“The poorest man may in his cottage bid defiance to all the force of the crown.”
1 / 30

- PowerPoint PPT Presentation

  • Uploaded on

“The poorest man may in his cottage bid defiance to all the force of the crown.” --- William Pitt, Prime-minister of Great Britain, 1783 – 1801 and 1804- till his death in 1806.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about '' - LeeJohn

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Slide1 l.jpg

“The poorest man may in his cottage bid defiance to all the force of the crown.”

--- William Pitt, Prime-minister of Great Britain, 1783 – 1801 and 1804- till his death in 1806

From fear and freedom on the internet peter singer professor of bio ethics princeton university l.jpg
From “ the force of the crown.”Fear and Freedom on the Internet “ --Peter Singer, Professor of Bio-ethics, Princeton University

“There’s really no way to …repress information today, and I think

that’s a wonderful advance we can all feel good about... This is a

medium of total openness and total freedom, and that’s what

makes it so special.”

-- Bill Gates, October 2005

Two newsitems of Jan 2006:

  • At the request of China’s rulers, Microsoft shut down the website of Zhao Jing , a Chinese blogger, who had been reporting on a strike by journalists at The Beijing News that followed the dismissal of the newspaper’s independent-minded editor.. The blog was hosted on MSN Spaces in USA.

  • Microsoft’s blog tool in China filters words like “democracy” and “human rights” from blog titles, to comply with local laws.

Today s news l.jpg
Today’s news the force of the crown.”

Wednesday, Jan 25, 2006

Google officially launched a new www.google.cn site that plans to filter out or block links to material likely to be considered politically sensitive by China's ruling Communist Party.

Internet privacy a definition l.jpg
INTERNET PRIVACY: a DEFINITION the force of the crown.”

The ability

  • to control what information one reveals about oneself over the Internet, and

  • to control who can access that information.

    Experts in the field of Internet privacy: Internet privacy does not really exist.

    Privacy advocates believe that it should exist.

    Reference: http://en.wikipedia.org/wiki/Internet_privacy as of September 18, 2007

Privacy l.jpg
PRIVACY the force of the crown.”

  • Right to a sense of personal autonomy

  • Right to have information about oneself used fairly

    ensuring that organizations act fairly in the way they (i) collect (ii) store (iii) use and (iv) disclose one’s personal information

  • Right to be left alone

  • Right to decide what part of one’s personal information is to be shared with (i) doctor (ii) employer (iii) banker (iv) neighbor (v) friend or (vi) stranger

Who cares l.jpg
Who cares? the force of the crown.”

  • 2004:US government: introduced free ‘do not call’ service: 28 million phone numbers registered within a month

  • 2001 Survey in Australia: 90% Australians consider it important how their personal information is used by organizations and to whom it is disclosed.

Costs of privacy l.jpg
Costs of Privacy the force of the crown.”

  • Privacy of data  its non-availability at some time, when required

  • Attempts to retain privacy  inconvenience or forgoing certain benefits

Privacy protection l.jpg
Privacy protection the force of the crown.”

  • To shield innocent persons from an overzealous government

    Profiling can lead to a misinterpretation of accurate information

  • To permit every one to preserve her/his dignity and autonomy

    To not let governments and big corporations to have and to exercise undue power over individuals

Privacy protection and public interest l.jpg
Privacy protection and the force of the crown.” Public Interest

  • To support freedom of expression, freedom of speech and freedom of association.

  • Anonymity fosters creativity.

  • Permits individuals to make a fresh start and become useful members of society.

  • Privacy protection is integral to trust.

    Trust is the cornerstone of a strong relationship.

How to protect l.jpg
How to protect? the force of the crown.”

  • Records should be kept for no longer than necessary.

  • Records , if inaccurate, must be deleted or corrected.

    Sometimes not possible to delete:

    Example: Health records wrongly state that you have diabetes. Accordingly some wrong treatment was started. If the record is deleted, the reason why the wrong treatment was given will also go and the medication history will not make sense.

  • Be proactive in defense of privacy.

    The default barriers of time, distance and cost, against publication and retention of your private information, have vanished.


  • Right to research vs autonomy;

  • Right to forget vs. Right to know

Risks l.jpg
Risks the force of the crown.”

  • Stealing information through Cookies (Example: Cross-site scripting )

  • Browsing profile

  • Weak spot: ISP

  • Spyware, Phishing, malicious proxy servers

  • Web-bug: techniques used to track who is reading a web page or e-mail, when, and from what computer. They can also be used to see if an e-mail was forwarded to someone else.

The google age l.jpg
The Google age the force of the crown.”

  • “We are becoming a transparent society of record such that documentation of our past history, current identity, location, communication and physiological and psychological states and behavior is increasingly possible. With predictive profiles and DNA there are even claims to be able to know individual futures”. Gary Marx, “Privacy and Technology”, Telektronik, January 1996.

Health information acts stress privacy l.jpg
Health Information Acts stress PRIVACY the force of the crown.”

  • Apply to hospitals, doctors, laboratories, insurance companies, employers etc

  • Allow individuals to be informed about their health care

  • Provide both privacy and legitimate access to health information

Facts and needs l.jpg
Facts and needs the force of the crown.”

  • Personal information: available in tens of data-bases under the control of different organizations.

  • Onus on the person to correct his information,

    when he does not even know about all the places, where his information is.

  • Ownership? vs Control?


    • PRIVACY,



Proposed systems l.jpg
Proposed Systems the force of the crown.”

  • IBM: a third party to maintain and release information by following certain rules

  • Information to be maintained by the owner

Ownership of data l.jpg
Ownership of data the force of the crown.”

Ownership may not mean

  • Write-access

    Ex: Government-owned information:

    social security number, passport ( A

    government can revoke a passport);

    Financial information:

    Annual Tax returns, bank balances

  • Read- access

    Ex: Reports by: physicians, laboratories

    Reference: for the next set of slides: Carrie Gates, Jacob Slonim ,“ Owner-Controlled Information,” http://flame.cs.dal.ca/~gates/papers/nspw03.ps.

Ownership of data continued l.jpg
Ownership of data ….continued the force of the crown.”

Ownership means

  • Permitting others to access part of the information

    • Role-based access control, augmented by location (say in a hospital, when both the owner and the doctor are in the same room)

  • Deciding about individuals, who can access it in case of disability

  • Deciding about overarching access in case of an emergency/ in case of death

  • Societal Needs to access

    • For medical research

    • For identifying concerned individuals

      Example: spread of SARS

Escrowed encryption standard ees l.jpg
Escrowed Encryption Standard (EES) the force of the crown.”

  • EES: uses key escrow method of enabling eavesdropping by authorized government agencies, under a court order. (FIPS 185)

  • escrow: a deed, a bond, money, or a piece of property held in trust by a third party to be turned over to the grantee (in this case- a Law Enforcement Agency) only upon fulfillment of a condition

    Reference: Merriam-Webster’s Online Dictionary

Skipjack l.jpg
SKIPJACK the force of the crown.”

  • encryption/decryptionalgorithm used by EES

  • can be incorporated into voice, facsimile (fax), and computer data devices

  • Has a Law-Enforcement Access Field (LEAF), and two LEAF decryption keys

  • Clipper: the chip designed through US Dept of Commerce grants in 1994

    Reference:http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci837181,00.html as of September 18, 2007

Escrowed encryption l.jpg
Escrowed Encryption the force of the crown.”

  • Research in Escrowed encryption standard abandoned after 1994

    Ref.: http://csrc.nist.gov/publications/fips/fips185/fips185.txt

  • Partial key Escrow

    that obey the secret sharing property (that any k pieces of the key can reconstruct the key, but that no t pieces provide information about the key, where t < k)

    Ref.: http://www.cse.ucsd.edu/users/mihir/papers/escrow.html

Physical ownership l.jpg
Physical Ownership the force of the crown.”

Need for an individual to carry information with him:

  • Ownership and control

  • Distributed and incomplete information: likely to be non-synchronized and erroneous

  • May not be available, when required

  • Can allow access to appropriate parts of information to various entities under specified conditions

  • Misused in spite of assurances

    Ex: census information supposed to be retained for 99 years only for research; after 9/11, the president made it available to law-enforcement agencies

Problems of physical ownership l.jpg
Problems of Physical Ownership the force of the crown.”

  • Theft of identity

  • Loss and recreation of information

  • Requirement of Temper-proof hardware and protected storage areas

  • To encash a cheque, without a cenralized data?

  • How to ensure that the authorized user has not made a copy of the data released to him?

  • Provision for expiry of data (like passport, health card, driving license

  • Secure back-ups

  • A friendly User interface and granularity of information

Trust l.jpg
Trust the force of the crown.”

  • No one is a super-user?

  • Non-repudiated Audit Trail

  • Alerts, in case unauthorized change has been done.

    Ex: A bank may

    • sign the information, when it writes into the personal device.

    • inserts a hash in the database.

    • Next time when the device is presented to the Bank, it verifies the hash before starting the transaction.

  • IDS to detect if someone tries to copy the data.

  • Existing services l.jpg
    Existing services the force of the crown.”

    1. Microsoft Passport service:

    • a single sign-on service

    • may contain e-wallet containing billing and shipping information

      (e-Wallet: safely stores

    • name,

    • address,

    • credit-card numbers,

    • password and

      any other information needed for purchase from e-commerce sites )

      References: 1. https://www.passport.net/

      2. http://www.projectliberty.org/

    Existing services continued l.jpg
    Existing services …. continued the force of the crown.”

    MS wanted to extend Passport to XML based Hailstorm to contain

    • calendars,

    • phone books,

    • address books,

    • documents, using passport authentication mechanism. However the project was abandoned in the face of criticism.

      2. Liberty Alliance of 150 companies for a federated identity infrastructure:

  • Links databases maintained at a number of organizations rather than at a single (set of ) servers

  • Existing services continued 2 l.jpg
    Existing services …. Continued 2 the force of the crown.”

    3. Persona Project at Oregon State University

    • single sign-on,

    • consumer-centered identity model, that is distributed across multiple systems

    • holds a user's personal information, including identity, passwords, preferences and e-wallet information

    • can be accessed via desktops, personal digital assistants (PDAs), cell phones, and even from cybercafes.

    The persona project l.jpg
    The Persona project the force of the crown.”

    • The persona is "an active software agent that encapsulates private and personal data and performs a range of authentication and personalization services on behalf of its owner.“

      The basic premise:

    • The user: authenticates himself to his persona.

    • The persona: acts on behalf of the user to supply on-line information such as billing information or personal schedules.

    • Access to this information: moderated by the access control rules employed by the user (e.g. so that only a limited number of companies can access credit card information, for example).

      Ref.: http://www.cs.pdx.edu/~ktoth/index_files/ RHASPersonaPaperTothSubramaniumV6.pdf

    Issues l.jpg
    Issues the force of the crown.”


    • Authentication of the owner through biometric information

    • Authentication of every one allowed to have a read or write access

      References: 1. Electronic Privacy Information Center (EPIC)


      2 M.Fairhurst, R.Guest, F. Deravi and J. George,” Using Biometrics as an enabling technology in balancing universality and selectivity for management of information access,” Universal Access: Theoretical Perspectives, Practice and Experience: 7th ERCIM International Workshop on User Interface for All, Paris France Oct 24-25, 2002, Springer-Verlag Lecture Notes in CS 2615, pp 249-259

    Implementation of privacy policies l.jpg
    Implementation of Privacy Policies the force of the crown.”

    Implementation requires

    • a careful study of the Vulnerabilities and Requirements of the Organization;

    • formulation of appropriate Security and Privacy policies;

    • development of the Architecture of the Security system;

    • selection of Security Technologies;

    • verification whether the design of the system conforms to the statutory requirements and standards.

    Assignment i l.jpg
    Assignment I the force of the crown.”

    • Use Ataraxis; Topic: Internet Privacy


      • ACM Digital Library, IEEE Explorer and Lecture Notes in Computer Science series at Leddy Library Electronic offerings

      • Researchers: Sweeney L., Malin B., Clifton C., Vaidya J.

      • Computers Freedom and Privacy Conference (http://www.cfp.org/)

      • Anonymity project (http://idtrail.org/)

      • Electronics Privacy Information Center (http://www.epic.org/)

      • http://www.privacy.org/, http://www.privacyinternational.org/

      • Studies on Privacy Vulnerabilities by John Hopkins Information Security Institute (http://web.jhu.edu/jhuisi/)