Announcements

Project 3a paper due today

Submit up front on table

Next week, Encryption…

A method to securely send messages between 2 parties

Meant to ensure privacy, integrity and security

But what happens if the party you send the information to reveals it to others?

Intentionally or unintentionally

You want information kept private, others feel they have a right to know-either to protect or to do business

What is Privacy?

Privacy is difficult to pin down and define.

Roots of privacy are deep in history

Hebrew culture, Classical Greece, Ancient China all reference it

Different ideas about privacy internationally

UN sees privacy as a fundamental human right

Different countries, different protections

Privacy is not mentioned in our Constitution

But it was a problem in need of a solution, identified by two men who would eventually become Supreme Court Justices

What Is Privacy in the U.S.?

Brandeis & Warren wrote …

The narrower doctrine [of privacy] may have satisfied the demands of society at a time when the abuse to be guarded against could barely have arisen without violating a contract or a special confidence; but modern devices afford abundant opportunities for the perpetration of wrongs without the participation of the injured party

A Definition

What does “privacy” mean in the modern world?

Privacy, the right of people to choose freely under what circumstances and to what extent they will reveal themselves, their attitude, and their behavior to others

Privacy is a right

You control when & how much is revealed

What does Privacy mean in a networked world?

Many people think they move across the Internet anonymously?

WRONG!

Do you expect that your interactions online should have some measure of privacy?

Should transactions be tracked?

If yes, what limitations are there?

How about just browsing?

Digital Privacy

How private is your information online?

Reputable online businesses post Privacy Stmt

The statement should understandable to you and say what info they collect, what they will do with it, how to “opt-out”, etc.

But, there is little policing & few penalties

Challenges to Privacy from IT

Privacy Protections for information in the public domain that are based on the difficulty and expense of collecting and manipulating information are diminished

Data collected for one purpose is readily available and can be used for other purposes

Student computer use to “identify” student effort

Data collection can occur “invisibly”, without the person’s knowledge

Cookies, video cameras, web logs of pages visited, etc.

Cookies

Cookie: a record stored by a Web server on a client (your computer)

The cookie is usually a unique ID that allows the server to remember who you are

Well known CS idea that improves Web use

Cookies: Good

Cookies are used by many sites and they make Web usage much better

Many sites, e.g. Amazon.com use cookies

Banking and credit card applications cannot be secure enough without cookies

If the privacy laws met OECD standards, cookies would be all good and no one but computer scientists would know about them

Cookies: Bad

Cookies can be stored in your computer by sites you have not visited: 3rd party

3rd Party Cookies come from a site in business with the site you visit, e.g. for ads

3rd party cookies allow info to be correlated

Correlating Cookies

The 3rd party cookie becomes the key (literally, in DB sense) to join (in DB sense) the info held by separate co.s

Managing Cookies

Most browsers give you a way to say “no thanks”

– to accept no cookies at all

-or to accept them selectively

Beyond Cookies

But Web sites can collect information on you even without the use of cookies

How can they do that?

Web sites store information about the requests they receive in log files. These files contain detailed information about every single request the site receives, including where the request came from, what time the visitor showed up, and what pages he or she looked at.

What can a Web server
learn about you?

How much information is available about you when you use a Web browser?

Have a look at www.privacy.net

General Privacy Protection

Takes work on your part:

Question why personal info needed

Give only minimum required

Ask what 3^rd parties have access

Check off opt-out option on forms or create your own

Pay cash

Periodically check the info companies do have for accuracy

Protect Online Privacy

Takes work on your part:

Look for privacy policies

Use separate email for online transactions

Clear out your web cache after use

Only use online forms in secure mode

Reject unnecessary cookies

Use anonymizers while browsing

Encrypt email


	A method to securely send messages between 2 parties
		Meant to ensure privacy, integrity and security
	But what happens if the party you send the information to reveals it to others?
		Intentionally or unintentionally

	You want information kept private, others feel they have a right to know-either to protect or to do business


	Privacy is difficult to pin down and define.
		Roots of privacy are deep in history
		Hebrew culture, Classical Greece, Ancient China all reference it

	Different ideas about privacy internationally
		UN sees privacy as a fundamental human right
		Different countries, different protections

	Privacy is not mentioned in our Constitution
		But it was a problem in need of a solution, identified by two men who would eventually become Supreme Court Justices


	Brandeis & Warren wrote …
			The narrower doctrine [of privacy] may have satisfied the demands of society at a time when the abuse to be guarded against could barely have arisen without violating a contract or a special confidence; but modern devices afford abundant opportunities for the perpetration of wrongs without the participation of the injured party


What does “privacy” mean in the modern world?
		Privacy, the right of people to choose freely under what circumstances and to what extent they will reveal themselves, their attitude, and their behavior to others

	Privacy is a right
	You control when & how much is revealed


	Many people think they move across the Internet anonymously?
		WRONG!

	Do you expect that your interactions online should have some measure of privacy?

	Should transactions be tracked?
		If yes, what limitations are there?

	How about just browsing?


	How private is your information online?
			Reputable online businesses post Privacy Stmt
			The statement should understandable to you and say what info they collect, what they will do with it, how to “opt-out”, etc.
			But, there is little policing & few penalties


	Privacy Protections for information in the public domain that are based on the difficulty and expense of collecting and manipulating information are diminished

	Data collected for one purpose is readily available and can be used for other purposes
		Student computer use to “identify” student effort

	Data collection can occur “invisibly”, without the person’s knowledge
		Cookies, video cameras, web logs of pages visited, etc.


	Cookie: a record stored by a Web server on a client (your computer)
			The cookie is usually a unique ID that allows the server to remember who you are
			Well known CS idea that improves Web use


	Cookies are used by many sites and they make Web usage much better
			Many sites, e.g. Amazon.com use cookies
			Banking and credit card applications cannot be secure enough without cookies
			If the privacy laws met OECD standards, cookies would be all good and no one but computer scientists would know about them


	Cookies can be stored in your computer by sites you have not visited: 3rd party
			3rd Party Cookies come from a site in business with the site you visit, e.g. for ads
			3rd party cookies allow info to be correlated


	The 3rd party cookie becomes the key (literally, in DB sense) to join (in DB sense) the info held by separate co.s


	Most browsers give you a way to say “no thanks” – to accept no cookies at all -or to accept them selectively


	But Web sites can collect information on you even without the use of cookies
	How can they do that?

	Web sites store information about the requests they receive in log files. These files contain detailed information about every single request the site receives, including where the request came from, what time the visitor showed up, and what pages he or she looked at.


	How much information is available about you when you use a Web browser?
	Have a look at www.privacy.net


	Takes work on your part:
		Question why personal info needed
		Give only minimum required
		Ask what 3^rd parties have access
		Check off opt-out option on forms or create your own
		Pay cash
		Periodically check the info companies do have for accuracy


	Takes work on your part:
		Look for privacy policies
		Use separate email for online transactions
		Clear out your web cache after use
		Only use online forms in secure mode
		Reject unnecessary cookies
		Use anonymizers while browsing
		Encrypt email