Add to collection(s) Add to saved
  1. Arts & Humanities
  2. Communications
  3. Marketing

Online Privacy Issues Overview - CUPS

advertisement 
Introduction to Privacy
January 28, 2007
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
1
Administrivia
Collect homework and human subjects
certificates
Student survey forms
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
2
Outline
What is privacy?
Privacy laws and self-regulation
Privacy risks from personalization
Reducing privacy risks
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
4
What is privacy?
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
5
What does privacy mean to you?
How would you define privacy?
What does it mean to you for something to
be private?
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
6
Concept versus right
Privacy as concept
• What is it
• How and why it is valued
Privacy as right
• How it is (or should be) protected
 By law
 By policy
 By technology
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
7
Hard to define
“Privacy is a value so complex, so
entangled in competing and contradictory
dimensions, so engorged with various and
distinct meanings, that I sometimes despair
whether it can be usefully addressed at all.”
Robert C. Post, Three Concepts of Privacy,
89 Geo. L.J. 2087 (2001).
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
8
Some definitions from the literature
Personhood
Intimacy
Secrecy
Contextual integrity
Limited access to the self
Control over information
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
9
Limited access to self
“the right to be let alone”
- Samuel D. Warren and Louis D. Brandeis,
The Right to Privacy,
4 Harv. L. Rev. 193 (1890)
“Being alone.”
- Shane (age 4)
“our concern over
our accessibility to others: the
extent to which we are known
to others, the extent to which
others have physical access to
us, and the extent to which we
are the subject of others
attention.
- Ruth Gavison, “Privacy and the Limits of the
Law,” Yale Law Journal 89 (1980)
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
10
Control over information
“Privacy is the claim of individuals, groups or
institutions to determine for themselves when,
how, and to what extent information about them
is communicated to others.”
“…each individual is continually engaged in a
personal adjustment process in which he
balances the desire for privacy with the desire for
disclosure and communication….”
Alan Westin, Privacy and Freedom, 1967
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
11
Realizing limited access and control
Limited access
• Laws to prohibit or limit collection, disclosure,
contact
• Technology to facilitate anonymous
transactions, minimize disclosure
Control
• Laws to mandate choice (opt-in/opt-out)
• Technology to facilitate informed consent, keep
track of and enforce privacy preferences
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
12
Westin’s four states of privacy
 Solitude
• individual separated from the group and freed from the
observation of other persons
 Intimacy
• individual is part of a small unit
 Anonymity
• individual in public but still seeks and finds freedom
from identification and surveillance
 Reserve
• the creation of a psychological barrier against
unwanted intrusion - holding back communication
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
13
Britney Spears:
“We just need privacy”
“You have to realize that
we're people and that we
need, we just need privacy
and we need our respect,
and those are things that
you have to have as a
human being.”
— Britney Spears
15 June 2006
NBC Dateline
http://www.cnn.com/2006/SHOWBIZ/Music/06/15/people.spears.reut/index.html
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
14
Only a
goldfish can
live without
privacy…
Is this true?
Can humans
live without
privacy?
Privacy as animal instinct
Is privacy necessary for species survival?
Eagles eating a deer carcass http://www.learner.org/jnorth/tm/eagle/CaptureE63.html
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
16
Privacy laws and self-regulation
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
17
OECD fair information principles
http://www.datenschutzberlin.de/gesetze/internat/ben.htm
 Collection limitation
 Data quality
 Purpose specification
 Use limitation
 Security safeguards
 Openness
 Individual participation
 Accountability
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
18
US FTC simplified principles
 Notice and disclosure
 Choice and consent
 Data security
 Data quality and access
 Recourse and remedies
US Federal Trade Commission, Privacy Online: A Report to
Congress (June 1998),
http://www.ftc.gov/reports/privacy3/
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
19
Privacy laws around the world
 Privacy laws and regulations vary widely throughout the
world
 US has mostly sector-specific laws, with relatively minimal
protections - often referred to as “patchwork quilt”
• Federal Trade Commission has jurisdiction over fraud and
deceptive practices
• Federal Communications Commission regulates
telecommunications
 European Data Protection Directive requires all European
Union countries to adopt similar comprehensive privacy
laws that recognize privacy as fundamental human right
• Privacy commissions in each country (some countries have
national and state commissions)
• Many European companies non-compliant with privacy laws (2002
study found majority of UK web sites non-compliant)
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
20
Some US privacy laws
 Bank Secrecy Act, 1970
 Fair Credit Reporting Act, 1971
 Privacy Act, 1974
 Right to Financial Privacy Act, 1978
 Cable TV Privacy Act, 1984
 Video Privacy Protection Act, 1988
 Family Educational Right to Privacy Act, 1993
 Electronic Communications Privacy Act, 1994
 Freedom of Information Act, 1966, 1991, 1996
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
21
US law – recent additions
 HIPAA (Health Insurance Portability and
Accountability Act, 1996)
• When implemented, will protect medical records and
other individually identifiable health information
 COPPA (Children‘s Online Privacy Protection Act,
1998)
• Web sites that target children must obtain parental
consent before collecting personal information from
children under the age of 13
 GLB (Gramm-Leach-Bliley-Act, 1999)
• Requires privacy policy disclosure and opt-out
mechanisms from financial service institutions
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
22
Voluntary privacy guidelines
 Direct Marketing Association Privacy Promise
http://www.thedma.org/library/
privacy/privacypromise.shtml
 Network Advertising Initiative Principles
http://www.networkadvertising.org/
 CTIA Location-based privacy guidelines
http://www.wowcom.com/news/press/body.cfm?record_id=907
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
23
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
24
Chief privacy officers
 Companies are increasingly appointing CPOs to
have a central point of contact for privacy
concerns
 Role of CPO varies in each company
•
•
•
•
Draft privacy policy
Respond to customer concerns
Educate employees about company privacy policy
Review new products and services for compliance with
privacy policy
• Develop new initiatives to keep company out front on
privacy issue
• Monitor pending privacy legislation
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
25
Seal programs
 TRUSTe – http://www.truste.org
 BBBOnline – http://www.bbbonline.org
 CPA WebTrust –
http://www.cpawebtrust.org/
 Japanese Privacy Mark
http://privacymark.org/
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
26
Seal program problems
Certify only compliance with stated policy
• Limited ability to detect non-compliance
Minimal privacy requirements
Don’t address privacy issues that go
beyond the web site
Nonetheless, reporting requirements are
forcing licensees to review their own
policies and practices and think carefully
before introducing policy changes
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
27
Privacy policies
Policies let consumers know about site’s
privacy practices
Consumers can then decide whether or not
practices are acceptable, when to opt-in or
opt-out, and who to do business with
The presence of privacy policies increases
consumer trust
What are some problems with privacy policies?
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
28
Privacy policy problems
BUT policies are often
•
•
•
•
difficult to understand
hard to find
take a long time to read
change without notice
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
29
Privacy policy components
 Identification of site, scope, contact
info
 Security assurances
 Types of information collected
 Children’s privacy
•
Including information about cookies
 How information is used
 Conditions under which information
might be shared
 Information about opt-in/opt-out
 Information about access
 Information about data retention
policies
There is lots of information
to convey -- but policy
should be brief and
easy-to-read too!
 Information about seal programs
What is opt-in? What is opt-out?
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
30
Short Notices
 Project organized by Hunton & Williams law firm
• Create short version (short notice) of a human-readable privacy
notice for both web sites and paper handouts
• Sometimes called a “layered notice” as short version would advise
people to refer to long notice for more detail
• Now being called “highlights notice”
• Focus on reducing privacy policy to at most 7 boxes
• Standardized format but only limited standardization of language
• Proponents believe highlights format may eventually be mandated
by law
 Alternative proposals from privacy advocates focus on
check boxes
 Interest Internationally
• http://www.privacyconference2003.org/resolution.asp
 Interest in the US for financial privacy notices
• http://www.ftc.gov/privacy/privacyinitiatives/ftcfinalreport060228.pdf
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
31
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
32
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
33
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
34
Checkbox proposal
WE SHARE [DO NOT SHARE] PERSONAL INFORMATION WITH OTHER WEBSITES OR COMPANIES.
Collection:
We collect personal information directly from you
We collect information about you from other sources:
We use cookies on our website
We use web bugs or other invisible collection methods
We install monitoring programs on your computer
Uses: We use information about you to:
Send you advertising mail
Send you electronic mail
Call you on the telephone
Sharing: We allow others to use your information to:
Maintain shared databases about you
Send you advertising mail
Send you electronic mail
Call you on the telephone
YES





NO

With Your
Consent



Without Your
Consent



With Your
Consent



N/A
Without Your
Consent



N/A



Access: You can see and correct {ALL, SOME, NONE} of the information we have about you.
Choices: You can opt-out of receiving from
Advertising mail
Electronic mail
Telemarketing
Retention:
Change:
We keep your personal data for:
Us



{Six Months Three Years
Affiliates



Third Parties


N/A
Forever}
We can change our data use policy {AT ANY TIME, WITH NOTICE TO YOU, ONLY FOR DATA COLLECTED IN THE FUTURE}
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
35
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
36
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
37
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
38
Platform for Privacy Preferences Project (P3P)
 Developed by the World Wide Web Consortium
(W3C) http://www.w3.org/p3p/
• Final P3P1.0 Recommendation issued 16 April 2002
 Offers an easy way for web sites to communicate
about their privacy policies in a standard
machine-readable format
• Can be deployed using existing web servers
 Enables the development of tools (built into
browsers or separate applications) that
• Summarize privacy policies
• Compare policies with user preferences
• Alert and advise users
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
39
Basic components
 P3P provides a standard XML format that web
sites use to encode their privacy policies
 Sites also provide XML “policy reference files” to
indicate which policy applies to which part of the
site
 Sites can optionally provide a “compact policy” by
configuring their servers to issue a special P3P
header when cookies are set
 No special server software required
 User software to read P3P policies called a “P3P
user agent”
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
40
What’s in a P3P policy?
 Name and contact information for site
 The kind of access provided
 Mechanisms for resolving privacy disputes
 The kinds of data collected
 How collected data is used, and whether
individuals can opt-in or opt-out of any of these
uses
 Whether/when data may be shared and whether
there is opt-in or opt-out
 Data retention policy
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
41
A simple HTTP transaction
GET /index.html HTTP/1.1
Host: www.att.com
. . . Request web page
Web
Server
HTTP/1.1 200 OK
Content-Type: text/html
. . . Send web page
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
42
… with P3P 1.0 added
GET /w3c/p3p.xml HTTP/1.1
Host: www.att.com
Request Policy Reference File
Web
Server
Send Policy Reference File
Request P3P Policy
Send P3P Policy
GET /index.html HTTP/1.1
Host: www.att.com
. . . Request web page
HTTP/1.1 200 OK
Content-Type: text/html
. . . Send web page
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
43
P3P increases transparency
 P3P clients can check
a privacy policy each
time it changes
http://www.att.com/accessatt/
 P3P clients can check
privacy policies on all
objects in a web page,
including ads and
invisible images
http://adforce.imgis.com/?adlink|2|68523|1|146|ADFORCE
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
44
P3P in IE6
Automatic processing of compact
policies only;
third-party cookies without compact
policies blocked by default
Privacy icon on status bar
indicates that a cookie has been
blocked – pop-up appears the
first time the privacy icon
appears
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
45
Users can click on
privacy icon for
list of cookies;
privacy summaries
are available at
sites that are
P3P-enabled
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
46
Privacy summary
report is
generated
automatically
from full P3P policy
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
47
P3P in Netscape 7
Preview version similar to IE6,
focusing, on cookies; cookies
without compact policies (both
first-party and third-party)
are “flagged” rather than
blocked by default
Indicates flagged cookie
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
48
Privacy Bird
 Free download of beta from
http://privacybird.com/
• Origninally developed at AT&T Labs
• Released as open source
 “Browser helper object” for IE6
 Reads P3P policies at all
P3P-enabled sites automatically
 Bird icon at top of browser window indicates whether site
matches user’s privacy preferences
 Clicking on bird icon gives more information
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
49
Chirping bird is privacy indicator
Red bird indicates mismatch
Check embedded content too
Privacy settings
Example:
Sending flowers
Privacy Finder
 Prototype developed at AT&T Labs, improved
and deployed by CUPS
 Uses Google or Yahoo! API to retrieve search
results
 Checks each result for P3P policy
 Evaluates P3P policy against user’s preferences
 Reorders search results
 Composes search result page with privacy
annotations next to each P3P-enabled result
 Users can retrieve “Privacy Report” similar to
Privacy Bird policy summary
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
57
Demo
P3P Resources
 For further information
on P3P see:
• http://www.w3.org/P3P/
• http://p3ptoolbox.org/
• http://p3pbook.com/
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
59
Privacy risks from personalization
Unsolicited marketing
Desire to avoid unwanted marketing
causes some people to avoid giving out
personal information
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
61
My computer can
“figure things out about me”
The little people inside my computer might
know it’s me…
… and they might tell their friends
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
62
Inaccurate inferences
“My TiVo thinks I’m gay!”
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
63
Surprisingly accurate inferences
Everyone wants to be understood.
No one wants to be known.
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
64
You thought that on the Internet
nobody knew you were a dog…
…but then you started getting personalized
ads for your favorite brand of dog food
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
65
Price discrimination
Concerns about being charged higher
prices
Concerns about being treated differently
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
66
Revealing private information to
other users of a computer
 Revealing info to family members or co-workers
• Gift recipient learns about gifts in advance
• Co-workers learn about a medical condition
 Revealing secrets that can unlock many accounts
• Passwords, answers to secret questions, etc.
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
67
The Cranor
family’s 25 most
frequent
grocery
purchases
(sorted by
nutritional value)!
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
68
Exposing secrets to criminals
Stalkers, identity thieves, etc.
People who break into account may be
able to access profile info
People may be able to probe recommender
systems to learn profile information
associated with other users
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
69
Subpoenas
Records are often subpoenaed in patent
disputes, child custody cases, civil
litigation, criminal cases
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
70
Government surveillance
Governments increasingly looking for
personal records to mine in the name of
fighting terrorism
People may be subject to investigation
even if they have done nothing wrong
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
71
Little Brother as Big Brother
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
72
Risks may be magnified in future
Wireless location tracking
Semantic web applications
Ubiquitous computing
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
74
If you’re not careful, you may violate
data protection laws
Some jurisdictions have privacy laws that
• Restrict how data is collected and used
• Require that you give notice, get consent, or
offer privacy-protective options
• Impose penalties if personal information is
accidentally exposed
Usable Privacy and Security • Carnegie Mellon University • Spring 2008 • Lorrie Cranor • http://cups.cs.cmu.edu/courses/ups.html/
75
Related documents
2 question eval form - Carnegie Mellon University
2 question eval form - Carnegie Mellon University
“Contrasting the early 19th versus early 21st Centuries”
“Contrasting the early 19th versus early 21st Centuries”
Central Missouri Cardiovascular Associates P
Central Missouri Cardiovascular Associates P
Privacy Confidentiality Minor
Privacy Confidentiality Minor
IAPP presentation - International Association of Privacy Professionals
IAPP presentation - International Association of Privacy Professionals
Maintaining Privacy and Dignity in Care (Fiona Throp)
Maintaining Privacy and Dignity in Care (Fiona Throp)
Download
advertisement