Fluency with information technology
This presentation is the property of its rightful owner.
Sponsored Links
1 / 50

Privacy and Security Shh … be very very quiet PowerPoint PPT Presentation


  • 64 Views
  • Uploaded on
  • Presentation posted in: General

INFO100 and CSE100. Fluency with Information Technology. Privacy and Security Shh … be very very quiet. Katherine Deibel. Information Society. We live in an information society Easy to collect, store, search, and manipulate data on record scales Every action we do generates information

Download Presentation

Privacy and Security Shh … be very very quiet

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Fluency with information technology

INFO100 and CSE100

Fluency with Information Technology

Privacy and SecurityShh… be very very quiet

Katherine Deibel

Katherine Deibel, Fluency in Information Technology


Information society

Information Society

  • We live in an information society

    • Easy to collect, store, search, and manipulate data on record scales

  • Every action we do generates information

    • Using a library

    • Purchasing from a store

    • Flying on a plane

Katherine Deibel, Fluency in Information Technology


The big questions

The BIG QUESTIONS

  • Who owns the information?

  • What can you/they do with it?

  • How do you manage and protect your information?

Katherine Deibel, Fluency in Information Technology


The bookstore example

The Bookstore Example

  • You buy a book: Cooking with Red Meat, Cheese, Lard & Beer

  • The store has a record of the purchase

  • How they may use it:

    • Ignore it

    • Recommend books to you

    • Target advertising

    • Give this information to others (your health insurance company)

Katherine Deibel, Fluency in Information Technology


Implications

Implications

  • What if the book was a gift?

    • Recommendations become poorer

    • Advertising will reach the wrong market

  • Interpretation of the book's meaning

    • Do I want to eat fatty foods?

    • Am I studying high fat-cuisines?

Katherine Deibel, Fluency in Information Technology


One scenario

One scenario….

  • Pizza Palacehttp://aclu.org/pizza/images/screen.swf

Katherine Deibel, Fluency in Information Technology


Ask yourself

Ask yourself…

  • Did that video bother you?

  • Is it a realistic future?

    • If yes, do you want that future?

    • If no, how much do you think could become a reality and do you want it?

  • Most importantly, what do we mean when say we want some information to remain private?

Katherine Deibel, Fluency in Information Technology


Portable cameras of 1890s

Portable Cameras of 1890s

  • Cheaper cameras

  • Faster film speeds

  • Less sitting time

Katherine Deibel, Fluency in Information Technology


What is privacy

What Is Privacy?

S. D. Warren & L. D. Brandeis (1890). The Right to Privacy. Harvard Law Review, 4(5), pp. 193-220.

"The common law secures to each individual the right of determining, ordinarily, to what extent his thoughts, sentiments and emotions shall be communicated to others. Under our system of government he can never be compelled to express them (except upon the witness stand); and even if he has chosen to give them expression, he generally retains the power to fix the limits of the publicity that shall be given them."

Katherine Deibel, Fluency in Information Technology


What is privacy1

What Is Privacy?

S. D. Warren & L. D. Brandeis (1890). The Right to Privacy. Harvard Law Review, 4(5), pp. 193-220.

"The narrower doctrine [of privacy] may have satisfied the demands of society at a time when the abuse to be guarded against could barely have arisen without violating a contract or a special confidence; but modern devices afford abundant opportunities for the perpetration of wrongs without the participation of the injured party."

Katherine Deibel, Fluency in Information Technology


Implications1

Implications

  • Warren & Brandeis's argument is a critical observation about society and new technologies:

    • The adoption of new technologies affects the interactions of people in society and therefore necessitates reviewing laws and rights in regards to the new technologies.

Katherine Deibel, Fluency in Information Technology


Eyeglasses and nerds

Eyeglasses and Nerds

A historical diversion

Katherine Deibel, Fluency in Information Technology


History of eyeglasses

History of Eyeglasses

  • China, ≈1 CE: As eye protection

  • Italy, 1260s: For farsightedness

  • Europe, 1500s: For nearsightedness

  • Britain, 1725: Modern frame invented

  • U.S.A, 1780s: Bifocals invented

  • Britain, 1825: For astigmatisms

Katherine Deibel, Fluency in Information Technology


Historical eyeglasses

Historical Eyeglasses

“Glasses are very disfiguring to women and girls.” From a 1901 optician journal

  • Glasses not for public use

  • Used only for brief moments

  • Led to quick use optics

    • monocle

    • lady’s lorgnette

    • pince-nez

    • scissor glasses

Katherine Deibel, Fluency in Information Technology


Except

Except…

  • Thus… the association of glasses with intellectual pursuits!!!

Scholars and academics

The clergy

The Spanish

Katherine Deibel, Fluency in Information Technology


Spain

Spain?

  • Glasses were popular

  • Higher classes wore larger lenses

Portrait of a Cardinal, Probably Cardinal Don Fernando Niño de Guevara (1541–1609)

by El Greco

Katherine Deibel, Fluency in Information Technology


Think about it

Think about it…

Katherine Deibel, Fluency in Information Technology


Point of historical sidetrack

Point of Historical Sidetrack

Technology usage shapes people’s perceptions of the users

Culture and society shapes how, when, and if a technology is used

Katherine Deibel, Fluency in Information Technology


Defining privacy

Defining Privacy

I want to tell you but…

Katherine Deibel, Fluency in Information Technology


A definition

A Definition

  • What does “privacy” mean in the modern world?

    • The right of people to choose freely under what circumstances and to what extent they will reveal themselves, their attitude, and their behavior to others

  • Privacy is a right

    • You control when & how much is revealed

    • Point of this lecture: You can and should have a lot of privacy by using this control

Katherine Deibel, Fluency in Information Technology


Using collected information

Using Collected Information

  • The collector can’t use after business purpose over

  • The collector can use it, if you approve (OPT-IN)

  • The collector can use it, unless you object (OPT-OUT)

  • The collector can use information no matter what

Katherine Deibel, Fluency in Information Technology


Fair information practices

Fair Information Practices

  • Organization for Economic Cooperation and Development (OECD) defined the “gold standard” for fair information practices

  • Principles

  • Limited Collection

  • Quality

  • Purpose

  • Use Limitation

  • Security

  • Openness

  • Participation

  • Accountability

Katherine Deibel, Fluency in Information Technology


Limited collection principle

Limited Collection Principle

  • There should be limits to the personal data collected about anyone

    • Collect data by fair and lawful means;

    • Collect data with the knowledge and consent of the person whenever appropriate and possible

Katherine Deibel, Fluency in Information Technology


Quality principle

Quality Principle

  • Personal data gathered should be

    • Relevant to the purposes for which it is used

    • Should be accurate, complete, and up-to-date

Katherine Deibel, Fluency in Information Technology


Purpose principle

Purpose Principle

  • The purposes for collecting personal data should be stated at the time it is collected

  • The uses should be limited to only those purposes

Katherine Deibel, Fluency in Information Technology


Use limitation principle

Use Limitation Principle

  • Personal data should not be disclosed or used for purposes other than stated in the Purpose Principle

  • Exceptions:

    • With the consent of the individual

    • By the authority of law

Katherine Deibel, Fluency in Information Technology


Security principle

Security Principle

  • Personal data should be protected by reasonable security measures against

    • Risks of disclosure

    • Unauthorized access

    • Misuse

    • Modification

    • Destruction

    • Loss

Katherine Deibel, Fluency in Information Technology


Openness principle

Openness Principle

  • There should be a general openness of the policies and practices about personal data collection

    • Should be possible to know of its existence, kind, and purpose of use,

    • Should be able to identity and contact information for the data controller

Katherine Deibel, Fluency in Information Technology


Participation principle

Participation Principle

  • An individual should be able to

    • Determine whether the data controller has information about him or her,

    • Discover what it is in an understandable form, in a timely manner, and at a reasonable charge

    • Request data to erased, completed, or changed

  • If any of the inquiries above are denied, the individual should be able to

    • Learn about the reasons for the denial

    • Challenge the denial if so desired

Katherine Deibel, Fluency in Information Technology


Accountability principle

Accountability Principle

  • The data controller should be accountable for complying with these principles

  • Policies, legislation, and laws to back up the need to be held accountable

Katherine Deibel, Fluency in Information Technology


Europe vs america

Europe vs America

  • EU, much of non-EU Europe, NZ, Hong Kong, Australia, and Canada use OECD

    • Both government and private purposes

  • U.S. privacy law does not use the OECD

    • U.S. privacy law for government information is generally strong

    • U.S. privacy law for business is “sectoral”, meaning it is limited to sectors and specific business practices

Katherine Deibel, Fluency in Information Technology


U s businesses and privacy

U.S. Businesses and Privacy

  • Very few industries/practices have explicit privacy rules

    • Almost anything goes

    • Opting-out is the general approach

  • Recent federal law for medical data

    • HIPPA: Health Insurance Portability and Accountability Act of 1996

    • PSQIA: The Patient Safety and Quality Improvement Act of 2005

Katherine Deibel, Fluency in Information Technology


Think about it1

Think About It

  • EU law says, “Info on EU citizens must comply with OECD on leaving EU”

    • U.S. privacy is so bad, EU information cannot come here

    • U.S.-EU are in constant negotiations

Katherine Deibel, Fluency in Information Technology


Some info is protected

Some Info is Protected

Family Educational Rights & Privacy Act

  • As a general rule the University will not release a student’s educational records to a third party without written consent of the student. This includes tuition account information.

  • Even includes practices of returning homework and reporting grades

Katherine Deibel, Fluency in Information Technology


Some info is protected1

Some Info is Protected

  • UW Libraries Privacy Policy

    • The University of Washington Libraries values the privacy of library users. The Libraries seeks to minimize the collection and retention of personally identifiable information.

    • When information is not kept, it cannot be abused.

Katherine Deibel, Fluency in Information Technology


Digital privacy

Digital Privacy

  • Most reputable online business post privacy statements on their sites

    • Should be understandable to you

    • Say what info they collect,

    • Say what they will do with it

    • How to "opt-out" or "opt-in"

Katherine Deibel, Fluency in Information Technology


Digital privacy1

Digital Privacy

  • Unfortunately, there is

    • Little if any government policing

    • Lack of resources for filing complaints

    • Few penalties for violations

Katherine Deibel, Fluency in Information Technology


Independent auditors

Independent Auditors

  • Private firms organizations monitor and report privacy violations

    • TRU.S.Te

    • Better Business Bureau

  • Social networking and public opinion can force companies to comply

Katherine Deibel, Fluency in Information Technology


Real networks in 1999

Real Networks in 1999

  • What they did:

    • Secretly gathered data on people’s personal music tastes

    • Encrypted the info so no one would know

    • Didn’t mention it in their privacy statement

  • They were caught

    • Changed privacy statement

    • Major loss in usage

    • Permanent marring of public trust

Katherine Deibel, Fluency in Information Technology


Further privacy issues

Further Privacy Issues

Cookies and grocery shopping

Katherine Deibel, Fluency in Information Technology


Cookies

Chris

Dating

Cookies

  • A cookie is a record stored on your computer by a Web Server

    • The cookie is usually a unique ID that allows the server to remember who you are

    • Improves Web experience

Client: 210465

Name:

Book:

Client

Client

Client

Server

Client

Client

Client

4.95.142.16: 210465: Chris, Dating for Total Dummies

Katherine Deibel, Fluency in Information Technology


Cookies are good and yummy

Cookies are Good (and Yummy)

  • Cookies are used by many sites and they make Web usage much better

    • Many sites use cookies for history and logins

    • Banking and credit card applications cannot be secure enough without cookies

  • If all privacy laws met OECD standards

    • Cookies would be all good

    • No one but computer scientists would know about them

Katherine Deibel, Fluency in Information Technology


Cookies are bad too sugary

Cookies are Bad (too sugary)

  • Cookies can be stored in your computer by sites you have not visited: 3rd party

    • 3rd Party Cookies come from a site in business with the site you visit, e.g. for ads

    • 3rd party cookies allow info to be correlated

Server ABC

Chirs Cookie: 210465

Client Chris

ABC site:210465

DEF site:4491027

3rdParty: 666-666

Server 3rd

123 Cookie:666-666

Server DEF

Chirs Cookie: 4491027

Katherine Deibel, Fluency in Information Technology


Correlating cookies

Correlating Cookies

  • The 3rd party cookie becomes the key (literally, in DB sense) to join (in DB sense) the info held by separate co.s

Company ABC Database

Customer Cookie Ad Agcy Data1 Data 2 ...

Chris 210465 666-666 val 1 val 2

Company DEF Database

Customer Cookie Ad Agcy Data1 Data 2 ...

Chris 4491027 666-666 val 3 val 4

It’s the same Chris!!!

Katherine Deibel, Fluency in Information Technology


Managing cookies

Managing Cookies

  • You control whether your computer accepts cookies -- look in browser

    • If you don’t care about privacy, Accept all cookies

    • If you greatly value your privacy, Accept no cookies

    • If you want some privacy AND benefit from the useful stuff on the Web, Accept cookies but reject 3rd party cookies

Katherine Deibel, Fluency in Information Technology


Grocery cards

Grocery Cards

  • Easy to collect information about a customer's eating habits

    • Identity can be validated by credit card

  • Some privacy experts fear that this knowledge will be passed to health insurance companies

    • Debatable if useful for actuarial purposes

  • What does the privacy statement say?

Katherine Deibel, Fluency in Information Technology


Grocery cards1

Grocery Cards

  • QFC Privacy Statement:The information gathered by QFC will be used to give you, our valued customer, our very best. You have our word on that! We pledge that QFC will not release your name to any list service or manufacturer, and that such information will be held in the strictest of confidence–even within our company.

Katherine Deibel, Fluency in Information Technology


But qfc is an affiliate of kroger

But QFC is an affiliate of Kroger

  • Kroger's Privacy Statement:Kroger and its affiliates may use personal customer information to create merchandising and promotional programs tailored around specific purchases, the frequency of store visits, volume of purchases, and other data…We may share personal customer information with our subsidiaries, affiliates, agents, representatives and trusted partners for the limited purpose of providing services or information to Kroger or our customers at our direction.

Katherine Deibel, Fluency in Information Technology


Conflicting statements

Conflicting statements?

  • Yes

  • But…

    • It is all legal in the United States

    • We have grown accustomed to the idea that our information is being used

    • The U.S. is an opt-out society

Katherine Deibel, Fluency in Information Technology


Summary

Summary

  • You may not think about privacy much, but maybe you should …

  • You should have a say in whether or not records of your information can be linked to you The U.S. needs better laws, and why not?

  • Do you care whether Google or Facebook can deliver an ad to you based on your private information?

Katherine Deibel, Fluency in Information Technology


  • Login