Privacy

ECT 582

Robin Burke

Outline

Homework #6 Privacy

basicsrelationship to securityprivacy policies and requirements

Homework #6

Privacy

Privacy is the interest that individuals have in sustaining a 'personal space', free from interference by other people and organizations.

– Roger Clarke

Forms of privacy

privacy of the person privacy of personal behavior privacy of personal

communications privacy of personal data

Person

Bodily privacy Issues

compulsory immunizationcompulsory drug testingcompulsory sterilisationabortion

Behavior

Issuessexual orientationpolitical activismreligionI-Pass

Relatedmedia privacy

Communication

Issueswiretappingencryption

Data

Information privacy Issues

availability of personal datacontrol over collected information

Competing interests

intra-personalinformation privacy vs access to credit

inter-personalbehavior privacy vs health risk

organizationalbody privacy vs insurance risk

Privacy protection

Balancingprivacy interestother interests

Contextpartiesinterestsissues

Privacy in E-Commerce

Means data privacy Questions

what information is collected about visitors to a site?

what is done with that information?how are users informed of possible

uses of their data?

Surveillance

Personal surveillancetracking an individual

Mass surveillancetracking a large group

When using personal datadataveillance

E-commerce data

Transactions Site registration info

often included email address Site visitations Browsing history Platform info

from browser headers

Dataveillance techniques

Front-end verification linking data in an application form against

data in other systems Computer matching

merging of data from separate information systems creating a merged profile

Profiling identifying characteristics of "interesting"

individuals in advance searching databases for matches

Identification

weaker than authentication relationship between a system and an

individual to be recognized An entity may have many identities

same business multiple contacts same business multiple brandnames same individual multiple email addresses same individual different user ids

Identity

Anonymousdata is not associated with any

individual Personally-identified

data is associated with identifying user information

Spectrum

Totally private site accepts only e-cash delivers goods to pre-arranged dropoff points

Totally invasive site installs trojan horse which downloads

sensitive data data correlated with user's activites online

and offline data sold to anybody and everybody

Issues

Need to knowthe system shouldn't collect more

information than is necessary for a transaction

Third partiesdisclosure to one organization should

not mean disclosure to the world Technical disclosure

interaction leaks technical information

Anonymization

Services exist to "anonymize" web interactionsssl connection to proxy serverproxy server emits web requestsproxy server gets responses and

encrypts back to userproxy server may alter content

• handling cookies & web bugs• modifying request headers

The data trail

Personal data transaction records are essential to business

relationships especially to next-generation e-commerce

services like personalization also evaluating web site quality and features

Problem these records have to most potential for

privacy problem

Psuedonymity

Pseudonomousdata is associated with a consistent

persona• not directly linked to an individual

Exampleschat-room personaeBay user name

Benefits

Provide stable identityremoved by anonymizers

Allow for personalized services Good fit for "multi-role" lives Lower privacy risk But

idea not widely supported in e-commerce

Legal framework for privacy

Children's privacyCOPPA

Self-regulationprivacy seal

Fair information practices

Guidelines from the FTC Notice Choice Access Security

Notice

Consumers should be given clear and conspicuous notice of an entity's information practices before any personal information is collected from them

Should consist of what data will be collected who is collecting data who will get the data how the data will be collected how the data will be used how the data will be protected whether data is mandatory or optional

Choice

Consumers should be given options as to how any personal information collected from them may be used for purposes beyond those necessary to complete a contemplated transaction.

Secondary usesplacement on a (e)mailing listtransfer to third partyusability evaluation

Access

An individual's ability both to access data about him or herself and to contest that data's accuracy and completeness.

Difficult to implementesp. authentication

Least popular

Security

Protection of personal information against unauthorized access, use, or disclosure, and against loss or destruction.

COPPA

Guidelines become mandatory for children under 13

Required posted privacy policy parental consent

• except for email addresses in some conditions

re-verify consent when policy changes allow parental review of collected data allow parent opt-out

Privacy seals

TRUSTe BBBOnLine Privacy CPA WebTrust Entertainment Software Ratings

Board

TRUSTe

Non-profit consortium Process

privacy policyself-assessment

• http://www.truste.org/webpublishers/Self_Assessment_v8.html

remote audit of web siteannual review

BBBOnLine Privacy

Offered by Better Business BureauMust be a BBB member

Similar process to TRUSTe

CPA WebTrust

Franchise available to CPAs licensed by WebTrust

Differenceson-site auditsemi-annual review

(They also do Certification Authorities)

ESRB Privacy

For game sites Process similar to TRUSTe

on-site auditquarterly anonymous reviewquarterly anonymous spot-checks

Final exam

Submit via COL 9 pm 11/20 No late exams!