Transcript Privacy
Privacy in computing
Material/text on the slides from
Chapter 10
Textbook: Pfleeger.
What is privacy?
• How would you define it?
• What do you think its aspects are?
– Three key aspects:
• Controlled disclosure.
• Sensitive data
• Affected subject.
Computer Related Privacy Problems
• Data collection: what issue do you see?
• No informed consent:
– Examples: real age.
• Loss of control: class discussion.
– Example: posting on a blog.
• What are the ramifications vs. writing a letter?
• Ownership of data.
Computer Related Privacy Problems
• Data collection: what issue do you see?
• No informed consent:
– Examples: real age.
• Loss of control: class discussion.
– Example: posting on a blog.
• What are the ramifications vs. writing a letter?
• Ownership of data.
Protections provided
• Privacy Policies;
– First step: fair information policies:
• Regulate these;
–
–
–
–
–
–
–
–
Collection of information.
Data quality.
Purpose specification (use of information)
Use limitation.
Security safeguards.
Openness.
Individual participation.
Accountability.
U.S privacy laws
– Are usually applied to individual data types:
– HIPAA
– Financial organizations: Gramm-Leach-Bliley Act
(GLBA)
– Important in Radford: Federal Educational Rights and
Privacy Act (FERPA).
• Somethings are not clear: example class
discussion.
U.S govt. websites.
• Privacy laws controlled by the FTC.
• Address 5 factors:
–
–
–
–
Notice (must be informed)
Choice
Access (contest accuracy of data collected)
Security. (data collectors must secure against
unauthorized use).
– Enforcement (sanctions on noncompliance)
• In 2002, the US e-government act.
What about commercial
websites?
• Federal trade comission can prosecute for
deceptive practices. (e.g., false advertising)
– E.g., JetBlue and the DOD.
Other issues with Privacy.
• Anonymity.
– Issues with anonymity.
• Multiple identities (online id)
How to protect against privacy
loss?
How to protect against privacy
loss?
• Get/give as little data as possible.
• Data anonymization.
• Audit trail: record who has accessed what
data.
• Security and controlled access
• Training, quality, Restricted usage, data left
in place.
• Policy.
Issues in Computer Security:
Data mining and privacy.
• Government data mining.
• Privacy preserving data mining:
– Data mining is “extracting hidden patterns from
large amounts of data”
– Solutions to preserve privacy:
• Remove id information. Doesn’t work.
– E.g., Sweeney’s report: > 87% US population can be
identified by: 5 digit zip code, gender and date of birth.
• Data perturbation. Example. Needs to be done
carefully.
Privacy on the web
• Think about this:
– On the web: every word you speak (blog) can
be read
– Someone selling something may have ads on
their site for something else.
– Identity of the other person may not be known!
• Some issues on the web are protected.
– Can you name them?
Privacy on the web
• Credit card payments are protected.
– But not necessarily private.
– Paypal etc.. May solve the privacy issues.
• Site and portal registrations:
– Beware of “we will enhance your browsing experience”
– Using email as id on some sites. Issues?
• Third party ads.
• Contests and offers: Free Iphones!
Privacy issues
• Cookies:
– Be-aware
• Third party cookies. E.g., Double Click and online profiling.
• Adware
• Web-bug.
• Spyware: keystroke loggers.
Email security
• Interception of email.
– Can be encrypted using PGP or S/MIME
– Email monitored legallly.
• Anonymous E-mail and remailers
– Sending anonymous emails.
• Spoofing and spamming.
Impact on Emerging technologies
• RFID tags
– RFID and privacy issues:
• Consumer products. How can this be exploited?
– RFID in individuals.
• Electronic voting
– Privacy issues.
• VoIP and Skype
– Privacy issues.