Privacy

1
Privacy

• Week 6 - February 20, 22

2
ATM Video
3
Privacy risks from personalization
4
Unsolicited marketing

• Desire to avoid unwanted marketing causes some
  people to avoid giving out personal information

5
My computer can figure things out about me

• The little people inside my computer might know
  its me
  
• and they might tell their friends

6
Inaccurate inferences

• My TiVo thinks Im gay!

7
Surprisingly accurate inferences
Everyone wants to be understood.
No one wants to be known.
8
You thought that on the Internet nobody knew you
were a dog
but then you started getting personalized ads
for your favorite brand of dog food
9
Price discrimination

• Concerns about being charged higher prices
• Concerns about being treated differently

10
Revealing private information to other users of a
computer

• Revealing info to family members or co-workers
• Gift recipient learns about gifts in advance
• Co-workers learn about a medical condition
• Revealing secrets that can unlock many accounts
• Passwords, answers to secret questions, etc.

11
Exposing secrets to criminals

• Stalkers, identity thieves, etc.
• People who break into account may be able to
  access profile info
  
• People may be able to probe recommender systems
  to learn profile information associated with
  other users

12
Subpoenas

• Records are often subpoenaed in patent disputes,
  child custody cases, civil litigation, criminal
  cases

13
Government surveillance

• Governments increasingly looking for personal
  records to mine in the name of fighting
  terrorism
  
• People may be subject to investigation even if
  they have done nothing wrong

14
Little Brother as Big Brother
15
(No Transcript)
16
Risks may be magnified in future

• Wireless location tracking
• Semantic web applications
• Ubiquitous computing

17
Homework 3 discussion

• http//cups.cs.cmu.edu/courses/compsoc-sp07/homewo
  rk/hw3.html
  
• Pick one new-technology-related privacy concern
  that you believe to be particularly significant.
  
  
• Explain the privacy issue and why you think it is
  a significant concern.
  
• What might be done to mitigate the concern?
• Pick a particular industry or type of web site
  and use Privacy Finder to find two P3P-enabled
  web sites of that type. At each site read both
  the human-readable privacy policy and the Privacy
  Finder privacy report.
• Describe what aspects of each privacy policy you
  liked and what aspects you did not like (address
  both how well the sites protect privacy and how
  the privacy policies are presented).
• Compare the experience reading the privacy
  policies with the experience reading the Privacy
  Finder privacy report.

18
Privacy invasive technologies

• Location tracking (cell phones, GPS devices that
  phone home, etc.)
  
• RFID
• Transit cards
• Computer software that phones home
• Devices that phone home
• Video cameras (hidden cameras, cell phones)
• Personalized ecommerce sites
• Automobile data recorders
• Face recognition

19
The Global Positioning System (GPS)

• Radio-navigation system operated by US DoD
• Comprised of 24 satellites and 5 ground stations
• Uses satellites to triangulate and calculate 3D
  position from 4 satellite signals
  
• Receivers listen for radio beacons and
  triangulate their position
  
• Typical accuracy in meters, cm accuracy possible
• DoD intentionally degraded accuracy until May
  2000
  
• One-way system
• Use other system to report location back
• Does not work indoors

20
Radio-frequency identification (RFID)

• Tags
• Antenna bonded to small silicon chip encapsulated
  in glass or plastic (as small as grain of rice)
  
• Unpowered (passive) tags and powered (active)
  tags
  
• Readers
• Broadcast energy to tags, causing tags to
  broadcast data
  
• Energy from readers can also power onboard
  sensors or cause tag to write new data to memory
  
• Read ranges currently a few centimeters up to a
  few meters

21
Current and near term uses of RFID

• Automobile immobilizers
• Animal tracking
• Building proximity cards
• Payment systems
• Automatic toll collection
• Inventory management (mostly at pallet level)
• Prevent drug counterfeiting
• Passports

22
Electronic Product Code

• Standard managed by EPCglobal
• Relatively small tags
• Inexpensive
• No encryption, limited security
• Kill feature
• Password feature
• Designed to replace UPC bar codes
• 96-bit serial number
• Object Name Service (ONS) database operated by
  EPCglobal

23
Post-sale uses

• Read product labels to blind people
• Sort packaging for recycling
• Provide laundry instructions to washer, dryer,
  dry cleaner
  
• Allow smart refrigerator to automatically
  generate shopping lists and warn about expired
  items and recalls
  
• Allow smart closet to suggest outfits
• Simplify product returns

24
Privacy concerns with EPCs?

• What are the privacy risks?
• What are possible solutions?
• What are the limitations of these solutions?

25
Building proximity cards

• Used for access control to buildings
• Many prox cards have no security features
• Easily clonable, even remotely
• Can be read through someones pocket or from
  longer distances while card is being read by
  legitimate reader
  
• Solutions involve adding crypto to cards

26
RFID payment systems

• Gas station keyfobs
• Coming soon to the major credit cards in your
  wallet
  
• Chase Blink card
• Can be read from about 20 cm
• Integrated into watches and cell phones
• Main advantage is to save time
• Dont have to swipe machine
• Dont need signature
• Crypto used to prevent cloning, but JHU
  researchers demonstrated how to break SpeedPass

27
Engineering privacy

• Privacy by policy
• Privacy by architecture

28
(No Transcript)
29
(No Transcript)
30
Class debate 3

• The State of Pennsylvania should adopt legal
  restrictions on the use of web cams

31
Organizing a research paper
Research and Communication Skills

• Decide up front what the point of your paper is
  and stay focused as you write
  
• Once you have decided on the main point, pick a
  title
  
• Start with an outline
• Use multiple levels of headings (usually 2 or 3)
• Dont ramble!

32
Typical paper organization
Research and Communication Skills

• Abstract
• Short summary of paper
• Introduction
• Motivation (why this work is interesting/important
  , not your personal motivation)
  
• Background and related work
• Sometimes part of introduction, sometimes two
  sections
  
• Methods
• What you did
• In a systems paper you may have system design and
  evaluation sections instead
  
• Results
• What you found out
• Discussion
• Also called Conclusion or Conclusions
• May include conclusions, future work, discussion
  of implications,etc.
  
• References
• Appendix
• Stuff not essential to understanding the paper,
  but useful, especially to those trying to
  reproduce your results - data tables, proofs,
  survey forms, etc.

These sections may be different in your papers
33
Road map
Research and Communication Skills

• Papers longer than a few pages should have a
  road map so readers know where you are going
  
• Road map usually comes at the end of the
  introduction
  
• Tell them what you are going to say in the
  roadmap, say it, (then tell them what you said in
  the conclusions)
  
• Examples
• In the next section I introduce X and discuss
  related work. In Section 3 I describe my research
  methodology. In Section 4 I present results. In
  Section 5 I present conclusions and possible
  directions for future work.
• Waldman et al, 2001 This article presents an
  architecture for robust Web publishing systems.
  We describe nine design goals for such systems,
  review several existing systems, and take an
  in-depth look at Publius, a system that meets
  these design goals.

34
Use topic sentences
Research and Communication Skills

• (Almost) every paragraph should have a topic
  sentence
  
• Usually the first sentence
• Sometimes the last sentence
• Topic sentence gives the main point of the
  paragraph
  
• First paragraph of each section and subsection
  should give the main point of that section
  
• Examples from Waldman et al, 2001
• In this section we attempt to abstract the
  particular implementation details and describe
  the underlying components and architecture of a
  censorship-resistant system.
• Anonymous publications have been used to help
  bring about change throughout history.

35
Avoid unsubstantiated claims
Research and Communication Skills

• Provide evidence for every claim you make
• Related work
• Results of your own experiments
• Conclusions should not come as a surprise
• Analysis of related work, experimental results,
  etc. should support your conclusions
  
• Conclusions should summarize, highlight, show
  relationships, raise questions for future work
  
• Dont introduce new ideas in discussion or
  conclusion section (other than ideas for related
  work)
  
• Dont reach conclusions not supported by the rest
  of your paper

36
Wiretaps, encryption, and government surveillance
37
Surveillance systems you should know about

• Clipper
• Echelon
• CAPS II
• TIA
• Carnivore
• CALEA
• MATRIX