This presentation is the property of its rightful owner.
Sponsored Links
1 / 56

Privacy PowerPoint PPT Presentation

  • Uploaded on
  • Presentation posted in: General

Privacy. Prepared by: Behrang Parhizkar. [email protected] Privacy Protection. Privacy Key concern of Internet users Top reason why nonusers still avoid the Internet

Download Presentation


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript



Prepared by:


[email protected]

Privacy protection

Privacy Protection

  • Privacy

    • Key concern of Internet users

    • Top reason why nonusers still avoid the Internet

    • to being able to keep certain information to ourselves and to control what happens to our personal information

Privacy issues

Privacy Issues

  • Anytime you submit information on the Internet, it is possible for it to be gathered by many individuals and used for various situations. Information can also be gathered from online data regarding:

    • School

    • Banking

    • Hospitals

    • Insurance

    • Credit History, etc.

  • If a company provides you with e-mail, the information you send is available to the company. The company can also monitor Internet logs to determine web sites that have been visited.

  • Privacy protection and the law

    Privacy Protection and the Law

    • Systems collect and store key data from every interaction with customers.

    • Many object to data collection policies of government and business.

    • Reasonable limits must be set

    • Historical perspective on the right to privacy

      • Fourth Amendment - reasonable expectation of privacy

    The right of privacy

    The Right of Privacy

    • Definition

      • “The right to be left alone—the most comprehensive of rights, and the right most valued by a free people”

    “The right of individuals to control the collection and use of information about themselves”

    The right of privacy1

    The Right of Privacy

    • Legal aspects

      • Protection from unreasonable intrusion upon one’s isolation

    Protection from appropriation of one’s name or likeness

    Summary of the 1980 oecd privacy principles

    Summary of the 1980 OECD Privacy Principles

    Organization for Economic Cooperation and Development 

    Legal overview the privacy act

    Legal Overview: The Privacy Act

    • Secure Flight airline safety program (2009)

      • Compares the names and information of 1.4 million daily U.S. airline passengers with data on known or suspected terrorists.

    • Is the latest proposed government system for running database checks on Americans who travel by air.

      • Secure Flight will match passenger information against blacklists maintained by the federal government.

        • Violation of Privacy Act

    Governmental electronic surveillance

    Governmental Electronic Surveillance

    • Judge must issue a court order based on probable cause

    • Almost never deny government requests

    • Federal Wiretap Act

      • Outlines processes to obtain court authorization for surveillance of all kinds of electronic communications

    “Roving tap” authority

    • Does not name specific telephone lines or e-mail accounts

    • Get access to all accounts are tied to a specific person

    Governmental electronic surveillance1

    Governmental Electronic Surveillance

    • Electronic Communications Privacy Act of 1986 (ECPA)

      • Sets standards for access to stored e-mail and other electronic communications and records.

      • Prosecutor does not have to justify requests

      • Judges are required to approve every request

      • Highly controversial

        • Especially collection of computer data sent over the Internet

    Governmental electronic surveillance2

    Governmental Electronic Surveillance

    • Foreign Intelligence Surveillance Act of 1978 (FISA)

      • Allows wiretapping of aliens and citizens in the United States

      • Against FBI, CIA & NSA for some illegal surveillance

      • Based on finding of probable cause that a target is

        • Member of a foreign terrorist group

        • Agent of a foreign power

    • Executive Order 12333

      • Legal authority for electronic surveillance outside the United States

    Governmental electronic surveillance3

    Governmental Electronic Surveillance

    • Communications Assistance for Law Enforcement Act (CALEA)

      • Requires the telecommunications industry to build tools into its products so that federal investigators can eavesdrop on conversations

        • After getting court approval

      • Contains a provision covering radio-based data communication

      • Includes voice over Internet (VoIP) technology

    Governmental electronic surveillance4

    Governmental Electronic Surveillance

    • USA Patriot Act of 2001

      • Gives sweeping new powers to

        • Domestic law enforcement against terrorism

        • International intelligence agencies

    Key provisions of the usa patriot act subject to sunset

    Key Provisions of the USA Patriot Act Subject to Sunset

    Key provisions of the usa patriot act subject to sunset1

    Key Provisions of the USA Patriot Act Subject to Sunset

    Identity theft

    Identity Theft

    • Theft of key pieces of personal information to gain access to a person’s financial accounts

    • Information includes:

      • Name

      • Address

      • Date of birth

      • Social Security number

      • Passport number

      • Driver’s license number

      • Mother’s maiden name

    Identity theft1

    Identity Theft

    Identity theft2

    Identity Theft

    • Fastest growing form of fraud in the United States

    • Lack of initiative in informing people whose data was stolen

    • Phishing

      • Attempt to steal personal identity data

      • By tricking users into entering information on a counterfeit Web site

    • Spear-phishing - a variation in which employees are sent phony e-mails that look like they came from high-level executives within their organization

    Phising and privacy

    Phising and privacy

    • For a demonstration of how a real phishing scheme works, visit The Privacy Rights Clearinghouse (PRC) is warning consumers about another form of fraud that can happen when online users reply to phishing emails.

    • The personal information they provide might be used to register web site domains that bilk unwitting online users out of funds they believe are being used for legitimate transactions.

    E mail used by phishers

    E-mail Used by Phishers

    Identity theft3

    Identity Theft

    • Spyware

      • Keystroke-logging software

      • Enables the capture of:

        • Account usernames

        • Passwords

        • Credit card numbers

        • Other sensitive information

      • Operates even if an infected computer is not connected to the Internet

    • Identity Theft and Assumption Deterrence Act of 1998 was passed to fight fraud

    Top 5 examples of spyware

    Top 5 Examples Of Spyware

    • CoolWebSearch: based on bugs of IE

    • Internet Optimizer (DyFuCa)

    • Zango

      •  Transmits detailed information to advertisers about the Web sites which you visit.

    • HuntBar (WinTools)

      • ActiveX msg pop up, once installed, steal the information

    • Zlob trojan

      • Download itself into your pc via ActiveX

    Consumer profiling

    Consumer Profiling

    • Companies openly collect personal information about Internet users

    • Cookies

      • Text files that a Web site puts on a user’s hard drive so that it can remember the information later

    • Tracking software

    • Similar methods are used outside the Web environment

    • Databases contain a huge amount of consumer behavioral data



    • The web site might offer you products or ads tailored to your interests, based on the contents of the cookie data.

    • Some, called third-party cookies, communicate data about you to an advertising clearinghouse which in turn shares that data with other online marketers.

    Consumer profiling1

    Consumer Profiling

    • Affiliated Web sites

      • Group of Web sites served by a single advertising network

    • Customized service for each consumer

    • Types of data collected while surfing the Web

      • GET data

      • POST data

      • Click-stream data

    Consumer profiling2

    Consumer Profiling

    • Four ways to limit or even stop the deposit of cookies on hard drives

      • Set the browser to limit or stop cookies

      • Manually delete them from the hard drive

      • Download and install a cookie-management program

      • Use anonymous browsing programs that don’t accept cookies

      • Cookie Monster 3.47

    Consumer profiling3

    Consumer Profiling

    • Platform for Privacy Preferences (P3P)

      • Is a protocol allowing websites to declare their intended use of information they collect about web browser users

    Manager s checklist for treating consumer data responsibly

    Manager’s Checklist for Treating Consumer Data Responsibly

    Privacy in workplace

    Privacy in Workplace

    • Employers will have access to personal information about employees and this information may be sensitive and employees may wish to keep this information private.

    This means that employers will need to think about the way in which they collect, use and disclose information they obtain from employees.

    Privacy in workplace1

    Privacy in Workplace

    • It is good privacy practice that the employer tell the employee why they are collecting the information and who the employer might pass that information on to.

    • Best practice:

      • employers allow employees to access personal information about themselves which is held by their employer.

    Workplace monitoring

    Workplace Monitoring

    Privacy advocates want federal legislation To keeps employers from infringing upon privacy rights of employees

    • Employers monitor workers

      • Ensures that corporate IT usage policy is followed

    • Fourth Amendment cannot be used to limit how a private employer treats its employees

      • Public-sector employees have far greater privacy rights than in the private industry

    Advanced surveillance technology

    Advanced Surveillance Technology

    • Camera surveillance

      • U.S. cities plan to expand surveillance systems

      • “Smart surveillance system”

    • Facial recognition software

      • Identifies criminal suspects and other undesirable characters

      • Yields mixed results

    • Global Positioning System (GPS) chips

      • Placed in many devices

      • Precisely locate users

    Privacy protection ten guidelines

    Privacy Protection: Ten guidelines

    • Remove personally identifiable data from storage media

    • Store an identical copy of any evidentiary media given to law enforcement

    • Limit search to goal of investigation

    • Handle time stamped events in strictest confidence

    • On networks, packet acknowledgement be via the use of tokens than IP addresses

    Privacy protection ten guidelines1

    Privacy Protection: Ten guidelines

    • Safe storage of all internal logs

    • Preservation of event logs in external nodes

    • Put policies in place for actionable items related to attacks

    • Put policies in place for safeguarding backed up data related to an investigation

    • Handle disposal of sensitive data in a secure manner

    Can online services track and record my activity

    Can online services track and record my activity?

    • Yes. Many people expect that their online activities are anonymous. They are not. It is possible to record virtually all online activities

      • This information can be collected by a subscriber's own ISP and by web site operators.

    Data profiling


    • As we make our way through everyday life, data is collected from each of us, frequently without our consent and often without our realization.

    • We pay our bills with credit cards and leave a data trail consisting of purchase amount, purchase type, date, and time.

    • Data is collected when we pay by check.

    • Our use of supermarket discount cards creates a comprehensive database of everything we buy.

    • When our car, equipped with a radio transponder, passes through an electronic toll booth, our account is debited and a record is created of the location, date, time, and account identification.

    • We leave a significant data trail when we surf the Internet and visit websites.

    • When we subscribe to a magazine, sign up for a book or music club, join a professional association, fill out a warranty card, give money to charities, donate to a political candidate, tithe to our church or synagogue, invest in mutual funds, when we make a telephone call, when we interact with a government agency . with all of these transactions we leave a data trail that is stored in a computer.



    • It's important to be aware of the information transmitted to remote computers by the software you use to browse web sites. The major browsers are Netscape Navigator and Microsoft Internet Explorer. Internet Explorer has P3P –platform for Privacy Preferences.

    • Most web browsers invisibly provide web site operators with information about your ISP as well as information about other web sites you have visited. Some web browsers, particularly if they have not been updated with security fixes, may be tricked into reporting the user's default e-mail address, phone number, and other information in the "address book" if the browser also handles your e-mail.

    Privacy policies and web seals

    Privacy policies and web seals

    • .The Federal Trade Commission urges commercial web site operators to spell out their information collection practices in privacy policies posted on their web sites. Most commercial web sites now post policies about their information-collection practices. Look for a privacy "seal of approval," such as TRUSTe (, on the first page of the web site. TRUSTe participants agree to post their privacy policies and submit to audits of their privacy practices in order to display the logo.

    • Other seals of approval are offered by the Council of Better Business Bureaus (BBB),, the American Institute of Certified Public Accountants, WebTrust,, and the Entertainment Software Rating Board,

    • Workplace monitoring. Individuals who access the Internet from work should know that employers are increasingly monitoring the Internet sites that an employee visits. Be sure to inquire about your employer's online privacy policy.

    Can an online service access information stored in my computer without my knowledge

    Can an online service access information stored in my computer without my knowledge?

    • Yes. Many of the commercial online services such as AOL automatically download graphics and program upgrades to the user's home computer.

    • Companies typically explain that they collect information such as users' hardware, software and usage patterns to provide better customer service.

    • It is difficult to detect these types of intrusions. You should be aware of this potential privacy abuse and investigate new services thoroughly before signing on.

    • Always read the privacy policy and the service agreement of any online service you intend to use.

    What about cybercafes airports and other publicly available internet terminals

    What about cybercafes, airports, and other publicly-available Internet terminals?

    • Youshould avoid using public terminals to access your bank account, check your credit card statement, pay bills, or access any other personally or financially sensitive information.

    • Publicly-available Internet terminals are not likely to be closely supervised to ensure online privacy and security. They are used by many individuals every day.

    • Find out if they have installed a program that clears Internet caches, deletes cookies, erases surfing history, and removes temporary files.

    What can i do to protect my privacy in cyberspace

    What can I do to protect my privacy in cyberspace?

    • password change

    • Look for the privacy policy of the online services you use. Most Internet Service Providers (ISP) have adopted privacy policies that they post on their web sites and other user documentation. When you surf the web, look for the privacy policies posted on the web sites you visit. Also look for a privacy "seal" such as TRUSTe or BBBOnline.

    • Check your browser's cookie settings. you may accept or reject all cookies, or you may allow only those cookies generated by the website you are visiting. You may want to set a security level for trusted websites while blocking cookie activity for all others.

    • Shop around. Investigate new services before using them. Post a question about a new service in a dependable forum or newsgroup. Use a search engine such as to find archived discussions and newsgroup postings about the service that you are considering.

    • Don’t post your private contents in the social networks.

    • Don’t use location-based social networks application for all of your individual work.

    Notes of caution

    Notes of Caution…

    • Assume that your online communications are notprivate unless you use encryption software. But most encryption programs are not user-friendly and can be inconvenient to use. If you do not use encryption, at least take the following precautions: Do not provide sensitive personal information (phone number, password, address, credit card number, Social Security number, your health information, date of birth, vacation dates, etc.) in chat rooms, forum postings, e-mail messages, or in your online biography

    • Be cautious of "start-up" software that registers you as a product user and makes an initial connection to the service for you. Typically, these programs require you to provide financial account data or other personal information, and then upload this information automatically to the service. These programs may be able to access records in your computer without your knowledge. Contact the service for alternative subscription methods.

    • Use a pseudonym and a non-descriptive e-mail address when you participate in public forums. Consider obtaining an e-mail address from one of the free web-based e-mail services such as or

    Notes of caution1

    Notes of Caution…

    • The "delete" command does not make your e-mail messages disappear. They can still be retrieved from back-up systems. Software utility programs can retrieve deleted messages from your hard drive. If you are concerned about permanently deleting messages and other files on your program, you should use a file erasing program such as the freeware program at or the cleanup features of general utility software such as Norton's ( CleanSweep.

    • Your online biography, if you create one, may be searched system-wide or remotely "fingered" by anyone. If for any reason you need to safeguard your identity, don't create an online "bio." Ask the system operator of your ISP to remove you from its online directory.

    • If you publish information on a personal web page, note that marketers and others may collect your address, phone number, e-mail address and other information that you provide. If you are concerned about your personal privacy, be discreet in your personal web site

    • Be aware that online activities leave electronic footprints for others to see. Your own ISP can determine what search engine terms you use, what web sites you visit, and the dates, times, and durations of your online sessions. Web site operators can often track the activities you engage in by placing "cookies" on your computer. They can learn additional information if they ask you to register on their site. Your web browser also can transmit information to web sites.

    Your policy for online obtaining information

    Your Policy for Online Obtaining Information

    • If you obtain personally identifiable information through online application forms, online surveys, interest lists, inquiry forms, and e-mail subscription forms, your policy must also describe what you use that information for, how long it is retained, how it can be updated or removed, and how it is protected from illegitimate access.

    • Your policy should explain who will have access to any information that is collected such as your web site administrator, organization staff, and board members.

    • The policy should explain if information is shared with third parties or other members and for what purpose or under what circumstances.

    Privacy issues of social networks

    Privacy issues of Social Networks

    • ’If you feel like someone is watching you, you're right. If you're worried about this, you have plenty of company. If you're not doing anything about this anxiety, you’re just like almost everyone else.’ (Bob Sullivan, 2011)

    Every minute of the day:

    • 100,000 tweets are sent• 684,478 pieces of content are shared on Facebook• 2 million search queries are made on Google• 48 hours of video are uploaded to YouTube• 47,000 apps are downloaded from the App Store• 3,600 photos are shared on Instagram• 571 websites are created• $272,000 is spent by consumers online (source: AllTwitter)(Source:

    Types of social networks

    Types of Social Networks

    Posting Content such as picture and video arise new privacy concerns due to their context revealing details about the physical and social context of the subject.

     if you’re using Gmail or Yahoo mail or Flickr or. YouTube or belong to Facebook … you’ve given up complete control of your personal information’

    Few cases

    Few cases …

    • Certain pictures or videos shared online have cost a number of people their jobs or ruined their job opportunities.

    • There is no rules or regulations to protect individuals from accidentally having an embarrassing photo or video taken of them and then posted on the web for others to see.

    • Adults are concerned about invasion of privacy, while teens freely give up personal information. This occurs because often teens are not aware of the public nature of the Internet.

      • More info :

    Privacy issues on facebook

    Privacy issues on Facebook

    • Facebook has met criticism on a range of issues, including online privacy, child safety and hate speech. 

      • You create a "Connection" to most of the things that you click a "Like button" for, and Facebook will treat those relationships as public information.

      • If you Like a Page on Facebook, that creates a public connection.

      • If you Like a movie or restaurant on a non-Facebook website (and if that site is using Facebook's OpenGraph system), that creates a public connection

    Even more serious case

    Even More Serious Case

    • In August 2007, the code used to generate Facebook's home and search page as visitors browse the site was accidentally made public, according to leading Internet news sites.

    • In November 2009, Facebook launched Beacon, a system where third-party websites could include a script by Facebook on their sites, and use it to send information about the actions of Facebook users on their site to Facebook, prompting serious privacy concerns.

    • In June 2011 Facebook enabled an automatic facial recognition feature called "Tag Suggestions". The feature compares newly uploaded photographs to those of the uploader's Facebook friends, in order to suggest photo tags.

    • Facebook has defended the feature, saying users can disable it. European Union data-protection regulators said they would investigate the feature to see if it violated privacy rules.

    What forbes says

    What Forbes says …

    • Facebook has essentially become a worldwide photo identification database.

    • These developments mean that we no longer have to worry just about what Facebook, Google+, LinkedIn and other social sites do with our data; we have to worry about what they enable others to do, too. And it now seems that others will be able to do a lot.

    You must know

    You MUST Know …

    • 4.7 million “liked” a Facebook page about health conditions or treatments (details an insurer might use against you);

    • 4.8 million have used Facebook to say where they planned to go on a certain day (a potential tip-off for burglars);

    • 20.4 million included their birth date, which can be used by identity thieves;

    • 39.3 million identified family members in their profile;

    • 900Kdiscussed finances on their wall;

    • 1.6 million liked a page pertaining to racial or ethnic affiliations;

    • 2.3 million liked a page regarding sexual orientation;

    • 7.7 million liked a page pertaining to a religious affiliation;

    • 2.6 million discussed their recreational use of alcohol on their wall;

    • 4.6 million discussed their love life on their wall. 

    Privacy issues with location based service

    Privacy issues with Location-based service

    Location-Based Social Networks (LBSN) derive from LBSs and are often referred to as Geosocial Networking.

    the connection between users goes beyond sharing physical locations but also involve sharing knowledge like common interests, behavior, and activities.

    Such pervasive tools represent a challenge to privacy.

    A serious case about lbsn

    A Serious Case about LBSN

    • In March 2012 Foursquare had to tackle the discovery of a Russian-built app called Girls Around Me. As the name suggests, Girls Around Me used Foursquare’s API to display and filter people by geographical position and gender, then, once a first list was compiled, the app was able to search in Facebook for those girls that had the two accounts linked together and, finally, provided their pictures to the app user. Foursuare replied to the issue by shutting down the app soon after its discovery, however Girls around Me, and similar app available on the market, posed serious questions of the nature of certain apps and their use. and further more it proved that LBSN offer services and features potentially threatening users privacy and safety

    Additional information

    Additional information..

    • Several public interest groups have sponsored the online Computer Privacy Guide at This site offers extensive tips, a glossary of terms, and video tutorials with step-by-step instructions on how to take advantage of privacy settings for the programs you use online

    • Cookies. To learn more about cookies blockers and other types of online filters, visit,,, and

    • Demonstration. To see a demonstration of the kind of information that can be captured about your computer via your browser when you surf the web, visit

    • Privacy-enhancing technologies. The EPIC web site provides a section on software products that you can use to add extra layers of protection when you surf the web, Also, visit the Privacy Links page of the Privacy Rights Clearinghouse for more software tools and products,

    • Spam. Find tips on how to reduce unsolicited e-mail messages at or To learn about state spam laws, go to

  • Login