IS 376: Privacy Concerns - PowerPoint PPT Presentation

1 / 23

About This Presentation

Title:

IS 376: Privacy Concerns

Description:

... and more cell phone models have built-in Global Positioning System (GPS) capabilities. So this makes tracking in real time a cell phone as easy as point and click. ... – PowerPoint PPT presentation

Number of Views:51

Avg rating:3.0/5.0

Slides: 24

Provided by: zixu8

Category:

more less

Transcript and Presenter's Notes

Title: IS 376: Privacy Concerns

1
IS 376 Privacy Concerns

January 19, 2006

2
Privacy What Is It?

The rights and responsibilities that govern the
acquisition, disclosure, and use of personal
information.
Acquisition - from the individual, third party,
legally or illegally, with or without the
individuals awareness
Disclosure - to other people or entities
Use - storing, manipulating or evaluating
personal information

3
Personal Information

Any type of information that is related to a
persons private life or concerns, recorded in
any form.
Can also be personally identifiable information
(PII), which can be used to uniquely identify,
locate or contact a person.
Not just content - but also events (a
transaction) that may implicate a persons
privacy.

4
Privacy-implicating Activities An Incomplete
List

Health Records and Medical Records
Financial transactions of all types - tax,
banking, etc.
Subscriber Information -Telephones, Cable TV,
Video Rentals, etc.
Communications of all kinds - Telephone Calls,
emails, etc.
Credit History

Purchasing History - Direct, Phone, Internet
Student Records
Insurance Records
Employment Records
Judicial History - Driving record, civil and
criminal cases, etc.
Internet Activities

5
The right of the people to be secure in their
persons, houses, papers, and effects, against
unreasonable searches and seizures, shall not be
violated, and no Warrants shall issue, but upon
probable cause, supported by Oath or affirmation,
and particularly describing the place to be
searched, and the persons or things to be seized.
- Fourth Amendment to the United States
Constitution
6
Privacy The Two-Part Test

...the Fourth Amendment protects people, not
places... Katz v. United States, 389 U.S. 347
Courts have used a two-part test to determine
whether, at the time of the search, a defendant
had a legitimate expectation of privacy in the
place or things searched
Did the person actually expect some degree of
privacy?
Is the person's expectation objectively
reasonable -- that is, one that society is
willing to recognize?
Katz v. United States, 389 U.S. 347 (1967)
(Harlan, J., concurring)

7
Reasonable Expectation of Privacy

Over the years, court rulings has set the
precedent that the key to understanding privacy
issues is reasonable Expectation of Privacy.
These are the general criteria
General legal principles no privacy if behaviors
or communications are knowingly exposed to public
view.
Vantage point a point where anyone can see or
hear what is going on
Certain buildings or pieces of land so most
public places come with no expectation of privacy
(some exceptions are public phone booths and
restrooms)
Technological sophistication laws are constantly
updated to adapt to new technological
innovations.

8
Informed Consent

A process in which an individual agrees to
participate after being given detailed
information about the benefits and potential
risks of his or her action.
The person must be advised about
Nature of information collected
Why and how it is going to be used
Risks
Freedom to withdraw

9
Opt-in vs. Opt-out

An opt-in policy requires a potential customer to
self-select the information (services) they wish
to subscribe to, and how the information can be
used.
An opt-out policy specifies that information can
be sent to customers without prior permission.
But customers must be provided with the option to
ask to be removed from the list.
In actual designing, an opt-in approach allows
the users to select some empty boxes of actions
to decide which type of information they want to
receive, while an opt-out approach leaves all the
boxes checked by default, and the users have to
de-select them if they do not want to receive
that particular type of communication.
The European Union is more inclined toward opt-in
in its policy initiatives, while the United
States is more toward opt-out.

10
Aspects of Privacy

Key aspects
Autonomy/dignity
Ability to exercise control
Absence of surveillance
Different aspects
Information privacy collection, use and
disclosure of identifiable personal information.
Communications privacy private information
should be safely delivered to the intended party.
Privacy in public (and work) places electronic
profiling (i.e., collecting a variety of in-depth
information about an individual electronically)
Home/work distinction public space/private
space distinction

11
Some Important Federal Privacy Laws

2001 USA Patriot Act (USAPA)
1999 Financial Modernization (Gramm-Leach-Bliley)
Act
1998 Childrens Online Privacy Protection Act
1998 Telephone Anti-Spamming Amendments Act
1992 Cable Act
1991 Telephone Consumer Protection Act
1988 Computer Matching and Privacy Act
1988 Video Privacy Protection Act
1986 Electronic Communications Privacy Act
1984 Cable Communications Policy Act
1978 Right to Financial Privacy Act
1974 Education Privacy Act
1974 Privacy Act
1970 Fair Credit Reporting Act
1970 Freedom of Information Act

12
Privacy Act of 1974

No agency shall disclose any record which is
contained in a system of records by any means of
communication to any person, or to another
agency, except pursuant to a written request by,
or with the prior written consent of, the
individual to whom the record pertains....
Data records should be relevant and necessary
to the purpose for which they are collected
Establish procedures to allow individuals to see,
copy and amend records about themselves
Requires publishing notices describing all
systems of records (no secret records)
Agency is required to make reasonable efforts to
maintain accurate, relevant, timely and complete
records about individuals
Information collected for one purpose MAY NOT be
used for another purpose without notice to or the
consent of the subject of record

13
The Computer Matching and Privacy Protection Act
of 1988

Federal agencies involved in computer matching
programs are required to
Negotiate written agreements with the other
agency or agencies participating in the matching
programs
Obtain the relevant Data Integrity Boards'
approval of the match agreements
Furnish detailed reports about matching programs
to Congress and OMB (Office of Management and
Budget)
Notify applicants and beneficiaries that their
records are subject to matching and
Verify match findings before reducing,
suspending, terminating, or denying an
individual's benefits or payments.

14
Online Privacy Breaches

Online privacy can be compromised in three ways
When personal data is saved on a local computer
When the data is transported over the network
When the data is stored by a third party.

15
Web Browsing Privacy

Cookies
Many Web pages use cookiessmall text files that
are stored on your hard drive by the Web server,
typically the one hosting the Web page being
viewedto identify return visitors and their
preferences.
Web bugs
A Web bug is a very small (often 1 pixel by 1
pixel) image on a Web page that transmits data
about a Web page visitor back to the Web pages
server. Web bugs are used extensively by
DoubleClick and other Internet advertising
companies.
Spyware
Any software installed without the users
knowledge that secretly gathers information about
the user and transmits it to advertisers.

16
Other Privacy Concerns

E-mail
Many people mistakenly believe that the e-mail
they send and receive is private. Since it is
transmitted over public networks, however,
non-encrypted e-mail can be intercepted and read
by someone else - easily.
Spams and Other Online Marketing Activities
More in later lectures.
Electronic Surveillance and Monitoring
This can happen in public places or the work
place. We will come back to this later.

17
More Privacy Concerns

Invisible information gathering
Collection of personal information without the
subjects knowledge
Data spillage
Inadvertent disclosure of personal information
because of software design glitches or accidental
operations.
Secondary use of personal information
Use of personal information for purposes other
than that was originally intended.
Computer matching computer profiling.

18
Network Insecurity and Privacy Implications

There are programs that can track the keyboard
movements at a remote PC.
Other programs can keep track of every type of
log-on activity over the network.
A UC Berkeley study in 2005 found that an
algorithm can successfully decipher up to 96
percent of the characters typed by feeding the
audio recording of key board typing. This can be
a form of acoustical spying over the network.

19
Cell Phones Are Ubiquitous

More and more cell phone models have built-in
Global Positioning System (GPS) capabilities.
So this makes tracking in real time a cell phone
as easy as point and click.
ULocate is one of the commercial providers to
offer tracking services.
The Federal Communications Commission (FCC) has
released its E911 (Enhanced 911) standard to
require that emergency callers be located within
50 meters.
The National Emergency Number Association (NENA)
recently approved the technical standard for VoIP
E911 specifically targeting Internet phones.

20
Top Ten Ways to Protect Privacy Online

Look for privacy policies on the Web
Get a separate email account for personal email
Teach your kids that giving out personal
information online means giving it to strangers
Clear your memory cache after browsing
Make sure that online forms are secure
Reject unnecessary cookies
Use anonymous remailers
Encrypt your email
Use anonymizers while browsing
Opt-out of third party information sharing
Extra! Use common sense
Source Center for Democracy and Technology

21
Identity Theft