Privacy
This presentation is the property of its rightful owner.
Sponsored Links
1 / 26

Privacy PowerPoint PPT Presentation


  • 99 Views
  • Uploaded on
  • Presentation posted in: General

Privacy. Michael May CIS551 – Computer and Network Security Fall 2004. Credit. Some material in this lecture comes from a presentation by Michael McDougall (2000). Outline. Introduction Classic Privacy Issues Solutions P3P DRM PDRM Case Study: Location Based Services. Introduction.

Download Presentation

Privacy

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Privacy

Privacy

Michael May

CIS551 – Computer and Network Security

Fall 2004

CIS551


Credit

Credit

  • Some material in this lecture comes from a presentation by Michael McDougall (2000)

CIS551


Outline

Outline

  • Introduction

  • Classic Privacy

    • Issues

    • Solutions

  • P3P

  • DRM

  • PDRM

  • Case Study: Location Based Services

CIS551


Introduction

Introduction

  • Definitions

  • Current issues

  • Legislation

CIS551


Definitions

Definitions

  • Anonymous

    • Having an unknown or unacknowledged name

    • Examples: cash transactions, voting

  • Privacy

    • Being alone and undisturbed

    • Example: window shades

  • Confidence

    • Firm trust, assured expectation

    • Something confided; secret

CIS551


Current issues

Current Issues

  • Identity Theft

    • 9.91 Million people affected

    • Average loss per victim - $500

    • http://www.ftc.gov/os/2003/09/synovatereport.pdf

  • Patriot Act

  • FISA

  • Online associations

CIS551


Legislation

Legislation

  • Graham Leach Bliley

    • Financial Services

  • HIPAA

    • Medical

  • Examples

CIS551


Financial privacy fidelity investments

Financial Privacy – Fidelity Investments

  • Fidelity has always considered the protection of sensitive information to be a foundation of customer trust and a sound business practice. We employ extensive physical, electronic and procedural controls in keeping with industry standards and practices, and we regularly adapt these controls to respond to changing requirements and advances in technology

  • Within Fidelity and among our service providers, we restrict access to personal information to those who require it to provide products and services to you. We may share the personal information that we collect with the following entities:

    • Affiliates, including affiliated service providers (for example, our data processing company and printing operation)

    • Unaffiliated service providers (for example, fulfillment companies and securities clearinghouses)

    • Government agencies, other regulatory bodies and law enforcement officials (for example, for tax purposes or for reporting suspicious transactions)

    • Other organizations, with your consent or as directed by your representative (for example, if you use Fidelity as a financial reference in applying for credit with another institution)

    • Other organizations, as permitted by law (for example, for fraud prevention)

    • As described below, in circumstances that apply only to certain subsets of Fidelity customers

CIS551


Hipaa

HIPAA

  • Columbia University Hospital

    • http://www.hr.columbia.edu/hr/html/body_hipaa_privacy_policy.html

  • Right to Request Restrictions.

  • You may request restrictions on certain uses and disclosures of your health information. You have the right to request a limit on the Health Plan's disclosure of your health information to someone involved in the payment of your care. However, the Health Plan is not required to agree to your request. If you wish to make a request for restrictions, please make your request in writing to the Privacy Officer (see contact information)

CIS551


Hipaa continued

HIPAA continued

  • Right to Receive Confidential Communications.

  • You have the right to request that the Health Plan communicate with you in a certain way if you feel the disclosure of your health information could endanger you. For example, you may ask that the Health Plan only communicate with you at a certain telephone number or by email. If you wish to receive confidential communications, please make your request in writing to the Privacy Officer (see contact information). The Health Plan will attempt to honor your reasonable requests for confidential communications.

  • Right to Inspect and Copy Your Health Information.

  • You have the right to inspect and copy your health information. A request to inspect and copy records containing your health information must be made in writing to the Privacy Officer (see contact information).  If you request a copy of your health information, the Health Plan may charge a reasonable fee for copying, assembling costs and postage, if applicable, associated with your request.

CIS551


Goals in prevention

Goals in prevention

  • Feeling watched

  • Eeriness of knowledge

  • Power

CIS551


Classic privacy ideas

Classic Privacy Ideas

  • Mixes

    • Sent information through a stranger

  • Crowd

    • Anonymous routing

  • Digital Cash

    • Signed by a bank and untraceable

  • Privacy Preserving Data Mining

    • Due to R. Agrawal and R. Srikant, 2000

    • Example

  • Anonymity

    • Anonymous mail servers

CIS551


P3p w3c

P3P (W3C)

  • Model

    • HTTP interactions

  • Web Based Privacy Issues

  • Example

    • http://friendsofbolivia.org.uk/w3c/policy.xml

  • Issues

    • Adoption

    • Enforcement

    • Interpretation

CIS551


P3p cont

P3P Cont.

  • Meant to hold off legislation

  • Never strongly adopted by major companies

  • Browsers didn’t do it – so people didn’t

  • Cookies permissions

CIS551


Question

Question:

  • Ever share files?

CIS551


Digital rights management

Digital Rights Management

  • Make the files enforce the rules

    • Companies don’t trust the consumer

  • Applies to

    • Music

    • Movies

    • E-Books

  • Microsoft code

CIS551


Drm cont

DRM cont.

  • DMCA

    • Companies suing John Does for money

    • Recently began suing students

  • Where does it come to privacy?

    • ISPs have records of who has what IP address

    • Can media companies demand those records to sue?

CIS551


Extensible rights management language

eXtensible rights Management Language

  • Content Guard, Inc.

  • XML language for describing rights and rules

  • Model

    • Provider signs “Grant”

    • Grant embedded in media file

  • Trusted player/reader follows only the rules in the license

CIS551


Privacy

XrML

  • Example

CIS551


Privacy

PDRM

  • Turn DRM on its head

    • You license data to them

  • Companies make money off data

    • Direct Marketing

    • Media habits

  • Who pays for it? The consumer

  • Work with C. Gunter and S. Stubblebine, 2004

CIS551


Pdrm cont

PDRM Cont.

  • Own your data

    • Assert control over its use

    • Gain benefit

    • System that licenses use from the subject of the data

  • Example

  • Tracking data movement

    • Transfer

    • Accuracy reduction

    • Permissions based on licenses

CIS551


Location based services

Location Based Services

  • Cell phone tracks you

    • Where are you?

    • Directions

    • Nearby stores

  • Technology already out there

  • Manage the 2-way flow of info

  • How can the data be used?

CIS551


Lbs cont

LBS Cont.

  • Cases

    • EZ Pass transponder

      • Tracks when you pass through toll booth and where

      • Can track even as you drive by

      • What can the data be used for?

    • RFID tags

      • Can fit thousands into a vial

      • Interrogation by anybody

      • Can anybody scan what’s in your pocket or in your apt?

CIS551


Lbs cont1

LBS Cont.

  • PDA Location Service

  • 802.11 Wireless Infrastructure

  • GeoLocation Service

  • GeoInformation Service

  • License use of data

    • Sign a digital contract once

    • Afterwards all data collected is under that license

CIS551


Summary

Summary

  • Privacy issue blurry but essential

  • Breakdown of information secrecy worrying, but can yield amazing results

  • Govt has begun enforcing some rules, but not all

  • Personal privacy belongs to the upper echelon of tech users

    • Bring that down to Earth

CIS551


References

References

  • Graham Leach Bliley

    • http://banking.senate.gov/conf/

  • HIPAA

    • http://www.hhs.gov/ocr/hipaa/

  • P3P

    • http://www.w3.org/P3P/

CIS551


  • Login