Privacy in computing

Material/text on the slides from Chapter 10

Textbook: Pfleeger.

What is privacy?

• How would you define it?

• What do you think its aspects are? – Three key aspects:

• Controlled disclosure.

• Sensitive data

• Affected subject.

Computer Related Privacy Problems

• Data collection: what issue do you see?

• No informed consent: – Examples: real age.

• Loss of control: class discussion. – Example: posting on a blog.

• What are the ramifications vs. writing a letter?

• Ownership of data.

Computer Related Privacy Problems

• Data collection: what issue do you see?

• No informed consent: – Examples: real age.

• Loss of control: class discussion. – Example: posting on a blog.

• What are the ramifications vs. writing a letter?

• Ownership of data.

Protections provided

• Privacy Policies;– First step: fair information policies:

• Regulate these;– Collection of information.

– Data quality.

– Purpose specification (use of information)

– Use limitation.

– Security safeguards.

– Openness.

– Individual participation.

– Accountability.

U.S privacy laws

– Are usually applied to individual data types:

– HIPAA

– Financial organizations: Gramm-Leach-Bliley Act (GLBA)

– Important in Radford: Federal Educational Rights and Privacy Act (FERPA).

• Somethings are not clear: example class discussion.

U.S govt. websites.

• Privacy laws controlled by the FTC. • Address 5 factors:

– Notice (must be informed)

– Choice

– Access (contest accuracy of data collected)

– Security. (data collectors must secure against unauthorized use).

– Enforcement (sanctions on noncompliance)

• In 2002, the US e-government act.

What about commercial websites?

• Federal trade comission can prosecute for deceptive practices. (e.g., false advertising)

– E.g., JetBlue and the DOD.

Other issues with Privacy.

• Anonymity. – Issues with anonymity.

• Multiple identities (online id)

How to protect against privacy loss?

How to protect against privacy loss?

• Get/give as little data as possible.

• Data anonymization.

• Audit trail: record who has accessed what data.

• Security and controlled access

• Training, quality, Restricted usage, data left in place.

• Policy.

Issues in Computer Security: Data mining and privacy.

• Government data mining. • Privacy preserving data mining:

– Data mining is “extracting hidden patterns from large amounts of data”

– Solutions to preserve privacy:• Remove id information. Doesn’t work.

– E.g., Sweeney’s report: > 87% US population can be identified by: 5 digit zip code, gender and date of birth.

• Data perturbation. Example. Needs to be done carefully.

Privacy on the web

• Think about this: – On the web: every word you speak (blog) can

be read – Someone selling something may have ads on

their site for something else. – Identity of the other person may not be known!

• Some issues on the web are protected.– Can you name them?

Privacy on the web

• Credit card payments are protected. – But not necessarily private.

– Paypal etc.. May solve the privacy issues.

• Site and portal registrations: – Beware of “we will enhance your browsing experience”

– Using email as id on some sites. Issues?

• Third party ads.

• Contests and offers: Free Iphones!

Privacy issues

• Cookies: – Be-aware

• Third party cookies. E.g., Double Click and online profiling.

• Adware

• Web-bug.

• Spyware: keystroke loggers.

Email security

• Interception of email. – Can be encrypted using PGP or S/MIME

– Email monitored legallly.

• Anonymous E-mail and remailers– Sending anonymous emails.

• Spoofing and spamming.

Impact on Emerging technologies

• RFID tags– RFID and privacy issues:

• Consumer products. How can this be exploited?

– RFID in individuals.

• Electronic voting– Privacy issues.

• VoIP and Skype– Privacy issues.