DOCSLIB.ORG

Privacy Seminar 2

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Privacy Seminar 2 Privacy Seminar 2. Privacy: an overview Jaap-Henk Hoepman Digital Security (DS) Radboud University Nijmegen, the Netherlands @xotoxot // [email protected] // www.cs.ru.nl/~jhh Dan Perjovschi Dan Perjovschi, 2007 Jaap-Henk Hoepman // Radboud University Nijmegen // 14-2-2014 // Privacy: an overview 2 Privacy what is privacy according to you? Jaap-Henk Hoepman // Radboud University Nijmegen // 14-2-2014 // Privacy: an overview 3 Dimensions the right to be let alone relational privacy informational privacy / self determination corporeal privacy locational/spatial privacy privacy spheres Jaap-Henk Hoepman // Radboud University Nijmegen // 14-2-2014 // Privacy: an overview 4 Don’t confuse these concepts! security privacy data protection Jaap-Henk Hoepman // Radboud University Nijmegen // 14-2-2014 // Privacy: an overview 5 7 types of privacy privacy of ● the person, ● behaviour and action, ● personal communication, ● data and image, ● thoughts and feelings, ● location and space, and ● association (including group privacy). Finn, R.L., Wright, D., and Friedewald, M.: Seven types of privacy. CPDP 2012 Clarke, R.: Introduction to Dataveillance and Information Privacy, and Definitions of Terms, 1997 Jaap-Henk Hoepman // Radboud University Nijmegen // 14-2-2014 // Privacy: an overview 6 Different definitons The right to be let alone ● [Warren & Brandeis, 1890] Informational self-determination: The right to determine for yourself when, how and to what extend information about you is communicated to others ● [Westin, 1967] The freedom from unreasonable constraints on the construction of one’s identity ● [Agre & Rottenberg, 2001] Contextual integrity: the right to prevent information to flow from one context to another ● [Nissenbaum, 2004] Jaap-Henk Hoepman // Radboud University Nijmegen // 14-2-2014 // Privacy: an overview 7 Contextual integrity [FIDIS project] Jaap-Henk Hoepman // Radboud University Nijmegen // 14-2-2014 // Privacy: an overview 8 Aggregation Privacy invasions Identification Process Insecurity Secondary Use Exclusion Surveillance Interrogation Collect Disseminate Breach of confidentiality Disclosure Exposure Increased availability Invade/Use Blackmail Intrusion Appropriation Interference Distortion Based on: Daniel J. Solove,"A Taxonomy of Privacy" 2006. Jaap-Henk Hoepman // Radboud University Nijmegen // 14-2-2014 // Privacy: an overview 9 Privacy computing networking (1950-) (1980-) •searching becomes efficient •datasharing becomes easy •data kept forever •data accessible on-line “network effect” Jaap-Henk Hoepman // Radboud University Nijmegen // 14-2-2014 // Privacy: an overview 10 Different types of data/information Transfer Volunteered ● What you reveal explicitly when asked Observed ● What you reveal implicitly by your behaviour Inferred ● What is derived from other data about you [World Economic Forum Report Personal Data: The Emergence of a New Asset Class] Jaap-Henk Hoepman // Radboud University Nijmegen // 14-2-2014 // Privacy: an overview 11 Data vs Metadata Metadata (= Behavioural data) ● Condensed (information rich, easy to process) ● More ”true” (judge a man not on what he says but on what he does) Jaap-Henk Hoepman // Radboud University Nijmegen // 14-2-2014 // Privacy: an overview 12 Searching for the right metaphor orwell / big brother chandler / little sister kafka / the trial Jaap-Henk Hoepman // Radboud University Nijmegen // 14-2-2014 // Privacy: an overview 13 You’ve got nothing to hide Jaap-Henk Hoepman // Radboud University Nijmegen // 14-2-2014 // Privacy: an overview 14 Have you!!?? Jaap-Henk Hoepman // Radboud University Nijmegen // 14-2-2014 // Privacy: an overview 15 I have nothing to hide.... EverybodyWrong has assumption something to be embarrassed about Assumes that the problem is data you want to hide The point is not that there is data that ● evenis apriori “innocent”“wrong” data canor illegalharm you Freedom of thought ● That job offer(as seen looksby interesting...the “sender”) ● That woman looks “interesting”... The point is that “innocent” data can No distinction between illegal (legal) vs disgraceful (later) be used wrongly (moral) vs …: data is data What is the( bydatathe used current for: “investigation,receiver”) anti- terrorism, or …?? ● Function creep Solove, Daniel J., “I’ve got nothing to hide" 2008. Jaap-Henk Hoepman // Radboud University Nijmegen // 14-2-2014 // Privacy: an overview 16 Why is privacy important Jaap-Henk Hoepman // Radboud University Nijmegen // 14-2-2014 // Privacy: an overview 17 “Privacy is essential for freedom, democracy, psychological well-being, individuality and creativity” Daniel J. Solove. “Understanding Privacy.” Harvard University Press, 2008. Jaap-Henk Hoepman // Radboud University Nijmegen // 14-2-2014 // Privacy: an overview 18 Moral basis for data protection prevention of information-based harm ● Like guns, information may kill people prevention of informational inequality ● The “market” of information ● Non-discrimination prevention of informational injustice ● Spheres of privacy must be protected respect for moral autonomy. ● People change Hoven, Jeroen Van Den and Vermaas, Pieter E.(2007) 'Nano-Technology and Privacy: On Continuous Surveillance Outside the Panopticon', Journal of Medicine and Philosophy, 32: 3, 283 — 297 Jaap-Henk Hoepman // Radboud University Nijmegen // 14-2-2014 // Privacy: an overview 19 Topic location privacy; roadpricing, ov chipkaart rfid privacy identity management electronic voting electronisch patient records (the dutch system) smart metering/smart grids search engine privacy profiling; behavioural advertising social networks cloud computing Jaap-Henk Hoepman // Radboud University Nijmegen // 14-2-2014 // Privacy: an overview 20 Resources Websites ● http://wiki.science.ru.nl/privacy/ ● https://www.eff.org/ Books ● Agre & Rotenberg: Technology and Privacy: The New Landscape, MIT Press, 1998 ● Ilija Trojanow, Juli Zeh “Aanslag op de vrijheid”, de Geus,2010 ● Daniel J Solove "Understanding Privacy", Harvard University Press, 2008. ● Bart de Koning "Alles onder controle", Uitgeverij Balans, 2008. Jaap-Henk Hoepman // Radboud University Nijmegen // 14-2-2014 // Privacy: an overview 21 Schedule Jaap-Henk Hoepman // Radboud University Nijmegen // 14-2-2014 // Privacy: an overview 22 [email protected], [email protected] , www.cs.ru.nl/~jhh Jaap-Henk Hoepman // Radboud University Nijmegen // 14-2-2014 // Privacy: an overview 23.
Load more

Recommended publications
  • Cloak and Swagger: Understanding Data Sensitivity Through the Lens of User Anonymity
    Cloak and Swagger: Understanding Data Sensitivity Through the Lens of User Anonymity Sai Teja Peddinti∗, Aleksandra Korolova†, Elie Bursztein†, and Geetanjali Sampemane† ∗Polytechnic School of Engineering, New York University, Brooklyn, NY 11201 Email: [email protected] †Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043 Email: korolova, elieb, [email protected] Abstract—Most of what we understand about data sensitivity In this work we explore whether it is possible to perform is through user self-report (e.g., surveys); this paper is the first to a large-scale behavioral data analysis, rather than to rely on use behavioral data to determine content sensitivity, via the clues surveys and self-report, in order to understand what topics that users give as to what information they consider private or sensitive through their use of privacy enhancing product features. users consider sensitive. Our goal is to help online service We perform a large-scale analysis of user anonymity choices providers design policies and develop product features that during their activity on Quora, a popular question-and-answer promote user engagement and safer sharing and increase users’ site. We identify categories of questions for which users are more trust in online services’ privacy practices. likely to exercise anonymity and explore several machine learning Concretely, we perform analysis and data mining of the approaches towards predicting whether a particular answer will be written anonymously. Our findings validate the viability of usage of privacy features on one of the largest question-and- the proposed approach towards an automatic assessment of data answer sites, Quora [7], in order to identify topics potentially sensitivity, show that data sensitivity is a nuanced measure that considered sensitive by its users.
    [Show full text]
  • Cloud Computing and Related Laws
    Cloud Computing and Related Laws Law Offices of Salar Atrizadeh Online Privacy In general, privacy falls under two categories: 1. Corporate privacy 2. Personal privacy Corporate Privacy . It concerns the protection of corporate data from retrieval or interception by unauthorized parties . Security is important for protection of trade secrets, proprietary information, and privileged communications . The failure to maintain confidentiality can result in a loss of “trade secret” status . See Civil Code §§ 3426 et seq. Corporate Privacy . The recent trends in outsourcing have increased the risks associated with “economic espionage” . In fact, manufacturers should be cautious when transferring proprietary technology to overseas partners because foreign governments sponsor theft . See 18 U.S.C. §§ 1831 et seq. (e.g., economic espionage, theft of trade secrets) Helpful Policies . Identify and label confidential information . Restrict access to confidential information . Use encryption – e.g., truecrypt.org, axantum.com . Use firewall and secure username/password . Use software that detects trade secret theft – e.g., safe-corp.biz . Include warnings in privileged correspondence (e.g., “this email contains privileged communications”) Helpful Policies . Provide computers without hard drives + Prohibit use of removable storage (e.g., flash drives) . Audit employee computers . Prohibit and/or monitor external web-based email services . Execute Confidentiality and Non-disclosure Agreements . Execute Computer-Use Policies Personal Privacy . Constitution . Federal: Fourth Amendment protects against unreasonable searches and seizures . State: California Constitution, under Art. I, § 1 recognizes right to individual privacy . Federal computer crimes . Electronic Communications Privacy Act – 18 U.S.C. §§ 2510 et seq. Privacy Act – 5 U.S.C. § 552a . Computer Fraud and Abuse Act – 18 U.S.C.
    [Show full text]
  • Statement on Internet Search Engines by the Spanish Data
    Statement on Internet Search Engines Spanish Data Protection Agency 1st December 2007 1. The importance of search engines in information society Technology developments have opened up new possibilities of creating and accessing information on the Internet, and this situation requires that we consider the repercussions of technology on the rights of individuals—in principle, such repercussions are neutral. The Spanish Data Protection Agency (AEPD) has taken the initiative of analysing the privacy policies of the largest global companies providing search engine services on the Internet. To this end it collected information from Google, Microsoft and Yahoo!, said information being completed via meetings with the global privacy controllers of these corporations in Europe and the United States. We must underscore the huge importance, owing to the volume of data that is processed and the characteristics of that processing, of search engine services on the Internet (hereinafter, search engines), the main function of which is to provide lists of results relating to a search, such as addresses and files stored on web serves, by entering key words, thus arranging all of the information available on the Internet and making it more accessible. In addition, search engines usually provide customised services, allowing people to register by giving an email address and a password.1 In Spain, the fact that these are sensitive issues was shown by the recent appearance of the Director of the AEPD before the Constitutional Commission of the Congress on 28th
    [Show full text]
  • Privacy Seminar 2
    14-2-2014 Dan Perjovschi Privacy Seminar 2. Privacy: an overview Jaap-Henk Hoepman Digital Security (DS) Radboud University Nijmegen, the Netherlands @xotoxot // [email protected] // www.cs.ru.nl/~jhh Dan Perjovschi, 2007 Jaap-Henk Hoepman // Radboud University Nijmegen // 14-2-2014 // Privacy: an overview 2 Privacy Dimensions the right to be let alone relational privacy informational privacy / what is privacy self determination according to you? corporeal privacy locational/spatial privacy privacy spheres Jaap-Henk Hoepman // Radboud University Nijmegen // 14-2-2014 // Privacy: an overview 3 Jaap-Henk Hoepman // Radboud University Nijmegen // 14-2-2014 // Privacy: an overview 4 Don’t confuse these concepts! 7 types of privacy privacy of ● the person, security privacy ● behaviour and action, ● personal communication, ● data and image, ● thoughts and feelings, ● location and space, and data protection ● association (including group privacy). Finn, R.L., Wright, D., and Friedewald, M.: Seven types of privacy. CPDP 2012 Clarke, R.: Introduction to Dataveillance and Information Privacy, and Definitions of Terms, 1997 Jaap-Henk Hoepman // Radboud University Nijmegen // 14-2-2014 // Privacy: an overview 5 Jaap-Henk Hoepman // Radboud University Nijmegen // 14-2-2014 // Privacy: an overview 6 1 14-2-2014 Different definitons Contextual integrity The right to be let alone ● [Warren & Brandeis, 1890] Informational self-determination: The right to determine for yourself when, how and to what extend information about you is communicated to others
    [Show full text]
  • Thesis.Pdf (2.311Mb)
    Faculty of Humanities, Social Sciences and Education c Google or privacy, the inevitable trade-off Haydar Jasem Mohammad Master’s thesis in Media and documentation science … September 2019 Table of Contents 1 Introduction ........................................................................................................................ 1 1.1 The problem ............................................................................................................... 1 1.2 Research questions ..................................................................................................... 1 1.3 Keywords ................................................................................................................... 2 2 Theoretical background ...................................................................................................... 3 2.1 Google in brief ........................................................................................................... 3 2.2 Google through the lens of exploitation theory .......................................................... 4 2.2.1 Exploitation ................................................................................................ 4 2.2.2 The commodification Google’s prosumers ................................................ 5 2.2.3 Google’s surveillance economy ................................................................. 7 2.2.4 Behaviour prediction .................................................................................. 8 2.2.5 Google’s ‘playbor’
    [Show full text]
  • The Problem of the Human Flesh Search Engine
    ONLINE PRIVACY AND ONLINE SPEECH: THE PROBLEM OF THE HUMAN FLESH SEARCH ENGINE Weiwei Shen* I. INTRODUCTION .......................................................................... 268 II. THE HUMAN FLESH SEARCH ENGINE AND THE WANG FEI CASE ...................................................................................... 272 A. Why the Human Flesh Search Engine Is Popular in China ................................................................................ 272 B. The Wang Fei Case .......................................................... 276 III. BALANCING PRIVACY AND FREE SPEECH ................................ 282 A. Privacy in the Digital Age................................................ 285 B. Speech: Moving from the Offline World to the Online World ............................................................................... 286 C. Speech about Private Individuals and of Private Concern vis-a-vis Speech about Public Officials and of Public Concern ................................................................ 289 IV. REPERCUSSIONS AND REMEDIES IN AMERICAN LAW .............. 293 A. Various Repercussions Against Victims in the Human Flesh Search Engine ........................................................ 293 B. Torts Remedies in American Law .................................... 294 V. POLICY IMPLICATIONS FOR REGULATING THE HUMAN FLESH SEARCH ENGINE ..................................................................... 299 VI. CONCLUSION..........................................................................
    [Show full text]
  • Gratton Eloise 2012 These.Pdf
    Université de Montréal et Université Panthéon-Assas Paris II Redefining Personal Information in the Context of the Internet par Éloïse Gratton Faculté de droit Thèse présentée à la Faculté des études supérieures en vue de l’obtention du grade de Docteur en droit de la Faculté de droit de l’Université de Montréal et Docteur en droit de l’Université Panthéon-Assas Paris II Octobre 2012 © Eloïse Gratton, 2012 Université de Montréal Faculté des études supérieures Université Panthéon-Assas Paris II École doctorale Georges Vedel Droit public interne, science administrative et science politique Cette thèse intitulée: Redefining Personal Information in the Context of the Internet présentée en date du 30 octobre 2012 par: Éloïse Gratton a été évaluée par un jury composé des personnes suivantes: Vincent Gautrais Professeur titulaire, Université de Montréal directeur de recherche Danièle Bourcier Responsable du groupe “Droit gouvernance et technologies” au CERSA directrice de recherche Karim Benyekhlef Professeur titulaire, Université de Montréal membre du jury Gilles Guglielmi Professeur, Université Panthéon-Assas Paris 2 membre du jury Ian Kerr Professeur titulaire, Université d’Ottawa rapporteur externe Francis Rousseaux Professeur, Université de Reims rapporteur externe Université de Montréal et Université Panthéon-Assas Paris II Redefining Personal Information in the Context of the Internet par Éloïse Gratton Faculté de droit Thèse présentée à la Faculté des études supérieures en vue de l’obtention du grade de Docteur en droit de la Faculté de droit de l’Université de Montréal et Docteur en droit de l’Université Panthéon-Assas Paris II Octobre 2012 © Eloïse Gratton, 2012 GRATTON Éloïse | LL.D.
    [Show full text]
  • The Privacy Panic Cycle: a Guide to Public Fears About New Technologies
    The Privacy Panic Cycle: A Guide to Public Fears About New Technologies BY DANIEL CASTRO AND ALAN MCQUINN | SEPTEMBER 2015 Innovative new technologies often arrive on waves of breathless marketing Dire warnings about hype. They are frequently touted as “disruptive!”, “revolutionary!”, or the privacy risks associated with new “game-changing!” before businesses and consumers actually put them to technologies practical use. The research and advisory firm Gartner has dubbed this routinely fail to phenomenon the “hype cycle.” It is so common that many are materialize, yet conditioned to see right through it. But there is a corollary to the hype because memories cycle for new technologies that is less well understood and far more fade, the cycle of hysteria continues to pernicious. It is the cycle of panic that occurs when privacy advocates repeat itself. make outsized claims about the privacy risks associated with new technologies. Those claims then filter through the news media to policymakers and the public, causing frenzies of consternation before cooler heads prevail, people come to understand and appreciate innovative new products and services, and everyone moves on. Call it the “privacy panic cycle.” Dire warnings about the privacy risks associated with new technologies routinely fail to materialize, yet because memories fade, the cycle of hysteria continues to repeat itself. Unfortunately, the privacy panic cycle can have a detrimental effect on innovation. First, by alarming consumers, unwarranted privacy concerns can slow adoption of beneficial new technologies. For example, 7 out of 10 consumers said they would not use Google Glass, the now discontinued wearable head-mounted device, because of privacy concerns.1 Second, overwrought privacy fears can lead to ill-conceived policy responses that either THE INFORMATION TECHNOLOGY & INNOVATION FOUNDATION | SEPTEMBER 2015 PAGE 1 purposely hinder or fail to adequately promote potentially beneficial technologies.
    [Show full text]
  • The “Right to Be Forgotten” and Search Engine Liability
    BRUSSELS PRIVACY HUB WORKING PAPER VOL. 2 • N° 8 • DECEMBER 2016 THE “RIGHT TO BE FORGOTTEN” AND SEARCH ENGINE LIABILITY by Hiroshi Miyashita1 Abstract his paper aims to conduct a comparative study on the right to be forgotten by analyzing the different approaches on the intermediary liability. In the EU, Google Spain case in the Court of Justice clarified the liability of search engine on the ground of data controller’s respon- sibility to delist a certain search results in light of fundamental right of privacy and data protection. On the contrary, in the U.S., the search engine liability is broadly exempted under Tthe Communications Decency Act in terms of free speech doctrine. In Japan, the intermediary liability is not completely determined as the right to be forgotten cases are divided in the point of the search engine liability among judicial decisions. The legal framework of the intermediary liability varies in the context from privacy to e-commerce and intellectual property. In the wake of right to be forgotten case in the EU, it is important to streamline the different legal models on the intermediary liability if one desires to fix its reach of the effect on right to be forgotten. This paper analyzes that the models of the search engine liability are now flux across the borders, but should be compromised by way of the appropriate balance between privacy and free speech thorough the right to be forgotten cases. Keywords: Privacy, Data Protection, Right to be Forgotten, Search Engine, Intermediary Liability © BRUSSELS PRIVACY HUB q WORKING PAPER q VOL.
    [Show full text]
  • How to Secure Windows and Your Privacy -- with Free Software
    How to Secure Windows and Your Privacy -- with Free Software An Easy Guide for the Windows User By Howard Fosdick Fosdick Consulting Inc. © 2008 July 26 Version 2.1 Distribution: You may freely reproduce and distribute this guide however you like – but you may not change its contents in any way. This product is distributed at no cost under the terms of the Open Publication License with License Option A -- “Distribution of modified versions of this document is prohibited without the explicit permission of the copyright holder.” Feedback: Please send recommendations for improving this guide to the author at email address “ContactFCI” at the domain name “sbcglobal.net”. Disclaimer: This paper is provided without warranty. Fosdick Consulting Inc. and the author accept no responsibility for any use of the data contained herein. Trademarks: All trademarks included in this document are the property of their respective owners. About the Author: Howard Fosdick is an independent consultant who works hands-on with databases and operating systems. He’s written many articles, presented at conferences, founded software users groups, and invented concepts like hype curves and open consulting. Acknowledgments: Thank you to the reviewers without whose expert feedback this guide could not have been developed: Bill Backs, Huw Collingbourne, Rich Kurtz, Priscilla Polk, Janet Rizner, and others who prefer anonymity. Thank you also to the Association of PC Users (APCU), Better Software Association, BitWise Magazine, IBM Database Magazine, OS News, Privacy
    [Show full text]
  • ISEDJ) 9 (4) September 2011
    Volume 9, No. 4 September 2011 ISSN: 1545-679X Information Systems Education Journal Research Articles: 4 Creating and Using a Computer Networking and Systems Administration Laboratory Built Under Relaxed Financial Constraints Michael P. Conlon, Slippery Rock University Paul Mullins, Slippery Rock University 11 Teach or No Teach: Is Large System Education Resurging Aditya Sharma, North Carolina Central University Marianne C. Murphy, North Carolina Central University 20 Assessing Blackboard: Improving Online Instructional Delivery Adnan A. Chawdhry, California University of PA Karen Paullet, American Public University System Daniel Benjamin, American Public University System 27 Towards an Innovative Web-based Lab Delivery System for a Management Information Systems Course Delivery Eric Breimer, Siena College Jami Colter, Siena College Robert Yoder, Siena College 37 Computer Ethics: A Slow Fade from Black and White to Shades of Gray Theresa A. Kraft, University of Michigan – Flint Judith Carlisle, University of Michigan – Flint 55 Exploring the Connection between Age and Strategies for Learning New Technology Related Gabriele Meiselwitz, Towson University Suranjan Chakraborty, Towson University 63 Selecting a Good Conference Location Based on Participants’ Interest Muhammed Miah, Southern University at New Orleans 73 Additional Support for the Information Systems Analyst Exam as a Valid Program Assessment Tool Donald A. Carpenter, Colorado Mesa University Johnny Snyder, Colorado Mesa University Gayla Jo Slauson, Colorado Mesa University Morgan K. Bridge, Colorado Mesa University Teaching Case: 80 Solving Relational Database Problems with ORDBMS in an Advanced Database Course Ming Wang, California State University Information Systems Education Journal (ISEDJ) 9 (4) September 2011 The Information Systems Education Journal (ISEDJ) is a double-blind peer-reviewed academic journal published by EDSIG, the Education Special Interest Group of AITP, the Association of Information Technology Professionals (Chicago, Illinois).
    [Show full text]
  • Onion Privacy and Anonymous Browser Apk
    Onion privacy and anonymous browser apk Continue The onion browser has been designed to protect your privacy and to quickly browse the internet in a safe and anonymous way. The onion browser was designed to protect your privacy while browsing the web. Onion Browser automatically blocks a wide range of online trackers, and it's very easy to erase your history, passwords and cookies, so you don't get followed by things like unwanted ads. Browsing on the Internet is faster and more anonymous. The onion browser can be used with an orbot or Tor connection for more security and greater protection. To visit .onion sites, you must use a browser with an orbot or Tor connection. Your privacy is important to us and we want to protect it even when you surf the web. Use the Onion browser, faster, more secure and anonymous.An anonymous private browser for Android assigns users an anonymous encrypted IP address that makes them virtually untraceable and enhances overall user privacy and security. All traffic in the app is routed through a user network anynomized, allowing users to safely browse the Internet/Deep Web without disclosing their virtual identity. An anonymous private browser prevents tracking, registering users' actions and collecting statistics. Extended ad-blocking support and anti-monitoring also protects and restricts data leakage and user profiling. It aims to be the safest browser for Android by automatically clearing cookies, stories, encrypting all data in/out, and assigning you a new encrypted IP address that cannot be tracked back to your phone, provider or operator.
    [Show full text]