Privacy
Week 6 - February 20, 22
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
1
ATM Video
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
2
Privacy risks from personalization
Unsolicited marketing
Desire to avoid unwanted marketing
causes some people to avoid giving out
personal information
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
4
My computer can
“figure things out about me”
The little people inside my computer might
know it’s me…
… and they might tell their friends
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
5
Inaccurate inferences
“My TiVo thinks I’m gay!”
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
6
Surprisingly accurate inferences
Everyone wants to be understood.
No one wants to be known.
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
7
You thought that on the Internet
nobody knew you were a dog…
…but then you started getting personalized
ads for your favorite brand of dog food
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
8
Price discrimination
Concerns about being charged higher
prices
Concerns about being treated differently
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
9
Revealing private information to
other users of a computer
 Revealing info to family members or co-workers
• Gift recipient learns about gifts in advance
• Co-workers learn about a medical condition
 Revealing secrets that can unlock many accounts
• Passwords, answers to secret questions, etc.
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
10
Exposing secrets to criminals
Stalkers, identity thieves, etc.
People who break into account may be
able to access profile info
People may be able to probe recommender
systems to learn profile information
associated with other users
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
11
Subpoenas
Records are often subpoenaed in patent
disputes, child custody cases, civil
litigation, criminal cases
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
12
Government surveillance
Governments increasingly looking for
personal records to mine in the name of
fighting terrorism
People may be subject to investigation
even if they have done nothing wrong
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
13
Little Brother as Big Brother
QuickTime™ and a
TIFF (Uncompressed) decompressor
are needed to see this picture.
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
14
Risks may be magnified in future
Wireless location tracking
Semantic web applications
Ubiquitous computing
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
16
Homework 3 discussion
 http://cups.cs.cmu.edu/courses/compsocsp07/homework/hw3.html
 Pick one new-technology-related privacy concern that you
believe to be particularly significant.
• Explain the privacy issue and why you think it is a significant
concern.
• What might be done to mitigate the concern?
 Pick a particular industry or type of web site and use
Privacy Finder to find two P3P-enabled web sites of that
type. At each site read both the human-readable privacy
policy and the Privacy Finder privacy report.
• Describe what aspects of each privacy policy you liked and what
aspects you did not like (address both how well the sites protect
privacy and how the privacy policies are presented).
• Compare the experience reading the privacy policies with the
experience reading the Privacy Finder privacy report.
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
17
Privacy invasive technologies
 Location tracking (cell phones, GPS devices that phone
home, etc.)
 RFID
 Transit cards
 Computer software that phones home
 Devices that phone home
 Video cameras (hidden cameras, cell phones)
 Personalized ecommerce sites
 Automobile data recorders
 Face recognition
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
18
The Global Positioning System (GPS)
 Radio-navigation system operated by US DoD
 Comprised of 24 satellites and 5 ground stations
 Uses satellites to triangulate and calculate 3D
position from 4 satellite signals
 Receivers listen for radio beacons and triangulate
their position
 Typical accuracy in meters, cm accuracy possible
• DoD intentionally degraded accuracy until May 2000
 One-way system
• Use other system to report location back
 Does not work indoors
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
19
Radio-frequency identification (RFID)
 Tags
• Antenna bonded to small
silicon chip encapsulated in
glass or plastic (as small as
grain of rice)
• Unpowered (passive) tags
and powered (active) tags
QuickTime™ and a
TIFF (Uncompressed) decompressor
are needed to see this picture.
 Readers
• Broadcast energy to tags,
causing tags to broadcast
data
• Energy from readers can
also power onboard
sensors or cause tag to
write new data to memory
• Read ranges currently a few
centimeters up to a few
meters
QuickTime™ and a
TIFF (Uncompressed) decompressor
are needed to see this picture.
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
20
Current and near term uses of RFID
Automobile immobilizers
Animal tracking
QuickTime™ and a
TIFF (Uncompressed) decompressor
are needed to see this picture.
Building proximity cards
Payment systems
Automatic toll collection
Inventory management (mostly at pallet
level)
• Prevent drug counterfeiting
Passports
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
21
Electronic Product Code
Standard managed by EPCglobal
Relatively small tags
•
•
•
•
Inexpensive
No encryption, limited security
Kill feature
Password feature
Designed to replace UPC bar codes
96-bit+ serial number
Object Name Service (ONS) database
operated by EPCglobal
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
22
Post-sale uses
Read product labels to blind people
Sort packaging for recycling
Provide laundry instructions to washer,
dryer, dry cleaner
Allow smart refrigerator to automatically
generate shopping lists and warn about
expired items and recalls
Allow smart closet to suggest outfits
Simplify product returns
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
23
Privacy concerns with EPCs?
What are the privacy risks?
What are possible solutions?
What are the limitations of these solutions?
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
24
Building proximity cards
Used for access control to buildings
Many prox cards have no security features
• Easily clonable, even remotely
• Can be read through someone’s pocket or
from longer distances while card is being read
by legitimate reader
Solutions involve adding crypto to cards
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
25
RFID payment systems
 Gas station keyfobs
 Coming soon to the major credit cards in your
wallet
• Chase “Blink” card
• Can be read from about 20 cm
 Integrated into watches and cell phones
 Main advantage is to save time
• Don’t have to swipe machine
• Don’t need signature
 Crypto used to prevent cloning, but JHU
researchers demonstrated how to break
SpeedPass
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
26
Engineering privacy
Privacy by policy
Privacy by architecture
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
27
Privacy
stages
0
identifiability
identified
Approach
to privacy
protection
privacy
by
policy
(notice and
choice)
1
Linkability
of data to
personal
identifiers
linked
• unique identifiers across databases
• contact information stored with profile information
linkable with
reasonable &
automatable
effort
• no unique identifies across databases
• common attributes across databases
• contact information stored separately from profile
or transaction information
not linkable
with
reasonable
effort
• no unique identifiers across databases
• no common attributes across databases
• random identifiers
• contact information stored separately
from profile or transaction information
• collection of long term person characteristics on a
low level of granularity
• technically enforced deletion of profile details at
regular intervals
unlinkable
• no collection of contact information
• no collection of long term person characteristics
• k-anonymity with large value of k
pseudonymous
2
privacy
by
architecture
3
anonymous
System Characteristics
28
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
29
Class debate #3
The State of Pennsylvania should adopt
legal restrictions on the use of web cams
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
30
Research and Communication Skills
Organizing a research paper
Decide up front what the point of your
paper is and stay focused as you write
Once you have decided on the main point,
pick a title
Start with an outline
Use multiple levels of headings (usually 2
or 3)
Don’t ramble!
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
31
Research and Communication Skills
Typical paper organization
 Abstract
•
Short summary of paper
 Introduction
•
Motivation (why this work is interesting/important, not your personal motivation)
 Background and related work
•
Sometimes part of introduction, sometimes two sections
 Methods
•
•
These sections may
be different in your papers
What you did
In a systems paper you may have system design and evaluation sections instead
 Results
•
What you found out
 Discussion
•
•
Also called Conclusion or Conclusions
May include conclusions, future work, discussion of implications,etc.
 References
 Appendix
•
Stuff not essential to understanding the paper, but useful, especially to those trying
to reproduce your results - data tables, proofs, survey forms, etc.
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
32
Research and Communication Skills
Road map
 Papers longer than a few pages should
have a “road map” so readers know where
you are going
 Road map usually comes at the end of the introduction
 Tell them what you are going to say in the roadmap, say
it, (then tell them what you said in the conclusions)
 Examples
• In the next section I introduce X and discuss related work. In
Section 3 I describe my research methodology. In Section 4 I
present results. In Section 5 I present conclusions and possible
directions for future work.
• Waldman et al, 2001: “This article presents an architecture for
robust Web publishing systems. We describe nine design goals
for such systems, review several existing systems, and take an indepth look at Publius, a system that meets these design goals.”
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
33
Research and Communication Skills
Use topic sentences
 (Almost) every paragraph should have a topic sentence
• Usually the first sentence
• Sometimes the last sentence
• Topic sentence gives the main point of the paragraph
 First paragraph of each section and subsection should
give the main point of that section
 Examples from Waldman et al, 2001
• In this section we attempt to abstract the particular implementation
details and describe the underlying components and architecture
of a censorship-resistant system.
• Anonymous publications have been used to help bring about
change throughout history.
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
34
Research and Communication Skills
Avoid unsubstantiated claims
 Provide evidence for every claim you make
• Related work
• Results of your own experiments
 Conclusions should not come as a surprise
• Analysis of related work, experimental results, etc. should support
your conclusions
• Conclusions should summarize, highlight, show relationships,
raise questions for future work
• Don’t introduce new ideas in discussion or conclusion section
(other than ideas for related work)
• Don’t reach conclusions not supported by the rest of your paper
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
35
Wiretaps, encryption, and
government surveillance
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
36
Surveillance systems you should know about
Clipper
Echelon
CAPS II
TIA
Carnivore
CALEA
MATRIX
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
37