Privacy in computing Material/text on the slides from Chapter 10 Textbook: Pfleeger. What is privacy? • How would you define it? • What do you think its aspects are? – Three key aspects: • Controlled disclosure. • Sensitive data • Affected subject. Computer Related Privacy Problems • Data collection: what issue do you see? • No informed consent: – Examples: real age. • Loss of control: class discussion. – Example: posting on a blog. • What are the ramifications vs. writing a letter? • Ownership of data. Computer Related Privacy Problems • Data collection: what issue do you see? • No informed consent: – Examples: real age. • Loss of control: class discussion. – Example: posting on a blog. • What are the ramifications vs. writing a letter? • Ownership of data. Protections provided • Privacy Policies; – First step: fair information policies: • Regulate these; – – – – – – – – Collection of information. Data quality. Purpose specification (use of information) Use limitation. Security safeguards. Openness. Individual participation. Accountability. U.S privacy laws – Are usually applied to individual data types: – HIPAA – Financial organizations: Gramm-Leach-Bliley Act (GLBA) – Important in Radford: Federal Educational Rights and Privacy Act (FERPA). • Somethings are not clear: example class discussion. U.S govt. websites. • Privacy laws controlled by the FTC. • Address 5 factors: – – – – Notice (must be informed) Choice Access (contest accuracy of data collected) Security. (data collectors must secure against unauthorized use). – Enforcement (sanctions on noncompliance) • In 2002, the US e-government act. What about commercial websites? • Federal trade comission can prosecute for deceptive practices. (e.g., false advertising) – E.g., JetBlue and the DOD. Other issues with Privacy. • Anonymity. – Issues with anonymity. • Multiple identities (online id) How to protect against privacy loss? How to protect against privacy loss? • Get/give as little data as possible. • Data anonymization. • Audit trail: record who has accessed what data. • Security and controlled access • Training, quality, Restricted usage, data left in place. • Policy. Issues in Computer Security: Data mining and privacy. • Government data mining. • Privacy preserving data mining: – Data mining is “extracting hidden patterns from large amounts of data” – Solutions to preserve privacy: • Remove id information. Doesn’t work. – E.g., Sweeney’s report: > 87% US population can be identified by: 5 digit zip code, gender and date of birth. • Data perturbation. Example. Needs to be done carefully. Privacy on the web • Think about this: – On the web: every word you speak (blog) can be read – Someone selling something may have ads on their site for something else. – Identity of the other person may not be known! • Some issues on the web are protected. – Can you name them? Privacy on the web • Credit card payments are protected. – But not necessarily private. – Paypal etc.. May solve the privacy issues. • Site and portal registrations: – Beware of “we will enhance your browsing experience” – Using email as id on some sites. Issues? • Third party ads. • Contests and offers: Free Iphones! Privacy issues • Cookies: – Be-aware • Third party cookies. E.g., Double Click and online profiling. • Adware • Web-bug. • Spyware: keystroke loggers. Email security • Interception of email. – Can be encrypted using PGP or S/MIME – Email monitored legallly. • Anonymous E-mail and remailers – Sending anonymous emails. • Spoofing and spamming. Impact on Emerging technologies • RFID tags – RFID and privacy issues: • Consumer products. How can this be exploited? – RFID in individuals. • Electronic voting – Privacy issues. • VoIP and Skype – Privacy issues.