Online Privacy Issues Overview
Download
Report
Transcript Online Privacy Issues Overview
Privacy
Week 7 - February 28, March 2
Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/
1
Administrivia
Assign roles for class debate
Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/
2
Privacy policies
Policies let consumers know about site’s
privacy practices
Consumers can decide whether practices
are acceptable, when to opt-out
Presence increases consumer trust
Make companies subject to FTC privacyrelated enforcement
Rapid adoption 1998-2001*
* G.R. Milne and M.J. Culnan 2002. Using the Content of Online Privacy Notices to
Inform Public Policy: A Longitudinal Analysis of the 1998-2002 US Web Surveys.
The Information Society 18, 5, 245-359.
Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/
3
Privacy policy problems
BUT policies are often
•
•
•
•
difficult to understand
hard to find
take a long time to read
change without notice
Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/
4
Privacy policy components
Identification of site, scope,
contact info
Security assurances
Types of information collected
Children’s privacy
• Including information about
cookies
How information is used
Conditions under which
information might be shared
Information about opt-in/opt-out
Information about access
There is lots of information
to convey -- but policy
should be brief and
easy-to-read too!
Information about data
retention policies
Information about seal
programs
What is opt-in? What is opt-out?
Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/
5
How are online privacy concerns
different from offline privacy
concerns?
Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/
6
Web privacy concerns
Data is often collected silently
• Web allows large quantities of data to be collected inexpensively
and unobtrusively
Data from multiple sources may be merged
• Non-identifiable information can become identifiable when merged
Data collected for business purposes may be used in civil
and criminal proceedings
Users given no meaningful choice
• Few sites offer alternatives
Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/
7
Browser Chatter
Browsers chatter
about
• IP address, domain
name, organization,
• Referring page
• Platform: O/S, browser
• What information is
requested
URLs and search terms
• Cookies
To anyone who might
be listening
• End servers
• System administrators
• Internet Service
Providers
• Other third parties
Advertising networks
• Anyone who might
subpoena log files later
Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/
8
Typical HTTP request with cookie
GET /retail/searchresults.asp?qu=beer HTTP/1.0
Referer: http://www.us.buy.com/default.asp
User-Agent: Mozilla/4.75 [en] (X11; U; NetBSD 1.5_ALPHA
i386)
Host: www.us.buy.com
Accept: image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en
Cookie: buycountry=us; dcLocName=Basket;
dcCatID=6773; dcLocID=6773; dcAd=buybasket; loc=;
parentLocName=Basket; parentLoc=6773;
ShopperManager%2F=ShopperManager%2F=66FUQU
LL0QBT8MMTVSC5MMNKBJFWDVH7; Store=107;
Category=0
Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/
9
Referer log problems
GET methods result in values in URL
These URLs are sent in the referer
header to next host
Example:
http://www.merchant.com/cgi_bin/o
rder?name=Tom+Jones&address=here
+there&credit+card=234876923234&
PIN=1234&->index.html
Access log example
Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/
10
Cookies
What are cookies?
What are people concerned about cookies?
What useful purposes do cookies serve?
Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/
11
Cookies 101
Cookies can be useful
• Used like a staple to attach multiple parts of a
form together
• Used to identify you when you return to a web
site so you don’t have to remember a
password
• Used to help web sites understand how people
use them
Cookies can do unexpected things
• Used to profile users and track their activities,
especially across web sites
Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/
12
How cookies work – the basics
A cookie stores a small string of characters
A web site asks your browser to “set” a cookie
Whenever you return to that site your browser sends the
cookie back automatically
Please store
cookie xyzzy
site
Here is cookie
xyzzy
browser
First visit to site
site
browser
Later visits
Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/
13
How cookies work – advanced
Cookies are only sent back to
the “site” that set them – but
this may be any host in domain
• Sites setting cookies indicate
path, domain, and expiration
for cookies
Send
me with
any
request
to x.com
until
2008
Send me
with requests
for
index.html
on y.x.com
for this
session only
Cookies can store user info or a
database key that is used to
look up user info – either way
the cookie enables info to be
linked to the current browsing
session
User=Joe
Email=
Joe@
x.com
Visits=13
Database
Users …
Email …
Visits …
User=4576
904309
Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/
14
Cookie terminology
Cookie Replay – sending a cookie back to a site
Session cookie – cookie replayed only during current
browsing session
Persistent cookie – cookie replayed until expiration date
First-party cookie – cookie associated with the site the
user requested
Third-party cookie – cookie associated with an image, ad,
frame, or other content from a site with a different domain
name that is embedded in the site the user requested
• Browser interprets third-party cookie based on domain name,
even if both domains are owned by the same company
Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/
15
Web bugs
Invisible “images” (1-by-1 pixels, transparent) embedded
in web pages and cause referer info and cookies to be
transferred
Also called web beacons, clear gifs, tracker gifs,etc.
Work just like banner ads from ad networks, but you can’t
see them unless you look at the code behind a web page
Also embedded in HTML formatted email messages, MS
Word documents, etc.
For software to detect web bugs see:
http://www.bugnosis.org
Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/
16
How data can be linked
Every time the same cookie is replayed to a site,
the site may add information to the record
associated with that cookie
•
•
•
•
Number of times you visit a link, time, date
What page you visit
What page you visited last
Information you type into a web form
If multiple cookies are replayed together, they are
usually logged together, effectively linking their
data
• Narrow scoped cookie might get logged with broad
scoped cookie
Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/
17
Ad networks
search for
medical
information
buy CD
set cookie
replay cookie
Ad
Ad
Search Service
Ad company
can get your
name and
address from
CD order and
link them to
your search
CD Store
Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/
18
What ad networks may know…
Personal data:
• Email address
• Full name
• Mailing address (street,
city, state, and Zip
code)
• Phone number
Transactional data:
• Details of plane trips
• Search phrases used
at search engines
• Health conditions
“It was not necessary for me to click on the banner ads
for information to be sent to DoubleClick servers.”
– Richard M. Smith
Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/
19
Online and offline merging
In November 1999, DoubleClick
purchased Abacus Direct, a
company possessing detailed consumer profiles on more
than 90% of US households.
In mid-February 2000 DoubleClick announced plans to
merge “anonymous” online data with personal information
obtained from offline databases
By the first week in March 2000 the plans were put on
hold
• Stock dropped from $125 (12/99) to $80 (03/00)
Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/
20
Offline data goes online…
The
Cranor
family’s 25
most
frequent
grocery
purchases
(sorted by
nutritional
value)!
Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/
21
Subpoenas
Data on online activities is increasingly of
interest in civil and criminal cases
The only way to avoid subpoenas is to not
have data
In the US, your files on your computer in
your home have much greater legal
protection that your files stored on a server
on the network
Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/
22
P3P: Introduction
Original Idea behind P3P
A framework for automated privacy
discussions
• Web sites disclose their privacy practices in
standard machine-readable formats
• Web browsers automatically retrieve P3P
privacy policies and compare them to users’
privacy preferences
• Sites and browsers can then negotiate about
privacy terms
Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/
23
P3P: Introduction
P3P history
Idea discussed at November 1995 FTC meeting
Ad Hoc “Internet Privacy Working Group” convened to
discuss the idea in Fall 1996
W3C began working on P3P in Summer 1997
• Several working groups chartered with dozens of participants from
industry, non-profits, academia, government
• Numerous public working drafts issued, and feedback resulted in
many changes
• Early ideas about negotiation and agreement ultimately removed
• Automatic data transfer added and then removed
• Patent issue stalled progress, but ultimately became non-issue
P3P issued as official W3C Recommendation on April 16,
2002
• http://www.w3.org/TR/P3P/
Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/
24
P3P: Introduction
P3P1.0 – A first step
Offers an easy way for web sites to
communicate about their privacy policies in
a standard machine-readable format
• Can be deployed using existing web servers
This will enable the development of tools
that:
• Provide snapshots of sites’ policies
• Compare policies with user preferences
• Alert and advise the user
Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/
25
P3P: Introduction
The basics
P3P provides a standard XML format that web
sites use to encode their privacy policies
Sites also provide XML “policy reference files” to
indicate which policy applies to which part of the
site
Sites can optionally provide a “compact policy” by
configuring their servers to issue a special P3P
header when cookies are set
No special server software required
User software to read P3P policies called a “P3P
user agent”
Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/
26
P3P: Enabling your web site – overview and options
What’s in a P3P policy?
Name and contact information for site
The kind of access provided
Mechanisms for resolving privacy disputes
The kinds of data collected
How collected data is used, and whether
individuals can opt-in or opt-out of any of these
uses
Whether/when data may be shared and whether
there is opt-in or opt-out
Data retention policy
Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/
27
P3P/XML encoding
Statement
P3P version
<POLICIES xmlns="http://www.w3.org/2002/01/P3Pv1">
<POLICY discuri="http://p3pbook.com/privacy.html"
Location of
name="policy">
human-readable
P3P policy name
<ENTITY>
<DATA-GROUP>
privacy policy
<DATA
Site’s
ref="#business.contact-info.online.email">[email protected]
name
</DATA>
and
<DATA
ref="#business.contact-info.online.uri">http://p3pbook.com/
contact
</DATA>
info
<DATA ref="#business.name">Web Privacy With P3P</DATA>
</DATA-GROUP>
Access disclosure
</ENTITY>
Human-readable
<ACCESS><nonident/></ACCESS>
explanation
<STATEMENT>
<CONSEQUENCE>We keep standard web server logs.</CONSEQUENCE>
<PURPOSE><admin/><current/><develop/></PURPOSE>
How data may
<RECIPIENT><ours/></RECIPIENT>
be used
<RETENTION><indefinitely/></RETENTION>
<DATA-GROUP>
Data recipients
<DATA ref="#dynamic.clickstream"/>
<DATA ref="#dynamic.http"/>
Data retention policy
</DATA-GROUP>
</STATEMENT>
Types of data collected
</POLICY>
</POLICIES>
P3P: Introduction
P3P1.0 Spec Defines
A standard vocabulary for describing set of uses,
recipients, data categories, and other privacy
disclosures
A standard schema for data a Web site may wish
to collect (base data schema)
An XML format for expressing a privacy policy in
a machine readable way
A means of associating privacy policies with Web
pages or sites
A protocol for transporting P3P policies over
HTTP
Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/
29
P3P: Introduction
A simple HTTP transaction
GET /index.html HTTP/1.1
Host: www.att.com
. . . Request web page
Web
Server
HTTP/1.1 200 OK
Content-Type: text/html
. . . Send web page
Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/
30
P3P: Introduction
… with P3P 1.0 added
GET /w3c/p3p.xml HTTP/1.1
Host: www.att.com
Request Policy Reference File
Web
Server
Send Policy Reference File
Request P3P Policy
Send P3P Policy
GET /index.html HTTP/1.1
Host: www.att.com
. . . Request web page
HTTP/1.1 200 OK
Content-Type: text/html
. . . Send web page
Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/
31
P3P: Introduction
Transparency
P3P clients can check
a privacy policy each
time it changes
http://www.att.com/accessatt/
P3P clients can check
privacy policies on all
objects in a web page,
including ads and
invisible images
http://adforce.imgis.com/?adlink|2|68523|1|146|ADFORCE
Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/
32
P3P: Introduction
P3P in IE6
Automatic processing of
compact policies only;
third-party cookies without
compact policies blocked by
default
Privacy icon on status bar
indicates that a cookie has
been blocked – pop-up appears
the first time the privacy icon
appears
Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/
33
P3P: Introduction
Users can click on
privacy icon for
list of cookies;
privacy summaries
are available at
sites that are
P3P-enabled
Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/
34
P3P: Introduction
Privacy summary
report is
generated
automatically
from full P3P policy
Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/
35
P3P: Introduction
P3P in Netscape 7
Preview version similar to IE6,
focusing, on cookies; cookies
without compact policies (both
first-party and third-party)
are “flagged” rather than
blocked by default
Indicates flagged cookie
Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/
36
P3P: Introduction
Users can view English
translation of (part of)
compact policy in Cookie
Manager
Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/
37
P3P: Introduction
A policy summary can be
generated automatically
from full P3P policy
Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/
38
Privacy Bird
Free download of beta from
http://privacybird.com/
• Origninally developed at AT&T Labs
• Released as open source
“Browser helper object” for IE6
Reads P3P policies at all
P3P-enabled sites automatically
Bird icon at top of browser window indicates whether site
matches user’s privacy preferences
Clicking on bird icon gives more information
Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/
39
Chirping bird is privacy indicator
Red bird indicates mismatch
Check embedded content too
Privacy settings
Example:
Sending flowers
Privacy Finder
Prototype developed at AT&T Labs, improved and
deployed by CUPS
Uses Google or Yahoo! API to retrieve search
results
Checks each result for P3P policy
Evaluates P3P policy against user’s preferences
Reorders search results
Composes search result page with privacy
annotations next to each P3P-enabled result
Users can retrieve “Privacy Report” similar to
Privacy Bird policy summary
Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/
47
Demo
Is Privacy Finder useful?
Do users care about web site privacy?
Have enough web sites adopted P3P that
typical search results contain sites with
P3P policies?
• Do users have meaningful choices among
privacy policies?
Do users understand information provided
by Privacy Finder?
Does Privacy Finder influence online
purchasing decisions?
Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/
49
Have enough sites adopted P3P?
We weren’t sure, so we did a study….
• Draft paper at
http://lorrie.cranor.org/pubs/www06.pdf
Previous studies examined lists of “most
popular” web sites for P3P adoption, but
this gives incomplete picture
Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/
50
Methodology
Compiled two lists of search terms:
• Typical: 20,000 terms randomly sampled from one week of AOL user
search queries
• Ecommerce: 940 terms screen scraped from Froogle front page
Submitted search terms to Google, Yahoo!, and AOL search engines
and collected top 20 results for each term
Checked each result for P3P policy and evaluated policies against 5
“rulesets” and P3P validator
Saved 1,232,955 annotated search results in database
Separately checked for P3P policies on 30,000 domains most clicked
on by AOL search engine users
Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/
51
10% of results from typical
search terms have P3P
21% of results from
ecommerce search terms
have P3P
More popular sites are
more likely to have P3P
• 5% of sites in our cache
have P3P
• 9% of 30K most clicked on
domains have P3P
• 17% of clicks to 30K most
clicked on domains have
P3P
% of domains with P3P policies
Results: P3P deployment
Most clicked on domains
Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/
52
Results: Most popular P3P policies
Typical Terms
Ecommerce Terms
http://privacy.yahoo.com/
http://privacy.yahoo.com/
http://about.com/
http://about.com/
http://privacy.msn.com/
http://www.bizrate.com/
http://disney.go.com/
http://www0.shopping.com/
http://images.rootsweb.com/
http://www.shopping.com/
http://adserver.ign.com/
http://www.pricegrabber.com/
http://www.nlm.nih.gov/
http://www.cpsc.gov/
http://www.bizrate.com/
http://www.overstock.com/
http://www.superpages.com/
http://www.cooking.com/
http://www.shopping.com/
http://www.altrec.com/
Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/
53
Results: Frequency of P3P-enabled hits
83% of searches had at least one P3P-enabled site in top
20 results
68% of searches had at least one P3P-enabled site in top
10 results
For top 20 search results returned by AOL search engine
for typical search terms:
• 29% return at least 1 P3P-enabled hit that matches medium
privacy preferences
• 34% return at least 1 P3P-enabled hit in that does not share data
• 31% return at least 1 P3P-enabled hit that does not market
without opt-in
• Thus, ~ 1/3 of the time AOL users will find site with “good” privacy
policy in first 2 pages of results
Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/
54
Does Privacy Finder influence purchases?
Studies begun and more planned….
• Pay users to make online purchases with their
own credit cards
• Some will use Privacy Finder and some will
use generic search engine
• Experiment with more and less privacysensitive purchases
• Experiment with price-sensitivity
We’re just finishing initial study of 24
college students purchasing power strips
and condoms
Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/
55
P3P: Introduction
Why web sites adopt P3P
Demonstrate corporate leadership on privacy
issues
• Show customers they respect their privacy
• Demonstrate to regulators that industry is taking
voluntary steps to address consumer privacy concerns
Distinguish brand as privacy friendly
Prevent IE6 from blocking their cookies
Anticipation that consumers will soon come to
expect P3P on all web sites
Individuals who run sites value personal privacy
Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/
56
P3P: Introduction
P3P early adopters
News and information sites – CNET, About.com,
BusinessWeek
Search engines – Yahoo, Lycos
Ad networks – DoubleClick, Avenue A
Telecom companies – AT&T
Financial institutions – Fidelity
Computer hardware and software vendors – IBM, Dell,
Microsoft, McAfee
Retail stores – Fortunoff, Ritz Camera
Government agencies – FTC, Dept. of Commerce,
Ontario Information and Privacy Commissioner
Non-profits - CDT
Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/
57
P3P: The future
Impacts
Some companies that P3P-enable think
about privacy in new ways and change
their practices
• Systematic assessment of privacy practices
• Concrete disclosures – less wiggle room
• Disclosures about areas previously not
discussed in privacy policy
Hopefully we will see greater transparency,
more informed consumers, and ultimately
better privacy policies
Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/
58
Research and Communication Skills
Evaluating information sources
Don’t believe everything you read!
News sources are usually a reporter's interpretation of
what someone else did
Conference and journal papers are first hand reports of
research studies that have been peer reviewed
• but journals usually have more review than conferences
Technical reports are usually first hand reports of research
studies that have not been peer reviewed (yet)
• Look for subsequent conference or journal publications
Web sites and books are anything goes, but books at
least have an editor (usually)
When possible, cite research results and technical
information from peer reviewed sources
Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/
59