Upload
duane-ball
View
213
Download
3
Embed Size (px)
Citation preview
Privacy in computing
Material/text on the slides from Chapter 10
Textbook: Pfleeger.
What is privacy?
• How would you define it?
• What do you think its aspects are? – Three key aspects:
• Controlled disclosure.
• Sensitive data
• Affected subject.
Computer Related Privacy Problems
• Data collection: what issue do you see?
• No informed consent: – Examples: real age.
• Loss of control: class discussion. – Example: posting on a blog.
• What are the ramifications vs. writing a letter?
• Ownership of data.
Computer Related Privacy Problems
• Data collection: what issue do you see?
• No informed consent: – Examples: real age.
• Loss of control: class discussion. – Example: posting on a blog.
• What are the ramifications vs. writing a letter?
• Ownership of data.
Protections provided
• Privacy Policies;– First step: fair information policies:
• Regulate these;– Collection of information.
– Data quality.
– Purpose specification (use of information)
– Use limitation.
– Security safeguards.
– Openness.
– Individual participation.
– Accountability.
U.S privacy laws
– Are usually applied to individual data types:
– HIPAA
– Financial organizations: Gramm-Leach-Bliley Act (GLBA)
– Important in Radford: Federal Educational Rights and Privacy Act (FERPA).
• Somethings are not clear: example class discussion.
U.S govt. websites.
• Privacy laws controlled by the FTC. • Address 5 factors:
– Notice (must be informed)
– Choice
– Access (contest accuracy of data collected)
– Security. (data collectors must secure against unauthorized use).
– Enforcement (sanctions on noncompliance)
• In 2002, the US e-government act.
What about commercial websites?
• Federal trade comission can prosecute for deceptive practices. (e.g., false advertising)
– E.g., JetBlue and the DOD.
Other issues with Privacy.
• Anonymity. – Issues with anonymity.
• Multiple identities (online id)
How to protect against privacy loss?
How to protect against privacy loss?
• Get/give as little data as possible.
• Data anonymization.
• Audit trail: record who has accessed what data.
• Security and controlled access
• Training, quality, Restricted usage, data left in place.
• Policy.
Issues in Computer Security: Data mining and privacy.
• Government data mining. • Privacy preserving data mining:
– Data mining is “extracting hidden patterns from large amounts of data”
– Solutions to preserve privacy:• Remove id information. Doesn’t work.
– E.g., Sweeney’s report: > 87% US population can be identified by: 5 digit zip code, gender and date of birth.
• Data perturbation. Example. Needs to be done carefully.
Privacy on the web
• Think about this: – On the web: every word you speak (blog) can
be read – Someone selling something may have ads on
their site for something else. – Identity of the other person may not be known!
• Some issues on the web are protected.– Can you name them?
Privacy on the web
• Credit card payments are protected. – But not necessarily private.
– Paypal etc.. May solve the privacy issues.
• Site and portal registrations: – Beware of “we will enhance your browsing experience”
– Using email as id on some sites. Issues?
• Third party ads.
• Contests and offers: Free Iphones!
Privacy issues
• Cookies: – Be-aware
• Third party cookies. E.g., Double Click and online profiling.
• Adware
• Web-bug.
• Spyware: keystroke loggers.
Email security
• Interception of email. – Can be encrypted using PGP or S/MIME
– Email monitored legallly.
• Anonymous E-mail and remailers– Sending anonymous emails.
• Spoofing and spamming.
Impact on Emerging technologies
• RFID tags– RFID and privacy issues:
• Consumer products. How can this be exploited?
– RFID in individuals.
• Electronic voting– Privacy issues.
• VoIP and Skype– Privacy issues.