Chapter 12 Quiz: Privacy, Surveillance, and AI
Multiple Choice
1. Which of the following best describes how AI amplifies surveillance beyond traditional monitoring?
a) AI makes cameras more expensive but higher quality b) AI removes the bottleneck of human attention, enabling continuous automated analysis at scale c) AI replaces human security guards with robots d) AI only amplifies surveillance in authoritarian countries
2. What is "metadata"?
a) Data that has been deleted but can be recovered b) Data about data — such as who you communicated with, when, and from where — rather than the content of communications c) Data that is too large to store on a single server d) A special type of encrypted data used by intelligence agencies
3. According to the NIST study discussed in the chapter, facial recognition systems:
a) Work equally well across all demographic groups b) Have error rates 10 to 100 times higher for Black and East Asian faces compared to white faces in many algorithms c) Are less accurate for men than for women d) Are only inaccurate when used outdoors
4. The "panopticon effect" refers to:
a) A type of AI algorithm used in surveillance cameras b) The tendency for surveillance equipment to become cheaper over time c) The behavioral change that occurs when people believe they might be observed, even if they are not actually being watched d) A design pattern for building more efficient data centers
5. Which of the following is NOT a key principle of the EU's GDPR?
a) Right to erasure (right to be forgotten) b) Data minimization c) Mandatory government access to all citizen data d) Privacy by design
6. "Consent fatigue" in the context of digital privacy means:
a) Users are tired of being asked for passwords b) Users routinely accept privacy policies without reading them because of the overwhelming volume and complexity of consent requests c) Companies are tired of complying with privacy regulations d) AI systems become less accurate when they process too much consent data
7. Why do privacy advocates argue that biometric data (like faceprints) deserves special legal protection?
a) Biometric data is more expensive to collect than other data b) Biometric data is less accurate than other identification methods c) Unlike passwords or credit card numbers, biometric data cannot be changed if compromised d) Biometric data is only useful for government surveillance
8. The chapter's threshold concept is "In the age of AI, privacy is not about hiding — it's about power." This means:
a) Only powerful people deserve privacy b) Privacy is irrelevant in the modern world c) The real issue is the power asymmetry between those who collect and analyze data and those whose data is collected d) People should hide their data from AI systems
9. Data brokers are companies that:
a) Help consumers protect their privacy online b) Collect, package, and sell information about people, often without those people's knowledge or explicit consent c) Only operate in Europe under GDPR oversight d) Only collect data that people voluntarily submit through surveys
10. The chapter describes how surveillance falls unequally across populations. Which of the following best illustrates this point?
a) Everyone is equally surveilled because everyone has a smartphone b) Wealthy neighborhoods tend to have more sophisticated surveillance technology than low-income neighborhoods c) Communities of color, low-income individuals, and immigrants face disproportionate surveillance through policing systems, welfare monitoring, and border enforcement, while those who design these systems face relatively little surveillance d) Surveillance only affects people who use social media
Short Answer
11. Describe the difference between "digital exhaust" and data you explicitly share. Provide two examples of digital exhaust from your own daily life.
12. The chapter argues that individual privacy protection is "necessary but insufficient." Explain what this means in your own words, and describe why the chapter characterizes privacy as a "collective problem."
13. Explain one key difference between the EU's GDPR approach to privacy and the United States' approach. Why does this difference matter for people living in the U.S.?
Critical Thinking
14. A city government proposes installing AI-powered surveillance cameras throughout its downtown district, arguing that the system will reduce crime by 15%. Using concepts from this chapter, evaluate this proposal. Consider: What are the likely benefits? What are the likely costs? Who bears each? What questions would you want answered before supporting or opposing the proposal?
15. A hospital implements an AI system that analyzes patient data to predict which patients are at risk of not paying their medical bills. The system's designers argue that this helps the hospital allocate resources more efficiently. Using the privacy-as-power framework from this chapter, analyze the ethical implications of this system. How does it relate to the MedAssist AI example discussed in the chapter?
Answer Key
-
b — AI removes the bottleneck of human attention, enabling continuous automated analysis at scale. This is the core of the "surveillance upgrade" described in Section 12.1.
-
b — Metadata is data about data — information like communication patterns, timestamps, and locations rather than the actual content of messages. The Stanford study showed that metadata alone can reveal highly sensitive information.
-
b — The NIST study found error rates 10 to 100 times higher for Black and East Asian faces in many algorithms, with even larger disparities for women of color.
-
c — Named after Jeremy Bentham's prison design, the panopticon effect describes how the possibility of being observed changes behavior, leading to self-censorship and conformity.
-
c — Mandatory government access to citizen data is not a GDPR principle. The GDPR's principles include consent, purpose limitation, data minimization, right to access, right to erasure, data portability, and privacy by design.
-
b — Consent fatigue describes the overwhelming volume of privacy policies and consent requests that leads users to accept them without reading, undermining the meaningfulness of consent-based privacy frameworks.
-
c — Biometric data like faceprints is uniquely sensitive because, unlike passwords or credit card numbers, it cannot be changed if compromised. You cannot get a new face.
-
c — The threshold concept frames privacy as fundamentally about the power relationship between data collectors/analyzers and the people whose data is collected, rather than about whether individuals have something to hide.
-
b — Data brokers collect, package, and sell personal information, often compiled from app data, public records, purchase histories, and other sources, typically without the direct knowledge or explicit consent of the individuals profiled.
-
c — The chapter describes how surveillance falls disproportionately on communities of color (predictive policing, facial recognition), low-income individuals (welfare monitoring), and immigrants (border biometrics), while those who design these systems face relatively little surveillance themselves.
-
Sample answer: Digital exhaust is data generated as a byproduct of everyday activities, rather than data you intentionally share. Examples include: (1) your phone recording location data via GPS and cell tower connections as you move through your day, even when you are not using a maps app; (2) the timestamps, viewing duration, and scroll patterns generated when you browse social media, which reveal your interests even if you never post anything.
-
Sample answer: Individual privacy steps (reviewing permissions, using encrypted messaging, etc.) are necessary because they do reduce your data exposure. But they are insufficient because the surveillance infrastructure is structural — friends upload your photos, companies buy data from brokers, cameras in public spaces track your movements regardless of your personal settings. Privacy is a collective problem because your data is intertwined with others' actions and because meaningful change requires regulatory and policy solutions, not just individual behavior changes.
-
Sample answer: The EU's GDPR is a comprehensive framework that covers all personal data with consistent principles (consent, minimization, right to erasure, etc.). The U.S. takes a sector-specific approach with separate laws for health (HIPAA), education (FERPA), children (COPPA), and credit data, but no overarching federal privacy law. This matters for U.S. residents because vast categories of data — like fitness app health data, workplace monitoring data, or social media behavioral data — fall into regulatory gaps with minimal or no legal protection.
-
Sample answer should address: Benefits (potential crime reduction, faster emergency response); costs (chilling effect on public assembly and protest, privacy loss for everyone in the area, risk of discriminatory enforcement); who bears costs (disproportionate impact on communities already over-policed); questions to ask (accuracy rates across demographics, data retention policies, who has access, independent oversight, evidence that similar systems have actually reduced crime elsewhere vs. just displacing it, community consent process).
-
Sample answer should address: Power asymmetry (hospital gains information advantage over vulnerable patients); inference from medical data for non-medical purposes; the MedAssist AI parallel (medical data collected for diagnosis being repurposed); the risk that such a system could lead to discriminatory treatment of patients predicted to have difficulty paying; the difference between data collected with consent for healthcare purposes and its use for financial risk assessment without additional consent.