2. Outline Definitions & Contexts Ways in which Personal Information Gets Revealed (Consent, Controversy, & Violation) Solutions to Protect Online Privacy Discussion 2 2/20/2009
4. What Is Privacy? Privacy -- the ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively. -- a personal, subjective condition. One person cannot decide for another what his or her sense of privacy should be. 4 2/20/2009
5. How our privacy is affected? Unsolicited Activities Physical Privacy Crime Done Online Informational Privacy Cybercrime Where your interests MIGHT be compromised via the Internet Where your interests ARE immediately violated via the Internet 5 2/20/2009
6. Online Privacy The ability to control what information one reveals about oneself over the Internet, and to control who can access that information. 6 2/20/2009
7. How people are concerned? Concerns in dispute Internet Security Internet Privacy Where ordinary users are most concerned 7 2/20/2009
8. How they look at privacy? “Privacy is the future. Get used to it.” -- Marc Rotenberg, Director, Electronic Privacy Information Centre - EPIC) (Fortune, 2001). “You have zero privacy anyway. Get over it.” -- Scott McNealy, CEO, Sun Microsystems, 1999 8 2/20/2009
9. How they look at privacy? "you have to realize that we're people and we just need privacy and we need our respect and these are just things you have to have as a human being." -- Britney Spears June15, 2006 NBC Dateline 9 2/20/2009
10.
11. Loss, misuse, modification or unauthorized access to sensitive information can adversely affect the privacy of an individual. 10 2/20/2009
13. By ISP Internet Service Providers (ISP) always know your IP address and the IP address to which you are communicating. ISPs are capable of observing. unencrypted data passing between you and the Internet, but not properly-encrypted data. They are usually prevented to do so due to social pressure and law. 12 2/20/2009
14. By Email Emails May be inappropriately spread by the original receiver May be intercepted May be legally viewed or disclosed by services providers or authorities. 13 2/20/2009
15. By Listserves & discussion groups There is no barrier for unsolicited messages or Emails within a mailing list or online discussion group. Any member of the list or group could collect and distribute your Email address and information you post. 14 2/20/2009
16. By Internet Browsers Most web browsers can save some forms of personal data, such as browsing history, cookies, web form entries and password. You may accidentally reveal such information when using a browser on a public computer or someone’s. 15 2/20/2009
17. What cookie are? Cookies are data packets sent by a server to a web client and then sent back unchanged by the client each time it accesses that server. Cookies are used for authenticating, session tracking and maintaining specific information about users, such as site preferences or the contents of their electronic shopping carts. Cookies are only data, not programs nor viruses 16 2/20/2009
18. Why some people dislike cookies? Cookies can be hijacked and modified by attackers. Cookies can be used to track browsing behavior so some think they are tagged. 17 2/20/2009
19.
20. By Search Engine Search engines have and use the ability to track each one of your searches (e.g. ,IP address, search terms, time) 19 2/20/2009
21. What search engines did? “August, 7, 2006, AOL apologized for releasing search log data on subscribers that had been intended for use with the company's newly launched research site. Almost 2 weeks before that, AOL had quietly released roughly 20 million search records from 658,000 users on their new AOL Research site. The data includes a number assigned to the anonymous user, the search term, the date and time of the search, and the website visited as a result of the search.” “In January 2006 the U.S. Department of Justice issued a subpoena asking popular search engines to provide a "random sampling" of 1 million IP addresses that used the search engine, and a random sampling of 1 million search queries submitted over a one-week period. The government wanted the information to defend a child pornography law. Microsoft, Yahoo, and AOL reportedly complied with the request, while Google fought the subpoena.” 20 2/20/2009
22. Privacy Policy Sample Clauses Yahoo: “Yahoo! collects personal information when you register with Yahoo!, when you use Yahoo! products or services, when you visit Yahoo! pages or the pages of certain Yahoo! partners, and when you enter promotions or sweepstakes. Yahoo! may combine information about you that we have with information we obtain from business partners or other companies.” Google: “Log information – When you access Google services, our servers automatically record information that your browser sends whenever you visit a website. These server logs may include information such as your web request, Internet Protocol address, browser type, browser language, the date and time of your request and one or more cookies that may uniquely identify your browser. Also, in order to protect you from fraud, phishing, and other misconduct, we may collect information about your interaction with our services. Any such information we collect will only be used to detect and prevent fraud or other misconduct.” 21 2/20/2009
23. By indirect Marketing Web bugs: a graphic (in a Web site or a graphic-enabled email) that can confirm when the message or Web page is viewed and record the IP address of the viewer. Third party cookies: a web page may contain images or other components stored on servers in other domains. Cookies that are set during retrieval of these components are called third-party cookies. 22 2/20/2009
24. By Direct Marketing Direct marketing is a sales pitch targeted to a person based on previous consumer choices. It is ubiquitous these days. Many companies also sell or share your information to others. This Sharing with other businesses can be done rapidly and cheaply. 23 2/20/2009
25. By Instant Messaging Your IM conversation can be saved onto a computer even if only one person agrees. Workplace IM can be monitored by your employer. Spim: Spam distributed in IM. 24 2/20/2009
26. By Social Networks, Blog & Personal Websites Employers and school officials are increasingly sensitive to the messages you convey in social networks. 25 2/20/2009
27. Too many cases to list “An October 2007 survey of employers found that 44% use social networking sites to obtain information about job applicants. And 39% have searched such sites for information about current employees.” “In 2005 a Pennsylvania high school student was suspended for 10 days and transferred into an alternative education program after making an unflattering MySpace profile for his principal. The ACLU is currently representing the student in a lawsuit against the school district.” 26 2/20/2009
29. By Official Use Court records When you file a lawsuit for divorce or are a party to a civil lawsuit or criminal case, court records, are accessible to the public. Government The government may want your personal information for law enforcement purposes as well as for foreign intelligence investigations. Various laws govern these procedures. 28 2/20/2009
30. According to a New York Times article (published February 4, 2006) AOL receives more than 1,000 subpoenas each month seeking information about AOL users. Most of these subpoenas come from law enforcement and generally ask for the user’s name, address, records of when the individual signed on and off of the Internet, and the IP address. 29 2/20/2009
31. By Employers According to the 2005 Electronic Monitoring & Surveillance Survey from the American Management Association and The ePolicy Institute 76% of employers monitor employees' Web site connections; 65% use technology to block connections to banned Web sites; 55% monitor e-mail. 30 2/20/2009
32. By Cybercrime Spyware takes advantage of security holes by attacking the browser and forcing it to be downloaded and installed and gather your information without your knowledge. Phishing occurs when criminal lure the victim into providing financial data. Pharmingoccurs when criminals plant programs in the victim’s computer which re-direct the victim from legitimate Web sites to scam look-alike sites. 31 2/20/2009
36. The Platform for Privacy Preferences (P3P) developed by the World Wide Web Consortium (W3C), is a protocol allowing websites to declare their intended use of information they collect about browsing users and allow users to configure their browsers or other software tools in such a way that they are notified whether web site privacy policies match their pre-set preferences. 35 2/20/2009
37. Legal Authorities The Supreme Court has taken a hands-off approach to regulating the Internet in favor of free speech. The federal government is increasingly interested in regulating the Internet, for example through child pornography and gambling laws. The White House appears to welcome the lack of restriction on data sharing and surveillance. 36 2/20/2009
38.
39. learn to safeguard your privacy with a minimum sacrifice of convenience 37 2/20/2009
40. Discussion How do you draw the line on online Privacy? Have you had or heard any bad experience in which one’s privacy was invaded over the internet? You might want to put forth such a real-life example to alert us. What do you think of P3P? Any suggestions on how to improve it? Any conceptual solutions to the general public’s anxiety over online privacy invasion? 38 2/20/2009