CT218-L6-Privacy Issues
advertisement
CT218 Lecture 6 14th March Privacy Issues © M. Scheurer, 2002 CT218 Professional Issues 1 What is privacy? It is common to distinguish four kinds of privacy: physical privacy mental privacy decisional privacy informational privacy Definitions… M. Scheurer, 2002 CT218 Professional Issues / Lecture 2 Infringements of Information Privacy Concern for activities of Commercial organisations mailing lists and marketing data credit references Government agencies interests of law enforcement versus rights to non-interference collation of information monitoring of telecommunications M. Scheurer, 2002 CT218 Professional Issues / Lecture 6 Privacy Protection Privacy protection can be achieved by: Privacy and Data Protection Laws Self Regulation (Codes of Conduct) Privacy Enhancing Technologies Privacy Education (of consumers and IT professionals) Source: Fischer-Hubner, S. “IT-Security and Privacy: Design and Use of Privacy-Enhancing Security Mechanisms”, LNCS 1958, ISBN 3-540-42142, Springer, 2001 M. Scheurer, 2002 CT218 Professional Issues / Lecture 7 Privacy Enhancing Technologies PETs are software based mechanisms that help to protect the privacy of web users 2 Categories: Products which provide consumer choice, such as P3P (Platform for Privacy Preference Project) from W3C Products which protect User Identity through Anonymity Pseudonymity Unlinkability Unobservability Source: Fischer-Hubner M. Scheurer, 2002 CT218 Professional Issues / Lecture 8 PETs vs PITs PETS provide an answer to “Privacy Invasive Technologies” (PITS) such as Data mining (customer profiling) “Spyware” Cookies Web Bugs Intelligent Agents used in E-commerce and M-commerce applications (AKA “shopbots”, “buybots”, “pricebots”, “bots”) M. Scheurer, 2002 CT218 Professional Issues / Lecture 9 Cookies A cookie is a small data file that websites can store on the hard drive of the computer of people who visit their sites. may contain information, such as a unique user ID, that websites use to track the pages visited can track and maintain the identity of the web site visited immediately prior to and after visiting the website which set the cookie can keep information on Registered Users which allows them to access account information or other information relating to their use of the site M. Scheurer, 2002 CT218 Professional Issues / Lecture 11 Web Bugs AKA “Web Beacons” Web bugs hide computer codes behind invisible images only a pixel in size to gather information about surfing habits The bugs work best in conjunction with cookies and can interrogate them to find out more about the surfer From BBC Article on Web Bugs: http://news.bbc.co.uk/hi/english/sci/tech/newsid_842000/842624.stm M. Scheurer, 2002 CT218 Professional Issues / Lecture 12 Web Bugs / what they can do Data web bugs can gather IP address of your computer Web location of bug Web page bug is attached to Time the bug was viewed Which browser you are using Any cookies already on your computer SOURCE: BBC Article on Web Bugs http://news.bbc.co.uk/hi/english/sci/tech/newsid_842000/842624.stm M. Scheurer, 2002 CT218 Professional Issues / Lecture 13 Spyware? "They are a secret way of gathering information about someone," said David Banisar, a civil liberties expert from the Electronic Privacy Information Centre (Epic). Privacy experts say the hidden images are the first of a new generation of "spyware" designed to watch what people do on the web without them knowing. (BBC article) M. Scheurer, 2002 CT218 Professional Issues / Lecture 14 Legitimate business Practice? NAI Definition of Web Beacons “Web Beacons are a tool that can be used online to deliver a cookie in a third party context. This allows companies to perform many important tasks including unique visitor counts, web usage patterns, assessments of the efficacy of ad campaigns, delivery of more relevant offers, and tailoring of web site content. The web beacon's cookie is typically delivered or read through a single pixel on the host site” (http://www.networkadvertising.org/aboutnai_news_pr100401.asp) M. Scheurer, 2002 CT218 Professional Issues / Lecture 15 Email Surveillance Issues The standard technology of email is anything but private ISP’s have been asked to archive all transactions for 7 years by UK police Ownership of ‘private’ email Courts agree with employers that on company computers, it belongs to the employer M. Scheurer, 2002 CT218 Professional Issues / Lecture 16 Amazon.co.uk Like many commercial organisations, uses customer information for marketing purposes. Uses data mining techniques for sophisticated customer profiling Privacy International, a lobby group, is pursuing a complaint of non-compliance with UK data protection legislation http://www.privacyinternational.org/issues/compliance/ M. Scheurer, 2002 CT218 Professional Issues / Lecture 18 Personal data held by Amazon (1) Records of book titles purchased Clickstream data such as URLs viewed, IP addresses, cookies, timestamps Search queries Items placed in shopping carts but removed prior to checkout Data purchased by Amazon from other sources or gathered from public records M. Scheurer, 2002 CT218 Professional Issues / Lecture 19 Personal data held by Amazon (2) Demographic and psychographic data Any estimates of propensity to purchase particular products Any information relating to credit risk Estimates of lifetime value Any clustering or segmentation data Any estimates of price elasticity M. Scheurer, 2002 CT218 Professional Issues / Lecture 20 Doubleclick The Doubleclick Saga DC’s online profiling service carried out through Banner Adverts attracted the wrath of the Privacy Lobby http://www.nytimes.com/library/tech/00/02/cyber/commerce/07commerce.html Junkbusters President Jason Catlett claimed that “Doubleclick has more than a trillion clickstream records and billions of personally identified records on about 90 million Americans”. He also claimed that Doubleclick’s computer had been the victim of hackers http://www.junkbusters.com/new.html#dclk DoubleClick has always maintained that any information collected in such a way is merely aggregated data that cannot be traced to individual users. Several court cases have been dismissed. http://www.doubleclick.com/us/corporate/privacy/ M. Scheurer, 2002 CT218 Professional Issues / Lecture 21 Network Advertising Initiative NAI (Network Advertising Initiative), a cooperative group of network advertisers have developed a set of privacy principles, in conjunction with the Federal Trade Commission, in order to improve its self-regulatory approach to addressing consumer's privacy concerns It offers an on-line service which provides consumers with the ability to opt-out of ads from major companies (including DoubleClick and 24/7 Media) through its website http://www.networkadvertising.org M. Scheurer, 2002 CT218 Professional Issues / Lecture 22 Intel The saga of Intel Pentium III and PSN (Processor Serial Number) Original chips had embedded technology which enabled the identification of individual computers Dropped by Intel in April 2000 following adverse publicity “Pretty poor privacy may lurk inside processors” New Scientist 6 Feb 1999 http://www.epic.org/ (Electronic Privacy Information Center)-US watchdog http://www.bigbrotherinside.com/ http://zdnet.com.com/2100-11-520265.html?legacy=zdnn M. Scheurer, 2002 CT218 Professional Issues / Lecture 23 Next Week The Data Protection Act Advanced Study (recommended): The Office of the Information Commission (OIC) website: http://www.dataprotection.gov.uk Legal Guidance Notification Handbook M. Scheurer, 2002 CT218 Professional Issues / Lecture 25 End of Privacy Issues © M. Scheurer, 2002 CT218 Professional Issues 26
