1 / 70

Privacy

Privacy. Week 5 - February 13, 15. Privacy laws. Terminology. Data subject The person whose data is collected Data controller The entity responsible for collected data Primary use of personal information (primary purpose)

axel
Download Presentation

Privacy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Privacy Week 5 - February 13, 15

  2. Privacy laws

  3. Terminology • Data subject • The person whose data is collected • Data controller • The entity responsible for collected data • Primary use of personal information (primary purpose) • Using information for the purposes intended by the data subjects when they provided the information • Secondary use of personal information (secondary purpose) • Using information for purposes that go beyond the primary purpose

  4. OECD fair information principles http://www.datenschutz-berlin.de/gesetze/internat/ben.htm • Collection limitation • Data quality • Purpose specification • Use limitation • Security safeguards • Openness • Individual participation • Accountability

  5. US FTC simplified principles • Notice and disclosure • Choice and consent • Data security • Data quality and access • Recourse and remedies US Federal Trade Commission, Privacy Online: A Report to Congress (June 1998), http://www.ftc.gov/reports/privacy3/

  6. Laws and regulations • Privacy laws and regulations vary widely throughout the world • US has mostly sector-specific laws, with relatively minimal protections • Federal Trade Commission has jurisdiction over fraud and deceptive practices • Federal Communications Commission regulates telecommunications • European Data Protection Directive requires all European Union countries to adopt similar comprehensive privacy laws • Privacy commissions in each country (some countries have national and state commissions) • Many European companies non-compliant with privacy laws (2002 study found majority of UK web sites non-compliant) • Safe Harbor allows US companies to self-certify compliance

  7. US law basics • Constitutional law governs the rights of individuals with respect to the government • Tort law governs disputes between private individuals or other private entities

  8. US Constitution • No explicit privacy right, but a zone of privacy recognized in its penumbras, including • 1st amendment (right of association) • 3rd amendment (prohibits quartering of soldiers in homes) • 4th amendment (prohibits unreasonable search and seizure) • 5th amendment (no self-incrimination) • 9th amendment (all other rights retained by the people) • Penumbra: “fringe at the edge of a deep shadow create by an object standing in the light” (Smith 2000, p. 258, citing Justice William O. Douglas in Griswold v. Connecticut)

  9. Federal statutes and state laws • Federal statutes • Tend to be narrowly focused • State law • State constitutions may recognize explicit right to privacy (Georgia, Hawaii) • State statutes and common (tort) law • Local laws and regulations (for example: ordinances on soliciting anonymously)

  10. Four aspects of privacy tort • You can sue for damages for the following torts (Smith 2000, p. 232-233) • Disclosure of truly intimate facts • May be truthful • Disclosure must be widespread, and offensive or objectionable to a person of ordinary sensibilities • Must not be newsworthy or legitimate public interest • False light • Personal information or picture published out of context • Misappropriation (or right of publicity) • Commercial use of name or face without permission • Intrusion into a person’s solitude

  11. Some US privacy laws • Bank Secrecy Act, 1970 • Fair Credit Reporting Act, 1971 • Privacy Act, 1974 • Right to Financial Privacy Act, 1978 • Cable TV Privacy Act, 1984 • Video Privacy Protection Act, 1988 • Family Educational Right to Privacy Act, 1993 • Electronic Communications Privacy Act, 1994 • Freedom of Information Act, 1966, 1991, 1996

  12. US law – recent additions • HIPAA (Health Insurance Portability and Accountability Act, 1996) • When implemented, will protect medical records and other individually identifiable health information • COPPA (Children‘s Online Privacy Protection Act, 1998) • Web sites that target children must obtain parental consent before collecting personal information from children under the age of 13 • GLB (Gramm-Leach-Bliley-Act, 1999) • Requires privacy policy disclosure and opt-out mechanisms from financial service institutions

  13. Safe harbor • Membership • US companies self-certify adherence to requirements • Dept. of Commerce maintains signatory list http://www.export.gov/safeharbor/ • Signatories must provide • notice of data collected, purposes, and recipients • choice of opt-out of 3rd-party transfers, opt-in for sensitive data • access rights to delete or edit inaccurate information • security for storage of collected data • enforcement mechanisms for individual complaints • Approved July 26, 2000 by EU • reserves right to renegotiate if remedies for EU citizens prove to be inadequate

  14. Privacy policies • Policies let consumers know about site’s privacy practices • Consumers can decide whether practices are acceptable, when to opt-out • Presence increases consumer trust • Make companies subject to FTC privacy-related enforcement • Rapid adoption 1998-2001* * G.R. Milne and M.J. Culnan 2002. Using the Content of Online Privacy Notices to Inform Public Policy: A Longitudinal Analysis of the 1998-2002 US Web Surveys. The Information Society 18, 5, 245-359.

  15. Privacy policy problems • BUT policies are often • difficult to understand • hard to find • take a long time to read • change without notice

  16. Identification of site, scope, contact info Types of information collected Including information about cookies How information is used Conditions under which information might be shared Information about opt-in/opt-out Information about access Information about data retention policies Information about seal programs Security assurances Children’s privacy Privacy policy components There is lots of informationto convey -- but policyshould be brief andeasy-to-read too! What is opt-in? What is opt-out?

  17. How are online privacy concerns different from offline privacy concerns?

  18. Web privacy concerns • Data is often collected silently • Web allows large quantities of data to be collected inexpensively and unobtrusively • Data from multiple sources may be merged • Non-identifiable information can become identifiable when merged • Data collected for business purposes may be used in civil and criminal proceedings • Users given no meaningful choice • Few sites offer alternatives

  19. Browsers chatter about IP address, domain name, organization, Referring page Platform: O/S, browser What information is requested URLs and search terms Cookies To anyone who might be listening End servers System administrators Internet Service Providers Other third parties Advertising networks Anyone who might subpoena log files later Browser Chatter

  20. Typical HTTP request with cookie GET /retail/searchresults.asp?qu=beer HTTP/1.0 Referer: http://www.us.buy.com/default.asp User-Agent: Mozilla/4.75 [en] (X11; U; NetBSD 1.5_ALPHA i386) Host: www.us.buy.com Accept: image/gif, image/jpeg, image/pjpeg, */* Accept-Language:en Cookie:buycountry=us; dcLocName=Basket; dcCatID=6773; dcLocID=6773; dcAd=buybasket; loc=; parentLocName=Basket; parentLoc=6773; ShopperManager%2F=ShopperManager%2F=66FUQULL0QBT8MMTVSC5MMNKBJFWDVH7; Store=107; Category=0

  21. Referer log problems • GET methods result in values in URL • These URLs are sent in the referer header to next host • Example: http://www.merchant.com/cgi_bin/order?name=Tom+Jones&address=here+there&credit+card=234876923234&PIN=1234&->index.html • Access log example

  22. Cookies • What are cookies? • What are people concerned about cookies? • What useful purposes do cookies serve?

  23. Cookies 101 • Cookies can be useful • Used like a staple to attach multiple parts of a form together • Used to identify you when you return to a web site so you don’t have to remember a password • Used to help web sites understand how people use them • Cookies can do unexpected things • Used to profile users and track their activities, especially across web sites

  24. How cookies work – the basics • A cookie stores a small string of characters • A web site asks your browser to “set” a cookie • Whenever you return to that site your browser sends the cookie back automatically Please store cookie xyzzy Here is cookie xyzzy site browser site browser First visit to site Later visits

  25. Cookies are only sent back to the “site” that set them – but this may be any host in domain Sites setting cookies indicate path, domain, and expiration for cookies Cookies can store user info or a database key that is used to look up user info – either way the cookie enables info to be linked to the current browsing session How cookies work – advanced Send me with requests for index.html on y.x.com for this session only Send me with any request to x.com until 2008 DatabaseUsers … Email … Visits … User=Joe Email=Joe@x.com Visits=13 User=4576904309

  26. Cookie terminology • Cookie Replay – sending a cookie back to a site • Session cookie – cookie replayed only during current browsing session • Persistent cookie – cookie replayed until expiration date • First-party cookie – cookie associated with the site the user requested • Third-party cookie – cookie associated with an image, ad, frame, or other content from a site with a different domain name that is embedded in the site the user requested • Browser interprets third-party cookie based on domain name, even if both domains are owned by the same company

  27. Web bugs • Invisible “images” (1-by-1 pixels, transparent) embedded in web pages and cause referer info and cookies to be transferred • Also called web beacons, clear gifs, tracker gifs,etc. • Work just like banner ads from ad networks, but you can’t see them unless you look at the code behind a web page • Also embedded in HTML formatted email messages, MS Word documents, etc. • For software to detect web bugs see: http://www.bugnosis.org

  28. How data can be linked • Every time the same cookie is replayed to a site, the site may add information to the record associated with that cookie • Number of times you visit a link, time, date • What page you visit • What page you visited last • Information you type into a web form • If multiple cookies are replayed together, they are usually logged together, effectively linking their data • Narrow scoped cookie might get logged with broad scoped cookie

  29. search for medical information buy CD replay cookie set cookie Ad Ad Ad networks Ad companycan get yourname and address fromCD order andlink them to your search Search Service CD Store

  30. Personal data: Email address Full name Mailing address (street, city, state, and Zip code) Phone number Transactional data: Details of plane trips Search phrases used at search engines Health conditions What ad networks may know… “It was not necessary for me to click on the banner ads for information to be sent to DoubleClick servers.” – Richard M. Smith

  31. Online and offline merging • In November 1999, DoubleClick purchased Abacus Direct, a company possessing detailed consumer profiles on more than 90% of US households. • In mid-February 2000 DoubleClick announced plans to merge “anonymous” online data with personal information obtained from offline databases • By the first week in March 2000 the plans were put on hold • Stock dropped from $125 (12/99) to $80 (03/00)

  32. Offline data goes online… The Cranor family’s 25 most frequentgrocerypurchases (sorted by nutritional value)!

  33. Subpoenas • Data on online activities is increasingly of interest in civil and criminal cases • The only way to avoid subpoenas is to not have data • In the US, your files on your computer in your home have much greater legal protection that your files stored on a server on the network

  34. P3P: Introduction Original Idea behind P3P • A framework for automated privacy discussions • Web sites disclose their privacy practices in standard machine-readable formats • Web browsers automatically retrieve P3P privacy policies and compare them to users’ privacy preferences • Sites and browsers can then negotiate about privacy terms

  35. P3P: Introduction P3P history • Idea discussed at November 1995 FTC meeting • Ad Hoc “Internet Privacy Working Group” convened to discuss the idea in Fall 1996 • W3C began working on P3P in Summer 1997 • Several working groups chartered with dozens of participants from industry, non-profits, academia, government • Numerous public working drafts issued, and feedback resulted in many changes • Early ideas about negotiation and agreement ultimately removed • Automatic data transfer added and then removed • Patent issue stalled progress, but ultimately became non-issue • P3P issued as official W3C Recommendation on April 16, 2002 • http://www.w3.org/TR/P3P/

  36. P3P: Introduction P3P1.0 – A first step • Offers an easy way for web sites to communicate about their privacy policies in a standard machine-readable format • Can be deployed using existing web servers • This will enable the development of tools that: • Provide snapshots of sites’ policies • Compare policies with user preferences • Alert and advise the user

  37. P3P: Introduction The basics • P3P provides a standard XML format that web sites use to encode their privacy policies • Sites also provide XML “policy reference files” to indicate which policy applies to which part of the site • Sites can optionally provide a “compact policy” by configuring their servers to issue a special P3P header when cookies are set • No special server software required • User software to read P3P policies called a “P3P user agent”

  38. P3P: Enabling your web site – overview and options What’s in a P3P policy? • Name and contact information for site • The kind of access provided • Mechanisms for resolving privacy disputes • The kinds of data collected • How collected data is used, and whether individuals can opt-in or opt-out of any of these uses • Whether/when data may be shared and whether there is opt-in or opt-out • Data retention policy

  39. P3P version Location ofhuman-readableprivacy policy P3P policy name Site’s nameandcontactinfo Access disclosure Human-readableexplanation How data maybe used Statement Data recipients Data retention policy Types of data collected P3P/XML encoding <POLICIES xmlns="http://www.w3.org/2002/01/P3Pv1"> <POLICY discuri="http://p3pbook.com/privacy.html" name="policy"> <ENTITY> <DATA-GROUP> <DATA ref="#business.contact-info.online.email">privacy@p3pbook.com </DATA> <DATA ref="#business.contact-info.online.uri">http://p3pbook.com/ </DATA> <DATA ref="#business.name">Web Privacy With P3P</DATA> </DATA-GROUP> </ENTITY> <ACCESS><nonident/></ACCESS> <STATEMENT> <CONSEQUENCE>We keep standard web server logs.</CONSEQUENCE> <PURPOSE><admin/><current/><develop/></PURPOSE> <RECIPIENT><ours/></RECIPIENT> <RETENTION><indefinitely/></RETENTION> <DATA-GROUP> <DATA ref="#dynamic.clickstream"/> <DATA ref="#dynamic.http"/> </DATA-GROUP> </STATEMENT> </POLICY> </POLICIES>

  40. P3P: Introduction P3P1.0 Spec Defines • A standard vocabulary for describing set of uses, recipients, data categories, and other privacy disclosures • A standard schema for data a Web site may wish to collect (base data schema) • An XML format for expressing a privacy policy in a machine readable way • A means of associating privacy policies with Web pages or sites • A protocol for transporting P3P policies over HTTP

  41. P3P: Introduction GET /index.html HTTP/1.1 Host: www.att.com . . . Request web page HTTP/1.1 200 OK Content-Type: text/html . . . Send web page A simple HTTP transaction WebServer

  42. P3P: Introduction GET /w3c/p3p.xml HTTP/1.1 Host: www.att.com Request Policy Reference File Send Policy Reference File Request P3P Policy Send P3P Policy GET /index.html HTTP/1.1 Host: www.att.com . . . Request web page HTTP/1.1 200 OK Content-Type: text/html . . . Send web page … with P3P 1.0 added WebServer

  43. P3P: Introduction Transparency • P3P clients can check a privacy policy each time it changes • P3P clients can check privacy policies on all objects in a web page, including ads and invisible images http://www.att.com/accessatt/ http://adforce.imgis.com/?adlink|2|68523|1|146|ADFORCE

  44. P3P: Introduction P3P in IE6 Automatic processing of compact policies only; third-party cookies without compact policies blocked by default Privacy icon on status bar indicates that a cookie has been blocked – pop-up appears the first time the privacy icon appears

  45. P3P: Introduction Users can click on privacy icon forlist of cookies; privacy summariesare available atsites that are P3P-enabled

  46. P3P: Introduction Privacy summary report isgenerated automaticallyfrom full P3P policy

  47. P3P: Introduction P3P in Netscape 7 Preview version similar to IE6, focusing, on cookies; cookies without compact policies (both first-party and third-party) are “flagged” rather than blocked by default Indicates flagged cookie

  48. P3P: Introduction Users can view English translation of (part of) compact policy in Cookie Manager

  49. P3P: Introduction A policy summary can be generated automatically from full P3P policy

  50. Privacy Bird • Free download of beta from http://privacybird.com/ • Origninally developed at AT&T Labs • Released as open source • “Browser helper object” for IE6 • Reads P3P policies at all P3P-enabled sites automatically • Bird icon at top of browser window indicates whether site matches user’s privacy preferences • Clicking on bird icon gives more information

More Related