Transcript Ch2 Privacy - University of Southern Mississippi

Ch2 Privacy
8/26/01
Miller CSC309
1
Aspects of Privacy
Freedom from intrusion.
Control of information about ones self.
Freedom from surveillance.
8/26/01
Miller CSC309
2
"Who's Spying on You?"
Popular Mechanics (01/05) Vol. 182, No. 1, P. 56; Cooper, Simon
“New technologies that enhance safety and convenience
for users are costing them their privacy. Critics are
concerned that this trend might lead to a society where
people's job opportunities and other aspects of their
livelihood could be determined by massive repositories
of data collected by monitoring systems.”
Federally mandated (GPS)-enabling cell phones
“turns the phones into tracking devices”.
1/14/09
Miller CSC309
3
"Who's Spying on You?"
Popular Mechanics (01/05) Vol. 182, No. 1, P. 56; Cooper, Simon
The National Transportation Safety Board's desire to
install event data recorders (EDRs) in all new vehicles
has sparked fears among privacy proponents that
lawyers could use EDR data as evidence in civil suits,
while insurance companies could use them to justify
premium hikes or cancellations. Private "data
aggregators" keep files on most Americans in vast
databases, and the federal government appears to be
these aggregators' biggest client.
1/14/09
Miller CSC309
4
“Small Print”
From the Prof’s user manual on his 2006 van:
“Some information is stored during normal operation.”
In a crash event the data recorded might include engine
speed, break application, throttle position, vehicle
speed, safety belt usage, airbag readiness, airbag
performance, and the severity of the crash.
Information concerning a crash will not be shared with
others except if it is “in response to an official request
of police or similar government office, required by law,
or as part of GM’s defense.”
2/1/09
Miller CSC309
5
Radio-frequency identification
An RFID tag is an object that can be applied
to or incorporated into a product, animal, or
person for the purpose of identification and
tracking using radio waves. Some tags can be
read from several meters away and beyond
the line of sight of the reader.
Chipless technology now allows for tags to be
printed directly on products. Wikipedia
10/23/08
Miller CSC309
6
Radio-frequency identification
So in the brave new future you walk into
Walmart (currently using RFID technology)
where you are greeted by a robot that calls
you by name (because it can read your ID
from either your verichip or the credit cards
in your wallet) and informs you that the
underwear you have on needs replacing
(RFID tag again) and offers directions to that
section of the store.
10/23/08
Miller CSC309
7
Skype
Established in 2003, this Luxenborg based
company, provides free computer to
computer “telephone service” and makes
its money by charging for computer to
landline or cell phone links around the
world. Skype is available in 28 languages
and is used in almost every country.
10/23/08
Miller CSC309
8
Skype
Researchers have discovered a Chinese Gov.
surveillance operation (estimated 30,000
employees) that is monitoring voice and text
messages looking for offensive words. The
Chinese servers retain personal information
about the users who send such messages, and
record chat conversations between local and
Skype users from outside China. The system
also recorded text messages and Skype caller
identification. (Surveillance of Skype Messages Found in China
New York Times (10/02/08) P. C1; Markoff, John)
10/23/08
Miller CSC309
9
Privacy Issues for Both the
Private and Public Sectors
What methods are used to gather data?
How is the data stored?
How is the data secured?
How is the data validated?
Who has access to the data?
How is the data analyzed?
How is information distributed?
How is the data used?
10/1/08
Miller CSC309
10
Privacy Balancing Act (Alan Westin)
(1) Safeguarding personal and group privacy,
in order to protect individuality and freedom
against unjustified intrusions by authorities.
(2) Collecting relevant personal information
essential for rational decision-making in social,
commercial, and government life; and
(3) Conducting the constitutionally limited
government surveillance of people and activities
necessary to protect public order and safety.
8/26/01
Miller CSC309
11
Privacy and the Constitution
While the U.S. Constitution does not explicitly
use the word "privacy," several of its provisions
protect different aspects of this fundamental
right. The strongest protections arise from
the Fourth Amendment, which safeguards
individuals in their persons, homes, papers,
and effects, from unreasonable searches and
seizures.
8/26/01
Miller CSC309
12
Privacy and the Constitution
The First Amendment's freedom of expression
and association clause, protects information
about those with whom we associate (e.g.,
political groups and social organizations), and
offers protections for the materials that we
create, read, view, etc., in the privacy of our
homes.
8/26/01
Miller CSC309
13
Privacy and the Constitution
The Fifth Amendment's privilege against
self-incrimination, protects the autonomy
of our bodies, thoughts and beliefs.
8/26/01
Miller CSC309
14
Code of Fair Information Practices
(Gov Advisory Cmt 1973)
There should be no systems whose existence is
secret.
There should be a way for a person to find out
what data about him or her are in the system
and how they are used.
Information obtained for one purpose should
not be used for another purpose without the
person's consent.
8/26/01
Miller CSC309
15
Code of Fair Information Practices
(Gov Advisory Cmt 1973)
There should be a way for a person to correct
errors in his or her files.
Any organization creating, maintaining, using,
or distributing personal data is responsible for
the reliability and security of the data.
8/26/01
Miller CSC309
16
Code of Fair Information Practices
(Gov Advisory Cmt 1973)
This set of five principles has formed the basis
of privacy-related laws in the US.
They have been put as part of national data
protection laws in many industrial countries
with the US being a major exception.
They influenced the 1974 Privacy Act
1/27/03
Miller CSC309
17
Auto Tags
In Detroit reporters were able to trace the
various factions of a major crime family by
recording auto license plates of autos parked
around the home of a reputed mobster.
Motor vehicle data sells for about $5 per name.
On the web you can find folks that will look up
tags for you.
8/26/01
Miller CSC309
18
Auto Tags
According to the the US Bureau of Transit
Statistics for 2006 there were 250,851,833
registered passenger vehicles in the US and
over 200 million licensed drivers.
There is information on where you live, what
you drive, your height, weight, any physical
handicaps, birth date, etc. We now have the
ability (not my idea) to write an article on the
ten heaviest women in the state.
1/22/09
Miller CSC309
19
Motor Vehicle Data
It would be nice if we could say the data we
give about ourselves in order to get a drivers
license can be used only for making that
decision but States are currently passing
laws that make that impossible.
Wisconsin: a drivers license can be
suspended for failure to pay a fine (such as a
library fine).
Kentucky: A student can lose a license if
he/she cuts class or fails classes.
6/29/02
Miller CSC309
20
Deadbeat Parents
More than 300,000 parents in 42 states have
lost their drivers license because of late
child support payments.
In Maine it can cost you a chance at a license
to shoot a moose.
Every state has some type of license
suspension program.
In at least 26 states deadbeat parents have
lost professional licenses (beauticians in MS).
6/29/02
Miller CSC309
21
Auto Tags
In Los Angeles, a man spotted an actress driving
her car, hired a private investigator to look the
plate number up in a data base which then gave
him a home address. He then shot and killed her
when she opened her front door.
The death to actress Rebecca Schaeffer by a
stalker led to the passage of the Driver’s Privacy
Protection Act of 1994. Drivers were given the
right to “Opt-out”of having their personal data
sold.
2/13/02
Miller CSC309
22
: DMV Info at Stake in
Senate Legislation
25 June 1999
A transportation-funding bill in the Senate
contains a provision that state motor vehicle
agencies may not sell their drivers license databases. Direct marketing firms are lobbying hard
against the bill, while the ACLU and privacy
advocates are offering their support.
http://www.wired.com/news/print_version/politics/story/20435.html? wnpg=all
8/26/01
Miller CSC309
23
Supreme Court Rules in
Favor of Drivers' Data
-- 13 January 2000
In a unanimous decision, the Supreme Court
upheld the constitutionality of the 1994
Driver's Privacy Protection Act (DPPA),
which restricts states from selling drivers
license data without the drivers' consent.
http://www.gcn.com/breaking-news/000113124350.html
8/26/01
Miller CSC309
24
The Rest of the Story
The reason the Supreme court was reviewing
the law was because South Carolina was making
good money selling drivers license data and
photographs without consent of the drivers and
the 1999 modifications (Oct 1999) to the Driver’s
Privacy Protection Act of 1994 was changing an
opt-out option to one where specific permission
(opt-in) had to be given before data could be
sold. The Oct 1999 change had a problem in that
when it eliminated the sale of information for
marketing it also eliminated the sale of
information to investigators for specified lawful
purposes. This was corrected.
6/4/02
Miller CSC309
25
IRS
Has scanned vehicle registrations for people
who own expensive boats or cars.
Examined (1993) cash transactions on two
million taxpayers.
Clearly has the data on everyone who has
reported contributions to charitable
organizations that have been alleged to
support terrorism.
12/25/01
Miller CSC309
26
Government Files
In 1982 it was estimated there were
approximately 2000 federal databases
containing 3.5 billion personnel files.
Used to detect fraud and to recover bad debts.
Serious threat to personal privacy.
What about government access to bank records?
8/26/01
Miller CSC309
27
Data Base Privacy
In the 1990’s health insurance company for
Commonwealth of Massachusetts released
data for research that was stripped of individual
identifiers but kept date of birth, gender, and
ZIP code in the records.
That is enough information to uniquely identify
TWO-THIRDS of the population.
Greengard, “Privacy Matters” CACM, 09/08, Vol. 51, no 9, p17-18.
9/21/08
Miller CSC309
28
Survey Privacy USM
Faculty asked to give an anonymous evaluation
of the administration. For statistical studies
they were asked to provide information on their
gender, the college they were members of, the
number of years in college teaching, and the
number of years at they had worked at USM.
Anonymous?
How do you respond?
9/21/08
Miller CSC309
29
Matching/profiling
Computer Matching means combining and
comparing information from different
databases. (Usually using SS#s to extract
information on an individual from various
sources.)
Computer Profiling means using data in
computer files to determine characteristics
of people most likely to engage in certain
behavior.
8/26/01
Miller CSC309
30
Profiling 1/28/09
In an investigative report on ABC’s Good
Morning America, It was reported that
at least American Express was monitoring
where you shop to determine your credit
limits. The argument being that people who
shop at certain locations have a lower instance
of staying current, so, if you do, your more of
a risk. Lower limit yields higher balance/limit
ratio yields higher rate. Don’t use card to pay
marriage
counselor.
1/29/09
Miller CSC309
31
Linkage Attack
A linkage attack is one in which information
from a database is used to compromise
privacy in a different database.
8/26/01
Miller CSC309
32
Netflix Linkage Attack
Netflix published dataset: More than
100,000,000 ratings, from 480,000 randomlychosen anonymous customers on 18,000
movie titles. Privacy was protected by
removing all personal information and by
then replacing customer IDs with randomlyassigned IDs. Each movie rating contained
the date of the rating and the title and
year of release of the movie.
10/7/08
Miller CSC309
33
Netflix Linkage Attack
Researchers from Univ of Texas Austin
were able to identify individuals in the
Netflix data base by using public reviews
published in the Internet Movie Database.
Eight ratings with dates provided enough
information for the identifications to
have 99% accuracy.
10/7/08
Miller CSC309
34
On being a Professional
The Netflix breach of privacy was probably
a surprise because it did look like they had
taken reasonable precaution.
The latest advance, (2006) “differential
privacy” introduces random noise and
assures that the database behaves the same
independent of any individual or small
group being either included or excluded.
10/7/08
Miller CSC309
35
Selective Service
Bought the birthday list from a major ice
cream parlor chain to find 18 year olds who
had not registered.
No Selective Service registration, no student
aid.
12/25/01
Miller CSC309
36
FBI(2000)
National Crime Information Center (NCIC).
Criminal histories on 17 million people.
24 million records on wanted felons, missing
property, etc.
Can legally obtain credit reports without a
court order.
Database links to other databases being
expanded.
8/26/01
Miller CSC309
37
Issues
What about Fourth Amendment protection
against "unreasonable search and seizure"?
Requires "probable cause" for search and
seizure.
We can now find a suspect and look for a
crime.
Problem with starting with a presumption
of guilt.
8/26/01
Miller CSC309
38
Census Bureau
Mandated census every ten years.
Information collected is supposed to be
confidential.
Marketing information collected.
Information used to catch draft dodgers.
Race information gathering is more
complicated now because of changing attitudes
and the tie to government benefits.
12/25/01
Miller CSC309
39
SS Numbers
Extension of the Social Security Number to
the status of an ID card was rejected in 1971
by the Social Security Administration task
force on the SSN.
1991 report to congress
"60% based on unverified information"
Privacy and security experts recommend
that people not give their SS# without first
determining if it is legally required or that
there is a valid reason for requesting it.
12/24/01
Miller CSC309
40
Credit Bureaus
The Fair Credit Reporting Act of 1970 restricted
the distribution of information to only those who
needed it for legitimate business purposes.
In 1993, the Federal Trade Commission ruled that
the use of credit information to generate marketing
lists violates law and ordered TRW (now Experian)
and TransUnion to stop. Equifax the other major
credit reporting firm, had stopped the practice in
1991.
1/29/04
Miller CSC309
41
Annualcreditreport.com
In 2003 legislation was passed that required
that the credit reporting agencies provide,
upon request, a free credit report every
twelve months to every consumer. The goal
was to allow consumers a way to ensure
their credit information is correct and to
guard against identity theft. (Wikipedia)
It also allows the consumer to see how he
looks in an enquiry.
10/1/08
Miller CSC309
42
Annualcreditreport.com
The three major credit reporting agencies,
Equifax, Experian and TransUnion created
a joint venture company to oversee their
compliance with the legislation.
This action led to annualcreditreport.com.
A common strategy is to request a report
every 4 months. (Good idea)
Wikipedia
10/1/08
Miller CSC309
43
Annualcreditreport.com
Annualcreditreport.com is the only federally
mandated and authorized source for
obtaining a free credit report. Wikipedia
Note: You don’t find free if you make your
selection of reporting agencies on first
page of annualcreditreport.com
Your credit score will cost you $7.95 and
you will be given lots of chances to buy it.
10/1/08
Miller CSC309
44
Feds Drop Privacy Push
WASHINGTON (AP) -- Federal Trade Commission
chairman Timothy J. Muris is to announce Thursday
that his agency will not seek stronger consumer privacy
laws. His position is a reversal of Clinton-era policy
that said consumer privacy laws were needed to protect
personal data on the Internet.
The decision carries more weight after the September 11
terrorist attacks. Since then, many companies have been
sharing their consumer data with law enforcement
agencies and each other in an attempt to look for
suspicious coincidences.
10/15/01
Miller CSC309
45
National ID cards
National ID cards have long been advocated
as a means to enhance national security,
unmask potential terrorists, and guard
against illegal immigrants. Also proposed in
debates on gun control, national health care,
and Social Security reform. They are in use in
many countries around the world including
most European countries, Hong Kong,
Malaysia, Singapore and Thailand.
12/25/01
Miller CSC309
46
History of rejection for
National ID cards
1971 Social Security Administration task force.
1973 Health Education and Welfare advisory ctm.
1976 Federal advisory ctm. on False Identification.
1977 Carter Administration “no” on SSN use.
1981 Regan Administration “explicitly opposed”
Clinton Administration “opposed”*
1999 Congress repeals provision of Illegal
Immigration Reform and Immigrant
Responsibility Act of 1996.
9/11/01+ White House “not even considering.”
12/25/01
Miller CSC309
47
National ID card debate after
9/11/2001
Larry Ellison, chairman and CEO of Oracle
“We need a national ID card with our
photograph and thumbprint digitized and
imbedded in the ID card” and I’ll “provide
the software for this absolutely free.”
Bush Administration saying “not an option” but
some members of Congress clearly tempted.
12/25/01
Miller CSC309
48
What’s new in National ID card
proposals?
Technology options are more varied and more
sophisticated. In addition to the massive networked databases and the unbelievable
computing power which is available for
searching/matching we now have digital
fingerprinting, handprint scans, facial
recognition technologies, voice authentication
devices, and retinal scans. More on chip
implants later.
12/26/01
Miller CSC309
49
Fake ID cards
Any estimate of the number of teenagers that
have obtained “good enough” false ID to get
by the “age” police? How difficult would it be
with the support of a well financed terrorist
organization or country to get a quality false
ID? Does the estimated 750,000 cases of stolen
identity in 2001 give some feel for how easy
this might be?
12/25/01
Miller CSC309
50
The Dutch and ID cards
In 2003, all Dutch citizens with European
Union (EU) identification cards will have
unique biometric data stored in a chip. These
cards are travel documents for use within the
EU only. Passports will also get a chip, but a
date has yet to be set, Van Beers said. The
biometric information will not be centrally
stored in a database, only on the chip, he
stressed. The trials are conducted with
immigrants because they have to report to
the police regularly. http://www.epic.org/privacy/id_cards/
1/19/02
Miller CSC309
51
Could an ID card decrease
security?
It is not the card that security folks will be
relying on but on the integrity of the process
that produced the card. Cards can be forged,
or obtained improperly and any over reliance
on their validity will provide a false sense of
security that can result in major breaches
of security.
[We will make a similar argument concerning
the use of passwords and how they can provide
a false sense of security that leads to problems.]
12/26/01
Miller CSC309
52
Google (2/8/09)
An upgraded mapping system will enable people
to use mobile phones and other wireless devices
to share their location with “family and friends.”
About privacy concerns: Each user can easily
turn the tracking software on or off and can
limit access. Google promises to store only the
last position read on its computers.
2/8/09
Miller CSC309
53
Microsoft, Google, Yahoo (2/8/09)
A record is made of every search you do online
including the words and sites you search for,
and the time and date.
Records are kept:
Microsoft: 18 months
Google: 9 months
Yahoo: 3 months
2/8/09
Miller CSC309
54
America Online (AOL)
In 2006 AOL shared roughly 20 million
search records from 658,000 users on their
new AOL Research site. The data included
a number assigned to the anonymous user,
the search term, the date and time of the
search, and the website visited as a result
of the search. The data revealed possible
illegal drug use, murder, suicide, medical
information, names, addresses and social
security numbers. AOL closed the site.
2/8/09
Miller CSC309
55
The Government and Internet
Search Records
The AOL incident reported in the previous
slide occurred just months after the
government had requested requested all
the search result conducted over a one
week period from all the major search
engines including AOL, Yahoo, and
Google. Google was the only search
engine that did not give in to the request.
They took their case to court and
eventually won.
2/8/09
Miller CSC309
56
Protecting Privacy in the Future
Baker predicts the emergence of a market in
which "all kinds of companies are going to sell
us software that helps us keep control of our
data, furnish our data to those who will use it
responsibly, and keep it from those who won't.”
Numerati
10/27/08
Miller CSC309
57
History Snapshot (What does this have
to do with privacy?)
David Gelernter took a bachelor's
degree in religious studies and a
master's in Hebrew literature from
Yale. He went on to collect a PhD in
computer science from the State
University of New York at Stony Brook,
but joined Yale as faculty in 1982. He
made a name for himself by developing
a computer language named "Linda”.
2/7/09
Miller CSC309
58