360 likes | 538 Views
Privacy Issues of the World Wide Web. Instructor: Joseph DiVerdi, Ph.D., M.B.A. Privacy Landscape. Privacy is Currently a Concern to Private Citizens Organizations Governments Privacy Means Different Things Personal Information Intellectual Property State Secrets
E N D
Privacy Issues of the World Wide Web Instructor: Joseph DiVerdi, Ph.D., M.B.A.
Privacy Landscape • Privacy is Currently a Concern to • Private Citizens • Organizations • Governments • Privacy Means Different Things • Personal Information • Intellectual Property • State Secrets • Many, If Not Most, Citizens are poorly or misinformed About Privacy Issues
Privacy Landscape • Privacy is Certainly to Be a Growing Concern • As Internet-Based Communications & eCommerce Increase in Usage & Popularity • Because of the Vast Amount of Data That Can be Collected Using the Internet • Because of its Ubiquity • Private Citizens World-Wide Have Expressed Concerns Over Their Right to Privacy • However, Many Do Not Understand the TrueRisks or How to Defend Against Them
Privacy Landscape • A shopper • Browsing through various stores • In a physical shopping mall • Stopping to glance at a specific item • In a specific store • Does not have to worry that his or her every move is recorded
Privacy Landscape • Current Web-site & eCommerce Technology • Makes it Technologically Feasible • For Data to be Recorded About Every Item • Clicked-on by a Visitor • Browsing Through • An Electronic Shopping Mall or • Visiting a Web Site
Privacy Landscape • Designers & operators of web sites who disregard the privacy of their users do so at their own peril • Users of web services who are not concerned with privacy may soon find they have none • Users who feel that their privacy has been violated may avoid certain sites and may even avoid the Web
Relevance to Webmaster • Consider: • You are the Webmaster of a commercial site which generated gross annual revenues of $2 million until customers concluded that the site provided insufficient privacy of their personal information • You are a web development consultant who has responsibility for a $200,000 contract to develop a site (any site) which has received numerous privacy violation complaints
Legislator Weighs In • “Privacy is a basic American value, in the Information Age and in every age. It must be protected. We need an electronic bill of rights for this electronic age.”
Legislator Weighs In • “Privacy is a basic American value, in the Information Age and in every age. It must be protected. We need an electronic bill of rights for this electronic age.” • Vice-President Albert Gore, July 1998
Web Privacy in Brief • Web Security is a complex topic, encompassing: • Log files • Cookies • Personally Identifiable Information • Anonymizers • Unanticipated Disclosure • Data Encryption • Key Escrow (Agencies) • Key Recovery (Agencies)
Federal Trade Commission • 1998 Report to Congress • Articulated Core Principles of privacy protection for Adults widely accepted in the USA, Canada, and Europe: • Notice • Choice • Access • Integrity & Security • Enforcement
Core Principles • Notice • Users should be made aware of an entity’s information practices before any personal information is gathered • Choice • Users should be given the opportunity to consent or deny any secondary uses of information • Other than the processing of the immediate transaction • Including mailing notices or data transfer to third parties
Core Principles (con’t) • Access • Users should be able to access their personal data and review it without significant delays and should also be able to easily correct inaccurate personal information in a timely manner • Integrity & Security • The data regarding users’ personal information should be processed in a fashion so that the data is accurate and that data needs to be kept confidential as it is transmitted, processed, & stored by the entity
Core Principles (con’t) • Enforcement • Users should have recourse if any of the above core principles are violated
Personal Information • E-mail address • Postal address • Telephone number • Social Security Number • Date of Birth or Age • Gender • Education • Interests • Hobbies
EU Directive of Oct 1998 • Personal data on the Internet shall be: • Processed Fairly & Lawfully • Collected & Processed for Specified, Explicit, Legitimate Purposes • Accurate & Current • Kept No Longer Than Deemed Necessary to Fulfillthe Stated Purpose
EU Directive of Oct 1998 • Users have the following rights: • Access to Personal Information • Correction, Erasure, & Blocking of Information • Objection to Usage • Able to Oppose Automated Individual Decisions • Access to JudicialRemedy & Compensation
EU Directive of Oct 1998 • This Directive Affects Many US Companies • All of Which Transact Business in the EU • Gives EU Member Countries a Global Reach With an Attached Liability for Non-Compliance • Requires Non-EU Companies Compliance to Conduct eCommerce in Europe
Log Files • Every time a Web browser views a site’s page, a record is kept in that site’s server’s log files • Log files are under the control of the person or organization that controls the Web server • Webmaster? • Log files are subject to subpoena
Log Files (con’t) • Each time a page is requested or CGI script run from a web server, the server records the following information in its log files: • Hostname or IP address of requesting computer • Time of day of the request • Requested URL • Time to transfer requested file • User name if HTTP authentication is used • Any errors which occurred • Requesting web browser identifier and OS • Previous web page accessed, i.e., referring link
Access Log File Contents dnvr-dsl-gw8-c212.dnvr.uswest.net - - [20/Jul/2000:00:59:20 -0600] "GET /magnetometer/ HTTP/1.0" 200 228 dnvr-dsl-gw8-c212.dnvr.uswest.net - - [20/Jul/2000:00:59:21 -0600] "GET /magnetometer/cgi/lister.pl HTTP/1.0" 200 5970 dnvr-dsl-gw8-c212.dnvr.uswest.net - - [20/Jul/2000:00:59:22 -0600] "GET /magnetometer/gif/MacPerl.gif HTTP/1.0" 200 2002 dnvr-dsl-gw8-c212.dnvr.uswest.net - - [20/Jul/2000:00:59:22 -0600] "GET /magnetometer/gif/top.gif HTTP/1.0" 200 3178 freedu-7-118.libertysurf.se - - [20/Jul/2000:04:04:14 -0600] "GET / HTTP/1.1" 200 2211 freedu-7-118.libertysurf.se - - [20/Jul/2000:04:04:15 -0600] "GET /jpeg/banner.jpeg HTTP/1.1" 200 14268 freedu-7-118.libertysurf.se - - [20/Jul/2000:04:04:45 -0600] "GET /magnetometer/cgi/lister.pl HTTP/1.1" 200 5989 freedu-7-118.libertysurf.se - - [20/Jul/2000:04:04:46 -0600] "GET /magnetometer/gif/MacPerl.gif HTTP/1.1" 200 2002 freedu-7-118.libertysurf.se - - [20/Jul/2000:04:04:46 -0600] "GET /magnetometer/gif/top.gif HTTP/1.1" 200 3178 freedu-7-118.libertysurf.se - - [20/Jul/2000:04:04:48 -0600] "GET /magnetometer/gif/sm_perl_id_313_wt.gif HTTP/1.1" 200 2524 otc18.otc.colostate.edu - - [20/Jul/2000:09:28:10 -0600] "GET / HTTP/1.0" 200 2211 otc18.otc.colostate.edu - - [20/Jul/2000:09:28:10 -0600] "GET /jpeg/banner.jpeg HTTP/1.0" 200 14268 otc18.otc.colostate.edu - - [20/Jul/2000:09:28:17 -0600] "GET /classes/index.html HTTP/1.0" 200 2017 otc18.otc.colostate.edu - - [20/Jul/2000:09:28:17 -0600] "GET /magnetometer/gif/sm_perl_id_313_wt.gif HTTP/1.0" 200 2524 otc18.otc.colostate.edu - - [20/Jul/2000:09:28:19 -0600] "GET /classes/DCE0791/index.html HTTP/1.0" 200 2810 otc18.otc.colostate.edu - - [20/Jul/2000:09:28:22 -0600] "GET /classes/DCE0791/materials.html HTTP/1.0" 200 3903 otc18.otc.colostate.edu - - [20/Jul/2000:09:28:39 -0600] "GET /classes/DCE0791/materials/imaging_class.ppt HTTP/1.0" 206 1
Referring Link • When a URL is requested several pieces of information are supplied to the server with the request including the current URL, either • The currently viewed page • The word “bookmark” • Nothing, if the URL was typed into the “location” • The HTTP specification declares that the sending of this information should be an option under the user’s control but no Web browser has implemented this control
Referring Link Uses • To gauge the efficacy of companies’ advertisements paid for on certain web sites • Click on an ad and the current URL is supplied to the ad’s server - cha-ching! • To measure how customers move through a site • By search engines to determine viewers’ predilections • Strong correlation exists between interests and viewed URLs
Referring Link Problems • Its presence represents a revelation of personal information • The URL that the user previously viewed • Cryptographic protocols, e.g., SSL, are often used to embed personal information in URLs but the subsequent request may result in the passing of that information to another site and without encryption
(Infamous) Cookies • Introduced by Netscape in Navigator v2.0 • Original purpose was to enable a server to track a browser through multiple HTTP requests • Necessary for applications, e.g., shopping cart • Allows storage of a user’s preferences in cookie • Intended to improve privacy • Removed the requirement for the server to request and store personal information in a central data bank
Cookie Issues • Rule of unintended consequences • Initial implementation allowed any site to request all cookies from a browser thereby revealing (lots of) personal information • Quick change to browser to permit delivery of cookies to a particular server (identified by domain) that were issued by that server
More Cookie Issues • Web developers (webmasters?) soon realized that cookies could be “attached” to files other than HTML, e.g., GIF. Combining this capability with the delivery of banner images from advertising companies allowed those advertisers continued access to detailed tracking information • Advertisers claim that such tracking permits interested-targeted delivery and reduction of repetitious display • There is an opportunity for abuse
Cookie File Structure Domain Expire Path Secure Expiration Vendor Specific Fields hotwired.lycos.com FALSE /webmonkey/99/09 FALSE 970380000 Lycos_Webographics Sampled www.macfixit.com FALSE /cgi-bin/ultimate FALSE 968113043 lastLogin 2451426.2017 www.macfixit.com FALSE /cgi-bin/ultimate FALSE 968113043 LastLoginDT 09-04-1999%2008%3A17%20PM www.admission.com FALSE /html FALSE 972187149 admission EN%26US .netscape.com TRUE / FALSE 1293840002 UIDC 199.45.180.157:0912144896:401606 .adobe.com TRUE / FALSE 1924905604 AWID 199.45.180.157:10771:912192070:677 www.direct-jobs.com FALSE / FALSE 2137622378 CFTOKEN 11642676 www.direct-jobs.com FALSE / FALSE 2137622379 CFID 122728 www.damark.com FALSE / FALSE 2145830703 ST_USER 0913838850898991 .imgis.com TRUE / FALSE 1074483659 JEB2 8F799D77DAA0A516CEA8F4B23004E025 .zdnet.com TRUE / FALSE 1041310803 cgversion 4 .zdnet.com TRUE / FALSE 1041310806 browser CEA8F4B2383B0D81 .yahoo.com TRUE / FALSE 1271361603 B 8vl686iata7fn .ngadcenter.net TRUE / FALSE 2145801606 NGID 2061691f-20905-917899077-5
Controlling Cookie Use • It is possible for users to control the actual use of cookies in a browser • Open Navigator or Communicator • Go to Edit->Preferences->Advanced
Anonymizers • A server designed to act as a certain type of proxy • Browser sends requested URL to anonymizer with anonymizer’s URL • Anonymizer processes request and makes request to requested URL using its own address information • Information from destination site is returned to anonymizer • Anonymizer passes information back to original browser
Anonymizers (con’t) • Vary in sophistication and capabilities • Some can’t handle forms • Many have problems with active content • Hinder personalization • Fairly simple to implement • Reasons for use: • Personal Values - “…should be able to surf anonymously…” • Advertising on the anonymizer • Monitor use and users of anonymizer - fraudulent and/or oxymoronic
Moral High Ground • Simple but workable policy: • Do not require users to register in order to use site • Allow users to register using their email address if they wish to receive information • Do not share a user’s email address with any other entity without that user’s explicit permission or as lawfully required • Whenever an email message is sent to a user, explain how the address was obtained, and how it can be removed from the mailing list
Moral High Ground (con’t) • Do not make log files publicly accessible • Delete log files when no longer needed • If log files must be retained online for extended periods of time, remove personally identifiable information • Encrypt log files if possible • Do not distribute personal information about users • Discipline or terminate employees who violate privacy policy
Moral High Ground (con’t) • State site’s Privacy Policy on home page • Allow site to be audited by impartial external professionals if questions regarding policies arise
Quick Survey • Change your browser’s preferences to require warning when a cookie is requested • Take a look right now at some sites (fewer than one dozen) using a browser to determine whether they state the site’s privacy policy • Make some notes for discussion • When you are done restore the previous cookie preferences