Online Privacy Issues Overview
Download
Report
Transcript Online Privacy Issues Overview
Spam / Regulating Online Speech
Week 4 - February 1, 3
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
1
Research and Communication Skills
CMU Libraries
(http://www.library.cmu.edu)
Engineering and Science (a.k.a. E&S)
Location: 4th floor, Wean Hall
Subjects: Computer Science, Engineering, Mathematics,
Physics, Science, Technology
Hunt (CMU’s main library)
Location: its own building (possibly 2nd ugliest on campus
behind Wean), between Tepper and Baker
Subjects: Arts, Business, Humanities, Social Sciences
Software Engineering Institute (a.k.a. SEI)
Location: 4500 5th Avenue
Subjects: “Security, Software, Technology”
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
2
Research and Communication Skills
Coolest Thing in CMU Libraries
Posner Memorial Collection at Posner
Center
Rare books
Early prints of famous works
Original copy of the Bill of Rights – WOW!
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
3
Research and Communication Skills
START HERE: Cameo
Cameo is CMU’s online library catalog
Catalogs everything CMU has – books,
journals, periodicals, multimedia, etc.
Search Cameo online at
http://cameo.library.cmu.edu
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
4
Research and Communication Skills
If it’s not in Cameo, but you need it
today: Local Libraries
Carnegie Library of Pittsburgh
http://www.carnegielibrary.org/index.ht
ml
University of Pittsburgh Libraries
http://pittcat.pitt.edu/
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
5
Research and Communication Skills
If it’s not in Cameo, and you can wait:
ILLiad and E-ZBorrow
ILLiad and E-ZBorrow are catalogs of resources available
for Interlibrary Loan from other libraries nationwide
(ILLiad) and in Pennsylvania (E-ZBorrow)
Order items online (almost always free)
Wait for delivery – average 10 business days
Find links to ILLiad and E-ZBorrow online catalogs at
http://www.library.cmu.edu/Services/ILL/
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
6
Research and Communication Skills
Special needs: Other Useful
Databases
Links to these and many more databases available
at http://www.library.cmu.edu/Search/AZ.html
Lexis-Nexis
Massive catalog of legal sources – law journals, case law,
news stories, etc.
IEEE and ACM journal databases
IEEE Xplore and ACM Digital Library
INSPEC database
Huge database of scientific and technical papers
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
7
Research and Communication Skills
And of course…
Reference librarians are available at all
CMU libraries, and love to help people find
what they need – just ask!
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
8
Bill of Rights
First Amendment
Congress shall make no law respecting an
establishment of religion, or prohibiting the
free exercise thereof; or abridging the
freedom of speech, or of the press; or the
right of the people peaceably to assemble,
and to petition the government for a redress
of grievances.
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
9
The Internet can’t be censored
“The Net treats censorship as damage and
routes around it.”
- John Gillmore
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
10
Cartoon dogs are anonymous on the Internet
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
11
Real dogs are anonymous on the Internet too!
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
12
Actually, none of this is true
It is easy to adopt a pseudonym or a
persona on the Internet, but it is difficult
to be truly anonymous
Identities can usually be revealed with
cooperation of ISP, local sys-admins, web logs,
phone records, etc.
The Internet can put up a good fight
against censorship, but in the end there is
still a lot of Internet censorship
Repressive governments and intellectual
property lawyers have been pretty successful
at getting Internet content removed
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
13
Communications Decency Act
Title V of the Telecommunications Act of 1996
Prohibited Internet distribution of indecent or
patently offensive material to minors
Created restrictions for the Internet similar to
broadcast media
Introduced by Sen. James Exon (D-Nebraska)
Cited Marty Rimm study
Immediately challenged in court
Supreme Court struck down CDA in 1997 (Reno v.
American Civil Liberties Union)
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
14
Opposition to the CDA
Over-broad, vague, unenforceable
CDA includes “indecency standard”
Obscenity and child pornography are already illegal to distribute (child
pornography is also illegal to possess)
Obscenity - Miller test:
• Whether the average person, applying contemporary community standards,
would find that the work, taken as a whole, appeals to the prurient interest,
• Whether the work depicts/describes, in a patently offensive way, sexual
conduct specifically defined by applicable state law,
• Whether the work, taken as a whole, lacks serious literary, artistic,
political, or scientific value.
But indecency is defined in CDA as “any comment, request, suggestion,
proposal, image, or other communications, that, in context, depicts or
describes, in terms patently offensive as measured by contemporary
community standards, sexual or excretory activities or organs.”
• What community do we look at when regulating the Internet?
Internet should not be regulated like broadcast
Law would chill free speech
Internet filters are a better solution
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
15
Support for the CDA
Senator James Exon (D-Nebraska), sponsor
of Bill: Need to protect children from
online pornography
Laws that restrict selling porn to children
in other media should apply to the
Internet
Filters are not sufficient
Parents may not be able to figure out how to
use them
Children may access computers away from
home
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
16
Platform for Internet Content Selection (PICS)
Developed by the World Wide Web
Consortium
Specification for associating metadata
with Internet content
Supports self-labels and third-party labels
Supports the development of many rating
systems
Implemented in MS Internet Explorer and
other products
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
17
How technology tools work
Internet
content
Web
Usenet
Email
Chat
Gopher
FTP
Person or
tool classifies
content
For what age
group is it
appropriate?
Is it educational?
Tool takes
an action
Suggest
Search
Inform
Monitor
Warn
Block
Is it fun?
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
18
Who does the classification?
Third-party experts
Automated tools
Local administrators
Content providers
Survey or vote
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
19
Classification scheme
Good for kids
Characteristics of
content
Bad for kids
Age suitability
Who created content
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
20
Rating systems and vocabularies
Math
Science
English
Spelling
History
French
Spanish
Gym
Art
Music
Drama
A
B
B+
DC
AF
A+
BC
B
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
21
Descriptive versus subjective
Many
variables
Few
variables
complex
simple
Subjective
Descriptive
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
22
Can’t derive descriptive from subjective
Characters not well developed
Gratuitous sex and violence
?
Bad acting?
Boring plot?
Bad script?
Dull characters?
Unbelievable premise?
Unoriginal?
Too much violence?
Not enough violence?
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
23
Scope
Web sites
FTP, gopher, etc.
Chat
Instant messaging
Newsgroups
Email
Telnet
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
25
Actions
Suggest
Search
Inform
Monitor
Warn
Block
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
26
Suggest
Recommend appropriate content for children
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
27
Search
Select content that is appropriate for
children and matches a query
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
28
Inform
Provide information about the content
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
29
Warn
Provide information about content and
recommend against accessing that content
before it is displayed
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
30
Block
Prevent children from accessing content
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
31
Monitor
Record for later inspection a list of the
content accessed or attempted to be
accessed by a user
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
32
Mechanisms and interface
Location
Updates
Customizability
Other features
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
33
Where are the tools located?
Personal computer
Server
LAN or
local proxy
Remote proxy
Internet service
provider
Search engine
Web site
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
34
Updates
How are tools updated?
Manual updates required
Automatic updates
No updates required
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
35
Customizability
Action
Words and phrases
Allow and block list
elements
Time of day
Policies for each user
Categories of content
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
36
Other features
Time limits
Separate settings for each child
Protect parents’ files
Block individual words and pictures vs. full
page or whole site
Explanation of why blocked vs. silent
blocking
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
37
Discussion
Diversity of tools in the marketplace is
important
Need for increased transparency from
vendors about the criteria used to classify
content
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
38
CDA Sequels
Child Online Protection Act (COPA) - passed in
1998
Banned commercial distribution of material harmful
to minors
Struck down by Supreme Court in 2004
Children’s Internet Protection Act (CIPA) passed
in 1999
Requires schools and libraries that receive federal
funds for Internet access to filter out child
pornography, obscene materials, and materials
harmful to minors
Upheld by Supreme Court in 2003
Many state laws
Most have been declared unconstitutional
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
39
Anonymous censorship-resistant publishing
The printing press and the WWW can be
powerful revolutionary tools
Political dissent
Whistle blowing
Radical ideas
but those who seek to suppress revolutions have
powerful tools of their own
Stop publication
Destroy published materials
Prevent distribution
Intimidate or physically or financially harm author or
publisher
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
40
Anonymity increases censorship-resistance
Reduces ability to force “voluntary” selfcensorship
Allows some authors to have their work taken
more seriously
Reduces bias due to gender, race, ethnic background,
social position, etc.
Many historical examples of important
anonymous publications
In the Colonies during Revolutionary War when British
law prohibited writings suggesting overthrow of the
government
Federalist papers
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
41
Publius design goals
Censorship resistant
Tamper evident
Source anonymous
Updateable
Deniable
Fault tolerant
Persistent
Extensible
Freely Available
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
42
Publius Overview
Publishers
Servers
Retrievers
Publius Content – Static content (HTML, images, PDF, etc)
Publishers – Post Publius content
Servers – Host Publius content
Retrievers – Browse Publius content
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
43
Publishing a Publius document
Publishers
Servers
Generate secret key and use it to encrypt document
Use “secret splitting” to split key into n shares
This technique has special property that only k out of n shares are
needed to put the key back together
Publish encrypted document and 1 share on each of n servers
Generate special Publius URL that encodes the location of each
share and encrypted document – example:
http://!publius!/1e6adsg673h0==hgj7889340==345lsafdfg
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
44
Retrieving a Publius document
Publishers
Servers
Retrievers
Break apart URL to discover document locations
Retrieve encrypted document and share from k locations
Reassemble key from shares
Decrypt retrieved document
Check for tampering
View in web browser
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
45
Publius proxies
Publishers
Servers
P
R
O
X
Y
Retrievers
P
R
O
X
Y
Publius proxies running on a user’s local machine
or on the network handle all the publish and
retrieve operations
Proxies also allow publishers to delete and
update content
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
46
Threats and limitations
Attacks on server resources
100K Content Limit (easy to subvert)
Server limits # of files it will store
Possibility: use a payment scheme
Threats to publisher anonymity
“Rubber-Hose Cryptanalysis”
Added “don’t update” and don’t delete bit
Logging, network segment eavesdropping
Collaboration of servers to censor content
A feature?
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
47
Discussion
Technology that can protect “good”
speech also protects “bad” speech
What if your dog does publish your secrets
to the Internet and you can't do anything
about it?
Is building a censorship-resistant
publishing system irresponsible?
If a tree falls in a forest and nobody hears
it….
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
51
For further reading
Publius web site
http://cs.nyu.edu/waldman/publius.html
Publius chapter in Peer-to-Peer:
Harnessing the Power of
Disruptive Technologies edited
by Andy Oram
The Architecture of Robust Publishing
Systems. ACM Transactions on Internet
Technology 1(2):199-230
http://doi.acm.org/10.1145/502152.502154
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
52