Upload
jane-cox
View
214
Download
0
Tags:
Embed Size (px)
Citation preview
CS417SOCIAL AND ETHICAL ISSUES IN COMPUTINGAdapted by:
Helala AlShehri
1
Original Slides prepared by Cyndi Chie and Sarah Frye”
Outline• Privacy and Computer Technology• Terminology and principles for data collection and use• Big brother is watching you• Protecting Privacy
3
Invisible Information Gathering• Collection of personal information about someone without the
person’s knowledge• Invisible information gathering is common on the Web:
• ISPs (Internet Service Provider) and websites can collects such details of the users online activities.
8
HTTP cookies• web cookie, or browser cookie• small pieces of textual information stored by websites on your
computer• login information, the contents of your basket on shopping sites,
etc.• the data stored in the cookie is sent back to the website by the
browser• authentication cookies are used by websites to know whether
the user is logged in or not• tracking cookies can compile long-term records of individuals'
browsing histories
9
Secondary use• Secondary use:
• Use of personal information for a purpose other than the one it was provided for.
• Info sold to marketers• Organization member lists
• Vehicle registrations
• Data mining:• Searching and analyzing masses of data to find patterns and develop new
information or knowledge• Large databases• Use to develop business strategies
10
Secondary use• Computer matching:
• Combining and comparing information from different databases • Using social security number, for example, to match records• Acts as primary key to identify your records in multiple databases
• Computer profiling:• analyzing data in computer files to determine characteristics of people
most likely to engage in certain behavior• Valid / effective??• Identify “people to watch”?
• Data mining, computer matching, and computer profiling are examples of secondary use of personal information.
11
Principles for data collection and use• Informed Consent:
• Tell people what you intend to do with their data• Obtain consent, or not
• Opt-in and opt-out policies:• Allow people to allow or deny use• Opt-in: You have to say that you want in; Otherwise, by default, you are
automatically out.• Opt-out: You have to say that you want out; Otherwise, by default, you
are automatically in.
12
Principles for data collection and use• Fair Information Principles (or Practices)
13
•Inform people when personal data is collected•Collect only data needed•Offer opt-out option for secondary uses of information•Provide strong protection for sensitive data –i.e. medical info•Keep data only as long as needed•Maintain accuracy and provide means for correction•Protect security of data from theft & accidental disclosure•Develop policies for responding to law enforcement requests for data
Discussion TopicsDiscussion Topics
What We Do Ourselves:• Personal information in blogs and online profiles• Pictures of ourselves and our families• File sharing and storing• National ID System• Is privacy old-fashioned?
– Young people put less value on privacy than previous generations
– May not understand the risks
Government Databases• Government Databases:
16
Taxes –employer, dependants, statusMedical –Medicare, militaryMarriage / DivorceProperty ownershipGovernment aid –includes family infoSchool records –includes psych testsMotor vehicle –personal info
Public library recordsFirearms permits Applications to gov’t programsProfessional & trade licensesBankruptcy recordsArrest / criminal history records
Small Sampling of Governments Databases with Personal Information
Government Databases• Scope of government activities is ubiquitous• Government & its agencies are coercive by nature
• “Requests” for info viewed more as demands
• Potential for abuse of info is high• High standard of privacy protection seems appropriate?
17
Government Databases• Privacy Act of 1974:
• Applies to agencies of the US federal government• Enacted in response to government abuse of personal information • Provisions include:
• Collect only data “relevant & necessary” to authorized purpose• Publish notice of database existence in Federal Register• Allow review and correction of errors• Responsible for ensuring the security of data• Prohibit disclosure without consent (with exceptions)
18
Government Databases• Burden of proof and "fishing expeditions”:
• Traditionally: crime > evidence > suspect• Probable cause required for search
• Database searches identify “suspicious” people, then look for crime• Presumption of guilt VS presumption of innocence?
• Data mining and computer matching to fight terrorism• After 9-11 , people more willing to trade privacy for safety. • Government given more access to personal information for data mining
and profiling
19
Technology and Markets• Privacy-enhancing technologies for consumers:
• Cookies disablers and alerts• Block pop-ups software• Free anti-Spyware.• Anonymizer.• Websites restrictions options (family, friends).
21
Public-key cryptography• Encryption:
• Transforms data into a form that is meaningless to anyone.• Usually contains coding scheme and keys.
• Keys: wnbsuqiomnlpaevzrtycxjhgfd!• More advanced mathematical technique
23
13.24
Digital Signature
A digital signature needs a public-key system.The signer signs with her private key; the verifier
verifies with the signer’s public key.
Technology and Markets• Business tools and policies for protecting personal data
• A well designed database should have several features to protect against leaks, intruders, and unauthorized employee access:
25
Free Market View
• Freedom of consumers to make voluntary agreements• Informed consent• People should be allowed to “sell” their info, if they choose
• Expect consumer to exercise good judgment• Assumes business will act responsibly
• Response of the market to consumer preferences
26
Consumer Protection View• Consumers need protection from their own lack of
knowledge, judgment, or interest• We are easily deceived –protect us from our naivety • Uses of personal information
• Unintended or secondary uses & their consequences• Costly and disruptive results of errors in databases
• More stringent consent and regulation on collection and use of personal information
• Ease with which personal information leaks out
27
Discuss one of Topics w.r.t. PrivacyPros and Cons• Targeted marketing• Data mining• Paying for consumer information• Data firms and consumer profiles• Credit cards• Global Positioning Systems (GPS) -computer or
communication services that know exactly where a person is at a particular time
• Cell phones and other devices are used for location tracking