430 likes | 1.41k Views
Privacy in a Digital World. CSCI327. Initial Questions. Is privacy a right? inalienable right ? e.g. life, liberty, pursuit of happiness legal (civil) right ? e.g. right to vote, no taxation without representation not a right What do privacy rights have to do with computing?.
E N D
Privacy in a Digital World CSCI327
Initial Questions • Is privacy a right? • inalienable right? • e.g. life, liberty, pursuit of happiness • legal (civil) right? • e.g. right to vote, no taxation without representation • not a right • What do privacy rights have to do with computing?
Digital Privacy in the News U.S. Relaxes Some Data Disclosure Rules www.nytimes.com -- by Matt Apuzzo and Nicole Perlroth -- Jan 27, 2014 WASHINGTON — The Obama administration says it will allow Internet companies to give customers a better idea of how often the government demands their information, but will not allow companies to disclose what is being collected or how much. The new rules — which have prompted Google, Microsoft, Yahoo and Facebook to drop their respective lawsuits before the nation’s secret surveillance court — also contain a provision that bars start-ups from revealing information about government requests for two years. The companies’ dispute began last year after a former government contractor, Edward J. Snowden, revealed that F.B.I. and National Security Agency surveillance programs rely heavily on data from United States email providers, video chat services and social networking companies. Sometimes, F.B.I. agents demand data with administrative subpoenas known as national security letters. Other times, the Justice Department makes the demand under the authority of the surveillance court but without a specific warrant. Either way, the justification is typically secret and companies are prohibited from saying much. The companies wanted to be able to say how many times they received court orders, known as FISA orders, for the Foreign Intelligence Surveillance Act. The government opposed that. Companies say that has hurt their businesses. Forrester Research projected the fallout from Mr. Snowden’s disclosures could cost the so-called cloud computing industry as much as $180 billion — a quarter of its revenue — by 2016.
Digital Privacy in the News Yahoo, Like Google, Demands Warrants for User E-Mail www.wired.com, by David Kravets, January 25, 2013 Yahoo demands probable-cause, court-issued warrants to divulge the content of messages inside its popular consumer e-mail brands — Yahoo and Ymail, the web giant said Friday. The Sunnyvale, California-based internet concern’s exclusive comments came two days after Google revealed to Wired that it demands probable-cause warrants to turn over consumer content stored in its popular Gmail and cloud-storage Google Drive services — despite the Electronic Communications Privacy Act not always requiring warrants. “Yes, we require a probable cause warrant for e-mail content,” said Yahoo spokeswoman Lauren Armstrong, in an e-mail interview. “That is more than ECPA requires.” The nation’s other major consumer-facing e-mail provider — Microsoft — which markets the Hotmail and Outlook brands, declined comment for this story. In short, Yahoo and Google are granting their customers more privacy than the four corners of the ECPA. There’s been a string of conflicting court opinions on whether warrants are required for data stored on third-party servers longer than 180 days. The Supreme Court has never ruled on the issue. Federal and state law enforcement officials are seemingly abiding by Yahoo’s and Google’s own rules to avoid a showdown before the Supreme Court.
Digital Privacy in the News Warrant Needed for GPS Tracking, High Court Says By JESSE J. HOLLAND and PETE YOST Associated Press WASHINGTON January 23, 2012 (AP) In a rare defeat for law enforcement, the Supreme Court unanimously agreed on Monday to bar police from installing GPS technology to track suspects without first getting a judge's approval. The justices made clear it wouldn't be their final word on increasingly advanced high-tech surveillance of Americans. Indicating they will be monitoring the growing use of such technology, five justices said they could see constitutional and privacy problems with police using many kinds of electronic surveillance for long-term tracking of citizens' movements without warrants. While the justices differed on legal rationales, their unanimous outcome was an unusual setback for government and police agencies grown accustomed to being given leeway in investigations in post-Sept. 11 America, including by the Supreme Court. The views of at least the five justices raised the possibility of new hurdles down the road for police who want to use high-tech surveillance of suspects, including various types of GPS technology.
ChoicePoint to pay $15M to settle charges The data warehouser will settle charges that it failed to protect consumers' personal financial information, the FTC says. www.cnn.com - January 26, 2006 WASHINGTON (Reuters) - ChoicePoint Inc. has agreed to pay $15 million to settle charges that it failed to adequately protect consumers' personal financial information, the Federal Trade Commission said Thursday. The company has agreed to pay a $10 million civil penalty, provide $5 million to compensate consumers, and take steps to better safeguard personal information so it is used only for legitimate purposes, the agency said. The company last year admitted that more than 163,000 personal records had been compromised, the agency said. The FTC charged ChoicePoint illegally gave credit histories to people who were not authorized to obtain them and failed to have reasonable procedures to verify the identities of those who requested the information and how the data was to be used. The company also made false and misleading statements about its privacy policies, the FTC charged. A representative for the company was not immediately available for comment.
Types of Privacy • Freedom from Unwarranted Intrusion • Freedom from Interference in One's Personal Affairs • Control over the Flow of Personal Information
Tech's Impact on Privacy • duration of data storage • variety of data that can be shared • amount of data gathered • speed of data movement
Is online shopping different fromin-store shopping? Q: Does shopping at home online give you more or less privacy? • more privacy - your neighbors will not see you there • less privacy - online shopping gives the company much more info about you Q: Is the data the company gathers different? • online, they know every item you looked at, how long you spent looking, etc
Sources of Personal Data • web cookies • social media • phone book • public records • credit card statements • rewards programs • spyware • TiVo • RFID • …
Data Mining • definition: analyzing databases to discover patterns and relationships • usually used for prediction • example from textbook: • company XYZ operates toll booths and collects data about which car IDs pass and when • company ABC buys XYZ's data and data from credit card companies. ABC now knows the addresses of frequent drivers along with credit limits • ABC sells this secondary data to banks • "We see that your car has 100,000 miles. Need a car loan?"
Info Security • How safe is that cookie data? • Example: Toysmart.com • privacy statement said that the personal info of users would not be sold or exchanged • the company went bankrupt in 2000 • Toysmart sold its assets, including the customer database
DoubleClick.com • gathers data from cookies from banners placed on a large number of web sites • DC can cross-reference data to build profiles of individual users • cookie data can be used to manage which ads individuals see and how many times the ads are seen. • For example, using frequency capping, as I surf from website to website they can make sure I only see the same car ad 10 times per day
In 1999, DC announced that it planned to purchase Abacus Direct for $1.7B, a consumer database company containing the names, addresses, phone numbers, etc of 90% of American Households. • Google bought DC for $3.1B in cash in April 2007. • congress held hearings to investigate the privacy and monopoly implications of the merger • Microsoft complained about this creating a monopoly