1、1,“The poorest man may in his cottage bid defiance to all the force of the crown.”- William Pitt, Prime-minister of Great Britain, 1783 1801 and 1804- till his death in 1806,2,From “Fear and Freedom on the Internet “ -Peter Singer, Professor of Bio-ethics, Princeton University,“Theres really no way
2、to repress information today, and I think thats a wonderful advance we can all feel good about. This is a medium of total openness and total freedom, and thats what makes it so special.” - Bill Gates, October 2005Two newsitems of Jan 2006: At the request of Chinas rulers, Microsoft shut down the web
3、site of Zhao Jing , a Chinese blogger, who had been reporting on a strike by journalists at The Beijing News that followed the dismissal of the newspapers independent-minded editor The blog was hosted on MSN Spaces in USA. Microsofts blog tool in China filters words like “democracy” and “human right
4、s” from blog titles, to comply with local laws.,3,Todays news,Wednesday, Jan 25, 2006Google officially launched a new site that plans to filter out or block links to material likely to be considered politically sensitive by Chinas ruling Communist Party.,4,INTERNET PRIVACY: a DEFINITION,The ability
5、 to control what information one reveals about oneself over the Internet, and to control who can access that information. Experts in the field of Internet privacy: Internet privacy does not really exist. Privacy advocates believe that it should exist. Reference: http:/en.wikipedia.org/wiki/Internet_
6、privacy as of September 18, 2007,5,PRIVACY,Right to a sense of personal autonomy Right to have information about oneself used fairlyensuring that organizations act fairly in the way they (i) collect (ii) store (iii) use and (iv) disclose ones personal information Right to be left alone Right to deci
7、de what part of ones personal information is to be shared with (i) doctor (ii) employer (iii) banker (iv) neighbor (v) friend or (vi) stranger,6,Who cares?,2004:US government: introduced free do not call service: 28 million phone numbers registered within a month 2001 Survey in Australia: 90% Austra
8、lians consider it important how their personal information is used by organizations and to whom it is disclosed.,7,Costs of Privacy,Privacy of data its non-availability at some time, when required Attempts to retain privacy inconvenience or forgoing certain benefits,8,Privacy protection,To shield in
9、nocent persons from an overzealous governmentProfiling can lead to a misinterpretation of accurate information To permit every one to preserve her/his dignity and autonomyTo not let governments and big corporations to have and to exercise undue power over individuals,9,Privacy protection and Public
10、Interest,To support freedom of expression, freedom of speech and freedom of association. Anonymity fosters creativity. Permits individuals to make a fresh start and become useful members of society. Privacy protection is integral to trust. Trust is the cornerstone of a strong relationship.,10,How to
11、 protect?,Records should be kept for no longer than necessary. Records , if inaccurate, must be deleted or corrected.Sometimes not possible to delete: Example: Health records wrongly state that you have diabetes. Accordingly some wrong treatment was started. If the record is deleted, the reason why
12、the wrong treatment was given will also go and the medication history will not make sense. Be proactive in defense of privacy. The default barriers of time, distance and cost, against publication and retention of your private information, have vanished. PROBLEMS: Right to research vs autonomy; Right
13、 to forget vs. Right to know,11,Risks,Stealing information through Cookies (Example: Cross-site scripting ) Browsing profile Weak spot: ISP Spyware, Phishing, malicious proxy servers Web-bug: techniques used to track who is reading a web page or e-mail, when, and from what computer. They can also be
14、 used to see if an e-mail was forwarded to someone else.,12,The Google age,“We are becoming a transparent society of record such that documentation of our past history, current identity, location, communication and physiological and psychological states and behavior is increasingly possible. With pr
15、edictive profiles and DNA there are even claims to be able to know individual futures”. Gary Marx, “Privacy and Technology”, Telektronik, January 1996.,13,Health Information Acts stress PRIVACY,Apply to hospitals, doctors, laboratories, insurance companies, employers etc Allow individuals to be info
16、rmed about their health care Provide both privacy and legitimate access to health information,14,Facts and needs,Personal information: available in tens of data-bases under the control of different organizations. Onus on the person to correct his information, when he does not even know about all the
17、 places, where his information is. Ownership? vs Control? Needs: PRIVACY, CORRECTNESS OF INFORMATION, AVAILABILITY WHEREVER REQUIRED,15,Proposed Systems,IBM: a third party to maintain and release information by following certain rules Information to be maintained by the owner,16,Ownership of data,Ow
18、nership may not mean Write-access Ex: Government-owned information: social security number, passport ( A government can revoke a passport); Financial information: Annual Tax returns, bank balances Read- accessEx: Reports by: physicians, laboratories Reference: for the next set of slides: Carrie Gate
19、s, Jacob Slonim ,“ Owner-Controlled Information,” http:/flame.cs.dal.ca/gates/papers/nspw03.ps.,17,Ownership of data .continued,Ownership means Permitting others to access part of the information Role-based access control, augmented by location (say in a hospital, when both the owner and the doctor
20、are in the same room) Deciding about individuals, who can access it in case of disability Deciding about overarching access in case of an emergency/ in case of deathSocietal Needs to access For medical research For identifying concerned individuals Example: spread of SARS,18,Escrowed Encryption Stan
21、dard (EES),EES: uses key escrow method of enabling eavesdropping by authorized government agencies, under a court order. (FIPS 185) escrow: a deed, a bond, money, or a piece of property held in trust by a third party to be turned over to the grantee (in this case- a Law Enforcement Agency) only upon
22、 fulfillment of a condition Reference: Merriam-Websters Online Dictionary,19,SKIPJACK,encryption/decryption algorithm used by EES can be incorporated into voice, facsimile (fax), and computer data devices Has a Law-Enforcement Access Field (LEAF), and two LEAF decryption keys Clipper: the chip desig
23、ned through US Dept of Commerce grants in 1994 Reference:http:/ as of September 18, 2007,20,Escrowed Encryption,Research in Escrowed encryption standard abandoned after 1994 Ref.: http:/csrc.nist.gov/publications/fips/fips185/fips185.txt Partial key Escrow that obey the secret sharing property (that
24、 any k pieces of the key can reconstruct the key, but that no t pieces provide information about the key, where t k) Ref.: http:/www.cse.ucsd.edu/users/mihir/papers/escrow.html,21,Physical Ownership,Need for an individual to carry information with him: Ownership and control Distributed and incomplet
25、e information: likely to be non-synchronized and erroneous May not be available, when required Can allow access to appropriate parts of information to various entities under specified conditions Misused in spite of assurancesEx: census information supposed to be retained for 99 years only for resear
26、ch; after 9/11, the president made it available to law-enforcement agencies,22,Problems of Physical Ownership,Theft of identity Loss and recreation of information Requirement of Temper-proof hardware and protected storage areas To encash a cheque, without a cenralized data? How to ensure that the au
27、thorized user has not made a copy of the data released to him? Provision for expiry of data (like passport, health card, driving license Secure back-ups A friendly User interface and granularity of information,23,Trust,No one is a super-user? Non-repudiated Audit Trail Alerts, in case unauthorized c
28、hange has been done. Ex: A bank may sign the information, when it writes into the personal device. inserts a hash in the database. Next time when the device is presented to the Bank, it verifies the hash before starting the transaction. IDS to detect if someone tries to copy the data.,24,Existing se
29、rvices,1. Microsoft Passport service: a single sign-on service may contain e-wallet containing billing and shipping information (e-Wallet: safely stores name, address, credit-card numbers, password and any other information needed for purchase from e-commerce sites )References: 1. https:/ 2. http:/w
30、ww.projectliberty.org/,25,Existing services . continued,MS wanted to extend Passport to XML based Hailstorm to contain calendars, phone books, address books, documents, using passport authentication mechanism. However the project was abandoned in the face of criticism. 2. Liberty Alliance of 150 com
31、panies for a federated identity infrastructure: Links databases maintained at a number of organizations rather than at a single (set of ) servers,26,Existing services . Continued 2,3. Persona Project at Oregon State University single sign-on, consumer-centered identity model, that is distributed acr
32、oss multiple systems holds a users personal information, including identity, passwords, preferences and e-wallet information can be accessed via desktops, personal digital assistants (PDAs), cell phones, and even from cybercafes.,27,The Persona project,The persona is “an active software agent that e
33、ncapsulates private and personal data and performs a range of authentication and personalization services on behalf of its owner.“The basic premise: The user: authenticates himself to his persona. The persona: acts on behalf of the user to supply on-line information such as billing information or pe
34、rsonal schedules. Access to this information: moderated by the access control rules employed by the user (e.g. so that only a limited number of companies can access credit card information, for example). Ref.: http:/www.cs.pdx.edu/ktoth/index_files/ RHASPersonaPaperTothSubramaniumV6.pdf,28,Issues,CE
35、NTRAL VS FEDERATED VS PERSONALLY CARRIED INFORMATION IN SMART CARDS/FLASH KEYS ETC Authentication of the owner through biometric information Authentication of every one allowed to have a read or write accessReferences: 1. Electronic Privacy Information Center (EPIC) http:/www.epic.org/privacy/consum
36、er/microsoft/passport.html 2 M.Fairhurst, R.Guest, F. Deravi and J. George,” Using Biometrics as an enabling technology in balancing universality and selectivity for management of information access,” Universal Access: Theoretical Perspectives, Practice and Experience: 7th ERCIM International Worksh
37、op on User Interface for All, Paris France Oct 24-25, 2002, Springer-Verlag Lecture Notes in CS 2615, pp 249-259,29,Implementation of Privacy Policies,Implementation requires a careful study of the Vulnerabilities and Requirements of the Organization; formulation of appropriate Security and Privacy
38、policies; development of the Architecture of the Security system; selection of Security Technologies; verification whether the design of the system conforms to the statutory requirements and standards.,30,Assignment I,Use Ataraxis; Topic: Internet Privacy References: ACM Digital Library, IEEE Explor
39、er and Lecture Notes in Computer Science series at Leddy Library Electronic offerings Researchers: Sweeney L., Malin B., Clifton C., Vaidya J. Computers Freedom and Privacy Conference (http:/www.cfp.org/) Anonymity project (http:/idtrail.org/) Electronics Privacy Information Center (http:/www.epic.org/) http:/www.privacy.org/, http:/www.privacyinternational.org/ Studies on Privacy Vulnerabilities by John Hopkins Information Security Institute (http:/web.jhu.edu/jhuisi/),
