Privacy - PowerPoint PPT Presentation

About This Presentation
Title:

Privacy

Description:

(Smith 2000, p. 258, citing Justice William O. Douglas in Griswold v. Connecticut) ... www.merchant.com/cgi_bin/order?name=Tom Jones&address=here there&credit car d ... – PowerPoint PPT presentation

Number of Views:86
Avg rating:3.0/5.0
Slides: 71
Provided by: cupsC
Learn more at: http://cups.cs.cmu.edu
Category:
Tags: griswold | privacy | tom

less

Transcript and Presenter's Notes

Title: Privacy


1
Privacy
  • Week 5 - February 13, 15

2
Privacy laws
3
Terminology
  • Data subject
  • The person whose data is collected
  • Data controller
  • The entity responsible for collected data
  • Primary use of personal information (primary
    purpose)
  • Using information for the purposes intended by
    the data subjects when they provided the
    information
  • Secondary use of personal information (secondary
    purpose)
  • Using information for purposes that go beyond the
    primary purpose

4
OECD fair information principles
  • http//www.datenschutz-berlin.de/gesetze/internat/
    ben.htm
  • Collection limitation
  • Data quality
  • Purpose specification
  • Use limitation
  • Security safeguards
  • Openness
  • Individual participation
  • Accountability

5
US FTC simplified principles
  • Notice and disclosure
  • Choice and consent
  • Data security
  • Data quality and access
  • Recourse and remedies
  • US Federal Trade Commission, Privacy Online A
    Report to Congress (June 1998),
    http//www.ftc.gov/reports/privacy3/

6
Laws and regulations
  • Privacy laws and regulations vary widely
    throughout the world
  • US has mostly sector-specific laws, with
    relatively minimal protections
  • Federal Trade Commission has jurisdiction over
    fraud and deceptive practices
  • Federal Communications Commission regulates
    telecommunications
  • European Data Protection Directive requires all
    European Union countries to adopt similar
    comprehensive privacy laws
  • Privacy commissions in each country (some
    countries have national and state commissions)
  • Many European companies non-compliant with
    privacy laws (2002 study found majority of UK web
    sites non-compliant)
  • Safe Harbor allows US companies to self-certify
    compliance

7
US law basics
  • Constitutional law governs the rights of
    individuals with respect to the government
  • Tort law governs disputes between private
    individuals or other private entities

8
US Constitution
  • No explicit privacy right, but a zone of privacy
    recognized in its penumbras, including
  • 1st amendment (right of association)
  • 3rd amendment (prohibits quartering of soldiers
    in homes)
  • 4th amendment (prohibits unreasonable search and
    seizure)
  • 5th amendment (no self-incrimination)
  • 9th amendment (all other rights retained by the
    people)
  • Penumbra fringe at the edge of a deep shadow
    create by an object standing in the light
  • (Smith 2000, p. 258, citing Justice William O.
    Douglas in Griswold v. Connecticut)

9
Federal statutes and state laws
  • Federal statutes
  • Tend to be narrowly focused
  • State law
  • State constitutions may recognize explicit right
    to privacy (Georgia, Hawaii)
  • State statutes and common (tort) law
  • Local laws and regulations (for example
    ordinances on soliciting anonymously)

10
Four aspects of privacy tort
  • You can sue for damages for the following torts
    (Smith 2000, p. 232-233)
  • Disclosure of truly intimate facts
  • May be truthful
  • Disclosure must be widespread, and offensive or
    objectionable to a person of ordinary
    sensibilities
  • Must not be newsworthy or legitimate public
    interest
  • False light
  • Personal information or picture published out of
    context
  • Misappropriation (or right of publicity)
  • Commercial use of name or face without permission
  • Intrusion into a persons solitude

11
Some US privacy laws
  • Bank Secrecy Act, 1970
  • Fair Credit Reporting Act, 1971
  • Privacy Act, 1974
  • Right to Financial Privacy Act, 1978
  • Cable TV Privacy Act, 1984
  • Video Privacy Protection Act, 1988
  • Family Educational Right to Privacy Act, 1993
  • Electronic Communications Privacy Act, 1994
  • Freedom of Information Act, 1966, 1991, 1996

12
US law recent additions
  • HIPAA (Health Insurance Portability and
    Accountability Act, 1996)
  • When implemented, will protect medical records
    and other individually identifiable health
    information
  • COPPA (Childrens Online Privacy Protection Act,
    1998)
  • Web sites that target children must obtain
    parental consent before collecting personal
    information from children under the age of 13
  • GLB (Gramm-Leach-Bliley-Act, 1999)
  • Requires privacy policy disclosure and opt-out
    mechanisms from financial service institutions

13
Safe harbor
  • Membership
  • US companies self-certify adherence to
    requirements
  • Dept. of Commerce maintains signatory list
    http//www.export.gov/safeharbor/
  • Signatories must provide
  • notice of data collected, purposes, and
    recipients
  • choice of opt-out of 3rd-party transfers, opt-in
    for sensitive data
  • access rights to delete or edit inaccurate
    information
  • security for storage of collected data
  • enforcement mechanisms for individual complaints
  • Approved July 26, 2000 by EU
  • reserves right to renegotiate if remedies for EU
    citizens prove to be inadequate

14
Privacy policies
  • Policies let consumers know about sites privacy
    practices
  • Consumers can decide whether practices are
    acceptable, when to opt-out
  • Presence increases consumer trust
  • Make companies subject to FTC privacy-related
    enforcement
  • Rapid adoption 1998-2001
  • G.R. Milne and M.J. Culnan 2002. Using the
    Content of Online Privacy Notices to Inform
    Public Policy A Longitudinal Analysis of the
    1998-2002 US Web Surveys. The Information
    Society 18, 5, 245-359.

15
Privacy policy problems
  • BUT policies are often
  • difficult to understand
  • hard to find
  • take a long time to read
  • change without notice

16
Privacy policy components
  • Identification of site, scope, contact info
  • Types of information collected
  • Including information about cookies
  • How information is used
  • Conditions under which information might be
    shared
  • Information about opt-in/opt-out
  • Information about access
  • Information about data retention policies
  • Information about seal programs
  • Security assurances
  • Childrens privacy

There is lots of informationto convey -- but
policyshould be brief andeasy-to-read too!
What is opt-in? What is opt-out?
17
  • How are online privacy concerns different from
    offline privacy concerns?

18
Web privacy concerns
  • Data is often collected silently
  • Web allows large quantities of data to be
    collected inexpensively and unobtrusively
  • Data from multiple sources may be merged
  • Non-identifiable information can become
    identifiable when merged
  • Data collected for business purposes may be used
    in civil and criminal proceedings
  • Users given no meaningful choice
  • Few sites offer alternatives

19
Browser Chatter
  • Browsers chatter about
  • IP address, domain name, organization,
  • Referring page
  • Platform O/S, browser
  • What information is requested
  • URLs and search terms
  • Cookies
  • To anyone who might be listening
  • End servers
  • System administrators
  • Internet Service Providers
  • Other third parties
  • Advertising networks
  • Anyone who might subpoena log files later

20
Typical HTTP request with cookie
  • GET /retail/searchresults.asp?qubeer HTTP/1.0
  • Referer http//www.us.buy.com/default.asp
  • User-Agent Mozilla/4.75 en (X11 U NetBSD
    1.5_ALPHA i386)
  • Host www.us.buy.com
  • Accept image/gif, image/jpeg, image/pjpeg, /
  • Accept-Language en
  • Cookie buycountryus dcLocNameBasket
    dcCatID6773 dcLocID6773 dcAdbuybasket loc
    parentLocNameBasket parentLoc6773
    ShopperManager2FShopperManager2F66FUQULL0QBT8M
    MTVSC5MMNKBJFWDVH7 Store107 Category0

21
Referer log problems
  • GET methods result in values in URL
  • These URLs are sent in the referer header to next
    host
  • Example
  • http//www.merchant.com/cgi_bin/order?nameTomJon
    esaddressheretherecreditcard234876923234PIN
    1234-gtindex.html
  • Access log example

22
Cookies
  • What are cookies?
  • What are people concerned about cookies?
  • What useful purposes do cookies serve?

23
Cookies 101
  • Cookies can be useful
  • Used like a staple to attach multiple parts of a
    form together
  • Used to identify you when you return to a web
    site so you dont have to remember a password
  • Used to help web sites understand how people use
    them
  • Cookies can do unexpected things
  • Used to profile users and track their activities,
    especially across web sites

24
How cookies work the basics
  • A cookie stores a small string of characters
  • A web site asks your browser to set a cookie
  • Whenever you return to that site your browser
    sends the cookie back automatically

Please store cookie xyzzy
Here is cookie xyzzy
browser
site
browser
site
First visit to site
Later visits
25
How cookies work advanced
  • Cookies are only sent back to the site that set
    them but this may be any host in domain
  • Sites setting cookies indicate path, domain, and
    expiration for cookies
  • Cookies can store user info or a database key
    that is used to look up user info either way
    the cookie enables info to be linked to the
    current browsing session

Send me with requests for index.html on y.x.com
for this session only
Send me with any request to x.com until 2008
DatabaseUsers Email Visits
UserJoe EmailJoe_at_x.com Visits13
User4576904309
26
Cookie terminology
  • Cookie Replay sending a cookie back to a site
  • Session cookie cookie replayed only during
    current browsing session
  • Persistent cookie cookie replayed until
    expiration date
  • First-party cookie cookie associated with the
    site the user requested
  • Third-party cookie cookie associated with an
    image, ad, frame, or other content from a site
    with a different domain name that is embedded in
    the site the user requested
  • Browser interprets third-party cookie based on
    domain name, even if both domains are owned by
    the same company

27
Web bugs
  • Invisible images (1-by-1 pixels, transparent)
    embedded in web pages and cause referer info and
    cookies to be transferred
  • Also called web beacons, clear gifs, tracker
    gifs,etc.
  • Work just like banner ads from ad networks, but
    you cant see them unless you look at the code
    behind a web page
  • Also embedded in HTML formatted email messages,
    MS Word documents, etc.
  • For software to detect web bugs see
    http//www.bugnosis.org

28
How data can be linked
  • Every time the same cookie is replayed to a site,
    the site may add information to the record
    associated with that cookie
  • Number of times you visit a link, time, date
  • What page you visit
  • What page you visited last
  • Information you type into a web form
  • If multiple cookies are replayed together, they
    are usually logged together, effectively linking
    their data
  • Narrow scoped cookie might get logged with broad
    scoped cookie

29
Ad networks
Ad companycan get yourname and address fromCD
order andlink them to your search
Search Service
CD Store
30
What ad networks may know
  • Personal data
  • Email address
  • Full name
  • Mailing address (street, city, state, and Zip
    code)
  • Phone number
  • Transactional data
  • Details of plane trips
  • Search phrases used at search engines
  • Health conditions

It was not necessary for me to click on the
banner ads for information to be sent to
DoubleClick servers. Richard M. Smith
31
Online and offline merging
  • In November 1999, DoubleClick purchased Abacus
    Direct, a company possessing detailed consumer
    profiles on more than 90 of US households.
  • In mid-February 2000 DoubleClick announced plans
    to merge anonymous online data with personal
    information obtained from offline databases
  • By the first week in March 2000 the plans were
    put on hold
  • Stock dropped from 125 (12/99) to 80 (03/00)

32
Offline data goes online
The Cranor familys 25 most frequentgrocerypurc
hases (sorted by nutritional value)!
33
Subpoenas
  • Data on online activities is increasingly of
    interest in civil and criminal cases
  • The only way to avoid subpoenas is to not have
    data
  • In the US, your files on your computer in your
    home have much greater legal protection that your
    files stored on a server on the network

34
Original Idea behind P3P
P3P Introduction
  • A framework for automated privacy discussions
  • Web sites disclose their privacy practices in
    standard machine-readable formats
  • Web browsers automatically retrieve P3P privacy
    policies and compare them to users privacy
    preferences
  • Sites and browsers can then negotiate about
    privacy terms

35
P3P history
P3P Introduction
  • Idea discussed at November 1995 FTC meeting
  • Ad Hoc Internet Privacy Working Group convened
    to discuss the idea in Fall 1996
  • W3C began working on P3P in Summer 1997
  • Several working groups chartered with dozens of
    participants from industry, non-profits,
    academia, government
  • Numerous public working drafts issued, and
    feedback resulted in many changes
  • Early ideas about negotiation and agreement
    ultimately removed
  • Automatic data transfer added and then removed
  • Patent issue stalled progress, but ultimately
    became non-issue
  • P3P issued as official W3C Recommendation on
    April 16, 2002
  • http//www.w3.org/TR/P3P/

36
P3P1.0 A first step
P3P Introduction
  • Offers an easy way for web sites to communicate
    about their privacy policies in a standard
    machine-readable format
  • Can be deployed using existing web servers
  • This will enable the development of tools that
  • Provide snapshots of sites policies
  • Compare policies with user preferences
  • Alert and advise the user

37
The basics
P3P Introduction
  • P3P provides a standard XML format that web sites
    use to encode their privacy policies
  • Sites also provide XML policy reference files
    to indicate which policy applies to which part of
    the site
  • Sites can optionally provide a compact policy
    by configuring their servers to issue a special
    P3P header when cookies are set
  • No special server software required
  • User software to read P3P policies called a P3P
    user agent

38
Whats in a P3P policy?
P3P Enabling your web site overview and options
  • Name and contact information for site
  • The kind of access provided
  • Mechanisms for resolving privacy disputes
  • The kinds of data collected
  • How collected data is used, and whether
    individuals can opt-in or opt-out of any of these
    uses
  • Whether/when data may be shared and whether there
    is opt-in or opt-out
  • Data retention policy

39
P3P/XML encoding
ltPOLICIES xmlns"http//www.w3.org/2002/01/P3Pv1"gt
ltPOLICY discuri"http//p3pbook.com/privacy.html"
name"policy"gt ltENTITYgt
ltDATA-GROUPgt ltDATA ref"business.contac
t-info.online.email"gtprivacy_at_p3pbook.com
lt/DATAgt ltDATA ref"business.contact-in
fo.online.uri"gthttp//p3pbook.com/ lt/DATAgt
ltDATA ref"business.name"gtWeb Privacy With
P3Plt/DATAgt lt/DATA-GROUPgt lt/ENTITYgt
ltACCESSgtltnonident/gtlt/ACCESSgt ltSTATEMENTgt
ltCONSEQUENCEgtWe keep standard web server
logs.lt/CONSEQUENCEgt ltPURPOSEgtltadmin/gtltcurrent/
gtltdevelop/gtlt/PURPOSEgt ltRECIPIENTgtltours/gtlt/RECI
PIENTgt ltRETENTIONgtltindefinitely/gtlt/RETENTIONgt
ltDATA-GROUPgt ltDATA ref"dynamic.clicks
tream"/gt ltDATA ref"dynamic.http"/gt
lt/DATA-GROUPgt lt/STATEMENTgt lt/POLICYgt lt/POLICIESgt
40
P3P1.0 Spec Defines
P3P Introduction
  • A standard vocabulary for describing set of uses,
    recipients, data categories, and other privacy
    disclosures
  • A standard schema for data a Web site may wish to
    collect (base data schema)
  • An XML format for expressing a privacy policy in
    a machine readable way
  • A means of associating privacy policies with Web
    pages or sites
  • A protocol for transporting P3P policies over HTTP

41
A simple HTTP transaction
P3P Introduction
WebServer
42
with P3P 1.0 added
P3P Introduction
WebServer
43
Transparency
P3P Introduction
  • P3P clients can check a privacy policy each time
    it changes
  • P3P clients can check privacy policies on all
    objects in a web page, including ads and
    invisible images

http//www.att.com/accessatt/
http//adforce.imgis.com/?adlink2685231146ADF
ORCE
44
P3P in IE6
P3P Introduction
Automatic processing of compact policies
only third-party cookies without compact
policies blocked by default
Privacy icon on status bar indicates that a
cookie has been blocked pop-up appears the
first time the privacy icon appears
45
P3P Introduction
Users can click on privacy icon forlist of
cookies privacy summariesare available
atsites that are P3P-enabled
46
P3P Introduction
Privacy summary report isgenerated
automaticallyfrom full P3P policy
47
P3P in Netscape 7
P3P Introduction
Preview version similar to IE6, focusing, on
cookies cookies without compact policies (both
first-party and third-party) are flagged rather
than blocked by default
Indicates flagged cookie
48
P3P Introduction
Users can view English translation of (part of)
compact policy in Cookie Manager
49
P3P Introduction
A policy summary can be generated automatically
from full P3P policy
50
Privacy Bird
  • Free download of beta from http//privacybird.com/
  • Origninally developed at ATT Labs
  • Released as open source
  • Browser helper object for IE6
  • Reads P3P policies at all P3P-enabled sites
    automatically
  • Bird icon at top of browser window indicates
    whether site matches users privacy preferences
  • Clicking on bird icon gives more information

51
Chirping bird is privacy indicator
52
Red bird indicates mismatch
53
Check embedded content too
54
Privacy settings
55
ExampleSending flowers
56
(No Transcript)
57
(No Transcript)
58
Privacy Finder
  • Prototype developed at ATT Labs, improved and
    deployed by CUPS
  • Uses Google or Yahoo! API to retrieve search
    results
  • Checks each result for P3P policy
  • Evaluates P3P policy against users preferences
  • Reorders search results
  • Composes search result page with privacy
    annotations next to each P3P-enabled result
  • Users can retrieve Privacy Report similar to
    Privacy Bird policy summary

59
Demo
60
Is Privacy Finder useful?
  • Do users care about web site privacy?
  • Have enough web sites adopted P3P that typical
    search results contain sites with P3P policies?
  • Do users have meaningful choices among privacy
    policies?
  • Do users understand information provided by
    Privacy Finder?
  • Does Privacy Finder influence online purchasing
    decisions?

61
Have enough sites adopted P3P?
  • We werent sure, so we did a study.
  • Draft paper at http//lorrie.cranor.org/pubs/www06
    .pdf
  • Previous studies examined lists of most popular
    web sites for P3P adoption, but this gives
    incomplete picture

62
Methodology
  • Compiled two lists of search terms
  • Typical 20,000 terms randomly sampled from one
    week of AOL user search queries
  • Ecommerce 940 terms screen scraped from Froogle
    front page
  • Submitted search terms to Google, Yahoo!, and AOL
    search engines and collected top 20 results for
    each term
  • Checked each result for P3P policy and evaluated
    policies against 5 rulesets and P3P validator
  • Saved 1,232,955 annotated search results in
    database
  • Separately checked for P3P policies on 30,000
    domains most clicked on by AOL search engine users

63
Results P3P deployment
  • 10 of results from typical search terms have P3P
  • 21 of results from ecommerce search terms have
    P3P
  • More popular sites are more likely to have P3P
  • 5 of sites in our cache have P3P
  • 9 of 30K most clicked on domains have P3P
  • 17 of clicks to 30K most clicked on domains have
    P3P

of domains with P3P policies
Most clicked on domains
64
Results Most popular P3P policies
  • ?Typical Terms
  • http//privacy.yahoo.com/
  • http//about.com/
  • http//privacy.msn.com/
  • http//disney.go.com/
  • http//images.rootsweb.com/
  • http//adserver.ign.com/
  • http//www.nlm.nih.gov/
  • http//www.bizrate.com/
  • http//www.superpages.com/
  • http//www.shopping.com/
  • Ecommerce Terms
  • ?http//privacy.yahoo.com/
  • http//about.com/
  • http//www.bizrate.com/
  • http//www0.shopping.com/
  • http//www.shopping.com/
  • http//www.pricegrabber.com/
  • http//www.cpsc.gov/
  • http//www.overstock.com/
  • http//www.cooking.com/
  • http//www.altrec.com/

65
Results Frequency of P3P-enabled hits
  • 83 of searches had at least one P3P-enabled site
    in top 20 results
  • 68 of searches had at least one P3P-enabled site
    in top 10 results
  • For top 20 search results returned by AOL search
    engine for typical search terms
  • 29 return at least 1 P3P-enabled hit that
    matches medium privacy preferences
  • 34 return at least 1 P3P-enabled hit in that
    does not share data
  • 31 return at least 1 P3P-enabled hit that does
    not market without opt-in
  • Thus, 1/3 of the time AOL users will find site
    with good privacy policy in first 2 pages of
    results

66
Does Privacy Finder influence purchases?
  • Studies begun and more planned.
  • Pay users to make online purchases with their own
    credit cards
  • Some use Privacy Finder and some use generic
    search engine
  • Experiment with more and less privacy-sensitive
    purchases
  • Experiment with price-sensitivity
  • Our studies have found that Privacy Finder does
    influence purchases for some people

67
Why web sites adopt P3P
P3P Introduction
  • Demonstrate corporate leadership on privacy
    issues
  • Show customers they respect their privacy
  • Demonstrate to regulators that industry is taking
    voluntary steps to address consumer privacy
    concerns
  • Distinguish brand as privacy friendly
  • Prevent IE6 from blocking their cookies
  • Anticipation that consumers will soon come to
    expect P3P on all web sites
  • Individuals who run sites value personal privacy

68
P3P early adopters
P3P Introduction
  • News and information sites CNET, About.com,
    BusinessWeek
  • Search engines Yahoo, Lycos
  • Ad networks DoubleClick, Avenue A
  • Telecom companies ATT
  • Financial institutions Fidelity
  • Computer hardware and software vendors IBM,
    Dell, Microsoft, McAfee
  • Retail stores Fortunoff, Ritz Camera
  • Government agencies FTC, Dept. of Commerce,
    Ontario Information and Privacy Commissioner
  • Non-profits - CDT

69
Impacts
P3P The future
  • Some companies that P3P-enable think about
    privacy in new ways and change their practices
  • Systematic assessment of privacy practices
  • Concrete disclosures less wiggle room
  • Disclosures about areas previously not discussed
    in privacy policy
  • Hopefully we will see greater transparency, more
    informed consumers, and ultimately better privacy
    policies

70
Evaluating information sources
Research and Communication Skills
  • Dont believe everything you read!
  • News sources are usually a reporter's
    interpretation of what someone else did
  • Conference and journal papers are first hand
    reports of research studies that have been peer
    reviewed
  • but journals usually have more review than
    conferences
  • Technical reports are usually first hand reports
    of research studies that have not been peer
    reviewed (yet)
  • Look for subsequent conference or journal
    publications
  • Web sites and books are anything goes, but books
    at least have an editor (usually)
  • When possible, cite research results and
    technical information from peer reviewed sources
Write a Comment
User Comments (0)
About PowerShow.com