Privacy Concerns

Policy Discussion of
INF 308K Internet Applications

11/13/2009 1
Outline
 Definitions & Contexts
 Ways in which Personal Information
Gets Revealed (Consent, Controversy,
& Violation)
 Solutions to Protect Online Privacy
 Discussion

11/13/2009 2
Definitions & Contexts

11/13/2009 3
What Is Privacy?
 Privacy
-- the ability of an individual or group to
seclude themselves or information
about themselves and thereby reveal
themselves selectively.
-- a personal, subjective condition. One
person cannot decide for another what
his or her sense of privacy should be.

11/13/2009 4
How our privacy is affected?

Unsolicited Activities

Done Crime
Online
Cybercrim
e

Where your interests

MIGHT be compromised via the
Internet
Where your interests
ARE immediately violated via the Internet
11/13/2009 5
Online Privacy
 The ability to control what information
one reveals about oneself over the
Internet, and to control who can
access that information.

11/13/2009 6
How people are concerned?

Concerns in dispute

Internet Privacy Internet Security

Where ordinary users are most concerned

11/13/2009 7
How they look at privacy?
“Privacy is the
future. Get used
to it.”
-- Marc Rotenberg, Director,
Electronic Privacy Information
Centre - EPIC) (Fortune,
2001).

“You have zero

privacy anyway.
Get over it.”
-- Scott McNealy, CEO, Sun
Microsystems, 1999

11/13/2009 8
How they look at privacy?
"you have to realize
that we're people
and we just need
privacy and we
need our respect
and these are just
things you have to
have as a human
being."

-- Britney Spears
June15, 2006
NBC Dateline
11/13/2009 9
Sensitivity of Information
(shared in online social networks)

Sensitive information is information or knowledge that might result in

loss of an advantage or level of security if revealed (disclosed) to others who
might have low or unknown trustability and/or indeterminable or hostile intentions.
Loss, misuse, modification or unauthorized access to sensitive
information can adversely affect the privacy of an individual.
11/13/2009 10
How Your Personal
Information Gets
Revealed

11/13/2009 11
By ISP
 Internet Service Providers (ISP)
always know your IP address and the
IP address to which you are
communicating.
 ISPs are capable of observing.
unencrypted data passing between
you and the Internet, but not properly-
encrypted data.
 They are usually prevented to do so
due to social pressure and law.
11/13/2009 12
By Email
Emails
 May be inappropriately spread by the
original receiver
 May be intercepted
 May be legally viewed or disclosed by
services providers or authorities.

11/13/2009 13
By Listserves & discussion
groups
 There is no barrier for unsolicited
messages or Emails within a mailing
list or online discussion group.
 Any member of the list or group could
collect and distribute your Email
address and information you post.

11/13/2009 14
By Internet Browsers
 Most web browsers can save some
forms of personal data, such as
browsing history, cookies, web form
entries and password.
 You may accidentally reveal such
information when using a browser on
a public computer or someone’s.

11/13/2009 15
What cookie are?
 Cookies are data packets sent by a server
to a web client and then sent back
unchanged by the client each time it
accesses that server.
 Cookies are used for authenticating,
session tracking and maintaining specific
information about users, such as site
preferences or the contents of their
electronic shopping carts.
 Cookies are only data, not programs nor
viruses
11/13/2009 16
Why some people dislike cookies?
 Cookies can be hijacked and modified
by attackers.
 Cookies can be used to track
browsing behavior so some think they
are tagged.

11/13/2009 17
A Sample of Cookie

•If you type JavaScript:alert(document.cookie) into the address bar,

when logged onto a site, it is possible to see the cookies which have
been set from that domain.
11/13/2009 18
By Search Engine
 Search engines have and use the
ability to track each one of your
searches (e.g. ,IP address, search
terms, time)

11/13/2009 19
What search engines did?
“August, 7, 2006, AOL apologized for releasing search log
data on subscribers that had been intended for use with the
company's newly launched research site. Almost 2 weeks
before that, AOL had quietly released roughly 20 million
search records from 658,000 users on their new AOL
Research site. The data includes a number assigned to the
anonymous user, the search term, the date and time of the
search, and the website visited as a result of the search.”

“In January 2006 the U.S. Department of Justice issued a

subpoena asking popular search engines to provide a
"random sampling" of 1 million IP addresses that used the
search engine, and a random sampling of 1 million search
queries submitted over a one-week period. The government
wanted the information to defend a child pornography
law. Microsoft, Yahoo, and AOL reportedly complied withthe
request, while Google fought the subpoena.”

11/13/2009 20
Privacy Policy Sample
Clauses
 Yahoo: “Yahoo! collects personal information when you register
with Yahoo!, when you use Yahoo! products or services, when
you visit Yahoo! pages or the pages of certain Yahoo! partners,
and when you enter promotions or sweepstakes. Yahoo! may
combine information about you that we have with information we
obtain from business partners or other companies.”

 Google: “Log information – When you access Google services,

our servers automatically record information that your browser
sends whenever you visit a website. These server logs may
include information such as your web request, Internet Protocol
address, browser type, browser language, the date and time of
your request and one or more cookies that may uniquely identify
your browser. Also, in order to protect you from fraud, phishing,
and other misconduct, we may collect information about your
interaction with our services. Any such information we collect will
only be used to detect and prevent fraud or other misconduct.”

11/13/2009 21
By indirect Marketing
 Web bugs: a graphic (in a Web site
or a graphic-enabled email) that can
confirm when the message or Web
page is viewed and record the IP
address of the viewer.
 Third party cookies: a web page may
contain images or other components
stored on servers in other domains.
Cookies that are set during retrieval of
these components are called third-
party cookies.
11/13/2009 22
By Direct Marketing
 Direct marketing is a sales pitch
targeted to a person based on
previous consumer choices. It is
ubiquitous these days.
 Many companies also sell or share
your information to others. This
Sharing with other businesses can be
done rapidly and cheaply.

11/13/2009 23
By Instant Messaging
 Your IM conversation can be saved
onto a computer even if only one
person agrees.
 Workplace IM can be monitored by
your employer.
 Spim: Spam distributed in IM.

11/13/2009 24
By Social Networks, Blog &
Personal Websites
 Employers and school officials are
increasingly sensitive to the messages
you convey in social networks.

11/13/2009 25
Too many cases to list
 “An October 2007 survey of employers found
that 44% use social networking sites to obtain
information about job applicants. And 39%
have searched such sites for information
about current employees.”

 “In 2005 a Pennsylvania high school student

was suspended for 10 days and transferred
into an alternative education program after
making an unflattering MySpace profile for
his principal. The ACLU is currently
representing the student in a lawsuit against
the school district.”
11/13/2009 26
Want to a hacker?

11/13/2009 27
By Official Use
 Court records When you file a lawsuit
for divorce or are a party to a civil
lawsuit or criminal case, court records,
are accessible to the public.
 Government The government may
want your personal information for law
enforcement purposes as well as for
foreign intelligence
investigations. Various laws govern
these procedures.
11/13/2009 28
 According to a New York Times article (published February 4, 2006)

 AOL receives more than 1,000

subpoenas each month seeking
information about AOL users. Most of
these subpoenas come from law
enforcement and generally ask for the
user’s name, address, records of
when the individual signed on and off
of the Internet, and the IP address.

11/13/2009 29
By Employers
According to the 2005 Electronic Monitoring & Surveillance Survey
from the American Management Association and The ePolicy
Institute

 76% of employers monitor employees'

Web site connections;
 65% use technology to block
connections to banned Web sites;
 55% monitor e-mail.

11/13/2009 30
By Cybercrime
 Spyware takes advantage of security
holes by attacking the browser and
forcing it to be downloaded and installed
and gather your information without your
knowledge.
 Phishing occurs when criminal lure the
victim into providing financial data.
 Pharming occurs when criminals plant
programs in the victim’s computer which
re-direct the victim from legitimate Web
sites to scam look-alike sites.
11/13/2009 31
Solutions to Protect
Online Privacy

11/13/2009 32
Cookie Controls

11/13/2009 33
Other Technical Resorts
 Anti-virus software
 Firewalls & Proxies
 Encryption tools
 Anonymizer

11/13/2009 34
The Platform for Privacy Preferenc
(P3P)
 developed by the World Wide Web
Consortium (W3C), is a protocol
allowing websites to declare their
intended use of information they
collect about browsing users and allow
users to configure their browsers or
other software tools in such a way that
they are notified whether web site
privacy policies match their pre-set
preferences.
11/13/2009 35
Legal Authorities
 The Supreme Court has taken a hands-
off approach to regulating the Internet in
favor of free speech.
 The federal government is increasingly
interested in regulating the Internet, for
example through child pornography and
gambling laws.
 The White House appears to welcome
the lack of restriction on data sharing
and surveillance.

11/13/2009 36
The Only Two Absolute
Choices
 Insulate yourself from the Internet

•Raise awareness of privacy

•learn to safeguard your
privacy with a minimum
sacrifice of convenience

11/13/2009 37
Discussion
 How do you draw the line on online Privacy?
 Have you had or heard any bad experience
in which one’s privacy was invaded over the
internet? You might want to put forth such a
real-life example to alert us.
 What do you think of P3P? Any suggestions
on how to improve it?
 Any conceptual solutions to the general
public’s anxiety over online privacy invasion?

11/13/2009 38