Privacy in computing

Material/text on the slides from

Chapter 10
Textbook: Pfleeger.
 What is privacy?
How would you define it?
What do you think its aspects are?
Three key aspects:
Controlled disclosure.
Sensitive data
Affected subject.
Computer Related Privacy Problems

Data collection: what issue do you see?

No informed consent:
Examples: real age.
Loss of control: class discussion.
Example: posting on a blog.
What are the ramifications vs. writing a letter?
Ownership of data.
Computer Related Privacy Problems

Data collection: what issue do you see?

No informed consent:
Examples: real age.
Loss of control: class discussion.
Example: posting on a blog.
What are the ramifications vs. writing a letter?
Ownership of data.
 Protections provided
Privacy Policies;
First step: fair information policies:
Regulate these;
Collection of information.
Data quality.
Purpose specification (use of information)
Use limitation.
Security safeguards.
Openness.
Individual participation.
Accountability.
 U.S privacy laws
Are usually applied to individual data types:
HIPAA
Financial organizations: Gramm-Leach-Bliley Act
(GLBA)
Important in Radford: Federal Educational Rights and
Privacy Act (FERPA).
Somethings are not clear: example class
discussion.
 U.S govt. websites.
Privacy laws controlled by the FTC.
Address 5 factors:
Notice (must be informed)
Choice
Access (contest accuracy of data collected)
Security. (data collectors must secure against
unauthorized use).
Enforcement (sanctions on noncompliance)
In 2002, the US e-government act.
 What about commercial
websites?
Federal trade comission can prosecute for
deceptive practices. (e.g., false advertising)

E.g., JetBlue and the DOD.

 Other issues with Privacy.
Anonymity.
Issues with anonymity.
Multiple identities (online id)
How to protect against privacy
loss?
 How to protect against privacy
loss?
Get/give as little data as possible.
Data anonymization.
Audit trail: record who has accessed what
data.
Security and controlled access
Training, quality, Restricted usage, data left
in place.
Policy.
 Issues in Computer Security:
Data mining and privacy.
Government data mining.
Privacy preserving data mining:
Data mining is extracting hidden patterns from
large amounts of data
Solutions to preserve privacy:
Remove id information. Doesnt work.
E.g., Sweeneys report: > 87% US population can be
identified by: 5 digit zip code, gender and date of birth.
Data perturbation. Example. Needs to be done
carefully.
 Privacy on the web
Think about this:
On the web: every word you speak (blog) can
be read
Someone selling something may have ads on
their site for something else.
Identity of the other person may not be known!
Some issues on the web are protected.
Can you name them?
 Privacy on the web
Credit card payments are protected.
But not necessarily private.
Paypal etc.. May solve the privacy issues.
Site and portal registrations:
Beware of we will enhance your browsing experience
Using email as id on some sites. Issues?
Third party ads.
Contests and offers: Free Iphones!
 Privacy issues
Cookies:
Be-aware
Third party cookies. E.g., Double Click and online profiling.
Adware

Web-bug.

Spyware: keystroke loggers.

 Email security
Interception of email.
Can be encrypted using PGP or S/MIME
Email monitored legallly.
Anonymous E-mail and remailers
Sending anonymous emails.
Spoofing and spamming.
Impact on Emerging technologies
RFID tags
RFID and privacy issues:
Consumer products. How can this be exploited?
RFID in individuals.
Electronic voting
Privacy issues.
VoIP and Skype
Privacy issues.