© m. scheurer, 2002ct218 professional issues1 ct218 lecture 6 14 th march privacy issues

20
© M. Scheurer, 2002 CT218 Professional Issues 1 CT218 Lecture 6 14 th March Privacy Issues

Upload: kathryn-singleton

Post on 26-Dec-2015

214 views

Category:

Documents


0 download

TRANSCRIPT

© M. Scheurer, 2002 CT218 Professional Issues 1

CT218 Lecture 6 14th March

Privacy Issues

M. Scheurer, 2002 CT218 Professional Issues / Lecture 2

What is privacy? It is common to distinguish four

kinds of privacy: physical privacy mental privacy decisional privacy informational privacy

Definitions…

M. Scheurer, 2002 CT218 Professional Issues / Lecture 6

Infringements of Information Privacy

Concern for activities of Commercial organisations

mailing lists and marketing data credit references

Government agencies interests of law enforcement versus

rights to non-interference collation of information monitoring of telecommunications

M. Scheurer, 2002 CT218 Professional Issues / Lecture 7

Privacy Protection

Privacy protection can be achieved by: Privacy and Data Protection Laws Self Regulation (Codes of Conduct) Privacy Enhancing Technologies Privacy Education

(of consumers and IT professionals)Source: Fischer-Hubner, S. “IT-Security and Privacy:

Design and Use of Privacy-Enhancing Security Mechanisms”, LNCS 1958, ISBN 3-540-42142, Springer, 2001

M. Scheurer, 2002 CT218 Professional Issues / Lecture 8

Privacy Enhancing TechnologiesPETs are software based mechanisms that help to

protect the privacy of web users2 Categories: Products which provide consumer choice, such as

P3P (Platform for Privacy Preference Project) from W3C Products which protect User Identity through

Anonymity Pseudonymity Unlinkability UnobservabilitySource: Fischer-Hubner

M. Scheurer, 2002 CT218 Professional Issues / Lecture 9

PETs vs PITs

PETS provide an answer to “Privacy Invasive Technologies” (PITS)

such as Data mining (customer profiling) “Spyware”

Cookies Web Bugs

Intelligent Agents used in E-commerceand M-commerce applications(AKA “shopbots”, “buybots”, “pricebots”, “bots”)

M. Scheurer, 2002 CT218 Professional Issues / Lecture 11

Cookies A cookie is a small data file that websites can

store on the hard drive of the computer of people who visit their sites. may contain information, such as a unique user

ID, that websites use to track the pages visited can track and maintain the identity of the web

site visited immediately prior to and after visiting the website which set the cookie

can keep information on Registered Users which allows them to access account information or other information relating to their use of the site

M. Scheurer, 2002 CT218 Professional Issues / Lecture 12

Web Bugs AKA “Web Beacons” Web bugs hide computer codes behind

invisible images only a pixel in size to gather information about surfing habits

The bugs work best in conjunction with cookies and can interrogate them to find out more about the surferFrom BBC Article on Web Bugs:http://news.bbc.co.uk/hi/english/sci/tech/newsid_842000/842624.stm

M. Scheurer, 2002 CT218 Professional Issues / Lecture 13

Web Bugs / what they can do

Data web bugs can gather IP address of your computer Web location of bug Web page bug is attached to Time the bug was viewed Which browser you are using Any cookies already on your computerSOURCE: BBC Article on Web Bugs

http://news.bbc.co.uk/hi/english/sci/tech/newsid_842000/842624.stm

M. Scheurer, 2002 CT218 Professional Issues / Lecture 14

Spyware? "They are a secret way of gathering

information about someone," said David Banisar, a civil liberties expert from the Electronic Privacy Information Centre (Epic).

Privacy experts say the hidden images are the first of a new generation of "spyware" designed to watch what people do on the web without them knowing. (BBC article)

M. Scheurer, 2002 CT218 Professional Issues / Lecture 15

Legitimate business Practice?NAI Definition of Web Beacons“Web Beacons are a tool that can be used online

to deliver a cookie in a third party context. This allows companies to perform many important tasks - including unique visitor counts, web usage patterns, assessments of the efficacy of ad campaigns, delivery of more relevant offers, and tailoring of web site content. The web beacon's cookie is typically delivered or read through a single pixel on the host site” (http://www.networkadvertising.org/aboutnai_news_pr100401.asp)

M. Scheurer, 2002 CT218 Professional Issues / Lecture 16

Email Surveillance Issues The standard technology of email is

anything but private ISP’s have been asked to archive all

transactions for 7 years by UK police Ownership of ‘private’ email Courts agree with employers that on

company computers, it belongs to the employer

M. Scheurer, 2002 CT218 Professional Issues / Lecture 18

Amazon.co.uk Like many commercial organisations, uses

customer information for marketing purposes. Uses data mining techniques for

sophisticated customer profiling Privacy International, a lobby group, is

pursuing a complaint of non-compliance with UK data protection legislationhttp://www.privacyinternational.org/issues/

compliance/

M. Scheurer, 2002 CT218 Professional Issues / Lecture 19

Personal data held by Amazon (1)

Records of book titles purchased Clickstream data such as URLs viewed,

IP addresses, cookies, timestamps Search queries Items placed in shopping carts but

removed prior to checkout Data purchased by Amazon from other

sources or gathered from public records

M. Scheurer, 2002 CT218 Professional Issues / Lecture 20

Personal data held by Amazon (2)

Demographic and psychographic data Any estimates of propensity to

purchase particular products Any information relating to credit risk Estimates of lifetime value Any clustering or segmentation data Any estimates of price elasticity

M. Scheurer, 2002 CT218 Professional Issues / Lecture 21

DoubleclickThe Doubleclick Saga

DC’s online profiling service carried out through Banner Adverts attracted the wrath of the Privacy Lobby http://www.nytimes.com/library/tech/00/02/cyber/commerce/07commerce.html

Junkbusters President Jason Catlett claimed that “Doubleclick has more than a trillion clickstream records and billions of personally identified records on about 90 million Americans”. He also claimed that Doubleclick’s computer had been the victim of hackers - http://www.junkbusters.com/new.html#dclk

DoubleClick has always maintained that any information collected in such a way is merely aggregated data that cannot be traced to individual users. Several court cases have been dismissed.http://www.doubleclick.com/us/corporate/privacy/

M. Scheurer, 2002 CT218 Professional Issues / Lecture 22

Network Advertising Initiative NAI (Network Advertising Initiative), a

cooperative group of network advertisers have developed a set of privacy principles, in conjunction with the Federal Trade Commission, in order to improve its self-regulatory approach to addressing consumer's privacy concerns

It offers an on-line service which provides consumers with the ability to opt-out of ads from major companies (including DoubleClick and 24/7 Media) through its website http://www.networkadvertising.org

M. Scheurer, 2002 CT218 Professional Issues / Lecture 23

Intel The saga of Intel Pentium III and PSN

(Processor Serial Number)

Original chips had embedded technology which enabled the identification of individual computers

Dropped by Intel in April 2000 following adverse publicity

“Pretty poor privacy may lurk inside processors”

New Scientist 6 Feb 1999 http://www.epic.org/ (Electronic Privacy Information Center)-US

watchdog

http://www.bigbrotherinside.com/ http://zdnet.com.com/2100-11-520265.html?legacy=zdnn

M. Scheurer, 2002 CT218 Professional Issues / Lecture 25

Next Week

The Data Protection Act

Advanced Study (recommended):

The Office of the Information Commission (OIC) website:

http://www.dataprotection.gov.uk Legal Guidance Notification Handbook

© M. Scheurer, 2002 CT218 Professional Issues 26

End of Privacy Issues