1 / 26

Privacy - PowerPoint PPT Presentation

  • Uploaded on

Privacy. Michael May CIS551 – Computer and Network Security Fall 2004. Credit. Some material in this lecture comes from a presentation by Michael McDougall (2000). Outline. Introduction Classic Privacy Issues Solutions P3P DRM PDRM Case Study: Location Based Services. Introduction.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Privacy' - jera

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript


Michael May

CIS551 – Computer and Network Security

Fall 2004



  • Some material in this lecture comes from a presentation by Michael McDougall (2000)



  • Introduction

  • Classic Privacy

    • Issues

    • Solutions

  • P3P

  • DRM

  • PDRM

  • Case Study: Location Based Services



  • Definitions

  • Current issues

  • Legislation



  • Anonymous

    • Having an unknown or unacknowledged name

    • Examples: cash transactions, voting

  • Privacy

    • Being alone and undisturbed

    • Example: window shades

  • Confidence

    • Firm trust, assured expectation

    • Something confided; secret


Current issues
Current Issues

  • Identity Theft

    • 9.91 Million people affected

    • Average loss per victim - $500


  • Patriot Act

  • FISA

  • Online associations



  • Graham Leach Bliley

    • Financial Services


    • Medical

  • Examples


Financial privacy fidelity investments
Financial Privacy – Fidelity Investments

  • Fidelity has always considered the protection of sensitive information to be a foundation of customer trust and a sound business practice. We employ extensive physical, electronic and procedural controls in keeping with industry standards and practices, and we regularly adapt these controls to respond to changing requirements and advances in technology

  • Within Fidelity and among our service providers, we restrict access to personal information to those who require it to provide products and services to you. We may share the personal information that we collect with the following entities:

    • Affiliates, including affiliated service providers (for example, our data processing company and printing operation)

    • Unaffiliated service providers (for example, fulfillment companies and securities clearinghouses)

    • Government agencies, other regulatory bodies and law enforcement officials (for example, for tax purposes or for reporting suspicious transactions)

    • Other organizations, with your consent or as directed by your representative (for example, if you use Fidelity as a financial reference in applying for credit with another institution)

    • Other organizations, as permitted by law (for example, for fraud prevention)

    • As described below, in circumstances that apply only to certain subsets of Fidelity customers



  • Columbia University Hospital


  • Right to Request Restrictions.

  • You may request restrictions on certain uses and disclosures of your health information. You have the right to request a limit on the Health Plan's disclosure of your health information to someone involved in the payment of your care. However, the Health Plan is not required to agree to your request. If you wish to make a request for restrictions, please make your request in writing to the Privacy Officer (see contact information)


Hipaa continued
HIPAA continued

  • Right to Receive Confidential Communications.

  • You have the right to request that the Health Plan communicate with you in a certain way if you feel the disclosure of your health information could endanger you. For example, you may ask that the Health Plan only communicate with you at a certain telephone number or by email. If you wish to receive confidential communications, please make your request in writing to the Privacy Officer (see contact information). The Health Plan will attempt to honor your reasonable requests for confidential communications.

  • Right to Inspect and Copy Your Health Information.

  • You have the right to inspect and copy your health information. A request to inspect and copy records containing your health information must be made in writing to the Privacy Officer (see contact information).  If you request a copy of your health information, the Health Plan may charge a reasonable fee for copying, assembling costs and postage, if applicable, associated with your request.


Goals in prevention
Goals in prevention

  • Feeling watched

  • Eeriness of knowledge

  • Power


Classic privacy ideas
Classic Privacy Ideas

  • Mixes

    • Sent information through a stranger

  • Crowd

    • Anonymous routing

  • Digital Cash

    • Signed by a bank and untraceable

  • Privacy Preserving Data Mining

    • Due to R. Agrawal and R. Srikant, 2000

    • Example

  • Anonymity

    • Anonymous mail servers


P3p w3c
P3P (W3C)

  • Model

    • HTTP interactions

  • Web Based Privacy Issues

  • Example


  • Issues

    • Adoption

    • Enforcement

    • Interpretation


P3p cont
P3P Cont.

  • Meant to hold off legislation

  • Never strongly adopted by major companies

  • Browsers didn’t do it – so people didn’t

  • Cookies permissions



  • Ever share files?


Digital rights management
Digital Rights Management

  • Make the files enforce the rules

    • Companies don’t trust the consumer

  • Applies to

    • Music

    • Movies

    • E-Books

  • Microsoft code


Drm cont
DRM cont.

  • DMCA

    • Companies suing John Does for money

    • Recently began suing students

  • Where does it come to privacy?

    • ISPs have records of who has what IP address

    • Can media companies demand those records to sue?


Extensible rights management language
eXtensible rights Management Language

  • Content Guard, Inc.

  • XML language for describing rights and rules

  • Model

    • Provider signs “Grant”

    • Grant embedded in media file

  • Trusted player/reader follows only the rules in the license



  • Example



  • Turn DRM on its head

    • You license data to them

  • Companies make money off data

    • Direct Marketing

    • Media habits

  • Who pays for it? The consumer

  • Work with C. Gunter and S. Stubblebine, 2004


Pdrm cont
PDRM Cont.

  • Own your data

    • Assert control over its use

    • Gain benefit

    • System that licenses use from the subject of the data

  • Example

  • Tracking data movement

    • Transfer

    • Accuracy reduction

    • Permissions based on licenses


Location based services
Location Based Services

  • Cell phone tracks you

    • Where are you?

    • Directions

    • Nearby stores

  • Technology already out there

  • Manage the 2-way flow of info

  • How can the data be used?


Lbs cont
LBS Cont.

  • Cases

    • EZ Pass transponder

      • Tracks when you pass through toll booth and where

      • Can track even as you drive by

      • What can the data be used for?

    • RFID tags

      • Can fit thousands into a vial

      • Interrogation by anybody

      • Can anybody scan what’s in your pocket or in your apt?


Lbs cont1
LBS Cont.

  • PDA Location Service

  • 802.11 Wireless Infrastructure

  • GeoLocation Service

  • GeoInformation Service

  • License use of data

    • Sign a digital contract once

    • Afterwards all data collected is under that license



  • Privacy issue blurry but essential

  • Breakdown of information secrecy worrying, but can yield amazing results

  • Govt has begun enforcing some rules, but not all

  • Personal privacy belongs to the upper echelon of tech users

    • Bring that down to Earth



  • Graham Leach Bliley




  • P3P