Online Privacy Issues Overview

Download Report

Transcript Online Privacy Issues Overview

Privacy
Week 9 - March 15, 17
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
1
Privacy policies
Policies let consumers know about site’s
privacy practices
Consumers can decide whether practices
are acceptable, when to opt-out
Presence increases consumer trust
Make companies subject to FTC privacyrelated enforcement
Rapid adoption 1998-2001*
* G.R. Milne and M.J. Culnan 2002. Using the Content of Online Privacy Notices to
Inform Public Policy: A Longitudinal Analysis of the 1998-2002 US Web Surveys.
The Information Society 18, 5, 245-359.
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
2
Privacy policy problems
BUT policies are often
difficult to understand
hard to find
take a long time to read
change without notice
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
3
Privacy policy components
 Identification of site, scope,
contact info
 Security assurances
 Types of information collected
 Children’s privacy
 Including information about
cookies
 How information is used
 Conditions under which
information might be shared
 Information about opt-in/opt-out
 Information about access
 Information about data retention
policies
There is lots of information
to conveys -- but policy
should be brief and
easy-to-read too!
 Information about seal programs
What is opt-in? What is opt-out?
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
4
How are online privacy concerns
different from offline privacy
concerns?
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
5
Web privacy concerns
 Data is often collected silently
 Web allows large quantities of data to be collected inexpensively
and unobtrusively
 Data from multiple sources may be merged
 Non-identifiable information can become identifiable when
merged
 Data collected for business purposes may be used in civil
and criminal proceedings
 Users given no meaningful choice
 Few sites offer alternatives
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
6
Browser Chatter
 Browsers chatter
about
IP address, domain
name, organization,
Referring page
Platform: O/S,
browser
What information is
requested
• URLs and search terms
Cookies
 To anyone who might
be listening
End servers
System administrators
Internet Service
Providers
Other third parties
• Advertising networks
Anyone who might
subpoena log files
later
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
7
Typical HTTP request with cookie
GET /retail/searchresults.asp?qu=beer HTTP/1.0
Referer: http://www.us.buy.com/default.asp
User-Agent: Mozilla/4.75 [en] (X11; U; NetBSD 1.5_ALPHA
i386)
Host: www.us.buy.com
Accept: image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en
Cookie: buycountry=us; dcLocName=Basket;
dcCatID=6773; dcLocID=6773; dcAd=buybasket; loc=;
parentLocName=Basket; parentLoc=6773;
ShopperManager%2F=ShopperManager%2F=66FUQULL0
QBT8MMTVSC5MMNKBJFWDVH7; Store=107;
Category=0
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
8
Referer log problems
GET methods result in values in URL
These URLs are sent in the referer
header to next host
Example:
http://www.merchant.com/cgi_bin/o
rder?name=Tom+Jones&address=here
+there&credit+card=234876923234&
PIN=1234&->index.html
Access log example
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
9
Cookies
What are cookies?
What are people concerned about cookies?
What useful purposes do cookies serve?
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
10
Cookies 101
Cookies can be useful
Used like a staple to attach multiple parts of
a form together
Used to identify you when you return to a
web site so you don’t have to remember a
password
Used to help web sites understand how
people use them
Cookies can do unexpected things
Used to profile users and track their
activities, especially across web sites
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
11
How cookies work – the basics
 A cookie stores a small string of characters
 A web site asks your browser to “set” a cookie
 Whenever you return to that site your browser sends the
cookie back automatically
Please store
cookie xyzzy
site
Here is cookie
xyzzy
browser
First visit to site
site
browser
Later visits
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
12
How cookies work – advanced
 Cookies are only sent back to
the “site” that set them – but
this may be any host in domain
 Sites setting cookies indicate
path, domain, and expiration
for cookies
Send
me with
any
request
to x.com
until
2008
Send me
with requests
for
index.html
on y.x.com
for this
session only
 Cookies can store user info or a
database key that is used to
look up user info – either way
the cookie enables info to be
linked to the current browsing
session
User=Joe
Email=
Joe@
x.com
Visits=13
Database
Users …
Email …
Visits …
User=4576
904309
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
13
Cookie terminology
 Cookie Replay – sending a cookie back to a site
 Session cookie – cookie replayed only during current
browsing session
 Persistent cookie – cookie replayed until expiration date
 First-party cookie – cookie associated with the site the
user requested
 Third-party cookie – cookie associated with an image,
ad, frame, or other content from a site with a different
domain name that is embedded in the site the user
requested
 Browser interprets third-party cookie based on domain name,
even if both domains are owned by the same company
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
14
Web bugs
 Invisible “images” (1-by-1 pixels, transparent)
embedded in web pages and cause referer info and
cookies to be transferred
 Also called web beacons, clear gifs, tracker gifs,etc.
 Work just like banner ads from ad networks, but you
can’t see them unless you look at the code behind a web
page
 Also embedded in HTML formatted email messages, MS
Word documents, etc.
 For software to detect web bugs see:
http://www.bugnosis.org
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
15
How data can be linked
 Every time the same cookie is replayed to a site,
the site may add information to the record
associated with that cookie
Number of times you visit a link, time, date
What page you visit
What page you visited last
Information you type into a web form
 If multiple cookies are replayed together, they
are usually logged together, effectively linking
their data
Narrow scoped cookie might get logged with broad
scoped cookie
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
16
Ad networks
search for
medical
information
buy CD
set cookie
replay cookie
Ad
Ad
Search Service
Ad company
can get your
name and
address from
CD order and
link them to
your search
CD Store
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
17
What ad networks may know…
 Personal data:
Email address
Full name
Mailing address
(street, city, state,
and Zip code)
Phone number
 Transactional data:
Details of plane trips
Search phrases used at
search engines
Health conditions
“It was not necessary for me to click on the banner ads
for information to be sent to DoubleClick servers.”
– Richard M. Smith
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
18
Online and offline merging
 In November 1999, DoubleClick
purchased Abacus Direct, a
company possessing detailed consumer profiles on more
than 90% of US households.
 In mid-February 2000 DoubleClick announced plans to
merge “anonymous” online data with personal
information obtained from offline databases
 By the first week in March 2000 the plans were put on
hold
 Stock dropped from $125 (12/99) to $80 (03/00)
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
19
Offline data goes online…
The
Cranor
family’s 25
most
frequent
grocery
purchases
(sorted by
nutritional
value)!
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
20
Subpoenas
Data on online activities is increasingly of
interest in civil and criminal cases
The only way to avoid subpoenas is to not
have data
In the US, your files on your computer in
your home have much greater legal
protection that your files stored on a
server on the network
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
21
P3P: Introduction
Original Idea behind P3P
 A framework for automated privacy
discussions
Web sites disclose their privacy practices in
standard machine-readable formats
Web browsers automatically retrieve P3P
privacy policies and compare them to users’
privacy preferences
Sites and browsers can then negotiate about
privacy terms
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
22
P3P: Introduction
P3P history
 Idea discussed at November 1995 FTC meeting
 Ad Hoc “Internet Privacy Working Group” convened to
discuss the idea in Fall 1996
 W3C began working on P3P in Summer 1997
 Several working groups chartered with dozens of participants
from industry, non-profits, academia, government
 Numerous public working drafts issued, and feedback resulted in
many changes
 Early ideas about negotiation and agreement ultimately removed
 Automatic data transfer added and then removed
 Patent issue stalled progress, but ultimately became non-issue
 P3P issued as official W3C Recommendation on April 16,
2002
 http://www.w3.org/TR/P3P/
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
23
P3P: Introduction
P3P1.0 – A first step
Offers an easy way for web sites to
communicate about their privacy policies
in a standard machine-readable format
Can be deployed using existing web servers
This will enable the development of tools
that:
Provide snapshots of sites’ policies
Compare policies with user preferences
Alert and advise the user
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
24
P3P: Introduction
The basics
 P3P provides a standard XML format that web
sites use to encode their privacy policies
 Sites also provide XML “policy reference files” to
indicate which policy applies to which part of
the site
 Sites can optionally provide a “compact policy”
by configuring their servers to issue a special
P3P header when cookies are set
 No special server software required
 User software to read P3P policies called a “P3P
user agent”
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
25
P3P: Enabling your web site – overview and options
What’s in a P3P policy?
 Name and contact information for site
 The kind of access provided
 Mechanisms for resolving privacy disputes
 The kinds of data collected
 How collected data is used, and whether
individuals can opt-in or opt-out of any of these
uses
 Whether/when data may be shared and whether
there is opt-in or opt-out
 Data retention policy
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
26
P3P/XML encoding
Statement
P3P version
<POLICIES xmlns="http://www.w3.org/2002/01/P3Pv1">
<POLICY discuri="http://p3pbook.com/privacy.html"
Location of
name="policy">
human-readable
P3P policy name
<ENTITY>
<DATA-GROUP>
privacy policy
<DATA
Site’s
ref="#business.contact-info.online.email">[email protected]
name
</DATA>
and
<DATA
ref="#business.contact-info.online.uri">http://p3pbook.com/
contact
</DATA>
info
<DATA ref="#business.name">Web Privacy With P3P</DATA>
</DATA-GROUP>
Access disclosure
</ENTITY>
Human-readable
<ACCESS><nonident/></ACCESS>
explanation
<STATEMENT>
<CONSEQUENCE>We keep standard web server logs.</CONSEQUENCE>
<PURPOSE><admin/><current/><develop/></PURPOSE>
How data may
<RECIPIENT><ours/></RECIPIENT>
be used
<RETENTION><indefinitely/></RETENTION>
<DATA-GROUP>
Data recipients
<DATA ref="#dynamic.clickstream"/>
<DATA ref="#dynamic.http"/>
Data retention policy
</DATA-GROUP>
</STATEMENT>
Types of data collected
</POLICY>
</POLICIES>
P3P: Introduction
P3P1.0 Spec Defines
 A standard vocabulary for describing set of uses,
recipients, data categories, and other privacy
disclosures
 A standard schema for data a Web site may wish
to collect (base data schema)
 An XML format for expressing a privacy policy in
a machine readable way
 A means of associating privacy policies with Web
pages or sites
 A protocol for transporting P3P policies over
HTTP
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
28
P3P: Introduction
A simple HTTP transaction
GET /index.html HTTP/1.1
Host: www.att.com
. . . Request web page
Web
Server
HTTP/1.1 200 OK
Content-Type: text/html
. . . Send web page
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
29
P3P: Introduction
… with P3P 1.0 added
GET /w3c/p3p.xml HTTP/1.1
Host: www.att.com
Request Policy Reference File
Web
Server
Send Policy Reference File
Request P3P Policy
Send P3P Policy
GET /index.html HTTP/1.1
Host: www.att.com
. . . Request web page
HTTP/1.1 200 OK
Content-Type: text/html
. . . Send web page
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
30
P3P: Introduction
Transparency
 P3P clients can check
a privacy policy each
time it changes
http://www.att.com/accessatt/
 P3P clients can check
privacy policies on all
objects in a web
page, including ads
and invisible images
http://adforce.imgis.com/?adlink|2|68523|1|146|ADFORCE
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
31
P3P: Introduction
P3P in IE6
Automatic processing of
compact policies only;
third-party cookies without
compact policies blocked by
default
Privacy icon on status bar
indicates that a cookie has
been blocked – pop-up appears
the first time the privacy icon
appears
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
32
P3P: Introduction
Users can click on
privacy icon for
list of cookies;
privacy summaries
are available at
sites that are
P3P-enabled
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
33
P3P: Introduction
Privacy summary
report is
generated
automatically
from full P3P policy
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
34
P3P: Introduction
P3P in Netscape 7
Preview version similar to IE6,
focusing, on cookies; cookies
without compact policies (both
first-party and third-party)
are “flagged” rather than
blocked by default
Indicates flagged cookie
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
35
P3P: Introduction
Users can view English
translation of (part of)
compact policy in Cookie
Manager
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
36
P3P: Introduction
A policy summary can be
generated automatically
from full P3P policy
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
37
P3P: Introduction
AT&T Privacy Bird
 Free download of beta from
http://www.privacybird.com/
 “Browser helper object” for
IE 5.01/5.5/6.0
 Reads P3P policies at all
P3P-enabled sites automatically
 Puts bird icon at top of browser window that changes to
indicate whether site matches user’s privacy preferences
 Clicking on bird icon gives more information
 Current version is information only – no cookie blocking
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
38
P3P: Introduction
Chirping bird is privacy indicator
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
39
P3P: Introduction
Click on the bird for more info
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
40
P3P: Introduction
Privacy policy summary - mismatch
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
41
P3P: Introduction
Users select warning conditions
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
42
P3P: Introduction
Bird checks policies for embedded content
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
43
P3P: Introduction
Why web sites adopt P3P
 Demonstrate corporate leadership on privacy
issues
Show customers they respect their privacy
Demonstrate to regulators that industry is taking
voluntary steps to address consumer privacy concerns
 Distinguish brand as privacy friendly
 Prevent IE6 from blocking their cookies
 Anticipation that consumers will soon come to
expect P3P on all web sites
 Individuals who run sites value personal privacy
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
44
P3P: Introduction
P3P early adopters
 News and information sites – CNET, About.com,
BusinessWeek
 Search engines – Yahoo, Lycos
 Ad networks – DoubleClick, Avenue A
 Telecom companies – AT&T
 Financial institutions – Fidelity
 Computer hardware and software vendors – IBM, Dell,
Microsoft, McAfee
 Retail stores – Fortunoff, Ritz Camera
 Government agencies – FTC, Dept. of Commerce,
Ontario Information and Privacy Commissioner
 Non-profits - CDT
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
45
P3P: The future
Impacts
Somewhat early to evaluate P3P
Some companies that P3P-enable think
about privacy in new ways and change
their practices
Systematic assessment of privacy practices
Concrete disclosures – less wiggle room
Disclosures about areas previously not
discussed in privacy policy
Hopefully we will see greater
transparency, more informed consumers,
and ultimately better privacy policies
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
46
Discussion questions
What elements are needed in order to
facilitate a robust market for privacy of
personal information?
How can P3P help realize such a market?
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
47
Homework discussion
 Argue for or against placing privacy-related
restrictions on public web cams.
 P3P and privacy policies
What aspects of each privacy policy you liked and
what aspects you did not like
Compare the experience of reading the privacy
policies with using each P3P user agent
 Pick one new-technology-related privacy
concern that you believe to be particularly
significant. Explain the privacy issue and why
you think it is a significant concern. What might
be done to mitigate the concern?
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
49
Degrees of anonymity
More
Absolute privacy: adversary cannot observe communication
Beyond suspicion: no user is more suspicious than any other
Probable innocence: each user is more likely innocent than not
Possible innocence: nontrivial probability that user is innocent
Exposed (default on web): adversary learns responsible user
Provably exposed: adversary can prove your actions to others
Less
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
50
The Anonymizer
Request
Request
Anonymizer
Reply
Reply
Client
Server
 Acts as a proxy for users
 Hides information from end servers
 Sees all web traffic
 Adds ads to pages (free service; subscription
service also available)
http://www.anonymizer.com
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
51
Cryptography Basics
Encryption algorithm
used to make content unreadable by all but
the intended receivers
E(plaintext,key) = ciphertext
D(ciphertext,key) = plaintext
Symmetric (shared) key cryptography
A single key is used is used for E and D
D( E(p,k1), k1 ) = p
Management of keys determines who has
access to content
E.g., password encrypted email
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
52
Public Key Cryptography
Public Key cryptography
Each key pair consists of a public and private
component: k+ (public key), k- (private key)
D( E(p, k+), k- ) = p
D( E(p, k-), k+ ) = p
Public keys are distributed (typically)
through public key certificates
Anyone can communicate secretly with you if
they have your certificate
E.g., SSL-base web commerce
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
53
Mixes [Chaum81]
Sender
Destination
B, C
dest,msg kC kB kA
Mix C
msg
dest,msg kC
Mix A
C dest,msg kC kB
Mix B
kX = encrypted with public key of Mix X
Sender routes message randomly through network
of “Mixes”, using layered public-key encryption.
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
54
Crowds
 Users join a Crowd of other users
 Web requests from the crowd cannot be linked
to any individual
 Protection from
end servers
other crowd members
system administrators
eavesdroppers
 First system to hide data shadow on the web
without trusting a central authority
http://avirubin.com/cacm.pdf
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
55
Crowds
Crowd members
Web servers
1
3
6
5
5
2
1
6
3
4
4
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
2
56
Anonymous email
Anonymous remailers allow people to send
email anonymously
Similar to anonymous web proxies
Send mail to remailer, which strips out any
identifying information (very controversial)
Johan (Julf) Helsingius ~ Penet
Some can be chained and work like mixes
http://anon.efga.org/Remailers
Computers and Society • Carnegie Mellon University • Spring 2005 • Lorrie Cranor and Dave Farber • http://lorrie.cranor.org/courses/sp05/
57