![Page 1: 1 Privacy Online Jane Turk, Ph.D. CIS 610 Summer 2003](https://reader036.vdocuments.us/reader036/viewer/2022062804/56649cef5503460f949be28c/html5/thumbnails/1.jpg)
1
Privacy Online
Jane Turk, Ph.D.CIS 610
Summer 2003
![Page 2: 1 Privacy Online Jane Turk, Ph.D. CIS 610 Summer 2003](https://reader036.vdocuments.us/reader036/viewer/2022062804/56649cef5503460f949be28c/html5/thumbnails/2.jpg)
2
Outline background & perspectives
surveys of current Internet use children’s online privacy consumer online privacy possible solution routes
![Page 3: 1 Privacy Online Jane Turk, Ph.D. CIS 610 Summer 2003](https://reader036.vdocuments.us/reader036/viewer/2022062804/56649cef5503460f949be28c/html5/thumbnails/3.jpg)
3
Business Perspective Direct Marketing: > $176 billion a
year over 10,000 compiled & publicly
traded databases on market today private databases, with little or no
regulation except in financial industry ability to capture info about users
on Web target marketing
![Page 4: 1 Privacy Online Jane Turk, Ph.D. CIS 610 Summer 2003](https://reader036.vdocuments.us/reader036/viewer/2022062804/56649cef5503460f949be28c/html5/thumbnails/4.jpg)
4
Privacy Perspective protecting privacy of consumer info
is “very” important to consumers consumers don’t know scope of
data maintained on them strong privacy standards
develop trust in users encourage development of online
commerce
![Page 5: 1 Privacy Online Jane Turk, Ph.D. CIS 610 Summer 2003](https://reader036.vdocuments.us/reader036/viewer/2022062804/56649cef5503460f949be28c/html5/thumbnails/5.jpg)
5
Major Concerns of Consumers companies they patronize will
provide their information to other companies without their permission (75%)
their transactions may not be secure (70%)
hackers will steal their personal data (69%)
source: Harris survey, Nov 2001
![Page 6: 1 Privacy Online Jane Turk, Ph.D. CIS 610 Summer 2003](https://reader036.vdocuments.us/reader036/viewer/2022062804/56649cef5503460f949be28c/html5/thumbnails/6.jpg)
6
Most Important Elements to be Verified security measures are adequate (90%) company does not release customer
personal data without permission (89%) access within the company is limited
(84%) company is only collecting info that its
privacy policies dictate (84%) info use or sharing follows stated privacy
policies (81%)
source: Harris survey, Nov 2001
![Page 7: 1 Privacy Online Jane Turk, Ph.D. CIS 610 Summer 2003](https://reader036.vdocuments.us/reader036/viewer/2022062804/56649cef5503460f949be28c/html5/thumbnails/7.jpg)
7
Suggested Remedy verify privacy policy by a third
party (and 91% would do more business) online seal of approval does not
necessarily verify BBBOnLine and Truste
audit by major accounting firm PricewaterhouseCoopers
source: Harris survey, Nov 2001
![Page 8: 1 Privacy Online Jane Turk, Ph.D. CIS 610 Summer 2003](https://reader036.vdocuments.us/reader036/viewer/2022062804/56649cef5503460f949be28c/html5/thumbnails/8.jpg)
8
Fair Information Principles consumers be given:
notice of entity’s info practices choice/consent with respect to
secondary use & dissemination of info collected from or about them
access to info about them collector assure security &
integrity of info provide enforcement mechanism
![Page 9: 1 Privacy Online Jane Turk, Ph.D. CIS 610 Summer 2003](https://reader036.vdocuments.us/reader036/viewer/2022062804/56649cef5503460f949be28c/html5/thumbnails/9.jpg)
9
Public Records Online NYC voter registration site NJ info on those licensed by state registries of sex offenders federal judges’ recommendation to
put most civil proceedings online but to restrict criminal proceedings
good source: www.epic.org/privacy/publicrecords
![Page 10: 1 Privacy Online Jane Turk, Ph.D. CIS 610 Summer 2003](https://reader036.vdocuments.us/reader036/viewer/2022062804/56649cef5503460f949be28c/html5/thumbnails/10.jpg)
10
Children’s Privacy Federal Trade Commission:
children are avid consumers and influence spending
information collection targets are ages 8-11
business goal: microtarget individual child
CME 1996 study exposed the issues
![Page 11: 1 Privacy Online Jane Turk, Ph.D. CIS 610 Summer 2003](https://reader036.vdocuments.us/reader036/viewer/2022062804/56649cef5503460f949be28c/html5/thumbnails/11.jpg)
11
FTC “Kids Privacy Surf Day” “snapshot’, not comprehensive survey
126 sites listed by Yahooligans! results announced Dec 1997 86% of sites surveyed were collecting
personally identifiable info on children fewer than 30% of sites had privacy
policy another review March 1998
![Page 12: 1 Privacy Online Jane Turk, Ph.D. CIS 610 Summer 2003](https://reader036.vdocuments.us/reader036/viewer/2022062804/56649cef5503460f949be28c/html5/thumbnails/12.jpg)
12
FTC 1998 Report: Children’s Sites of 212 sites directed at children
89% collect personally identifiable info directly from children
54% disclose info collection practices
fewer than 10% provide for some form of parental control
![Page 13: 1 Privacy Online Jane Turk, Ph.D. CIS 610 Summer 2003](https://reader036.vdocuments.us/reader036/viewer/2022062804/56649cef5503460f949be28c/html5/thumbnails/13.jpg)
13
Children’s Online Privacy Protection Act (1998) parental consent required for
collection, use, disclosure of personal information from children under 13
parents may prevent further use or collection
parents may review information
![Page 14: 1 Privacy Online Jane Turk, Ph.D. CIS 610 Summer 2003](https://reader036.vdocuments.us/reader036/viewer/2022062804/56649cef5503460f949be28c/html5/thumbnails/14.jpg)
14
Privacy Journal Recommendations parent
approve kid’s giving email address totally involved in kid’s giving physical
address order products in parent’s name
kid can use (false) nickname never use name and address to buy
![Page 15: 1 Privacy Online Jane Turk, Ph.D. CIS 610 Summer 2003](https://reader036.vdocuments.us/reader036/viewer/2022062804/56649cef5503460f949be28c/html5/thumbnails/15.jpg)
15
Annenberg 2000 Study 29% of parents would give
identifying info in exchange for a free gift worth $100
45% of kids ages 10-17 would 39% of girls, 54% of boys
parents need help
![Page 16: 1 Privacy Online Jane Turk, Ph.D. CIS 610 Summer 2003](https://reader036.vdocuments.us/reader036/viewer/2022062804/56649cef5503460f949be28c/html5/thumbnails/16.jpg)
16
Cookies passive files stored on hard drives
of Netscape & Microsoft IE users store a customer ID number for
site/network used by online advertisers to track
a user’s movements profiling, preferences
issue: transparency
![Page 17: 1 Privacy Online Jane Turk, Ph.D. CIS 610 Summer 2003](https://reader036.vdocuments.us/reader036/viewer/2022062804/56649cef5503460f949be28c/html5/thumbnails/17.jpg)
17
Why Cookies? HTTP is stateless: keeps no
information from a connection with cookies, a Web page can
“remember” you from your last visit
enable much of interactivity customization, shopping baskets
![Page 18: 1 Privacy Online Jane Turk, Ph.D. CIS 610 Summer 2003](https://reader036.vdocuments.us/reader036/viewer/2022062804/56649cef5503460f949be28c/html5/thumbnails/18.jpg)
18
Online Profiling: How and Where cookies, web bugs, URLs, info you
provide anonymous, unless you identify
yourself in customer database of the
site/network pages/sites visited DoubleClick tracks movement on 1500
sites
![Page 19: 1 Privacy Online Jane Turk, Ph.D. CIS 610 Summer 2003](https://reader036.vdocuments.us/reader036/viewer/2022062804/56649cef5503460f949be28c/html5/thumbnails/19.jpg)
19
Online Profiling: Pros and Cons deliver desired content to user provide information about interests
of individual aggregate info about site
info collected often without knowledge or consent
![Page 20: 1 Privacy Online Jane Turk, Ph.D. CIS 610 Summer 2003](https://reader036.vdocuments.us/reader036/viewer/2022062804/56649cef5503460f949be28c/html5/thumbnails/20.jpg)
20
Spyware conducts surveillance on a
computer usually placed without knowledge
or consent of computer owner violates basic FIPS e.g., “phone home” programs,
Web bugs, home web monitoring
![Page 21: 1 Privacy Online Jane Turk, Ph.D. CIS 610 Summer 2003](https://reader036.vdocuments.us/reader036/viewer/2022062804/56649cef5503460f949be28c/html5/thumbnails/21.jpg)
21
Web Bugs clear GIFs, embedded images transmit info when page is viewed:
where, when designed to monitor who is viewing
page e.g., HTML mail
recent SW enables detection
![Page 22: 1 Privacy Online Jane Turk, Ph.D. CIS 610 Summer 2003](https://reader036.vdocuments.us/reader036/viewer/2022062804/56649cef5503460f949be28c/html5/thumbnails/22.jpg)
22
The Net NEVER Forgets Internet Archive scoops up the
Web postings to Usenet groups are
saved in Deja News now http://groups.google.com
posts to email forums and chat services are searchable
public record
![Page 23: 1 Privacy Online Jane Turk, Ph.D. CIS 610 Summer 2003](https://reader036.vdocuments.us/reader036/viewer/2022062804/56649cef5503460f949be28c/html5/thumbnails/23.jpg)
23
Costs to Business of Not Protecting Privacy sales lost may be $18 billion older business models may be less
effective than privacy-friendly models lost opportunities and higher costs for
imported personal data “safe harbor” includes complying with
FIPS
source: Robert Gellman, “Privacy, Consumers, and Costs”
![Page 24: 1 Privacy Online Jane Turk, Ph.D. CIS 610 Summer 2003](https://reader036.vdocuments.us/reader036/viewer/2022062804/56649cef5503460f949be28c/html5/thumbnails/24.jpg)
24
Costs to Consumers When Privacy Is Not Protected higher prices stopping junk mail and
telemarketing calls avoiding identity theft protecting privacy on the Internetsource: Robert Gellman, “Privacy,
Consumers, and Costs”
![Page 25: 1 Privacy Online Jane Turk, Ph.D. CIS 610 Summer 2003](https://reader036.vdocuments.us/reader036/viewer/2022062804/56649cef5503460f949be28c/html5/thumbnails/25.jpg)
25
Solution Routes education, including
fair information principles best business practices
industry self-regulation technology legislation
![Page 26: 1 Privacy Online Jane Turk, Ph.D. CIS 610 Summer 2003](https://reader036.vdocuments.us/reader036/viewer/2022062804/56649cef5503460f949be28c/html5/thumbnails/26.jpg)
26
Industry Self-Regulation for privacy depends on posted privacy policies
coming: integrated suites of tools online privacy seal programs
e.g., TRUSTe, BBBOnLine implement some FIPS and monitor
compliance public audit of privacy policies e.g., www.thedailyapple.com
![Page 27: 1 Privacy Online Jane Turk, Ph.D. CIS 610 Summer 2003](https://reader036.vdocuments.us/reader036/viewer/2022062804/56649cef5503460f949be28c/html5/thumbnails/27.jpg)
27
FTC Action Against Toysmart privacy policy promised never to
divulge customer information certified by TRUSTe FTC could intervene
bankrupt company advertised “databases and customer lists” for sale
FTC sued to prevent sale of customer info
![Page 28: 1 Privacy Online Jane Turk, Ph.D. CIS 610 Summer 2003](https://reader036.vdocuments.us/reader036/viewer/2022062804/56649cef5503460f949be28c/html5/thumbnails/28.jpg)
28
Privacy Enhancing Technologies (PETs) seek to eliminate use of personal data
from transactions or give direct control for disclosure of personal information to individual concerned standard format for ratings systems: Platform for Internet Content Selection
machine-to-machine protocol for data exchange: P3P (Platform for Privacy Preferences)
anonymous use
![Page 29: 1 Privacy Online Jane Turk, Ph.D. CIS 610 Summer 2003](https://reader036.vdocuments.us/reader036/viewer/2022062804/56649cef5503460f949be28c/html5/thumbnails/29.jpg)
29
Proposed Online Personal Privacy Act (S. 2201 in 107th) opt-in for sensitive personally
identifiable info opt-out for less sensitive info follows most FIPS preempts state legislation on
online privacy
![Page 30: 1 Privacy Online Jane Turk, Ph.D. CIS 610 Summer 2003](https://reader036.vdocuments.us/reader036/viewer/2022062804/56649cef5503460f949be28c/html5/thumbnails/30.jpg)
30
Sources Adkinson, William et al. “Privacy Online: A
report on the information practices and policies of commercial web sites,” March 2002. The Progress and Freedom Foundation.
Center for Democracy and Technology. “Guide to Online Privacy,” http://www.cdt.org/privacy/guide/introduction/
Electronic Privacy Information Center. "Surfer Beware III: Privacy Policies Without Privacy Protection." Dec. 1999 <http://www.epic.org/reports/surfer-beware3.html>
![Page 31: 1 Privacy Online Jane Turk, Ph.D. CIS 610 Summer 2003](https://reader036.vdocuments.us/reader036/viewer/2022062804/56649cef5503460f949be28c/html5/thumbnails/31.jpg)
31
Federal Trade Commission. “Privacy Online: Fair Information Practices in the Electronic Marketplace,” May 2000, www.ftc.gov/reports/privacy2000/privacy2000.pdf
Gellman, Robert. “Privacy, Consumers, and Costs: how the lack of privacy costs consumers and why business studies of privacy costs are biased and incomplete,” March 2002. www.epic.org/reports/dmfprivacy.html
![Page 32: 1 Privacy Online Jane Turk, Ph.D. CIS 610 Summer 2003](https://reader036.vdocuments.us/reader036/viewer/2022062804/56649cef5503460f949be28c/html5/thumbnails/32.jpg)
32
Goldman, Janlori and Zoe Hudson and Richard M. Smith. “Privacy Report on the Privacy Policies and practices of Health Web Sites”. Sponsored by California HealthCare Foundation, January 2000, http://admin.chcf.org/documents/ehealth/privacywebreport.pdf
Pew Internet and American Life Project. “Trust and Privacy Online: Why Americans Want to Rewrite the Rules,” Aug 2000, www.pewinternet.org/reports/pdfs/PIP_Trust_Privacy_Report.pdf