Online Privacy Issues Overview

Download Report

Transcript Online Privacy Issues Overview

Spam / Regulating Online Speech
Week 4 - February 1, 3
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
1
Research and Communication Skills
CMU Libraries
(http://www.library.cmu.edu)
 Engineering and Science (a.k.a. E&S)
 Location: 4th floor, Wean Hall
 Subjects: Computer Science, Engineering, Mathematics,
Physics, Science, Technology
 Hunt (CMU’s main library)
 Location: its own building (possibly 2nd ugliest on campus
behind Wean), between Tepper and Baker
 Subjects: Arts, Business, Humanities, Social Sciences
 Software Engineering Institute (a.k.a. SEI)
 Location: 4500 5th Avenue
 Subjects: “Security, Software, Technology”
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
2
Research and Communication Skills
Coolest Thing in CMU Libraries
Posner Memorial Collection at Posner
Center
Rare books
Early prints of famous works
Original copy of the Bill of Rights – WOW!
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
3
Research and Communication Skills
START HERE: Cameo
Cameo is CMU’s online library catalog
Catalogs everything CMU has – books,
journals, periodicals, multimedia, etc.
Search Cameo online at
http://cameo.library.cmu.edu
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
4
Research and Communication Skills
If it’s not in Cameo, but you need it
today: Local Libraries
Carnegie Library of Pittsburgh
http://www.carnegielibrary.org/index.ht
ml
University of Pittsburgh Libraries
http://pittcat.pitt.edu/
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
5
Research and Communication Skills
If it’s not in Cameo, and you can wait:
ILLiad and E-ZBorrow
 ILLiad and E-ZBorrow are catalogs of resources available
for Interlibrary Loan from other libraries nationwide
(ILLiad) and in Pennsylvania (E-ZBorrow)
 Order items online (almost always free)
 Wait for delivery – average 10 business days
 Find links to ILLiad and E-ZBorrow online catalogs at
http://www.library.cmu.edu/Services/ILL/
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
6
Research and Communication Skills
Special needs: Other Useful
Databases
 Links to these and many more databases available
at http://www.library.cmu.edu/Search/AZ.html
 Lexis-Nexis
 Massive catalog of legal sources – law journals, case law,
news stories, etc.
 IEEE and ACM journal databases
 IEEE Xplore and ACM Digital Library
 INSPEC database
 Huge database of scientific and technical papers
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
7
Research and Communication Skills
And of course…
Reference librarians are available at all
CMU libraries, and love to help people find
what they need – just ask!
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
8
Bill of Rights
First Amendment
 Congress shall make no law respecting an
establishment of religion, or prohibiting the
free exercise thereof; or abridging the
freedom of speech, or of the press; or the
right of the people peaceably to assemble,
and to petition the government for a redress
of grievances.
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
9
The Internet can’t be censored
“The Net treats censorship as damage and
routes around it.”
- John Gillmore
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
10
Cartoon dogs are anonymous on the Internet
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
11
Real dogs are anonymous on the Internet too!
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
12
Actually, none of this is true
It is easy to adopt a pseudonym or a
persona on the Internet, but it is difficult
to be truly anonymous
Identities can usually be revealed with
cooperation of ISP, local sys-admins, web logs,
phone records, etc.
The Internet can put up a good fight
against censorship, but in the end there is
still a lot of Internet censorship
Repressive governments and intellectual
property lawyers have been pretty successful
at getting Internet content removed
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
13
Communications Decency Act
 Title V of the Telecommunications Act of 1996
 Prohibited Internet distribution of indecent or
patently offensive material to minors
 Created restrictions for the Internet similar to
broadcast media
 Introduced by Sen. James Exon (D-Nebraska)
Cited Marty Rimm study
 Immediately challenged in court
 Supreme Court struck down CDA in 1997 (Reno v.
American Civil Liberties Union)
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
14
Opposition to the CDA
 Over-broad, vague, unenforceable
 CDA includes “indecency standard”
 Obscenity and child pornography are already illegal to distribute (child
pornography is also illegal to possess)
 Obscenity - Miller test:
• Whether the average person, applying contemporary community standards,
would find that the work, taken as a whole, appeals to the prurient interest,
• Whether the work depicts/describes, in a patently offensive way, sexual
conduct specifically defined by applicable state law,
• Whether the work, taken as a whole, lacks serious literary, artistic,
political, or scientific value.
 But indecency is defined in CDA as “any comment, request, suggestion,
proposal, image, or other communications, that, in context, depicts or
describes, in terms patently offensive as measured by contemporary
community standards, sexual or excretory activities or organs.”
• What community do we look at when regulating the Internet?
 Internet should not be regulated like broadcast
 Law would chill free speech
 Internet filters are a better solution
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
15
Support for the CDA
Senator James Exon (D-Nebraska), sponsor
of Bill: Need to protect children from
online pornography
Laws that restrict selling porn to children
in other media should apply to the
Internet
Filters are not sufficient
Parents may not be able to figure out how to
use them
Children may access computers away from
home
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
16
Platform for Internet Content Selection (PICS)
Developed by the World Wide Web
Consortium
Specification for associating metadata
with Internet content
Supports self-labels and third-party labels
Supports the development of many rating
systems
Implemented in MS Internet Explorer and
other products
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
17
How technology tools work
Internet
content
Web
Usenet
Email
Chat
Gopher
FTP
Person or
tool classifies
content
For what age
group is it
appropriate?
Is it educational?
Tool takes
an action
Suggest
Search
Inform
Monitor
Warn
Block
Is it fun?
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
18
Who does the classification?
Third-party experts
Automated tools
Local administrators
Content providers
Survey or vote
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
19
Classification scheme
Good for kids
Characteristics of
content
Bad for kids
Age suitability
Who created content
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
20
Rating systems and vocabularies
Math
Science
English
Spelling
History
French
Spanish
Gym
Art
Music
Drama
A
B
B+
DC
AF
A+
BC
B
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
21
Descriptive versus subjective
Many
variables
Few
variables
complex
simple
Subjective
Descriptive
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
22
Can’t derive descriptive from subjective
Characters not well developed
Gratuitous sex and violence
?
Bad acting?
Boring plot?
Bad script?
Dull characters?
Unbelievable premise?
Unoriginal?
Too much violence?
Not enough violence?
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
23
Scope
Web sites
FTP, gopher, etc.
Chat
Instant messaging
Newsgroups
Email
Telnet
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
25
Actions
Suggest
Search
Inform
Monitor
Warn
Block
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
26
Suggest
 Recommend appropriate content for children
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
27
Search
Select content that is appropriate for
children and matches a query
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
28
Inform
Provide information about the content
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
29
Warn
Provide information about content and
recommend against accessing that content
before it is displayed
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
30
Block
Prevent children from accessing content
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
31
Monitor
Record for later inspection a list of the
content accessed or attempted to be
accessed by a user
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
32
Mechanisms and interface
Location
Updates
Customizability
Other features
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
33
Where are the tools located?
 Personal computer
 Server
LAN or
local proxy
Remote proxy
 Internet service
provider
 Search engine
 Web site
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
34
Updates
How are tools updated?
Manual updates required
Automatic updates
No updates required
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
35
Customizability
 Action
 Words and phrases
 Allow and block list
elements
 Time of day
 Policies for each user
 Categories of content
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
36
Other features
Time limits
Separate settings for each child
Protect parents’ files
Block individual words and pictures vs. full
page or whole site
Explanation of why blocked vs. silent
blocking
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
37
Discussion
Diversity of tools in the marketplace is
important
Need for increased transparency from
vendors about the criteria used to classify
content
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
38
CDA Sequels
 Child Online Protection Act (COPA) - passed in
1998
Banned commercial distribution of material harmful
to minors
Struck down by Supreme Court in 2004
 Children’s Internet Protection Act (CIPA) passed
in 1999
Requires schools and libraries that receive federal
funds for Internet access to filter out child
pornography, obscene materials, and materials
harmful to minors
Upheld by Supreme Court in 2003
 Many state laws
Most have been declared unconstitutional
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
39
Anonymous censorship-resistant publishing
 The printing press and the WWW can be
powerful revolutionary tools
Political dissent
Whistle blowing
Radical ideas
 but those who seek to suppress revolutions have
powerful tools of their own
Stop publication
Destroy published materials
Prevent distribution
Intimidate or physically or financially harm author or
publisher
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
40
Anonymity increases censorship-resistance
 Reduces ability to force “voluntary” selfcensorship
 Allows some authors to have their work taken
more seriously
Reduces bias due to gender, race, ethnic background,
social position, etc.
 Many historical examples of important
anonymous publications
In the Colonies during Revolutionary War when British
law prohibited writings suggesting overthrow of the
government
Federalist papers
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
41
Publius design goals
 Censorship resistant
 Tamper evident
 Source anonymous
 Updateable
 Deniable
 Fault tolerant
 Persistent
 Extensible
 Freely Available
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
42
Publius Overview
Publishers
Servers
Retrievers
 Publius Content – Static content (HTML, images, PDF, etc)
 Publishers – Post Publius content
 Servers – Host Publius content
 Retrievers – Browse Publius content
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
43
Publishing a Publius document
Publishers
Servers
 Generate secret key and use it to encrypt document
 Use “secret splitting” to split key into n shares
 This technique has special property that only k out of n shares are
needed to put the key back together
 Publish encrypted document and 1 share on each of n servers
 Generate special Publius URL that encodes the location of each
share and encrypted document – example:
http://!publius!/1e6adsg673h0==hgj7889340==345lsafdfg
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
44
Retrieving a Publius document
Publishers
Servers
Retrievers
 Break apart URL to discover document locations
 Retrieve encrypted document and share from k locations
 Reassemble key from shares
 Decrypt retrieved document
 Check for tampering
 View in web browser
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
45
Publius proxies
Publishers
Servers
P
R
O
X
Y
Retrievers
P
R
O
X
Y
 Publius proxies running on a user’s local machine
or on the network handle all the publish and
retrieve operations
 Proxies also allow publishers to delete and
update content
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
46
Threats and limitations
 Attacks on server resources
100K Content Limit (easy to subvert)
Server limits # of files it will store
Possibility: use a payment scheme
 Threats to publisher anonymity
 “Rubber-Hose Cryptanalysis”
Added “don’t update” and don’t delete bit
 Logging, network segment eavesdropping
 Collaboration of servers to censor content
A feature?
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
47
Discussion
Technology that can protect “good”
speech also protects “bad” speech
What if your dog does publish your secrets
to the Internet and you can't do anything
about it?
Is building a censorship-resistant
publishing system irresponsible?
If a tree falls in a forest and nobody hears
it….
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
51
For further reading
Publius web site
http://cs.nyu.edu/waldman/publius.html
Publius chapter in Peer-to-Peer:
Harnessing the Power of
Disruptive Technologies edited
by Andy Oram
The Architecture of Robust Publishing
Systems. ACM Transactions on Internet
Technology 1(2):199-230
http://doi.acm.org/10.1145/502152.502154
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
52