Introduction to Privacy

1
Introduction to Privacy

• January 28, 2007

2
Administrivia

• Collect homework and human subjects certificates
• Student survey forms

3
(No Transcript)
4
Outline

• What is privacy?
• Privacy laws and self-regulation
• Privacy risks from personalization
• Reducing privacy risks

5
What is privacy?
6
What does privacy mean to you?

• How would you define privacy?
• What does it mean to you for something to be
  private?

7
Concept versus right

• Privacy as concept
• What is it
• How and why it is valued
• Privacy as right
• How it is (or should be) protected
• By law
• By policy
• By technology

8
Hard to define

• Privacy is a value so complex, so entangled in
  competing and contradictory dimensions, so
  engorged with various and distinct meanings, that
  I sometimes despair whether it can be usefully
  addressed at all.
• Robert C. Post, Three Concepts of Privacy, 89
  Geo. L.J. 2087 (2001).

9
Some definitions from the literature

• Personhood
• Intimacy
• Secrecy
• Contextual integrity
• Limited access to the self
• Control over information

10
Limited access to self

• the right to be let alone
• Samuel D. Warren and Louis D. Brandeis, The
  Right to Privacy, 4 Harv. L. Rev. 193 (1890)
• our concern over
• our accessibility to others the extent to which
  we are known to others, the extent to which
  others have physical access to us, and the extent
  to which we are the subject of others attention.
• - Ruth Gavison, Privacy and the Limits of the
  Law, Yale Law Journal 89 (1980)

Being alone. - Shane (age 4)
11
Control over information

• Privacy is the claim of individuals, groups or
  institutions to determine for themselves when,
  how, and to what extent information about them is
  communicated to others.
• each individual is continually engaged in a
  personal adjustment process in which he balances
  the desire for privacy with the desire for
  disclosure and communication.
• Alan Westin, Privacy and Freedom, 1967

12
Realizing limited access and control

• Limited access
• Laws to prohibit or limit collection, disclosure,
  contact
• Technology to facilitate anonymous transactions,
  minimize disclosure
• Control
• Laws to mandate choice (opt-in/opt-out)
• Technology to facilitate informed consent, keep
  track of and enforce privacy preferences

13
Westins four states of privacy

• Solitude
• individual separated from the group and freed
  from the observation of other persons
• Intimacy
• individual is part of a small unit
• Anonymity
• individual in public but still seeks and finds
  freedom from identification and surveillance
• Reserve
• the creation of a psychological barrier against
  unwanted intrusion - holding back communication

14
Britney Spears We just need privacy

• You have to realize that we're people and that
  we need, we just need privacy and we need our
  respect, and those are things that you have to
  have as a human being.
• Britney Spears15 June 2006NBC Dateline

http//www.cnn.com/2006/SHOWBIZ/Music/06/15/people
.spears.reut/index.html
15
Only a goldfish can live without privacy
Is this true? Can humans live without privacy?
16
Privacy as animal instinct

• Is privacy necessary for species survival?

Eagles eating a deer carcass http//www.learner.or
g/jnorth/tm/eagle/CaptureE63.html
17
Privacy laws and self-regulation
18
OECD fair information principles

• http//www.datenschutz-berlin.de/gesetze/internat/
  ben.htm
• Collection limitation
• Data quality
• Purpose specification
• Use limitation
• Security safeguards
• Openness
• Individual participation
• Accountability

19
US FTC simplified principles

• Notice and disclosure
• Choice and consent
• Data security
• Data quality and access
• Recourse and remedies
• US Federal Trade Commission, Privacy Online A
  Report to Congress (June 1998),
  http//www.ftc.gov/reports/privacy3/

20
Privacy laws around the world

• Privacy laws and regulations vary widely
  throughout the world
• US has mostly sector-specific laws, with
  relatively minimal protections - often referred
  to as patchwork quilt
• Federal Trade Commission has jurisdiction over
  fraud and deceptive practices
• Federal Communications Commission regulates
  telecommunications
• European Data Protection Directive requires all
  European Union countries to adopt similar
  comprehensive privacy laws that recognize privacy
  as fundamental human right
• Privacy commissions in each country (some
  countries have national and state commissions)
• Many European companies non-compliant with
  privacy laws (2002 study found majority of UK web
  sites non-compliant)

21
Some US privacy laws

• Bank Secrecy Act, 1970
• Fair Credit Reporting Act, 1971
• Privacy Act, 1974
• Right to Financial Privacy Act, 1978
• Cable TV Privacy Act, 1984
• Video Privacy Protection Act, 1988
• Family Educational Right to Privacy Act, 1993
• Electronic Communications Privacy Act, 1994
• Freedom of Information Act, 1966, 1991, 1996

22
US law recent additions

• HIPAA (Health Insurance Portability and
  Accountability Act, 1996)
• When implemented, will protect medical records
  and other individually identifiable health
  information
• COPPA (Childrens Online Privacy Protection Act,
  1998)
• Web sites that target children must obtain
  parental consent before collecting personal
  information from children under the age of 13
• GLB (Gramm-Leach-Bliley-Act, 1999)
• Requires privacy policy disclosure and opt-out
  mechanisms from financial service institutions

23
Voluntary privacy guidelines

• Direct Marketing Association Privacy Promise
  http//www.thedma.org/library/privacy/privacyprom
  ise.shtml
• Network Advertising Initiative Principles
  http//www.networkadvertising.org/
• CTIA Location-based privacy guidelineshttp//www.
  wow-com.com/news/press/body.cfm?record_id907

24
(No Transcript)
25
Chief privacy officers

• Companies are increasingly appointing CPOs to
  have a central point of contact for privacy
  concerns
• Role of CPO varies in each company
• Draft privacy policy
• Respond to customer concerns
• Educate employees about company privacy policy
• Review new products and services for compliance
  with privacy policy
• Develop new initiatives to keep company out front
  on privacy issue
• Monitor pending privacy legislation

26
Seal programs

• TRUSTe http//www.truste.org
• BBBOnline http//www.bbbonline.org
• CPA WebTrust http//www.cpawebtrust.org/
• Japanese Privacy Mark http//privacymark.org/

27
Seal program problems

• Certify only compliance with stated policy
• Limited ability to detect non-compliance
• Minimal privacy requirements
• Dont address privacy issues that go beyond the
  web site
• Nonetheless, reporting requirements are forcing
  licensees to review their own policies and
  practices and think carefully before introducing
  policy changes

28
Privacy policies

• Policies let consumers know about sites privacy
  practices
• Consumers can then decide whether or not
  practices are acceptable, when to opt-in or
  opt-out, and who to do business with
• The presence of privacy policies increases
  consumer trust

What are some problems with privacy policies?
29
Privacy policy problems

• BUT policies are often
• difficult to understand
• hard to find
• take a long time to read
• change without notice

30
Privacy policy components

• Identification of site, scope, contact info
• Types of information collected
• Including information about cookies
• How information is used
• Conditions under which information might be
  shared
• Information about opt-in/opt-out
• Information about access
• Information about data retention policies
• Information about seal programs

• Security assurances
• Childrens privacy

There is lots of informationto convey -- but
policyshould be brief andeasy-to-read too!
What is opt-in? What is opt-out?
31
Short Notices

• Project organized by Hunton Williams law firm
• Create short version (short notice) of a
  human-readable privacy notice for both web sites
  and paper handouts
• Sometimes called a layered notice as short
  version would advise people to refer to long
  notice for more detail
• Now being called highlights notice
• Focus on reducing privacy policy to at most 7
  boxes
• Standardized format but only limited
  standardization of language
• Proponents believe highlights format may
  eventually be mandated by law
• Alternative proposals from privacy advocates
  focus on check boxes
• Interest Internationally
• http//www.privacyconference2003.org/resolution.as
  p
• Interest in the US for financial privacy notices
• http//www.ftc.gov/privacy/privacyinitiatives/ftcf
  inalreport060228.pdf

32
(No Transcript)
33
(No Transcript)
34
(No Transcript)
35
Checkbox proposal
WE SHARE DO NOT SHARE PERSONAL INFORMATION WITH
OTHER WEBSITES OR COMPANIES. Collection
YES NO We collect personal information
directly from you ? ? We collect information
about you from other sources ? ? We use cookies
on our website ? ? We use web bugs or other
invisible collection methods ? ? We install
monitoring programs on your computer ? ? Uses
We use information about you to With
Your Without Your Consent Consent Send
you advertising mail ? ? Send you electronic
mail ? ? Call you on the telephone ? ? Shar
ing We allow others to use your information
to With Your Without Your Consent Consent
Maintain shared databases about
you ? ? Send you advertising mail ? ? Send
you electronic mail ? ? Call you on the
telephone N/A N/A Access You can see and
correct ALL, SOME, NONE of the information we
have about you. Choices You can opt-out of
receiving from Us Affiliates Third
Parties Advertising mail ? ? ? Electronic
mail ? ? ? Telemarketing ? ? N/A Retention
We keep your personal data for Six Months
Three Years Forever Change We can change
our data use policy AT ANY TIME, WITH NOTICE TO
YOU, ONLY FOR DATA COLLECTED IN THE FUTURE
36
(No Transcript)
37
(No Transcript)
38
(No Transcript)
39
Platform for Privacy Preferences Project (P3P)

• Developed by the World Wide Web Consortium (W3C)
  http//www.w3.org/p3p/
• Final P3P1.0 Recommendation issued 16 April 2002
• Offers an easy way for web sites to communicate
  about their privacy policies in a standard
  machine-readable format
• Can be deployed using existing web servers
• Enables the development of tools (built into
  browsers or separate applications) that
• Summarize privacy policies
• Compare policies with user preferences
• Alert and advise users

40
Basic components

• P3P provides a standard XML format that web sites
  use to encode their privacy policies
• Sites also provide XML policy reference files
  to indicate which policy applies to which part of
  the site
• Sites can optionally provide a compact policy
  by configuring their servers to issue a special
  P3P header when cookies are set
• No special server software required
• User software to read P3P policies called a P3P
  user agent

41
Whats in a P3P policy?

• Name and contact information for site
• The kind of access provided
• Mechanisms for resolving privacy disputes
• The kinds of data collected
• How collected data is used, and whether
  individuals can opt-in or opt-out of any of these
  uses
• Whether/when data may be shared and whether there
  is opt-in or opt-out
• Data retention policy

42
A simple HTTP transaction
WebServer
43
with P3P 1.0 added
WebServer
44
P3P increases transparency

• P3P clients can check a privacy policy each time
  it changes
• P3P clients can check privacy policies on all
  objects in a web page, including ads and
  invisible images

http//www.att.com/accessatt/
http//adforce.imgis.com/?adlink2685231146ADF
ORCE
45
P3P in IE6
Automatic processing of compact policies
only third-party cookies without compact
policies blocked by default
Privacy icon on status bar indicates that a
cookie has been blocked pop-up appears the
first time the privacy icon appears
46
Users can click on privacy icon forlist of
cookies privacy summariesare available
atsites that are P3P-enabled
47
Privacy summary report isgenerated
automaticallyfrom full P3P policy
48
P3P in Netscape 7
Preview version similar to IE6, focusing, on
cookies cookies without compact policies (both
first-party and third-party) are flagged rather
than blocked by default
Indicates flagged cookie
49
Privacy Bird

• Free download of beta from http//privacybird.com/
  
• Origninally developed at ATT Labs
• Released as open source
• Browser helper object for IE6
• Reads P3P policies at all P3P-enabled sites
  automatically
• Bird icon at top of browser window indicates
  whether site matches users privacy preferences
• Clicking on bird icon gives more information

50
Chirping bird is privacy indicator
51
Red bird indicates mismatch
52
Check embedded content too
53
Privacy settings
54
ExampleSending flowers
55
(No Transcript)
56
(No Transcript)
57
Privacy Finder

• Prototype developed at ATT Labs, improved and
  deployed by CUPS
• Uses Google or Yahoo! API to retrieve search
  results
• Checks each result for P3P policy
• Evaluates P3P policy against users preferences
• Reorders search results
• Composes search result page with privacy
  annotations next to each P3P-enabled result
• Users can retrieve Privacy Report similar to
  Privacy Bird policy summary

58
Demo
59
P3P Resources

• For further information on P3P see
• http//www.w3.org/P3P/
• http//p3ptoolbox.org/
• http//p3pbook.com/

60
Privacy risks from personalization
61
Unsolicited marketing

• Desire to avoid unwanted marketing causes some
  people to avoid giving out personal information

62
My computer can figure things out about me

• The little people inside my computer might know
  its me
• and they might tell their friends

63
Inaccurate inferences

• My TiVo thinks Im gay!

64
Surprisingly accurate inferences
Everyone wants to be understood. No one wants to
be known.
65
You thought that on the Internet nobody knew you
were a dog
but then you started getting personalized ads
for your favorite brand of dog food
66
Price discrimination

• Concerns about being charged higher prices
• Concerns about being treated differently

67
Revealing private information to other users of a
computer

• Revealing info to family members or co-workers
• Gift recipient learns about gifts in advance
• Co-workers learn about a medical condition
• Revealing secrets that can unlock many accounts
• Passwords, answers to secret questions, etc.

68
The Cranor familys 25 most frequentgrocerypurc
hases (sorted by nutritional value)!
69
Exposing secrets to criminals

• Stalkers, identity thieves, etc.
• People who break into account may be able to
  access profile info
• People may be able to probe recommender systems
  to learn profile information associated with
  other users

70
Subpoenas

• Records are often subpoenaed in patent disputes,
  child custody cases, civil litigation, criminal
  cases

71
Government surveillance

• Governments increasingly looking for personal
  records to mine in the name of fighting terrorism
• People may be subject to investigation even if
  they have done nothing wrong

72
Little Brother as Big Brother
73
(No Transcript)
74
Risks may be magnified in future

• Wireless location tracking
• Semantic web applications
• Ubiquitous computing

75
If youre not careful, you may violate data
protection laws

• Some jurisdictions have privacy laws that
• Restrict how data is collected and used
• Require that you give notice, get consent, or
  offer privacy-protective options
• Impose penalties if personal information is
  accidentally exposed