?

Databases contain all manner of information, including, for example, genetic information on individuals.  Collected for one purpose, the same data may later be used for another.  Advances in our understanding may allow us to identify from existing databases who may develop particular diseases or even antisocial behaviors.   What protection should we afford this private information?  Is there a higher ethical test to pass when we keep information than when we simply collect it temporarily? 

 

 

*Parent, W.A. "Privacy, Morality, and the Law." Philosophy & Public Affairs 12, 4 (Fall 1983) p. 269