Transcript Privacy

Computing, Professional and
Society Ethics
th
Text Book: A Gift of ISFire
431, 4 Edition, by Sara Baase
Text Book: A Gift of Fire by Sara Baase, 4th edition
Chapter 2: Privacy
Dr. Rashiq R. Marie
CIS Dept.@Taibah University
1436 H/1437H
‫اخلصوصيه يف القران والس نه‬
‫• يف القران الكرمي قال هللا ‪-‬عز وجل‪:‬‬
‫– { اي أهيا اذلين أمنوا ال تدخلوا بيوات غري بيوتمك حىت تس تأنسوا وتسلموا عىل أهلها ذلمك خري لمك‬
‫لعلمك تذكرون } (سورة النور ‪)27 :‬‬
‫– {وال جتسسوا وال يغتب بعضمك بعضا}سورة احلجرات‪.‬‬
‫• يف الس نه النبويه ‪:‬‬
‫– عن اب هريره ريض هللا عنه عن النيب صىل هللا عليه وسمل ان قال ‪(( :‬من اطلع يف ِ‬
‫بيت قوم بغري اذهنم فقد ح َّل‬
‫هلم أن يفقأوا عينه‪ ،‬فان فقأوا عينه فال دية هل وال قصاص))رواه النسايئ وحصحه اللباين‪ ،‬ورواه مسمل خمترصا‬
‫– وقال أيض ًا صىل هللا عليه وسمل‪(( :‬من َّتسمع حديث قوم ومه هل اكرهون‪ ،‬صب يف ُأذنيه‬
‫النك))رواه أمحد‪.‬‬
‫‪2‬‬
What is privacy?
 The word 'privacy' means different things to
different people. Your idea of privacy is likely
to be different from the ideas of your family
and friends.
 Privacy refers to personally identifiable
information about an individual or an
organization
 Your personal information includes: your name,
address and Social Security number. Also includes
your shopping habits, driving record, medical
diagnoses, work history, credit score and much
more.
48
Key Aspects of Privacy:
 Freedom from intrusion (being left alone)
 Control of information about oneself
 Freedom from surveillance (from being
tracked, followed, watched)
Privacy Risks and Principles
 Computer technologies have profoundly
changed what people can know about us
and how they can use that information
 databases, digital cameras, the Web,
smartphones, and global positioning system
(GPS) devices, among.
 Understanding the risks and problems is a
first step toward protecting privacy
Privacy Risks and Principles
Privacy threats come in several categories:
 Intentional, institutional uses of personal
information
 Unauthorized use or release by “insiders”
 Theft of information
 Inadvertent leakage of information
 Our own actions: we give up some privacy in
order to receive some benefit and we are
unaware of the risks
49
Privacy Risks and Principles
New Technology= New Risks:
 Government and private databases
 Sophisticated tools for surveillance and
data analysis
 Tiny cameras are in millions of cellphons,
The wireless appliances
 we carry contain GPS and other location
devices
 Vulnerability of data
50-51
Privacy Risks and Principles
New Technology=New Risks
Examples:
Search query data
 Search engines collect many terabytes(trillion
bytes) of data daily.
 Data is analyzed to target advertising and
develop new services.
 Who gets to see this data? Why should we
care?
51-52
Privacy Risks and Principles
Smartphones
 Location apps
 Various apps copy the user’s contact list to remote
servers.
 Data sometimes stored and sent without
user’s knowledge
 Data in phones are vulnerable to loss, hacking, and
misuse
53-54
Privacy Risks and Principles
New Technology=New Risks
Summary of Risks:
 Anything we do in cyberspace is recorded.
 Huge amounts of data are stored.
 People are not aware of collection of data.
 Software is complex.
 Leaks happen.
55
Privacy Risks and Principles
Summary of Risks (cont.):
 A collection of small items can provide a detailed
picture.
 Re-identification has become much easier due to
the quantity of information and power of data
search and analysis tools.
 If information is on a public Web site(e.g. enewspaper, forums, social network), it is
available to everyone.
55-56
Privacy Risks and Principles
Summary of Risks (cont.):
 Information on the Internet seems to last
forever.
 Data collected for one purpose will find
other uses.
 Government can request sensitive personal
data held by businesses or organizations.
 We cannot directly protect information
about ourselves. We depend upon
businesses and organizations to protect it.
56
Privacy Risks and Principles
Terminology:
 Cyberspace-the notional environment in which
communication over computer networks occurs
 Personal information – any information
relating to an individual person.
 Informed consent– users being aware of what
information is collected and how it is used.
 Invisible information gathering - collection of
personal information about a user without the
user’s knowledge.
56-58
Privacy Risks and Principles
Terminology:
 Cookies – text Files a Web site stores on a
visitor’s computer.
 Within the cookie, the site stores and then uses
information about the visitor’s activity. Cookies
help companies provide personalized customer
service and target advertising to the interests of
each visitor.
 Secondary use – Use of personal information
for a purpose other than the purpose for
which it was provided.
 Data mining – Searching and analyzing
masses of data to find patterns and develop
new information or knowledge.
58
Privacy Risks and Principles
Terminology:
 Computer matching – Combining and
comparing information from different
databases (using social security number,
for example) to match records.
 Computer profiling – Analyzing data to
determine characteristics of people most
likely to engage in a certain behavior.
58
Privacy Risks and Principles
Two common forms for providing informed
consent are opt out and opt in:
 opt out – Person must request (usually by
checking a box) that an organization not use
information.
 opt in – The collector of the information may
use information only if person explicitly
permits use (usually by checking a box).
 Under an opt out policy, more people are likely
to be “in”.
 Under an opt in policy, more people are likely
to be “out”.
59
Privacy Risks and Principles
 The opt-in method of gathering data on
those visitors that sign up is when the
visitor actively has to chose to receive
more information. The default option is
not to get any more correspondence from
your business
opt-in & opt-out method
Privacy Risks and Principles
Discussion Questions
 Have you seen opt-in and opt-out choices?
Where? How were they worded?
 Were any of them deceptive?
 What are some common elements of
privacy policies you have read?
59
Privacy Risks and Principles
Fair information principles
1. Inform people when you collect information.
2. Collect only the data needed.
3. Offer a way for people to opt out.
4. Keep data only as long as needed.
5. Maintain accuracy of data.
6. Protect security of data.
7. Develop policies for responding to law
enforcement requests for data.
60
Video Surveillance and Face Recognition
 Security cameras
 Increased security
 Some cities have increased their camera surveillance
programs, while others gave up their systems because
they did not significantly reduce crime.
 Decreased privacy
 England was the first country to set up a large number
(millions) of cameras in public places to deter crime. A
study by a British university found a number of abuses
by operators of surveillance cameras including
collecting salacious footage and showing it to
colleagues
68-70
Video Surveillance and Face Recognition
Discussion questions:
 Should organizers at events which are
possible terrorist targets use such
systems?
 Should we allow them to screen for people
with unpaid parking tickets?
70
Marketing and Personalization
 Data mining
 For businesses, data mining is used to discover patterns and
relationships in the data in order to help make better business
decisions
 Targeted ads (Targeted Advertising ):is a type of advertising
designed to reach certain consumers
 There are two main categories of targeted advertising:
 Demographic-based advertising : is designed to reach a certain
category of consumers based on shared traits, such as age or
gender
 Content-based advertising: is generally more tightly directed at
consumers with specific interests, e.g AdWords google
 Do people understand that if they see ads targeted to
their interests, someone somewhere is storing
information about them?
70-74
Marketing and Personalization
 Informed consent
 How clear, obvious, and specific must an
information-use policy be?
 “Do Not Track” button in browsers
 How often should a site that runs (or allows
third parties to run) tracking software remind
users?
73-74
Marketing and Personalization
 Paying for consumer information
 Some businesses offer discounts to shoppers
who use cards that enable tracking of their
purchases
75
Social Networks
 What is a Social Network?
 It is a social structure made of nodes that are generally
individuals or organizations. A social network
represents relationships and flows between people,
groups, organizations…
 Examples: Facebook, Myspace, Twitter, Instagram, LinkedIn,
Meetup, Tagged, MeetMe, Ask.fm
 Facebook : 900,000,000 - Estimated Unique Monthly Visitors
75-77
Social Networks
 What we do : we post opinions, gossip
and pictures,
 our posts might cause trouble if parents,
potential employers, law enforcement agents, or
various others see it.
 status “away from home” for our friends
 This one detail about location (“away from
home”) was important to protect from potential
thieves.
 What they do
 New services with unexpected privacy
settings
Our Social and Personal Activity
Discussion Questions
 Is there information that you have posted
to the Web that you later removed? Why
did you remove it? Were there
consequences to posting the information?
 Have you seen information that others
have posted about themselves that you
would not reveal about yourself?
75-77
Location Tracking: GPS &RFID tools
Pros and Cons
 Global Positioning Systems (GPS) – computer or
communication services that know exactly where a
person is at a particular time
 Cell phones and other devices(RFID Tags) are used for
location tracking
 RFID (Radio Frequency Identification) chips are small
devices that contain an electronic chip and an
antenna. The chip stores identification data (and
possibly other data) and controls operation of the chip.
The antenna transmits and receives radio signals for
communicating with devices that read the chip.
79-82
Location Tracking: GPS &RFID tools
 Cell phone services enable parents to
check a child’s location from the parent’s
mobile device.
 Devices installed in a car tell parents
where their teens are and how fast they
are driving
 Tracking and Identification Pilgrims Using
RFID Technology
81-82
The Future and RFID
 Digital luggage tags promise no more lost
bags; track your bag on your smartphone
 Track your kids
A Right to Be Forgotten
 People sometimes make ugly and foolish comment
and they want to remove it
 They want to remove information about themselves
from the Internet or personal data posted by others.
 The right to have material removed, as a legal or
ethical right, has come to be called the “right to be
forgotten”
 As of 21 August 2014, Google has received over 30
million deletion requests, mostly due to copyright
violations
 The right to have material removed.
 negative right
 positive right(Fair Right)
82-83
National ID Systems
 Social Security Crads (SSN)
 Too widely used, began in U.S. with the Social
Security card in 1936.
 Easy to falsify
 Various new proposals would require
citizenship, employment, health, tax,
financial, or other data, as well as biometric
information such as fingerprints .
 In many proposals, the cards would also
access a variety of databases for additional
information.
91-95
National ID Systems: National IDintification Card
 A new national ID system - Pros
 would require the card
 harder to forge
 have to carry only one card
 A new national ID system - Cons
 Threat to freedom and privacy
 Increased potential for abuse
91-95
A Privacy Policy
 Is a statement or a legal document that discloses
some or all of the ways a party gathers, uses,
discloses, and manages a customer or client's data
 The exact contents of a privacy policy will depend
upon the applicable law and may need to address
requirements across geographical boundaries and
legal jurisdictions
 Most countries have their own legislation and
guidelines of who is covered, what information can
be collected, and what it can be used for
Taibah University Privacy Policy
 Taibah university Portal (www.taibahu.edu.sa) shall not collect
personal information about you when accessing the portal unless
you choose specifically and willingly to provide such information to
us. If you do that, we shall use such details only to process your
application for obtaining information and/or services from Taibah
university.
 By using this portal you approve and accept these terms and
conditions for privacy. In addition, Taibah university might share
your personal information with other Saudi governmental entities in
order to process the applications and/or requests.
 Sharing information with other Saudi governmental entities will not
include taking your personal approval, which means accepting this
privacy statement and using the portal will be considered as
approval for sharing information with other Saudi governmental
entities.
Taibah University Privacy Policy
• Taibah university shall reserve the right to make any minor or
major changes of privacy policy terms and conditions from time
to time without any prior notice. If you continue to use our
portal after making such changes to this privacy policy, this
means that you accept these changes.
• Taibah university may take the appropriate measures to protect
the portal against any loss, abuse or change of information
available on the portal on the condition that Taibah university
shall not guarantee maintaining confidentiality of the portal
contents.
• Only the applicable laws of the Kingdom of Saudi Arabia shall be
implemented in connection to any disputes arising from using
this portal. In addition, courts of the Kingdom of Saudi Arabia
shall have the exclusive jurisdiction to consider and settle such
disputes.
38
Protecting privacy
 The businesses, organizations, and government
agencies that collect and store personal data
have an ethical responsibility (and in many cases
a legal one) to protect it from misuse.
 They must continually update security policies to
cover new technologies and new potential
threats
Protecting privacy
 What are the technologies to protect the
consumers privacy ?
 Encryption : is a technology, often implemented in
software, that transforms data (plain-data) into a
form that is meaningless(cipher-data) to anyone
who might intercept or view it.
 The data could be email, business plans, credit
card numbers, images, medical records, cellphone
location history, and so on.
 Software at the recipient’s site (or on one’s own
computer) decrypt cipher- data so that the
recipient or owner can view the original data
95-100
Protecting Privacy
 Encryption considered as the most important
technical method for ensuring the privacy of
messages and data sent through computer
networks.
 Modern encryption technology is used to create
digital signatures, authentication methods.
 Digital signature technology allows us to “sign”
documents online, saving time and paper for loan
applications, business contracts,
Digital Signature Scenario
Steps to Enhance Computer Privacy
 Use antivirus software
 Antivirus software identifies infected e-mail
attachments and other virus carriers before
they have a chance to damage your computer
 Regularly update antivirus software
 Create strong passwords
 Avoid using personal information, login
names, or adjacent keyboard symbols.
Instead, combine numbers ,letters and
symbols with at least eight characters
Steps to Enhance Computer Privacy
 Install a personal firewall
 This software blocks hackers who attempt to
locate your computer or access your files
 Be wary of unsolicited e-mail (spam).
 Always confirm the identity of the e-mail's
author before opening attachments.
 Never send sensitive personal information to
anyone using e-mail
QUESTIONS?
 Q1:How to enhance your PRIVACY on your
Gmail account ?
 Q2: How to enhance the PRIVACY of your
Facebook profile ?
 Q3:Go to Taibah University Web Site, read
and write the privacy policy of using the
site?
 Q4: Read and write the PRIVACY POLICY of
any Saudi Bank ( summarize it as points)