Announcements
Project 3a paper due today
Submit up front on table

Next week, Encryption…
A method to securely send messages between 2 parties
Meant to ensure privacy, integrity and security
But what happens if the party you send the information to reveals it to others?
Intentionally or unintentionally
You want information kept private, others feel they have a right to know-either to protect or to do business

Who’s Tracking Whom?

What is Privacy?
Privacy is difficult to pin down and define.
Roots of privacy are deep in history
Hebrew culture, Classical Greece, Ancient China all reference it
Different ideas about privacy internationally
UN sees privacy as a fundamental human right
Different countries, different protections
Privacy is not mentioned in our Constitution
But it was a problem in need of a solution, identified by two men who would eventually become Supreme Court Justices

What Is Privacy in the U.S.?
Brandeis & Warren wrote …
The narrower doctrine [of privacy] may have satisfied the demands of society at a time when the abuse to be guarded against could barely have arisen without violating a contract or a special confidence; but modern devices afford abundant opportunities for the perpetration of wrongs without the participation of the injured party

A Definition
What does “privacy” mean in the modern world?
Privacy, the right of people to choose freely under what circumstances and to what extent they will reveal themselves, their attitude, and their behavior to others
Privacy is a right
You control when & how much is revealed

What does Privacy mean in a networked world?
Many people think they move across the Internet anonymously?
WRONG!
Do you expect that your interactions online should have some measure of privacy?
Should transactions be tracked?
If yes, what limitations are there?
How about just browsing?

Digital Privacy
How private is your information online?
Reputable online businesses post Privacy Stmt
The statement should understandable to you and say what info they collect, what they will do with it, how to “opt-out”, etc.
But, there is little policing & few penalties

Challenges to Privacy from IT
Privacy Protections for information in the public domain that are based on the difficulty and expense of collecting and manipulating information are diminished
Data collected for one purpose is readily available and can be used for other purposes
Student computer use to “identify” student effort
Data collection can occur “invisibly”, without the person’s knowledge
Cookies, video cameras, web logs of pages visited, etc.

Cookies
Cookie: a record stored by a Web server on a client (your computer)
The cookie is usually a unique ID that allows the server to remember who you are
Well known CS idea that improves Web use

Cookies: Good
Cookies are used by many sites and they make Web usage much better
Many sites, e.g. Amazon.com use cookies
Banking and credit card applications cannot be secure enough without cookies
If the privacy laws met OECD standards, cookies would be all good and no one but computer scientists would know about them

Cookies: Bad
Cookies can be stored in your computer by sites you have not visited: 3rd party
3rd Party Cookies come from a site in business with the site you visit, e.g. for ads
3rd party cookies allow info to be correlated

Correlating Cookies
The 3rd party cookie becomes the key (literally, in DB sense) to join (in DB sense) the info held by separate co.s

Managing Cookies
Most browsers give you a way to say “no thanks”

– to accept no cookies at all

-or to accept them selectively

Beyond Cookies
But Web sites can collect information on you even without the use of cookies
How can they do that?
Web sites store information about the requests they receive in log files. These files contain detailed information about every single request the site receives, including where the request came from, what time the visitor showed up, and what pages he or she looked at.

What can a Web server
learn about you?
How much information is available about you when you use a Web browser?
Have a look at www.privacy.net

General Privacy Protection
Takes work on your part:
Question why personal info needed
Give only minimum required
Ask what 3rd parties have access
Check off opt-out option on forms or create your own
Pay cash
Periodically check the info companies do have for accuracy

Protect Online Privacy
Takes work on your part:
Look for privacy policies
Use separate email for online transactions
Clear out your web cache after use
Only use online forms in secure mode
Reject unnecessary cookies
Use anonymizers while browsing
Encrypt email