privacy issues (set 3) cs 340 spring 2015. lotame: data management intelligence ...
Post on 27-Jan-2016
214 Views
Preview:
TRANSCRIPT
Privacy Issues (set 3)CS 340
Spring 2015
Lotame: Data Management Intelligence
http://www.lotame.com/data-management-solutions/data-management-tutorials
Online tracking devices
• Cookies: small text file that stores information• Stored client side, on hard drive
• Cookie creator: Lou Montulli• Originally
• To allow for shopping cart functionality (online memory)
• Effort made to not allow the sharing of these between sites
• Now• Third party cookies: site to site
• Behavioral Targeting: ad network; relationship with same advertiser
http://live.wsj.com/video/how-advertisers-use-internet-cookies-to-track-you/92E525EB-9E4A-4399-817D-8C4E6EF68F93.html#!92E525EB-9E4A-4399-817D-8C4E6EF68F93
Third Party tracking files
• “The first time a site is visited, it installs a tracking file, which assigns the computer a unique ID number. Later, when the user visits another site affiliated with the same tracking company, it can take note of where that user was before, and where he is now. This way, over time the company can build a robust profile.”
Online tracking devices cont’d
• Beacons• a.k.a. pixel tag, web bug• Invisible image embedded in
webpage• Image is not place there by
website, but by other company for ad tracking
• Potentials:• Capture of what is typed on a
website• Bundles into a profile
http://www.brighttag.com/resources/tag-101/
WSJ article: “The Web's New Gold Mine: Your Secrets”
• http://online.wsj.com/news/articles/SB10001424052748703940904575395073512989404
• Info on Ashley Hayes-Beaty:• 4c812db292272995e541
6a323e79bd37• Valued at $0.001
The WSJ study findings
• Surreptitious installation of tracking technology• Not just cookies, but real time logging• Buying and selling of profiles
Advertisers:• No longer paying for ad placement on a site• Paying instead to follow users around Internet with personalized
marketing messages
Online advertiser tracking companies• “considered anonymous because it identifies web browsers, not
individuals.”• https://www.privatewifi.com/lotame-online-tracking-and-your-privacy/
• What is tracked:• http://www.bluekai.com/consumers_privacyguidelines.php
• Opt out options:• BlueKai http://www.bluekai.com/registry/ • Lotame http://www.lotame.com/privacy
Taking control of the tracking
• Tracking blockers like Ghostery
• https://www.youtube.com/watch?v=EKzyifAvC_U
Which tracking technology is a transparent 1x1 pixel used to surreptitiously gather what people type?
A. CookieB. BeaconC. Third Party CookieD. Ghostery
25% 25%25%25%
Privacy
As consumers:• Most European countries have specific laws and regulations aimed at
protecting an individual’s (consumer) privacy.• In the US, historically consumer privacy has relied on • social norms and • market forces
• laws are typically a last resort or response to an event• highly reactive and unsystematic
Misc. Privacy Laws
• Fair Credit Reporting Act, 1970• Right to Financial Privacy Act,
1978
• Cable Communications Policy Act, 1984• Video Protection Privacy Act, 1988
• Driver’s Protection Privacy Act, 1994
• Children’s Online Privacy Protection Act (COPPA), 1998• Info on kids under 13
• Financial Services Modernization Act, 1999• Health Insurance Portability and
Accountability Act (HIPAA), 2001
Texas Infant DNA collection program, p. 96-97• Routine and often mandatory blood samples collected after birth.
• Reason?
• What happens to the samples after processed?• Discarded OR• Stored indefinitely• See http://www.ncbi.nlm.nih.gov/pmc/articles/PMC3065077/table/T1/
• Motivations?• Detect important health problems• Later identification
• Are parents informed? Not always. Raises ethical issues• This is not limited to Texas… • Recent issue in Indiana http://www.wthr.com/story/25954821/2014/07/07/your-childs-dna-who-has-it • Alabama policy: http://www.babysfirsttest.org/newborn-screening/states/alabama#second-section • http://www.ncbi.nlm.nih.gov/pmc/articles/PMC3065077/
50%50%
Texas’ use of the newborn blood test cards to catalogue information unrelated to that infant’s direct health care is an example of a secondary use of information.
A. TrueB. False
33%33%33%
Opinion: Suppose a public school provides students with laptops. Should that school be able to turn on a web cam on the laptop to check on a student’s off campus behavior?
A. YesB. MaybeC. No
Robbins v. Lower Merion School District, p. 98-99 • US District Court PA (2010)
• School district surreptitiously activated webcams using LANrev on laptops provided to students while students were off campus• Video:
http://www.cbsnews.com/news/610k-settlement-in-school-webcam-spy-case/
• Settlement: $610,000
European Union’s Right to be Forgotten• Check out Google’s page
“European privacy requests for search removals”
• FAQs
• Totals
• Examples
• Sites most impacted
Encryption on phones can make it impossible to comply with court orders• FBI director Coney’s criticism: Apple can no longer bypass smartphone
user passwords with iOS 8 • Cannot comply with court orders
• See video http://www.cnn.com/2014/09/25/politics/fbi-apple-google-privacy/index.html
25% 25%25%25%
Opinion: Do you expect that this inability will create serious problems for law enforcement?
A. Yes, frequentlyB. Yes, sometimesC. Yes, but rarelyD. Never
Google’s Street view issues
1. What is captured by the cameras
2. Other information was recorded too• Info gathered about surrounding
Wi-Fi• War driving
Google’s Street View
• Issue: does it violate privacy when photos are taken that show people engaged in activities visible from public property?
• General rule: No, but there are some exceptions
• Dept of Defense: no content from military bases. Complied• Homeland Security: delay with Baltimore-Washington Metropolitan
area
Street view - Is the elevated camera a problem?
50%50%
Opinion: The height of the street view camera is too tall.
A. YesB. No
International views on Google Street View• Some European countries prohibit filming w/o consent even if done
on public property if the filming is for the purpose of public display
• Japan: required lowering cameras to 2.05 meters (6.73 ft) from 3 meters (9.8 feet)
The other problem of Street View: “war driving” • Collecting data from unsecure networks as the street view car drives
by:• “Snippets of e-mails, photographs, passwords, chat messages, postings on
Web sites and social networks” http://www.nytimes.com/2012/05/23/technology/google-privacy-inquiries-get-little-cooperation.html
• In April 2013, Germany fined Google $189,225 in April for Street View’s privacy violation• Amount google makes in 2 minutes. .002% of its $10.7 B profit last year.• See article
http://www.nytimes.com/2013/04/23/business/global/stern-words-and-pea-size-punishment-for-google.html
Google v. Joffe
• 22 plaintiffs suing google for violating their privacy from war driving during Street View mapping• Google argued that the Wi-Fi info is accessible to anyone and as such
does not constitute wiretapping• 9th Circuit rejected Google’s argument• In June 2014, the US Supreme Court denied certiorari so class actions against
Google for war driving can continue• http://www.bloomberg.com/news/2014-06-30/google-rebuffed-by-u-s-high-court-on-pri
vacy-lawsuit.html
50%50%
Opinion: Do you agree with this statement. Since unsecure Wi-Fi is accessible to many Google did not violate privacy with its war driving.
A. I agree, no violation by GoogleB. I disagree, this is a privacy
violation by Google
Research study: “Experimental evidence of massive-scale emotional contagion through social networks”• On 689,003 Facebook users
• Manipulated News Feed
• Ethical breach? http://www.theguardian.com/technology/2014/jun/30/facebook-emotion-study-breached-ethical-guidelines-researchers-say
• http://www.usatoday.com/story/tech/2014/10/02/facebook-tightens-rules-for-research-experiments-on-users/16592011/
August 2014 iCloud photo hack
• Targeted attack on specific celebrity accounts, not a software or system vulnerability.• Guessed passwords• Researched and answered security questions
• Found nude photos in celebrities’ iCloud accounts & posted nude photos on sites like 4chann
• Could have been prevented with two factor authentication. Requiring two of:• Something user knows• Something user has• Something user is
50%50%
Supplying a username and password constitutes two factor authentication.
A. TrueB. False
top related