1 / 0

Privacy and Security Shh … be very very quiet

INFO100 and CSE100. Fluency with Information Technology. Privacy and Security Shh … be very very quiet. Katherine Deibel. Information Society. We live in an information society Easy to collect, store, search, and manipulate data on record scales Every action we do generates information

brosh
Download Presentation

Privacy and Security Shh … be very very quiet

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. INFO100 and CSE100 Fluency with Information Technology

    Privacy and SecurityShh… be very very quiet

    Katherine Deibel Katherine Deibel, Fluency in Information Technology
  2. Information Society We live in an information society Easy to collect, store, search, and manipulate data on record scales Every action we do generates information Using a library Purchasing from a store Flying on a plane Katherine Deibel, Fluency in Information Technology
  3. The BIG QUESTIONS Who owns the information? What can you/they do with it? How do you manage and protect your information? Katherine Deibel, Fluency in Information Technology
  4. The Bookstore Example You buy a book: Cooking with Red Meat, Cheese, Lard & Beer The store has a record of the purchase How they may use it: Ignore it Recommend books to you Target advertising Give this information to others (your health insurance company) Katherine Deibel, Fluency in Information Technology
  5. Implications What if the book was a gift? Recommendations become poorer Advertising will reach the wrong market Interpretation of the book's meaning Do I want to eat fatty foods? Am I studying high fat-cuisines? Katherine Deibel, Fluency in Information Technology
  6. One scenario…. Pizza Palacehttp://aclu.org/pizza/images/screen.swf Katherine Deibel, Fluency in Information Technology
  7. Ask yourself… Did that video bother you? Is it a realistic future? If yes, do you want that future? If no, how much do you think could become a reality and do you want it? Most importantly, what do we mean when say we want some information to remain private? Katherine Deibel, Fluency in Information Technology
  8. Portable Cameras of 1890s Cheaper cameras Faster film speeds Less sitting time Katherine Deibel, Fluency in Information Technology
  9. What Is Privacy? S. D. Warren & L. D. Brandeis (1890). The Right to Privacy. Harvard Law Review, 4(5), pp. 193-220. "The common law secures to each individual the right of determining, ordinarily, to what extent his thoughts, sentiments and emotions shall be communicated to others. Under our system of government he can never be compelled to express them (except upon the witness stand); and even if he has chosen to give them expression, he generally retains the power to fix the limits of the publicity that shall be given them." Katherine Deibel, Fluency in Information Technology
  10. What Is Privacy? S. D. Warren & L. D. Brandeis (1890). The Right to Privacy. Harvard Law Review, 4(5), pp. 193-220. " The narrower doctrine [of privacy] may have satisfied the demands of society at a time when the abuse to be guarded against could barely have arisen without violating a contract or a special confidence; but modern devices afford abundant opportunities for the perpetration of wrongs without the participation of the injured party." Katherine Deibel, Fluency in Information Technology
  11. Implications Warren & Brandeis's argument is a critical observation about society and new technologies: The adoption of new technologies affects the interactions of people in society and therefore necessitates reviewing laws and rights in regards to the new technologies. Katherine Deibel, Fluency in Information Technology
  12. Eyeglasses and Nerds A historical diversion Katherine Deibel, Fluency in Information Technology
  13. History of Eyeglasses China, ≈1 CE: As eye protection Italy, 1260s: For farsightedness Europe, 1500s: For nearsightedness Britain, 1725: Modern frame invented U.S.A, 1780s: Bifocals invented Britain, 1825: For astigmatisms Katherine Deibel, Fluency in Information Technology
  14. Historical Eyeglasses “Glasses are very disfiguring to women and girls.” From a 1901 optician journal Glasses not for public use Used only for brief moments Led to quick use optics monocle lady’s lorgnette pince-nez scissor glasses Katherine Deibel, Fluency in Information Technology
  15. Except… Thus… the association of glasses with intellectual pursuits!!! Scholars and academics The clergy The Spanish Katherine Deibel, Fluency in Information Technology
  16. Spain? Glasses were popular Higher classes wore larger lenses Portrait of a Cardinal, Probably Cardinal Don Fernando Niño de Guevara (1541–1609) by El Greco Katherine Deibel, Fluency in Information Technology
  17. Think about it… Katherine Deibel, Fluency in Information Technology
  18. Point of Historical Sidetrack Technology usage shapes people’s perceptions of the users Culture and society shapes how, when, and if a technology is used Katherine Deibel, Fluency in Information Technology
  19. Defining Privacy I want to tell you but… Katherine Deibel, Fluency in Information Technology
  20. A Definition What does “privacy” mean in the modern world? The right of people to choose freely under what circumstances and to what extent they will reveal themselves, their attitude, and their behavior to others Privacy is a right You control when & how much is revealed Point of this lecture: You can and should have a lot of privacy by using this control Katherine Deibel, Fluency in Information Technology
  21. Using Collected Information The collector can’t use after business purpose over The collector can use it, if you approve (OPT-IN) The collector can use it, unless you object (OPT-OUT) The collector can use information no matter what Katherine Deibel, Fluency in Information Technology
  22. Fair Information Practices Organization for Economic Cooperation and Development (OECD) defined the “gold standard” for fair information practices Principles Limited Collection Quality Purpose Use Limitation Security Openness Participation Accountability Katherine Deibel, Fluency in Information Technology
  23. Limited Collection Principle There should be limits to the personal data collected about anyone Collect data by fair and lawful means; Collect data with the knowledge and consent of the person whenever appropriate and possible Katherine Deibel, Fluency in Information Technology
  24. Quality Principle Personal data gathered should be Relevant to the purposes for which it is used Should be accurate, complete, and up-to-date Katherine Deibel, Fluency in Information Technology
  25. Purpose Principle The purposes for collecting personal data should be stated at the time it is collected The uses should be limited to only those purposes Katherine Deibel, Fluency in Information Technology
  26. Use Limitation Principle Personal data should not be disclosed or used for purposes other than stated in the Purpose Principle Exceptions: With the consent of the individual By the authority of law Katherine Deibel, Fluency in Information Technology
  27. Security Principle Personal data should be protected by reasonable security measures against Risks of disclosure Unauthorized access Misuse Modification Destruction Loss Katherine Deibel, Fluency in Information Technology
  28. Openness Principle There should be a general openness of the policies and practices about personal data collection Should be possible to know of its existence, kind, and purpose of use, Should be able to identity and contact information for the data controller Katherine Deibel, Fluency in Information Technology
  29. Participation Principle An individual should be able to Determine whether the data controller has information about him or her, Discover what it is in an understandable form, in a timely manner, and at a reasonable charge Request data to erased, completed, or changed If any of the inquiries above are denied, the individual should be able to Learn about the reasons for the denial Challenge the denial if so desired Katherine Deibel, Fluency in Information Technology
  30. Accountability Principle The data controller should be accountable for complying with these principles Policies, legislation, and laws to back up the need to be held accountable Katherine Deibel, Fluency in Information Technology
  31. Europe vs America EU, much of non-EU Europe, NZ, Hong Kong, Australia, and Canada use OECD Both government and private purposes U.S. privacy law does not use the OECD U.S. privacy law for government information is generally strong U.S. privacy law for business is “sectoral”, meaning it is limited to sectors and specific business practices Katherine Deibel, Fluency in Information Technology
  32. U.S. Businesses and Privacy Very few industries/practices have explicit privacy rules Almost anything goes Opting-out is the general approach Recent federal law for medical data HIPPA: Health Insurance Portability and Accountability Act of 1996 PSQIA: The Patient Safety and Quality Improvement Act of 2005 Katherine Deibel, Fluency in Information Technology
  33. Think About It EU law says, “Info on EU citizens must comply with OECD on leaving EU” U.S. privacy is so bad, EU information cannot come here U.S.-EU are in constant negotiations Katherine Deibel, Fluency in Information Technology
  34. Some Info is Protected Family Educational Rights & Privacy Act As a general rule the University will not release a student’s educational records to a third party without written consent of the student. This includes tuition account information. Even includes practices of returning homework and reporting grades Katherine Deibel, Fluency in Information Technology
  35. Some Info is Protected UW Libraries Privacy Policy The University of Washington Libraries values the privacy of library users. The Libraries seeks to minimize the collection and retention of personally identifiable information. When information is not kept, it cannot be abused. Katherine Deibel, Fluency in Information Technology
  36. Digital Privacy Most reputable online business post privacy statements on their sites Should be understandable to you Say what info they collect, Say what they will do with it How to "opt-out" or "opt-in" Katherine Deibel, Fluency in Information Technology
  37. Digital Privacy Unfortunately, there is Little if any government policing Lack of resources for filing complaints Few penalties for violations Katherine Deibel, Fluency in Information Technology
  38. Independent Auditors Private firms organizations monitor and report privacy violations TRU.S.Te Better Business Bureau Social networking and public opinion can force companies to comply Katherine Deibel, Fluency in Information Technology
  39. Real Networks in 1999 What they did: Secretly gathered data on people’s personal music tastes Encrypted the info so no one would know Didn’t mention it in their privacy statement They were caught Changed privacy statement Major loss in usage Permanent marring of public trust Katherine Deibel, Fluency in Information Technology
  40. Further Privacy Issues Cookies and grocery shopping Katherine Deibel, Fluency in Information Technology
  41. Chris Dating Cookies A cookie is a record stored on your computer by a Web Server The cookie is usually a unique ID that allows the server to remember who you are Improves Web experience Client: 210465 Name: Book: Client Client Client Server Client Client Client 4.95.142.16: 210465: Chris, Dating for Total Dummies Katherine Deibel, Fluency in Information Technology
  42. Cookies are Good (and Yummy) Cookies are used by many sites and they make Web usage much better Many sites use cookies for history and logins Banking and credit card applications cannot be secure enough without cookies If all privacy laws met OECD standards Cookies would be all good No one but computer scientists would know about them Katherine Deibel, Fluency in Information Technology
  43. Cookies are Bad (too sugary) Cookies can be stored in your computer by sites you have not visited: 3rd party 3rd Party Cookies come from a site in business with the site you visit, e.g. for ads 3rd party cookies allow info to be correlated Server ABC Chirs Cookie: 210465 Client Chris ABC site:210465 DEF site:4491027 3rdParty: 666-666 Server 3rd 123 Cookie:666-666 Server DEF Chirs Cookie: 4491027 Katherine Deibel, Fluency in Information Technology
  44. Correlating Cookies The 3rd party cookie becomes the key (literally, in DB sense) to join (in DB sense) the info held by separate co.s Company ABC Database Customer Cookie Ad Agcy Data1 Data 2 ... Chris 210465 666-666 val 1 val 2 Company DEF Database Customer Cookie Ad Agcy Data1 Data 2 ... Chris 4491027 666-666 val 3 val 4 It’s the same Chris!!! Katherine Deibel, Fluency in Information Technology
  45. Managing Cookies You control whether your computer accepts cookies -- look in browser If you don’t care about privacy, Accept all cookies If you greatly value your privacy, Accept no cookies If you want some privacy AND benefit from the useful stuff on the Web, Accept cookies but reject 3rd party cookies Katherine Deibel, Fluency in Information Technology
  46. Grocery Cards Easy to collect information about a customer's eating habits Identity can be validated by credit card Some privacy experts fear that this knowledge will be passed to health insurance companies Debatable if useful for actuarial purposes What does the privacy statement say? Katherine Deibel, Fluency in Information Technology
  47. Grocery Cards QFC Privacy Statement:The information gathered by QFC will be used to give you, our valued customer, our very best. You have our word on that! We pledge that QFC will not release your name to any list service or manufacturer, and that such information will be held in the strictest of confidence–even within our company. Katherine Deibel, Fluency in Information Technology
  48. But QFC is an affiliate of Kroger Kroger's Privacy Statement:Kroger and its affiliates may use personal customer information to create merchandising and promotional programs tailored around specific purchases, the frequency of store visits, volume of purchases, and other data…We may share personal customer information with our subsidiaries, affiliates, agents, representatives and trusted partners for the limited purpose of providing services or information to Kroger or our customers at our direction. Katherine Deibel, Fluency in Information Technology
  49. Conflicting statements? Yes But… It is all legal in the United States We have grown accustomed to the idea that our information is being used The U.S. is an opt-out society Katherine Deibel, Fluency in Information Technology
  50. Summary You may not think about privacy much, but maybe you should … You should have a say in whether or not records of your information can be linked to you The U.S. needs better laws, and why not? Do you care whether Google or Facebook can deliver an ad to you based on your private information? Katherine Deibel, Fluency in Information Technology
More Related