200 likes | 211 Views
CT218 Lecture 6 14 th March. Privacy Issues. What is privacy?. It is common t o distinguish four kinds of privacy: physical privacy mental privacy decisional privacy informational privacy Definitions…. Infringements of Information Privacy. Concern for activities of
E N D
CT218 Lecture 6 14th March Privacy Issues CT218 Professional Issues
What is privacy? • It is common to distinguish four kinds of privacy: • physical privacy • mental privacy • decisional privacy • informational privacy • Definitions… CT218 Professional Issues / Lecture
Infringements of Information Privacy Concern for activities of • Commercial organisations • mailing lists and marketing data • credit references • Government agencies • interests of law enforcement versus rights to non-interference • collation of information • monitoring of telecommunications CT218 Professional Issues / Lecture
Privacy Protection Privacy protection can be achieved by: • Privacy and Data Protection Laws • Self Regulation (Codes of Conduct) • Privacy Enhancing Technologies • Privacy Education (of consumers and IT professionals) Source: Fischer-Hubner, S. “IT-Security and Privacy: Design and Use of Privacy-Enhancing Security Mechanisms”, LNCS 1958, ISBN 3-540-42142, Springer, 2001 CT218 Professional Issues / Lecture
Privacy Enhancing Technologies PETs are software based mechanisms that help to protect the privacy of web users 2 Categories: • Products which provide consumer choice, such as • P3P (Platform for Privacy Preference Project) from W3C • Products which protect User Identity through • Anonymity • Pseudonymity • Unlinkability • Unobservability Source: Fischer-Hubner CT218 Professional Issues / Lecture
PETs vs PITs PETS provide an answer to “Privacy Invasive Technologies” (PITS) such as • Data mining (customer profiling) • “Spyware” • Cookies • Web Bugs • Intelligent Agents used in E-commerceand M-commerce applications(AKA “shopbots”, “buybots”, “pricebots”, “bots”) CT218 Professional Issues / Lecture
Cookies A cookie is a small data file that websites can store on the hard drive of the computer of people who visit their sites. • may contain information, such as a unique user ID, that websites use to track the pages visited • can track and maintain the identity of the web site visited immediately prior to and after visiting the website which set the cookie • can keep information on Registered Users which allows them to access account information or other information relating to their use of the site CT218 Professional Issues / Lecture
Web Bugs • AKA “Web Beacons” • Web bugs hide computer codes behind invisible images only a pixel in size to gather information about surfing habits • The bugs work best in conjunction with cookies and can interrogate them to find out more about the surfer From BBC Article on Web Bugs: http://news.bbc.co.uk/hi/english/sci/tech/newsid_842000/842624.stm CT218 Professional Issues / Lecture
Web Bugs / what they can do Data web bugs can gather • IP address of your computer • Web location of bug • Web page bug is attached to • Time the bug was viewed • Which browser you are using • Any cookies already on your computer SOURCE: BBC Article on Web Bugs http://news.bbc.co.uk/hi/english/sci/tech/newsid_842000/842624.stm CT218 Professional Issues / Lecture
Spyware? • "They are a secret way of gathering information about someone," said David Banisar, a civil liberties expert from the Electronic Privacy Information Centre (Epic). • Privacy experts say the hidden images are the first of a new generation of "spyware" designed to watch what people do on the web without them knowing. (BBC article) CT218 Professional Issues / Lecture
Legitimate business Practice? NAI Definition of Web Beacons “Web Beacons are a tool that can be used online to deliver a cookie in a third party context. This allows companies to perform many important tasks - including unique visitor counts, web usage patterns, assessments of the efficacy of ad campaigns, delivery of more relevant offers, and tailoring of web site content. The web beacon's cookie is typically delivered or read through a single pixel on the host site” (http://www.networkadvertising.org/aboutnai_news_pr100401.asp) CT218 Professional Issues / Lecture
Email Surveillance Issues • The standard technology of email is anything but private • ISP’s have been asked to archive all transactions for 7 years by UK police • Ownership of ‘private’ email • Courts agree with employers that on company computers, it belongs to the employer CT218 Professional Issues / Lecture
Amazon.co.uk • Like many commercial organisations, uses customer information for marketing purposes. • Uses data mining techniques for sophisticated customer profiling • Privacy International, a lobby group, is pursuing a complaint of non-compliance with UK data protection legislation http://www.privacyinternational.org/issues/compliance/ CT218 Professional Issues / Lecture
Personal data held by Amazon (1) • Records of book titles purchased • Clickstream data such as URLs viewed, IP addresses, cookies, timestamps • Search queries • Items placed in shopping carts but removed prior to checkout • Data purchased by Amazon from other sources or gathered from public records CT218 Professional Issues / Lecture
Personal data held by Amazon (2) • Demographic and psychographic data • Any estimates of propensity to purchase particular products • Any information relating to credit risk • Estimates of lifetime value • Any clustering or segmentation data • Any estimates of price elasticity CT218 Professional Issues / Lecture
Doubleclick The Doubleclick Saga DC’s online profiling service carried out through Banner Adverts attracted the wrath of the Privacy Lobby http://www.nytimes.com/library/tech/00/02/cyber/commerce/07commerce.html Junkbusters President Jason Catlett claimed that “Doubleclick has more than a trillion clickstream records and billions of personally identified records on about 90 million Americans”. He also claimed that Doubleclick’s computer had been the victim of hackers - http://www.junkbusters.com/new.html#dclk DoubleClick has always maintained that any information collected in such a way is merely aggregated data that cannot be traced to individual users. Several court cases have been dismissed. http://www.doubleclick.com/us/corporate/privacy/ CT218 Professional Issues / Lecture
Network Advertising Initiative • NAI (Network Advertising Initiative), a cooperative group of network advertisers have developed a set of privacy principles, in conjunction with the Federal Trade Commission, in order to improve its self-regulatory approach to addressing consumer's privacy concerns • It offers an on-line service which provides consumers with the ability to opt-out of ads from major companies (including DoubleClick and 24/7 Media) through its website http://www.networkadvertising.org CT218 Professional Issues / Lecture
Intel The saga of Intel Pentium III and PSN(Processor Serial Number) Original chips had embedded technology which enabled the identification of individual computers Dropped by Intel in April 2000 following adverse publicity • “Pretty poor privacy may lurk inside processors” New Scientist 6 Feb 1999 • http://www.epic.org/ (Electronic Privacy Information Center)-US watchdog • http://www.bigbrotherinside.com/ • http://zdnet.com.com/2100-11-520265.html?legacy=zdnn CT218 Professional Issues / Lecture
Next Week The Data Protection Act Advanced Study (recommended): The Office of the Information Commission (OIC) website: http://www.dataprotection.gov.uk • Legal Guidance • Notification Handbook CT218 Professional Issues / Lecture
End of Privacy Issues CT218 Professional Issues