© m. scheurer, 2002ct218 professional issues1 ct218 lecture 6 14 th march privacy issues
TRANSCRIPT
© M. Scheurer, 2002 CT218 Professional Issues 1
CT218 Lecture 6 14th March
Privacy Issues
M. Scheurer, 2002 CT218 Professional Issues / Lecture 2
What is privacy? It is common to distinguish four
kinds of privacy: physical privacy mental privacy decisional privacy informational privacy
Definitions…
M. Scheurer, 2002 CT218 Professional Issues / Lecture 6
Infringements of Information Privacy
Concern for activities of Commercial organisations
mailing lists and marketing data credit references
Government agencies interests of law enforcement versus
rights to non-interference collation of information monitoring of telecommunications
M. Scheurer, 2002 CT218 Professional Issues / Lecture 7
Privacy Protection
Privacy protection can be achieved by: Privacy and Data Protection Laws Self Regulation (Codes of Conduct) Privacy Enhancing Technologies Privacy Education
(of consumers and IT professionals)Source: Fischer-Hubner, S. “IT-Security and Privacy:
Design and Use of Privacy-Enhancing Security Mechanisms”, LNCS 1958, ISBN 3-540-42142, Springer, 2001
M. Scheurer, 2002 CT218 Professional Issues / Lecture 8
Privacy Enhancing TechnologiesPETs are software based mechanisms that help to
protect the privacy of web users2 Categories: Products which provide consumer choice, such as
P3P (Platform for Privacy Preference Project) from W3C Products which protect User Identity through
Anonymity Pseudonymity Unlinkability UnobservabilitySource: Fischer-Hubner
M. Scheurer, 2002 CT218 Professional Issues / Lecture 9
PETs vs PITs
PETS provide an answer to “Privacy Invasive Technologies” (PITS)
such as Data mining (customer profiling) “Spyware”
Cookies Web Bugs
Intelligent Agents used in E-commerceand M-commerce applications(AKA “shopbots”, “buybots”, “pricebots”, “bots”)
M. Scheurer, 2002 CT218 Professional Issues / Lecture 11
Cookies A cookie is a small data file that websites can
store on the hard drive of the computer of people who visit their sites. may contain information, such as a unique user
ID, that websites use to track the pages visited can track and maintain the identity of the web
site visited immediately prior to and after visiting the website which set the cookie
can keep information on Registered Users which allows them to access account information or other information relating to their use of the site
M. Scheurer, 2002 CT218 Professional Issues / Lecture 12
Web Bugs AKA “Web Beacons” Web bugs hide computer codes behind
invisible images only a pixel in size to gather information about surfing habits
The bugs work best in conjunction with cookies and can interrogate them to find out more about the surferFrom BBC Article on Web Bugs:http://news.bbc.co.uk/hi/english/sci/tech/newsid_842000/842624.stm
M. Scheurer, 2002 CT218 Professional Issues / Lecture 13
Web Bugs / what they can do
Data web bugs can gather IP address of your computer Web location of bug Web page bug is attached to Time the bug was viewed Which browser you are using Any cookies already on your computerSOURCE: BBC Article on Web Bugs
http://news.bbc.co.uk/hi/english/sci/tech/newsid_842000/842624.stm
M. Scheurer, 2002 CT218 Professional Issues / Lecture 14
Spyware? "They are a secret way of gathering
information about someone," said David Banisar, a civil liberties expert from the Electronic Privacy Information Centre (Epic).
Privacy experts say the hidden images are the first of a new generation of "spyware" designed to watch what people do on the web without them knowing. (BBC article)
M. Scheurer, 2002 CT218 Professional Issues / Lecture 15
Legitimate business Practice?NAI Definition of Web Beacons“Web Beacons are a tool that can be used online
to deliver a cookie in a third party context. This allows companies to perform many important tasks - including unique visitor counts, web usage patterns, assessments of the efficacy of ad campaigns, delivery of more relevant offers, and tailoring of web site content. The web beacon's cookie is typically delivered or read through a single pixel on the host site” (http://www.networkadvertising.org/aboutnai_news_pr100401.asp)
M. Scheurer, 2002 CT218 Professional Issues / Lecture 16
Email Surveillance Issues The standard technology of email is
anything but private ISP’s have been asked to archive all
transactions for 7 years by UK police Ownership of ‘private’ email Courts agree with employers that on
company computers, it belongs to the employer
M. Scheurer, 2002 CT218 Professional Issues / Lecture 18
Amazon.co.uk Like many commercial organisations, uses
customer information for marketing purposes. Uses data mining techniques for
sophisticated customer profiling Privacy International, a lobby group, is
pursuing a complaint of non-compliance with UK data protection legislationhttp://www.privacyinternational.org/issues/
compliance/
M. Scheurer, 2002 CT218 Professional Issues / Lecture 19
Personal data held by Amazon (1)
Records of book titles purchased Clickstream data such as URLs viewed,
IP addresses, cookies, timestamps Search queries Items placed in shopping carts but
removed prior to checkout Data purchased by Amazon from other
sources or gathered from public records
M. Scheurer, 2002 CT218 Professional Issues / Lecture 20
Personal data held by Amazon (2)
Demographic and psychographic data Any estimates of propensity to
purchase particular products Any information relating to credit risk Estimates of lifetime value Any clustering or segmentation data Any estimates of price elasticity
M. Scheurer, 2002 CT218 Professional Issues / Lecture 21
DoubleclickThe Doubleclick Saga
DC’s online profiling service carried out through Banner Adverts attracted the wrath of the Privacy Lobby http://www.nytimes.com/library/tech/00/02/cyber/commerce/07commerce.html
Junkbusters President Jason Catlett claimed that “Doubleclick has more than a trillion clickstream records and billions of personally identified records on about 90 million Americans”. He also claimed that Doubleclick’s computer had been the victim of hackers - http://www.junkbusters.com/new.html#dclk
DoubleClick has always maintained that any information collected in such a way is merely aggregated data that cannot be traced to individual users. Several court cases have been dismissed.http://www.doubleclick.com/us/corporate/privacy/
M. Scheurer, 2002 CT218 Professional Issues / Lecture 22
Network Advertising Initiative NAI (Network Advertising Initiative), a
cooperative group of network advertisers have developed a set of privacy principles, in conjunction with the Federal Trade Commission, in order to improve its self-regulatory approach to addressing consumer's privacy concerns
It offers an on-line service which provides consumers with the ability to opt-out of ads from major companies (including DoubleClick and 24/7 Media) through its website http://www.networkadvertising.org
M. Scheurer, 2002 CT218 Professional Issues / Lecture 23
Intel The saga of Intel Pentium III and PSN
(Processor Serial Number)
Original chips had embedded technology which enabled the identification of individual computers
Dropped by Intel in April 2000 following adverse publicity
“Pretty poor privacy may lurk inside processors”
New Scientist 6 Feb 1999 http://www.epic.org/ (Electronic Privacy Information Center)-US
watchdog
http://www.bigbrotherinside.com/ http://zdnet.com.com/2100-11-520265.html?legacy=zdnn
M. Scheurer, 2002 CT218 Professional Issues / Lecture 25
Next Week
The Data Protection Act
Advanced Study (recommended):
The Office of the Information Commission (OIC) website:
http://www.dataprotection.gov.uk Legal Guidance Notification Handbook
© M. Scheurer, 2002 CT218 Professional Issues 26
End of Privacy Issues