Privacy – Personalization, RFIDs, Surveilance, and Encryption 1

Privacy – Personalization, RFIDs,

Surveilance, and Encryption

Week 6 - February 19, 21

Ethics and Policy issues in Computing • Carnegie Mellon University • Spring 2008 • Tongia • http://www.contrib.andrew.cmu.edu/~tongia/sp08/08-200/ 1

Privacy risks from personalization


Unsolicited marketing

Desire to avoid unwanted marketing causes some people to avoid giving out personal information


My computer can

“figure things out about me”

The little people inside my computer might know it’s me…

… and they might tell their friends


Inaccurate inferences

 “My TiVo thinks I’m gay!”


Surprisingly accurate inferences

Everyone wants to be understood.

No one wants to be known.


You thought that on the Internet nobody knew you were a dog…

…but then you started getting personalized ads for your favorite brand of dog food


Price discrimination

 Concerns about being charged higher prices

 Concerns about being treated differently


Revealing private information to other users of a computer

 Revealing info to family members or co-workers

• Gift recipient learns about gifts in advance

• Co-workers learn about a medical condition

 Revealing secrets that can unlock many accounts

• Passwords, answers to secret questions, etc.


Exposing secrets to criminals

 Stalkers, identity thieves, etc.

 People who break into account may be able to access profile info

 People may be able to probe recommender systems to learn profile information associated with other users


Subpoenas

 Records are often subpoenaed in patent disputes, child custody cases, civil litigation, criminal cases


Privacy invasive technologies

 Location tracking (cell phones, GPS devices that phone home, etc.)

 RFID

 Transit cards

 Computer software that phones home

 Devices that phone home

 Video cameras (hidden cameras, cell phones)

 Personalized ecommerce sites

 Automobile data recorders

 Face recognition


The Global Positioning System (GPS)

 Radio-navigation system operated by US DoD

 Comprised of 24 satellites and 5 ground stations

 Uses satellites to triangulate and calculate 3D position from 4 satellite signals

 Receivers listen for radio beacons and triangulate their position

 Typical accuracy in meters, cm accuracy possible

• DoD intentionally degraded accuracy until May 2000

 One-way system

• Use other system to report location back

 Does not work indoors


Radio-frequency identification (RFID)

 Tags

• Antenna bonded to small silicon chip encapsulated in glass or plastic (as small as grain of rice)

• Unpowered (passive) tags and powered (active) tags

 Readers

• Broadcast energy to tags, causing tags to broadcast data

• Energy from readers can also power onboard sensors or cause tag to write new data to memory

• Read ranges currently a few centimeters up to a few meters

Source: Sixwise


Current and near term uses of RFID

 Automobile immobilizers

 Animal tracking

 Building proximity cards

 Payment systems

 Automatic toll collection

 Inventory management (mostly at pallet level)

• Prevent drug counterfeiting

 Passports


Electronic Product Code

 Standard managed by EPCglobal

 Relatively small tags

• Inexpensive

• No encryption, limited security

• Kill feature

• Password feature

 Designed to replace UPC bar codes

 96-bit+ serial number

 Object Name Service (ONS) database operated by EPCglobal


Post-sale uses

 Read product labels to blind people

 Sort packaging for recycling

 Provide laundry instructions to washer, dryer, dry cleaner

 Allow smart refrigerator to automatically generate shopping lists and warn about expired items and recalls

 Allow smart closet to suggest outfits

 Simplify product returns


Privacy concerns with EPCs?

 What are the privacy risks?

 What are possible solutions?

 What are the limitations of these solutions?


Building proximity cards

 Used for access control to buildings

 Many prox cards have no security features

• Easily clonable, even remotely

• Can be read through someone’s pocket or from longer distances while card is being read by legitimate reader

 Solutions involve adding crypto to cards


RFID payment systems

 Gas station keyfobs

 Coming soon to the major credit cards in your wallet

• Chase “Blink” card

• Can be read from about 20 cm

 Integrated into watches and cell phones

 Main advantage is to save time

• Don’t have to swipe machine

• Don’t need signature

 Crypto used to prevent cloning, but JHU researchers demonstrated how to break

SpeedPass


Engineering privacy

 Privacy by policy

 Privacy by architecture


Privacy stages

0

1

2

3 identifiability identified pseudonymous anonymous

Approach to privacy protection

Linkability of data to personal identifiers

System Characteristics privacy by policy

(notice and choice) privacy by architecture linked

 unique identifiers across databases

 contact information stored with profile information linkable with reasonable & automatable effort

 no unique identifies across databases

 common attributes across databases

 contact information stored separately from profile not linkable with reasonable effort unlinkable or transaction information

 no unique identifiers across databases

 no common attributes across databases

 random identifiers

 contact information stored separately from profile or transaction information

 collection of long term person characteristics on a low level of granularity

 technically enforced deletion of profile details at regular intervals

 no collection of contact information

 no collection of long term person characteristics

 k -anonymity with large value of k


Black Boxes

 Where are these found?

 Question becomes who has control and access to the information?

 What insurance uses can you foresee?


Research and Communication Skills

Organizing a research paper

 Decide up front what the point of your paper is and stay focused as you write

 Once you have decided on the main point, pick a title

 Start with an outline

 Use multiple levels of headings (usually 2 or 3)

 Don’t ramble!



Typical paper organization

 Abstract

•

Short summary of paper

 Introduction

• Motivation (why this work is interesting/important, not your personal motivation)

 Background and related work

•

Sometimes part of introduction, sometimes two sections

 Methods

•

What you did

These sections may be different in your papers

• In a systems paper you may have system design and evaluation sections instead

 Results

• What you found out

 Discussion

• Also called Conclusion or Conclusions

• May include conclusions, future work, discussion of implications,etc.

 References

 Appendix

• Stuff not essential to understanding the paper, but useful, especially to those trying to reproduce your results - data tables, proofs, survey forms, etc.



Road map

 Papers longer than a few pages should have a “road map” so readers know where you are going

 Road map usually comes at the end of the introduction

 Tell them what you are going to say in the roadmap, say it, (then tell them what you said in the conclusions)

 Examples

• In the next section I introduce X and discuss related work. In

Section 3 I describe my research methodology. In Section 4 I present results. In Section 5 I present conclusions and possible directions for future work.

• Waldman et al, 2001: “This article presents an architecture for robust Web publishing systems. We describe nine design goals for such systems, review several existing systems, and take an indepth look at Publius, a system that meets these design goals.”



Use topic sentences

 (Almost) every paragraph should have a topic sentence

• Usually the first sentence

• Sometimes the last sentence

• Topic sentence gives the main point of the paragraph

 First paragraph of each section and subsection should give the main point of that section

 Examples from Waldman et al, 2001

• In this section we attempt to abstract the particular implementation details and describe the underlying components and architecture of a censorship-resistant system.

• Anonymous publications have been used to help bring about change throughout history.



Avoid unsubstantiated claims

 Provide evidence for every claim you make

• Related work

• Results of your own experiments

 Conclusions should not come as a surprise

• Analysis of related work, experimental results, etc. should support your conclusions

• Conclusions should summarize, highlight, show relationships, raise questions for future work

• Don’t introduce new ideas in discussion or conclusion section

(other than ideas for related work)

• Don’t reach conclusions not supported by the rest of your paper


Wiretaps, encryption, and government surveillance


Surveillance systems you should know about

 Clipper

 Echelon

 CAPS II

 TIA

 Carnivore

 CALEA

 MATRIX


Government surveillance

 Governments increasingly looking for personal records to mine in the name of fighting terrorism

 People may be subject to investigation even if they have done nothing wrong


Risks may be magnified in future

 Wireless location tracking

 Semantic web applications

 Ubiquitous computing


Encryption

 Encryption has multiple aspects that are important

• Stakeholders



More than just the endpoints, often

• Mechanisms



Symmetric/Asymmetric



Key management systems

• Usability

• Impacts/implications


How Encryption Works (simplified)

 There are 2 types of encryption

• Symmetric

• Asymmetric


Cryptography Basics

 Encryption algorithm

• used to make content unreadable by all but the intended receivers

E ( plaintext , key ) = ciphertext

D ( ciphertext , key ) = plaintext

 Symmetric (shared) key cryptography

• A single key is used is used for E and D

D ( E (p,k1), k1 ) = p

 Management of keys determines who has access to content

• E.g., password encrypted email


Public Key Cryptography

 Public Key cryptography

• Each key pair consists of a public and private component: k + (public key), k (private key)

D ( E (p, k + ), k ) = p

D ( E (p, k ), k + ) = p

 Public keys are distributed (typically) through public key certificates

• Anyone can communicate secretly with you if they have your certificate

• E.g., SSL-base web commerce


Public Key Cryptography

Public Domain Images


Public Key Encryption

 Public/Private key combinations can also be used for signing documents

• Proof of originator

• Non-repudiation

 Signing involves using the private key to create the modified message, which anyone read (is NOT secret), but the public key will verify the originator


Signing

Public Domain Images


Problems with Encryption

 Usability

• Software required

• Complicated

 Key management

• Certificate authorities

• PKI (public key infrastructure)

 What happens when you lose a key?????

 False sense of security

 Policy and regulatory issues

• “What have you got to hide?”


Homework 3 discussion

 http://cups.cs.cmu.edu/courses/compsocsp07/homework/hw3.html

 Pick one new-technology-related privacy concern that you believe to be particularly significant.

• Explain the privacy issue and why you think it is a significant concern.

• What might be done to mitigate the concern?

 Pick a particular industry or type of web site and use

Privacy Finder to find two P3P-enabled web sites of that type. At each site read both the human-readable privacy policy and the Privacy Finder privacy report.

• Describe what aspects of each privacy policy you liked and what aspects you did not like (address both how well the sites protect privacy and how the privacy policies are presented).

• Compare the experience reading the privacy policies with the experience reading the Privacy Finder privacy report.


Class debate #3

 The State of Pennsylvania should adopt legal restrictions on the use of web cams


Privacy – Personalization, RFIDs, Surveilance, and Encryption 1

Privacy risks from personalization

Unsolicited marketing

My computer can

“figure things out about me”

Inaccurate inferences

Surprisingly accurate inferences

You thought that on the Internet nobody knew you were a dog…

Price discrimination

Revealing private information to other users of a computer

Exposing secrets to criminals

Subpoenas

Privacy invasive technologies

The Global Positioning System (GPS)

Radio-frequency identification (RFID)

Current and near term uses of RFID

Electronic Product Code

Post-sale uses

Privacy concerns with EPCs?

Building proximity cards

RFID payment systems

Engineering privacy

Black Boxes

Organizing a research paper

Typical paper organization

Road map

Use topic sentences

Avoid unsubstantiated claims

Wiretaps, encryption, and government surveillance

Government surveillance

Risks may be magnified in future

Encryption

How Encryption Works (simplified)

Cryptography Basics

Public Key Cryptography

Public Key Cryptography

Public Key Encryption

Signing

Problems with Encryption

Homework 3 discussion

Class debate #3

Related documents

Add this document to collection(s)

Add this document to saved

Suggest us how to improve StudyLib