Privacy
Big Brother is Watching
http://www.technovelgy.com/ct/content.asp?Bnum=629
In 1984
http://www.technovelgy.com/ct/Science-Fiction-News.asp?NewsNum=610
Spying on Your Rubbish
http://www.dailymail.co.uk/news/article-1255565/Spy-chips-hidden-2-5million-dustbins-council-snoopers-plan-pay-throw-tax.html
Pizza
http://www.aclu.org/pizza/
The Clock
A scary example from the ACLU:
http://www.aclu.org/blog/techn
ology-and-liberty/marylandsuspends-facebook-passwordpolicy-job-interviews
http://www.aclu.org/privacy/spying/surveillancesocietyclock.html
A Different
Threat RFIDs
Toll Tags
http://www.utexas.edu/features/2010/08/09/locational_privacy/
More RFIDs
An RFID chip used by
Walmart
With a barcode on the back
Tags used in libraries
Tracking Passports
US Passport Service Guide
But what can the bad guys do?
Doing it with Cell Phones
• You go to the hospital and are diagnosed with H1N1.
On the Other Hand
The New Yorker, page 61, July 5, 1993
Is Privacy Still Possible?
• Google “Monica Lewinsky”
• Yahoo “Monica Lewinsky”
Policy Vacuums and Privacy
“The intensity and complexity of life, attendant upon advancing
civilization, have rendered necessary some retreat from the
world, and man, under the refining influence of culture, has
become more sensitive to publicity, so that solitude and privacy
have become more essential to the individual; but modern
enterprise and invention have, through invasions upon his
privacy, subjected him to mental pain and distress, far greater
than could be inflicted by mere bodily injury.”
Who said this when?
What is Privacy?
It’s about access:
• To my physical person
• To information about me and my life
Definitions:
• The right to be let alone [Warren and Brandeis, 1890]
Policy Vacuums and Privacy
Samuel Warren’s problem: The Boston tabloid press liked
printing lurid details of the lives of the Boston upper crust.
The existing laws:
• Laws against libel and slander.
• Property law, which, for example, prevents someone from
coming in to your house to see who’s there or check out your
bank statement.
The technology that created the problem:
•Widely circulated newspapers.
•Cameras.
Leave Me Alone: Today
Telemarketing
The National Do Not Call Registry took effect in
October, 2003.
Leave Me Alone: Today
Spam
Technology attacks technology: reverse engineering
spam generation templates:
http://www.newscientist.com/article/mg20527446.000-to-beatspam-turn-its-own-weapons-against-it.html
What is Privacy?
It’s about access:
• To my physical person
• To information about me and my life
Definitions:
• The right to be let alone [Warren and Brandeis, 1890]
• The right to control my “zone of inaccessibility”
Why Protect Privacy?
• It is a prudential right.
• A utilitarian argument:
What Can Happen When We Don’t
What Can Happen When We Don’t
No Need to Throw it Out
• Used to throw out records because:
• Needed the space
• It was possible
• Now we don’t because:
• Bits take up very little space
• It’s hard in databases
When No Knew it Was Even Stored
The End of Forgetting
Stacy Snyder as
Drunken Pirate
Is Forgetting Important?
The Internet Archive
http://www.archive.org/index.php
Does It Work?
Can they:
• Find sites that mention you or your company?
• Remove bad reviews from 3rd party websites?
• Create positive reviews and get them ranked highly
on Google?
http://www.scam.com/showthread.php?p=939828
Does It Work?
Could they fool you by:
• Creating bad blog posts about you right before they
send you a marketing blur. Then they can ….
http://www.scam.com/showthread.php?p=939828
Why Not?
• Security:
• Terrorists and just plain criminals
Why Not?
Why Not?
• Security:
• Terrorists and just plain criminals
National Crime Information Center (NCIC)
SentryLink
Why Not?
• Security:
• Terrorists and just plain criminals
Companies behaving badly – the fallout from Enron
Sarbanes - Oxley
• Passed in 2002.
• Requires public companies to retain business
records, including emails, for 5 years.
Why Not?
• Security:
• Terrorists and just plain criminals
People convicted of sex crimes
Why Not?
• Security:
• Terrorists and just plain criminals
But aren’t many of us “criminals”?
Why Not?
• Security:
• Terrorists and just plain criminals
• Dealing with strangers
“A society of strangers is one of
immense personal privacy.
Surveillance is the cost of that
privacy.”
To the Extreme
Why Not?
• Security:
• Terrorists and just plain criminals
• Dealing with strangers
• Special protection for children
RFID in California
RFID in England
RFID in college
Why Not?
• Security:
•
•
•
•
Terrorists and just plain criminals
Dealing with strangers
Special protection for children
Accidents and disasters
Why Not?
• Security:
•
•
•
•
Terrorists and just plain criminals
Dealing with strangers
Special protection for children
Accidents and disasters
Car Black Boxes
Damned Interesting
More Information
Leveling the Playing Field
N.J. governor Jon Corzine’s SUV was travelling 91
mph before it crashed.
And Now for My Car
http://www.cbsnews.com/stories/2010/03/22/business/main6323252.shtml
As with All New Technology
The legal challenge from the side that doesn’t like the
answer:
Bachman vs. General Motors
The Frye Rule
"Just when a scientific principle or discovery crosses the
line between the experimental and demonstrable stage is
difficult to define. Somewhere in this twilight zone the
evidential force of the principle must be recognized, and
while the courts will go a long way in admitting expert
testimony deduced from a well-reasoned scientific
principle or discovery, the thing from which the deduction
is made must be sufficiently established to have gained
general acceptance in the particular field in which it
belongs."
Frye v United States, 1923, Court of Appeals, the District of Columbia.
Rule 702
The Federal Rules of Evidence (1975)
Rule 702. Testimony by Experts
If scientific, technical, or other specialized knowledge will
assist the trier of fact to understand the evidence or to
determine a fact in issue, a witness qualified as an expert by
knowledge, skill, experience, training, or education, may
testify thereto in the form of an opinion or otherwise, if (1)
the testimony is based upon sufficient facts or data, (2) the
testimony is the product of reliable principles and methods,
and (3) the witness has applied the principles and methods
reliably to the facts of the case.
Daubert v. Merrell Dow
Parents sue Dow claiming birth defects caused by Bendectin.
The District Court granted Dow a summary judgment based on a wellcredentialed expert's affidavit saying that maternal use of Bendectin has not
been shown to be a risk factor for human birth defects. Although parents had
responded with the testimony of eight other well-credentialed experts, who based
their conclusion that Bendectin can cause birth defects on animal studies,
chemical structure analyses, and the unpublished “reanalysis” of previously
published human statistical studies, the court determined that this evidence did
not meet the applicable “general acceptance”' standard for the admission of
expert testimony.
The Court of Appeals agreed, citing Frye, for the rule that expert opinion based
on a scientific technique is inadmissible unless the technique is “generally
accepted”' as reliable in the relevant scientific community.
The US Supreme Court reversed that ruling and held that the Federal Rules of
Evidence, not Frye, provide the standard for admitting expert scientific testimony
in a federal trial.
Daubert v. Merrell Dow Pharmaceuticals, Inc., 509 U.S. 579 (1993)
From the Daubert Decision
Things a judge should consider:
1. Whether the scientific theory or technique can be and
has been tested;
2. Whether it has been subject to publication and/or peer
review;
3. The known or potential rate of error:
4. The existence and maintenance of standards
controlling the technique's operation; and
5. General acceptance in the scientific community.
Why Not Protect Privacy?
• Security
• White men’s clubs
• The lives of “public figures”
• Free speech (Warren & Brandeis, again)
• Medical research
• Better service
Why Not Protect Privacy?
• When the data protect you
• The case of Reade Seligmann
Why Not Protect Privacy?
• When the data protect you
• The case of Reade Seligmann (April, 2006)
12:02 AM Time stamped photo shows alleged victim dancing
12:24 AM Seligmann’s ATM card used
12:25 AM Seligmann’s cell phone used
12:46 AM Seligmann’s prox card used to enter his dorm
Why Not Protect Privacy?
• When the data protect you
• Colorado v. Cain
A man accused of vehicular homicide was acquitted
when the EDR in his car showed he was not speeding
at the time of the accident.
How Much Is There?
Biometrics – Technology Reduces
Privacy
• Super Bowl 2001
• Biometrics today
Face recognition
http://www.sciencedirect.com.ezproxy.lib.utexas.edu/science/journal/0
9694765
Digital Cash – Technology Returns It
• Cash is anonymous
• Credit card transactions aren’t.
• Digital cash
What Information Is Where?
Personal
Information
Public
Information
Public
Records
Proprietary
Information
Disclosure: Voluntary, Involuntary, Statutory
A Statutory Example
The Federal Election Campaign Act
www.fec.gov
The Expectation of Privacy
One idea: Privacy is important when someone has the
expectation that it exists.
• The expectation exists:
• The expectation doesn’t exist:
But what’s wrong with this criterion?
Who Are We Protecting Against?
• The government
• The medical establishment
• Corporations
• Society in general
The Founding of America
“When the American Republic was founded, the framers
established a libertarian equilibrium among the competing values
of privacy, disclosure, and surveillance. This balance was based
on technological realities of eighteenth-century life. Since torture
and inquisition were the only known means of penetrating the
mind, all such measures by government were forbidden by law.
Physical entry and eavesdropping were the only means of
penetrating private homes and meeting rooms; the framers
therefore made eavesdropping by private persons a crime and
allowed government to enter private premises only for reasonable
searches, under strict warrant controls. Since registration
procedures and police dossiers were the means used to control
the free movement of “controversial” persons, this European police
practice was precluded by American governmental practice and
the realities of mobile frontier life.”
From: Alan F. Westin, Privacy and Freedom
What the Government Cannot Do
The Bill of Rights
We Worry, Though
• The story
We Worry, Though
• The story
• The hoax
Tracking Your Car
Census Records
Data of the 1790 US Census
1.
Name of head of family
2.
Number of free white males 16 & up including heads of
families
3.
Number of free white males under 16
4.
Number of free white females including heads of
families
5.
Number of all other free persons except Indians not
taxed
6.
Number of slaves
Data of the 1800 US Census
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
Name of the head of family
# of free white males under age 10
# of free white males age 10-16
# of free white males age 16-26
# of free white males age 26-45
# of free white males over age 45
# of free white females under age 10
# of free white females age 10-16
# of free white females age 16-26
# of free white females age 26-45
# of free white females over age 45
# of all other free persons
# of slaves
Data of the 1820 US Census
1. Name of the head of family
2. # of free white males under age 10
3. # of free white males age 10-16
4. # of free white males age 16-18
5. # of free white males age 16-26
6. # of free white males age 26-45
7. # of free white males age 45 and up
8. # of free white females under age 10
9. # of free white females age 10-16
10. # of free white females age 16-26
11. # of free white females age 26-45
12. # of free white females age 45 and up
13. # of foreigners not naturalized
14. # of persons engaged in agriculture
15. # of persons engaged in commerce
16. # of persons engaged in manufacture
17. # of male slaves under 14
18. # of male slaves age 14-26
19. # of male slaves age 26-45
20. # of male slaves age 45 and up
21. # of female slaves under 14
22. # of female slaves age 14-26
23. # of female slaves age 26-45
24. # of female slaves age 45 and up
25. # of free male colored persons under 14
26. # of free male colored persons age 14-26
27. # of free male colored persons age 26-45
28. # of free male colored persons age 45 and up
29. # of free female colored persons under 14
30. # of free female colored persons age 14-26
31. # of free female colored persons age 26-45
32. # of free female colored persons age 45 and up
33. # of all other persons except Indians not taxed
Data of the 1930 US Census
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
Street, avenue, road, etc.
House number
Number of dwelling house in order of visitation
Number of family in order of visitation
Name
Relationship of this person to the head of the family
Home owned or rented
Value of home, if owned, or monthly rental, if rented*
Radio set*
Does this family own a farm?
Sex
Color or race
Age at last birthday
Marital condition
Age at first marriage*
Attended school or college any time since Sept. 1, 1929
Whether able to read or write
Place of birth__person
Place of birth__father
Place of birth__mother
Language spoken in home before coming to the United States
Year of immigration into the United States
Naturalization
Whether able to speak English
Trade, profession, or particular kind of work done
Occupation industry or business
Class of worker
Employment
Veteran*
Data of the 1930 US Census
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
Street, avenue, road, etc.
House number
Number of dwelling house in order of visitation
Number of family in order of visitation
Name
Relationship of this person to the head of the family
Home owned or rented
Value of home, if owned, or monthly rental, if rented*
Radio set*
Does this family own a farm?
Sex
Color or race
Age at last birthday
Marital condition
Age at first marriage*
Attended school or college any time since Sept. 1, 1929
Whether able to read or write
Place of birth__person
Place of birth__father
Place of birth__mother
Language spoken in home before coming to the United States
Year of immigration into the United States
Naturalization
Whether able to speak English
Trade, profession, or particular kind of work done
Occupation industry or business
Class of worker
Employment
Veteran*
2,668 reels of microfilm
1,591 reels of soundex
Data of the 2010 Census
http://2010.census.gov/2010census/how/interactive-form.php
1880 US Census
Required 8 years of processing
1880 US Census
Required 8 years of processing
1890 US Census
Required 1 year of processing
1880 US Census
Required 8 years of processing
1890 US Census
Required 1 year of processing
?
The Hollerith Card
Punching the Cards
Tabulating the
Cards
World War II
• Census data used to collect JapaneseAmericans to be taken to “relocation
camps”.
World War II
• Census data used to collect Japanese-Americans to be
taken to “relocation camps”.
Post 9/11
• Census data used to identify neighborhoods of ArabAmericans
Current Census Data
http://www.factfinder.census.gov
Remember Latanya Sweeney’s Result
Data from the 1990 US Census show that 87% (216 million out of 248 million) of
the United States population provided data that likely make them unique based
on only the three attributes of zip code, date of birth, and gender.
Latanya Sweeney, k-Anonymity: A Model for Protecting Privacy
Total Information Awareness
• Proposed in 2002.
• Would use data mining over databases of financial,
medication, travel, communication, biometric information.
• Some researchers get sucked in.
• ACM letter sent to the Senate, January, 2003.
• Funding for domestic surveillance portion suspended in
February, 2003.
• Name changed to Terrorist Information Awareness.
Is TIA “Right”?
action 
arg max
(
 utility (a, x))
aActions/ constrains xAudience
Or, since we’re really concerned with costs:
action 
arg min
(
 utility (a, x))
aActions/ constrains xAudience
utility (a, x) 
 Pr(o)  Cost (o, a)
oOutcomes
The Government
• When technical problems tell them too much:
http://www.nytimes.com/2008/02/17/washington/17fisa.html?ex=136090440
0&en=d32fbd564f65660c&ei=5089&partner=rssyahoo&emc=rss
The REAL ID Act
• The REAL ID Act passed in 2005.
• Implementation continues to be delayed.
Dirty Tricks
Passport files of presidential candidates
Quis Custodiet
• “… quis custodiet ipsos custodes? …”
Juvenal, (Satire 6.346–348)
• But earlier, in the Republic. The answer:
"They will guard themselves against themselves. We must tell the
guardians a noble lie. The noble lie will inform them that they are better
than those they serve and it is therefore their responsibility to guard and
protect those lesser than themselves. We will instill in them a distaste
for power or privilege, they will rule because they believe it right, not
because they desire it."
Quis Custodiet
Who is this guy?
Quis Custodiet
J. Edgar Hoover
Director, FBI
May 10, 1924 –
May 2, 1972
Quis Custodiet
In one case, a Maryland banker who sat on the state's public
health commission used his access to medical records to
cross-check people with cancer who he'd given loans to and
then called in their loans. (He was never even punished in the
incident.)
Medical Information
• An implanted RFID chip would give doctors information
even if you’re unconscious.
Stealing Medical Information Isn’t New
Daniel Ellsberg and the Plumbers
But getting at electronic information may be a lot easier.
One Easy Way
http://www.washingtonpost.com/wpdyn/content/article/2008/03/23/AR2008032301753.html?nav=rss_email/co
mponents
Corporations
Rebates:
the Old Way
Rebates:
Today
http://www.greenpoints.com/account/act_default.asp
Rebates: Today
Rebates:
Tomorrow?
The Shopping Buddy
Rebates
Tomorrow?
Personal Shopping Assistant
More Than Just Rebates
CDC uses shopper-card data to trace salmonella
http://www.msnbc.msn.com/id/35800591/ns/health-food_safety/
Cookies
Cookies
GET /index.html HTTP/1.1
Host: www.example.org
HTTP/1.1 200 OK
Content-type: text/html
Set-Cookie: name=value
(content of page)
GET /spec.html HTTP/1.1
Host: www.example.org
Cookie: name=value
Accept: */*
Cookies
• Check whether this is a new or returning user
• Shopping cart
First generation:
Cookie:
Little Red Book
How to Make a Bomb
Cookies
• Check whether this is a new or returning user
• Shopping cart
Second generation:
Cookie:
Session id: 754623598761
Backend DB:
id = 754623598761
order = Little Red Book
How to Make a Bomb
Cookies
• Check whether this is a new or returning user
• Shopping cart
• Remember user name/password
Cookies
•
•
•
•
Check whether this is a new or returning user
Shopping cart
Remember user name/password
Preferences
webpage
clicks
Cookies
•
•
•
•
•
Check whether this is a new or returning user
Shopping cart
Remember user name/password
Preferences
Tracking
id
request, id
id, url, date/time, ???
Id, url, date/time, ???
………
Third-Party Cookies
Today:
MegaId#, ad
www.site1.com
Tomorrow:
#77654, site1
#77654, site2
ad
MegaId#
www.site2.com
Cookies
• Cookies can have other attributes:
Set-Cookie: RMID=732423sdfs73242;
expires=Fri, 31-Dec-2010 23:59:59 GMT;
path=/; domain=.example.net
• Can cookies infect your computer with viruses?
Disabling Cookies
Let’s try it: http://www.washingtonpost.com
Mozilla help: http://support.mozilla.com/en-US/kb/Enabling+and+disabling+cookies?s=cookies&as=s
Flash Cookies
Let’s try it:
http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html
Collaborative Filtering
•
User-based approach
1. Look for users with the same pattern.
2. Check ratings from those users.
•
Item-based approach
1. Build an item-item matrix.
2. Use data from the current user to select from the
matrix
•
An item-based approach using binary data
•
An Amazon example
Choosing to Go Public
Get Started On Facebook
Facebook isn't just one big site; it's made up of lots of separate networks based around
things like schools, companies, and regions.
Anyone can sign up for Facebook
If you want to see the profiles of your classmates or coworkers on the site, be sure to use your school
or work email to register. You can search for anyone on Facebook, but you can only see profiles of
your friends and people in your networks.
Privacy Policies
Does anyone read them?
• Facebook
Changing Your Mind
http://www.nytimes.com/2008/02/11/technology/11facebook.html?em&ex=12030
51600&en=5f33ac07f19d21f5&ei=5087%0A
What’s in it for Them?
[Facebook] is still trying to find a way to monetize its
popularity, mostly by allowing marketers access to its
wealth of demographic and behavioral information. The
retention of old accounts on Facebook’s servers seems
like another effort to hold onto — and provide its ad
partners with — as much demographic information as
possible. NYT, Feb. 11, 2008
Monitoring Your Information
Credit Reports
• Equifax
• Experian
• Trans Union
• The Fair and Accurate Credit Transactions Act of 2004
says you can get one free report per year.
http://www.youtube.com/watch?v=xwq7le9zSv0
Everybody
Else
http://www.zillow.com/search/RealEstateSearch.htm?dg=dg2&addrstr
thood=5002+Lea+Cove&citystatezip=Austin%2C+TX
Google Earth
Google Street View
http://news.yahoo.com/s/ap/20100914/ap_on_hi_te/eu_czech_google_street_view
http://maps.google.com/help/maps/streetview/
Spokeo
http://www.spokeo.com/
How Safe are You?
Consider someone using these sites:
Were will the police NOT be?
Crimestoppers
Where might there be valuables?
Zillo
Is there easy access and departure?
GoogleEarth
Is the access apparent from the street?
StreetView
Sites Positive?
Yet each one of those sites have very positive uses:
What’s a safe neighborhood?
Crimestoppers
What houses are in my price range?
Zillo
How do I get to that address?
GoogleEarth
What will the place look like when I arrive?
StreetView
How Safe are You?
A traffic camera might be very useful as you plan your
daily commute:
Connecticut Avenue at Macomb in Washington,
DC - refreshed every two seconds
Could it be a bit scary?
Same intersection last night
Protections?
Does Google Street View really blur all license plates
and faces?
24th and Speedway – View 1
24th and Speedway – View 2
24th and Speedway – View 3
http://www.privacyrights.org/