Embed Size (px)
Citation preview
Privacy and Civil Liberties
Paul Juckiewicz Qing Zhang Ryan Leslie James Luk Victoria Toujilina Justin Phillips
Ethics and Legal Basis for Privacy Protection
Paul Juckiewicz
Topics of Discussion
• History of privacy protection.• Technical aspects
• Cookies
• Data Mining
• Public vs. Private• Future
History of Privacy
• Fourth Amendment to the Constitution
The rights of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause,
supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
History cont’d
• 1890 Harvard Law Review article “The Right to Privacy” by Samuel Warren and Louis Brandeis• “the right to be let alone”
• 1965 Supreme Court case Griswold vs. Connecticut.• Constitutional right to privacy
Public vs. Private
• Before the advent of the Internet, the privacy of many types of “public” data was protected by the effort required to access it.
• Maiden names, addresses, phone numbers, job titles, etc. are all public information
• Need to distinguish a “line” between what is public and private .
Public vs. Private
Cookies
• An internet cookie is a text file that is saved onto your hard disk from a web server.
• Simply a name-value pair, anonymous
id 800000441c5e4bc doubleclick.net/ 1024 2460183040 29889010 1178856736 29668734 *
• Unethical use can lead to invasion of privacy.
Data Mining
• The use of software to recognize patterns of behavior when fed information from two or more databases .
• Capacity to violate ones right to privacy
Future of Privacy Protection
• Evident that with the growth of computer technology there is more and more of a need to establish rules for privacy protection.
• Rules of conduct to which those involved with the collection, storage, and use of information need to adhere too.
Privacy Implications of Massive Database Systems
Qing Zhang
Privacy Implications of Massive Database Systems
• Challenge
1. Unauthorized access to the data
2. Unauthorized manipulation of the data
3. Unauthorized distribution
4. Illegal deletion of stored data
Privacy Implications of Massive Database Systems
• Solution
1. Conduct a threat analysis
2. Conduct a risk assessment
Privacy Implications of Massive Database Systems
• Techniques
1. Access management
2. Privacy transformations
3. Cryptographic control
4. Database integrity
Privacy Implications of Massive Database Systems
• Top-level management involvement
Privacy Implications of Massive Database Systems
• Auditing and monitoring the database
Technological Strategies for Privacy Protection
Ryan Leslie
Privacy-Enhancing Technologies (PETs)
• Software programs, hardware devices, or even publications that can help a user regain some of their privacy that has been lost on the Internet.
Encryption• The conversion of data into a form (ciphertext) not
easily understood without authorization (key). Reverse process is decryption.
• Enhances privacy by protecting personal information stored on a computer or transferred over the Internet. Ex. Your credit card # in an encrypted database.
• Need secure online banking and e-commerce: most web browsers include software for encrypting the data sent to web sites. (https)
Encryption
• Encryption software is widely available but not widely used. Why is e-mail still unencrypted? i.e. interceptable.
• Software is too cumbersome for the lazy majority.
• Lack of user education: “Other ppl can see our IMz????/ OMG!”
(Web) Anonymizers
• Privacy service that allows a user to visit Web sites without allowing anyone to gather information about which sites they visit and without allowing a visited Web site to gather information about them. Ex. IP Address, Browser software.
• Proxy server processes each HTTP request.
1. User client requests web page from anonymizer proxy.2. Anonymizer retrieves the requested information on behalf of the client (the remote site learns nothing about the client).3. The anonymizer returns the requested information to the client.
(Web) Anonymizers
• Limitations and Disadvantages?• Only useful for transactions that do not
require explicit personal information.• Easily abused for illegitimate purposes. Ex.
Software Piracy (WaReZ d00dz), Spammers, Denial of Service (DoS) attacks.
Spam Filters
• Programs used to detect unsolicited and unwanted e-mail and prevent those messages from getting to a user's inbox
• Reject messages that match specific criteria, such as subject lines, source addresses, and word patterns.
Spam Filters
• Not foolproof. Programs too stupid or spammers too clever?
• Legitimate messages resembling spam are accidentally filtered.
Cookies
• Cookie: Unique piece of text that your browser saves and sends back to a Web server when you revisit a site.
• Can contain log-in or registration data, online shopping cart selections, user preferences, etc.
• Can also contain a list of sites that you’ve visited.• Used by advertisers to track surfing behavior.
Cookie Blockers
• Utility programs that prevent web browsers from exchanging cookies with web sites.
• May block all, or only some cookies.• Some blockers also block pop-ups and look for
spyware. • Many web browsers have basic cookie-blocking
functionality.• Unfortunately, not enough Internet users
understand what a cookie is, why they would want to block it, or how they could do so.
Platform for Privacy Preferences (P3P)
• Standard computer-readable format for online privacy policies developed by the World Wide Web Consortium (W3C)
• Privacy policies can be obtained automatically by P3P-enabled web browsers and other P3P software
• Policies can be analyzed, compared with user-specified privacy settings, used to make automated decisions about blocking cookies or preventing website access, and used to generate privacy-related notices for display to users.
• Unfortunately, P3P not widely adopted. Where is the incentive? Not enough people are demanding privacy
• No widespread integration with search engines
Transactions That Reveal Minimal Personal Information
• Encryption and PETs necessary, but not sufficient. Ex. Customer uses encrypted channel to transfer data to a site, and that site encrypts the database containing that information. But someone with access sells the information to marketers.
• Best approach for keeping personal information safe is to minimize the need to collect such information in the first place!
• “Does this site really need my name and address?”• Credit Cards used as age verification?! • However, most businesses benefit from collection of
personal information. No incentive to modify current transaction systems.
Freedom of Expression In Cyberspace
James Luk
A Brief History of the Internet
• John Licklider’s Galactic Network• ARPA
• Sputnik• APRANET
• TCP/IP
Freedom of Expression
• First Amendment• Speech• Religion• Press• Assembly• Petition• Association
Freedom of Expression - continued
• United Nations – Universal Declaration of Human Rights• Everyone has the right to freedom of thought,
conscience and religion; this right includes freedom to change his religion or belief, and freedom, either alone or in community with others and in public or private, to manifest his religion or belief in teaching, practice, worship and observance.
• Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers
Benefits Freedom of Expression in Cyberspace
• Increases communication• Spread of information• Forum for ideas• Increased collaboration • Expressing yourself
• Personal Websites i.e. Blogs
Blog Example
Blog Example
Disadvantages of Freedom of Expression on the Web
• Copywrite and Intellectual Property Violations• Stolen trade secrets• Pirated Software• Music and movies• ACM Ethics Violation
• Honor property rights including copyrights and patent
Obstacles to Freedom of Expression in Cyberspace
• Censorship• Filtering and content rating• Pornography• China’s Great Wall
Censorship – continued.
• “If the cyberspace in which the information superhighway operates is regarded as analogous to public space, then First Amendment principles evident outside of the electronic media suggests that the burden may be on the users of the information to avoid unwanted messages by electronically averting their eyes. In other words, accessing the information superhighway may be like walking onto a city street, and users should be expected to cope with the wide array of entertainment, annoyance, and offense, that normally takes place there” (Harvard Law Review)
Laws
• Reno v. ACLU (1997)• Communication Decency Act unconstitutional
• endorsement of the Internet as a "dramatic" and "unique" "marketplace of ideas”.
• World Wide Web is analogous to a library or a shopping mall, rejecting the government's argument that it could be viewed as more akin to a broadcast medium
• Internet deserves the same high level of free speech protection afforded to books and other printed matter.
Laws – continued
• Ashcroft v. ACLU II (2004)• Child Online Protection Act barred from taking
effect• Similar to Communication Decency Act
The Future
• More users• More Attempts to regulate Internet
• Lawsuits
International Implications
Victoria Toujilina
What is Privacy?
• Does it mean the same in different countries?
• What is considered to be private in one country is public in the other.
Internet PrivacyWhat can be done to control privacy on-line?
I. Public organizations
II. Law
III. People themselves
I. World privacy organizations (advocates)
Privacy International (PI)London, UK and Washington, D.C., USA
Global Internet Policy Initiative (GIPI) 17 countries (a lot of them are developing countries)
Australian Computer Society (ACS) 8 branches around the country
II. Law• European Union (EU) – 1995 - Directive on
the Protection of Personal Data (the Directive) • Australia - 1998 - the Privacy Act 1998 • Japan - 1947 – Constitution (Articles 13, 21,
and 35)• Russia – 1995 - Law on Information,
Informatisation and the Protection of Information
• United States – 1891 - Fourth Amendment to the Constitution
• Canada – 1985 – Privacy Act
Data Protection Around the World
III. People themselves
• Protect yourself• Technological support: Firewall, Virus
protection software, • Common sense: do not share your personal
information on the Internet
Organizations (advocates) involved in Computer Privacy
Justin Phillips
Historical Perspective
• Rise Of Technology• First Organizations• Common Principles
Electronic Privacy Information Center (EPIC)
• Founded in 1994 by Mark Rotenberg• The Major goals of Epic• Ongoing Activity• Recent Action
Center For Democracy and Technology (CDT)
• Founded in 1994 by Jerry Berman• The Major Goals of CDT• Ongoing Activity• Recent Activity
Privacy International
• Founded in 1990 in London, England• The Major Goals of Privacy International• Ongoing Activity• Recent Activity
Many Other Organizations
• Global Internet Liberty Campaign• Americans For Computer Privacy• The CryptoRights Foundation• The American Civil Liberties Union• The Electronic Frontier Foundation• Cyber Rights and Cyber Liberties• Computer Professionals For Social Responsibility• Center For Digital Democracy
What’s Next?
• The culture of privacy• How culture relates to these organizations
