1 / 32

Privacy Online

Privacy Online. Jane Turk, Ph.D. CIS 610 Summer 2003. Outline. background & perspectives surveys of current Internet use children’s online privacy consumer online privacy possible solution routes. Business Perspective. Direct Marketing: > $176 billion a year

clara
Download Presentation

Privacy Online

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Privacy Online Jane Turk, Ph.D. CIS 610 Summer 2003

  2. Outline • background & perspectives • surveys of current Internet use • children’s online privacy • consumer online privacy • possible solution routes

  3. Business Perspective • Direct Marketing: > $176 billion a year • over 10,000 compiled & publicly traded databases on market today • private databases, with little or no regulation except in financial industry • ability to capture info about users on Web • target marketing

  4. Privacy Perspective • protecting privacy of consumer info is “very” important to consumers • consumers don’t know scope of data maintained on them • strong privacy standards • develop trust in users • encourage development of online commerce

  5. Major Concerns of Consumers • companies they patronize will provide their information to other companies without their permission (75%) • their transactions may not be secure (70%) • hackers will steal their personal data (69%) source: Harris survey, Nov 2001

  6. Most Important Elements to be Verified • security measures are adequate (90%) • company does not release customer personal data without permission (89%) • access within the company is limited (84%) • company is only collecting info that its privacy policies dictate (84%) • info use or sharing follows stated privacy policies (81%) source: Harris survey, Nov 2001

  7. Suggested Remedy • verify privacy policy by a third party (and 91% would do more business) • online seal of approval does not necessarily verify • BBBOnLine and Truste • audit by major accounting firm • PricewaterhouseCoopers source: Harris survey, Nov 2001

  8. Fair Information Principles • consumers be given: • notice of entity’s info practices • choice/consent with respect to secondary use & dissemination of info collected from or about them • access to info about them • collector assure security & integrity of info • provideenforcement mechanism

  9. Public Records Online • NYC voter registration site • NJ info on those licensed by state • registries of sex offenders • federal judges’ recommendation to put most civil proceedings online but to restrict criminal proceedings good source: www.epic.org/privacy/publicrecords

  10. Children’s Privacy • Federal Trade Commission: • children are avid consumers and influence spending • information collection targets are ages 8-11 • business goal: microtarget individual child • CME 1996 study exposed the issues

  11. FTC “Kids Privacy Surf Day” • “snapshot’, not comprehensive survey • 126 sites listed by Yahooligans! • results announced Dec 1997 • 86% of sites surveyed were collecting personally identifiable info on children • fewer than 30% of sites had privacy policy • another review March 1998

  12. FTC 1998 Report: Children’s Sites • of 212 sites directed at children • 89% collect personally identifiable info directly from children • 54% disclose info collection practices • fewer than 10% provide for some form of parental control

  13. Children’s Online Privacy Protection Act (1998) • parental consent required for collection, use, disclosure of personal information from children under 13 • parents may prevent further use or collection • parents may review information

  14. Privacy Journal Recommendations • parent • approve kid’s giving email address • totally involved in kid’s giving physical address • order products in parent’s name • kid • can use (false) nickname • never use name and address to buy

  15. Annenberg 2000 Study • 29% of parents would give identifying info in exchange for a free gift worth $100 • 45% of kids ages 10-17 would • 39% of girls, 54% of boys • parents need help

  16. Cookies • passive files stored on hard drives of Netscape & Microsoft IE users • store a customer ID number for site/network • used by online advertisers to track a user’s movements • profiling, preferences • issue: transparency

  17. Why Cookies? • HTTP is stateless: keeps no information from a connection • with cookies, a Web page can “remember” you from your last visit • enable much of interactivity • customization, shopping baskets

  18. Online Profiling: How and Where • cookies, web bugs, URLs, info you provide • anonymous, unless you identify yourself • in customer database of the site/network • pages/sites visited • DoubleClick tracks movement on 1500 sites

  19. Online Profiling: Pros and Cons • deliver desired content to user • provide information about interests of individual • aggregate info about site • info collected often without knowledge or consent

  20. Spyware • conducts surveillance on a computer • usually placed without knowledge or consent of computer owner • violates basic FIPS • e.g., “phone home” programs, Web bugs, home web monitoring

  21. Web Bugs • clear GIFs, embedded images • transmit info when page is viewed: where, when • designed to monitor who is viewing page • e.g., HTML mail • recent SW enables detection

  22. The Net NEVER Forgets • Internet Archive scoops up the Web • postings to Usenet groups are saved in Deja News • now http://groups.google.com • posts to email forums and chat services are searchable • public record

  23. Costs to Business of Not Protecting Privacy • sales lost may be $18 billion • older business models may be less effective than privacy-friendly models • lost opportunities and higher costs for imported personal data • “safe harbor” includes complying with FIPS source: Robert Gellman, “Privacy, Consumers, and Costs”

  24. Costs to Consumers When Privacy Is Not Protected • higher prices • stopping junk mail and telemarketing calls • avoiding identity theft • protecting privacy on the Internet source: Robert Gellman, “Privacy, Consumers, and Costs”

  25. Solution Routes • education, including • fair information principles • best business practices • industry self-regulation • technology • legislation

  26. Industry Self-Regulation for privacy • depends on posted privacy policies • coming: integrated suites of tools • online privacy seal programs • e.g., TRUSTe, BBBOnLine • implement some FIPS and monitor compliance • public audit of privacy policies • e.g., www.thedailyapple.com

  27. FTC Action Against Toysmart • privacy policy promised never to divulge customer information • certified by TRUSTe • FTC could intervene • bankrupt company advertised “databases and customer lists” for sale • FTC sued to prevent sale of customer info

  28. Privacy Enhancing Technologies (PETs) • seek to eliminate use of personal data from transactions or give direct control for disclosure of personal information to individual concerned • standard format for ratings systems: Platform for Internet Content Selection • machine-to-machine protocol for data exchange: P3P (Platform for Privacy Preferences) • anonymous use

  29. Proposed Online Personal Privacy Act (S. 2201 in 107th) • opt-in for sensitive personally identifiable info • opt-out for less sensitive info • follows most FIPS • preempts state legislation on online privacy

  30. Sources • Adkinson, William et al. “Privacy Online: A report on the information practices and policies of commercial web sites,” March 2002. The Progress and Freedom Foundation. • Center for Democracy and Technology. “Guide to Online Privacy,” http://www.cdt.org/privacy/guide/introduction/ • Electronic Privacy Information Center. "Surfer Beware III: Privacy Policies Without Privacy Protection." Dec. 1999 <http://www.epic.org/reports/surfer-beware3.html>

  31. Federal Trade Commission. “Privacy Online: Fair Information Practices in the Electronic Marketplace,” May 2000, www.ftc.gov/reports/privacy2000/privacy2000.pdf • Gellman, Robert. “Privacy, Consumers, and Costs: how the lack of privacy costs consumers and why business studies of privacy costs are biased and incomplete,” March 2002. www.epic.org/reports/dmfprivacy.html

  32. Goldman, Janlori and Zoe Hudson and Richard M. Smith. “Privacy Report on the Privacy Policies and practices of Health Web Sites”. Sponsored by California HealthCare Foundation, January 2000, http://admin.chcf.org/documents/ehealth/privacywebreport.pdf • Pew Internet and American Life Project. “Trust and Privacy Online: Why Americans Want to Rewrite the Rules,” Aug 2000, www.pewinternet.org/reports/pdfs/PIP_Trust_Privacy_Report.pdf

More Related