“The poorest man may in his cottage bid defiance to all the force of the crown.” - PowerPoint PPT Presentation

Slide1 l.jpg
Download
1 / 30

  • 207 Views
  • Uploaded on
  • Presentation posted in: Home / Garden

“The poorest man may in his cottage bid defiance to all the force of the crown.” --- William Pitt, Prime-minister of Great Britain, 1783 – 1801 and 1804- till his death in 1806.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

Download Presentation

“The poorest man may in his cottage bid defiance to all the force of the crown.”

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Slide1 l.jpg

“The poorest man may in his cottage bid defiance to all the force of the crown.”

--- William Pitt, Prime-minister of Great Britain, 1783 – 1801 and 1804- till his death in 1806


From fear and freedom on the internet peter singer professor of bio ethics princeton university l.jpg

From “Fear and Freedom on the Internet “ --Peter Singer, Professor of Bio-ethics, Princeton University

“There’s really no way to …repress information today, and I think

that’s a wonderful advance we can all feel good about... This is a

medium of total openness and total freedom, and that’s what

makes it so special.”

-- Bill Gates, October 2005

Two newsitems of Jan 2006:

  • At the request of China’s rulers, Microsoft shut down the website of Zhao Jing , a Chinese blogger, who had been reporting on a strike by journalists at The Beijing News that followed the dismissal of the newspaper’s independent-minded editor.. The blog was hosted on MSN Spaces in USA.

  • Microsoft’s blog tool in China filters words like “democracy” and “human rights” from blog titles, to comply with local laws.


Today s news l.jpg

Today’s news

Wednesday, Jan 25, 2006

Google officially launched a new www.google.cn site that plans to filter out or block links to material likely to be considered politically sensitive by China's ruling Communist Party.


Internet privacy a definition l.jpg

INTERNET PRIVACY: a DEFINITION

The ability

  • to control what information one reveals about oneself over the Internet, and

  • to control who can access that information.

    Experts in the field of Internet privacy: Internet privacy does not really exist.

    Privacy advocates believe that it should exist.

    Reference: http://en.wikipedia.org/wiki/Internet_privacy as of September 18, 2007


Privacy l.jpg

PRIVACY

  • Right to a sense of personal autonomy

  • Right to have information about oneself used fairly

    ensuring that organizations act fairly in the way they (i) collect (ii) store (iii) use and (iv) disclose one’s personal information

  • Right to be left alone

  • Right to decide what part of one’s personal information is to be shared with (i) doctor (ii) employer (iii) banker (iv) neighbor (v) friend or (vi) stranger


Who cares l.jpg

Who cares?

  • 2004:US government: introduced free ‘do not call’ service: 28 million phone numbers registered within a month

  • 2001 Survey in Australia: 90% Australians consider it important how their personal information is used by organizations and to whom it is disclosed.


Costs of privacy l.jpg

Costs of Privacy

  • Privacy of data  its non-availability at some time, when required

  • Attempts to retain privacy  inconvenience or forgoing certain benefits


Privacy protection l.jpg

Privacy protection

  • To shield innocent persons from an overzealous government

    Profiling can lead to a misinterpretation of accurate information

  • To permit every one to preserve her/his dignity and autonomy

    To not let governments and big corporations to have and to exercise undue power over individuals


Privacy protection and public interest l.jpg

Privacy protection and Public Interest

  • To support freedom of expression, freedom of speech and freedom of association.

  • Anonymity fosters creativity.

  • Permits individuals to make a fresh start and become useful members of society.

  • Privacy protection is integral to trust.

    Trust is the cornerstone of a strong relationship.


How to protect l.jpg

How to protect?

  • Records should be kept for no longer than necessary.

  • Records , if inaccurate, must be deleted or corrected.

    Sometimes not possible to delete:

    Example: Health records wrongly state that you have diabetes. Accordingly some wrong treatment was started. If the record is deleted, the reason why the wrong treatment was given will also go and the medication history will not make sense.

  • Be proactive in defense of privacy.

    The default barriers of time, distance and cost, against publication and retention of your private information, have vanished.

    PROBLEMS:

  • Right to research vs autonomy;

  • Right to forget vs. Right to know


Risks l.jpg

Risks

  • Stealing information through Cookies (Example: Cross-site scripting )

  • Browsing profile

  • Weak spot: ISP

  • Spyware, Phishing, malicious proxy servers

  • Web-bug: techniques used to track who is reading a web page or e-mail, when, and from what computer. They can also be used to see if an e-mail was forwarded to someone else.


The google age l.jpg

The Google age

  • “We are becoming a transparent society of record such that documentation of our past history, current identity, location, communication and physiological and psychological states and behavior is increasingly possible. With predictive profiles and DNA there are even claims to be able to know individual futures”. Gary Marx, “Privacy and Technology”, Telektronik, January 1996.


Health information acts stress privacy l.jpg

Health Information Acts stress PRIVACY

  • Apply to hospitals, doctors, laboratories, insurance companies, employers etc

  • Allow individuals to be informed about their health care

  • Provide both privacy and legitimate access to health information


Facts and needs l.jpg

Facts and needs

  • Personal information: available in tens of data-bases under the control of different organizations.

  • Onus on the person to correct his information,

    when he does not even know about all the places, where his information is.

  • Ownership? vs Control?

    Needs:

    • PRIVACY,

    • CORRECTNESS OF INFORMATION,

    • AVAILABILITY WHEREVER REQUIRED


Proposed systems l.jpg

Proposed Systems

  • IBM: a third party to maintain and release information by following certain rules

  • Information to be maintained by the owner


Ownership of data l.jpg

Ownership of data

Ownership may not mean

  • Write-access

    Ex: Government-owned information:

    social security number, passport ( A

    government can revoke a passport);

    Financial information:

    Annual Tax returns, bank balances

  • Read- access

    Ex: Reports by: physicians, laboratories

    Reference: for the next set of slides: Carrie Gates, Jacob Slonim ,“ Owner-Controlled Information,” http://flame.cs.dal.ca/~gates/papers/nspw03.ps.


Ownership of data continued l.jpg

Ownership of data ….continued

Ownership means

  • Permitting others to access part of the information

    • Role-based access control, augmented by location (say in a hospital, when both the owner and the doctor are in the same room)

  • Deciding about individuals, who can access it in case of disability

  • Deciding about overarching access in case of an emergency/ in case of death

  • Societal Needs to access

    • For medical research

    • For identifying concerned individuals

      Example: spread of SARS


Escrowed encryption standard ees l.jpg

Escrowed Encryption Standard (EES)

  • EES: uses key escrow method of enabling eavesdropping by authorized government agencies, under a court order. (FIPS 185)

  • escrow: a deed, a bond, money, or a piece of property held in trust by a third party to be turned over to the grantee (in this case- a Law Enforcement Agency) only upon fulfillment of a condition

    Reference: Merriam-Webster’s Online Dictionary


Skipjack l.jpg

SKIPJACK

  • encryption/decryptionalgorithm used by EES

  • can be incorporated into voice, facsimile (fax), and computer data devices

  • Has a Law-Enforcement Access Field (LEAF), and two LEAF decryption keys

  • Clipper: the chip designed through US Dept of Commerce grants in 1994

    Reference:http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci837181,00.html as of September 18, 2007


Escrowed encryption l.jpg

Escrowed Encryption

  • Research in Escrowed encryption standard abandoned after 1994

    Ref.: http://csrc.nist.gov/publications/fips/fips185/fips185.txt

  • Partial key Escrow

    that obey the secret sharing property (that any k pieces of the key can reconstruct the key, but that no t pieces provide information about the key, where t < k)

    Ref.: http://www.cse.ucsd.edu/users/mihir/papers/escrow.html


Physical ownership l.jpg

Physical Ownership

Need for an individual to carry information with him:

  • Ownership and control

  • Distributed and incomplete information: likely to be non-synchronized and erroneous

  • May not be available, when required

  • Can allow access to appropriate parts of information to various entities under specified conditions

  • Misused in spite of assurances

    Ex: census information supposed to be retained for 99 years only for research; after 9/11, the president made it available to law-enforcement agencies


Problems of physical ownership l.jpg

Problems of Physical Ownership

  • Theft of identity

  • Loss and recreation of information

  • Requirement of Temper-proof hardware and protected storage areas

  • To encash a cheque, without a cenralized data?

  • How to ensure that the authorized user has not made a copy of the data released to him?

  • Provision for expiry of data (like passport, health card, driving license

  • Secure back-ups

  • A friendly User interface and granularity of information


Trust l.jpg

Trust

  • No one is a super-user?

  • Non-repudiated Audit Trail

  • Alerts, in case unauthorized change has been done.

    Ex: A bank may

    • sign the information, when it writes into the personal device.

    • inserts a hash in the database.

    • Next time when the device is presented to the Bank, it verifies the hash before starting the transaction.

  • IDS to detect if someone tries to copy the data.


  • Existing services l.jpg

    Existing services

    1. Microsoft Passport service:

    • a single sign-on service

    • may contain e-wallet containing billing and shipping information

      (e-Wallet: safely stores

    • name,

    • address,

    • credit-card numbers,

    • password and

      any other information needed for purchase from e-commerce sites )

      References: 1. https://www.passport.net/

      2. http://www.projectliberty.org/


    Existing services continued l.jpg

    Existing services …. continued

    MS wanted to extend Passport to XML based Hailstorm to contain

    • calendars,

    • phone books,

    • address books,

    • documents, using passport authentication mechanism. However the project was abandoned in the face of criticism.

      2. Liberty Alliance of 150 companies for a federated identity infrastructure:

  • Links databases maintained at a number of organizations rather than at a single (set of ) servers


  • Existing services continued 2 l.jpg

    Existing services …. Continued 2

    3. Persona Project at Oregon State University

    • single sign-on,

    • consumer-centered identity model, that is distributed across multiple systems

    • holds a user's personal information, including identity, passwords, preferences and e-wallet information

    • can be accessed via desktops, personal digital assistants (PDAs), cell phones, and even from cybercafes.


    The persona project l.jpg

    The Persona project

    • The persona is "an active software agent that encapsulates private and personal data and performs a range of authentication and personalization services on behalf of its owner.“

      The basic premise:

    • The user: authenticates himself to his persona.

    • The persona: acts on behalf of the user to supply on-line information such as billing information or personal schedules.

    • Access to this information: moderated by the access control rules employed by the user (e.g. so that only a limited number of companies can access credit card information, for example).

      Ref.: http://www.cs.pdx.edu/~ktoth/index_files/ RHASPersonaPaperTothSubramaniumV6.pdf


    Issues l.jpg

    Issues

    • CENTRAL VS FEDERATED VS PERSONALLY CARRIED INFORMATION IN SMART CARDS/FLASH KEYS ETC

    • Authentication of the owner through biometric information

    • Authentication of every one allowed to have a read or write access

      References: 1. Electronic Privacy Information Center (EPIC)

      http://www.epic.org/privacy/consumer/microsoft/passport.html

      2 M.Fairhurst, R.Guest, F. Deravi and J. George,” Using Biometrics as an enabling technology in balancing universality and selectivity for management of information access,” Universal Access: Theoretical Perspectives, Practice and Experience: 7th ERCIM International Workshop on User Interface for All, Paris France Oct 24-25, 2002, Springer-Verlag Lecture Notes in CS 2615, pp 249-259


    Implementation of privacy policies l.jpg

    Implementation of Privacy Policies

    Implementation requires

    • a careful study of the Vulnerabilities and Requirements of the Organization;

    • formulation of appropriate Security and Privacy policies;

    • development of the Architecture of the Security system;

    • selection of Security Technologies;

    • verification whether the design of the system conforms to the statutory requirements and standards.


    Assignment i l.jpg

    Assignment I

    • Use Ataraxis; Topic: Internet Privacy

      References:

      • ACM Digital Library, IEEE Explorer and Lecture Notes in Computer Science series at Leddy Library Electronic offerings

      • Researchers: Sweeney L., Malin B., Clifton C., Vaidya J.

      • Computers Freedom and Privacy Conference (http://www.cfp.org/)

      • Anonymity project (http://idtrail.org/)

      • Electronics Privacy Information Center (http://www.epic.org/)

      • http://www.privacy.org/, http://www.privacyinternational.org/

      • Studies on Privacy Vulnerabilities by John Hopkins Information Security Institute (http://web.jhu.edu/jhuisi/)


  • Login