Online Privacy Issues Overview
Download
Report
Transcript Online Privacy Issues Overview
Privacy Policy, Law and Technology
Fair Information Practices
September 7, 2010
CyLab Usable Privacy and Security Laboratory
http://cups.cs.cmu.edu/
1
Finding information with search
engines
CyLab Usable Privacy and Security Laboratory
http://cups.cs.cmu.edu/
2
Finding info with search engines
General purpose search engines
– Google, Yahoo, Bing
– Ask, Altavista, Yippy, Dogpile, etc.
Search CS research literature
– http://portal.acm.org
– http://citeseer.ist.psu.edu/
– http://ieeexplore.ieee.org/
– http://scholar.google.com/
– http://academic.research.microsoft.com/
CyLab Usable Privacy and Security Laboratory
http://cups.cs.cmu.edu/
3
Advanced searching
Boolean searching
–
–
–
–
–
Operators: AND, OR, NOT, NEAR
Implied operators: AND is often implied
Parentheses for grouping
Wildcards
Quotes
Getting to know the ins and outs of your favorite search
engines
– Many search engines do not use pure boolean searching
– Most search engines have some special syntax
– Search engines use different algorithms to determine best
match
CyLab Usable Privacy and Security Laboratory
http://cups.cs.cmu.edu/
4
Using Library Resources
CyLab Usable Privacy and Security Laboratory
http://cups.cs.cmu.edu/
5
CMU Libraries
http://www.library.cmu.edu
Engineering and Science (a.k.a. E&S)
– Location: Wean Hall, 4th floor
– Subjects: Computer Science, Engineering, Mathematics,
Physics, Science, Technology
Hunt (CMU’s main library)
– Location: Its own building (possibly 2nd ugliest on campus
behind Wean), between Tepper and Baker
– Subjects: Arts, Business, Humanities, Social Sciences
Software Engineering Institute (a.k.a. SEI)
– Location: SEI Building (4500 Fifth Avenue), 3rd floor
– Subjects: Security, Software, Technology
CyLab Usable Privacy and Security Laboratory
http://cups.cs.cmu.edu/
6
START HERE: Cameo
Cameo is CMU’s online library catalog
– http://cameo.library.cmu.edu/
Catalogs everything CMU has: books, journals,
periodicals, multimedia, etc.
Search by key words, author, title, periodical
title, etc.
CyLab Usable Privacy and Security Laboratory
http://cups.cs.cmu.edu/
7
CAMEO: Search Result for “Cranor”
Number of
copies and
status
Library
CyLab Usable Privacy and Security Laboratory
http://cups.cs.cmu.edu/
8
CAMEO: Search Result for “Solove”
Due date
CyLab Usable Privacy and Security Laboratory
http://cups.cs.cmu.edu/
9
If it’s not in Cameo, but you need it today: Local
Libraries
Carnegie Library of Pittsburgh
– Two closest locations
• Oakland: Practically on campus (4400 Forbes Ave.)
• Squirrel Hill: Forbes & Murray (5801 Forbes Ave.)
– http://www.carnegielibrary.org/index.html
University of Pittsburgh Libraries
– 16 libraries! Information science, Engineering, Law,
Business, etc.
– Get a borrowing card by showing CMU ID at Hillman
Library lending desk
– http://pittcat.pitt.edu/
CyLab Usable Privacy and Security Laboratory
http://cups.cs.cmu.edu/
10
If it’s not in Cameo, and you can wait: ILLiad and
E-ZBorrow
ILLiad and E-ZBorrow are catalogs of resources
available for Interlibrary Loan from other libraries
nationwide (ILLiad) and in Pennsylvania (EZBorrow)
Order items online (almost always free)
Wait for delivery – average 10 business days
Find links to ILLiad and E-ZBorrow online catalogs
at by following Interlibrary Loan link at
http://search.library.cmu.edu/
CyLab Usable Privacy and Security Laboratory
http://cups.cs.cmu.edu/
11
Other Useful Databases
Links to many more databases, journal collections
– Must be accessed on campus or through VPN
– http://www.library.cmu.edu/Search/AZ.html
Lexis-Nexis
– Massive catalog of legal sources – law journals, case law, news
stories, etc.
IEEE and ACM journal databases
– IEEE Xplore and ACM Digital Library
INSPEC database
– Huge database of scientific and technical papers
JSTOR
– Arts & Sciences, Business, Mathematics, Statistics
CyLab Usable Privacy and Security Laboratory
http://cups.cs.cmu.edu/
12
And of course…
Reference librarians are available at all CMU
libraries, and love to help people find what
they need – just ask!
CyLab Usable Privacy and Security Laboratory
http://cups.cs.cmu.edu/
13
Course project
CyLab Usable Privacy and Security Laboratory
http://cups.cs.cmu.edu/
14
Project overview
Individual or small group (up to ~3 students)
Pick a project from the list of suggested projects
– Talk to me if you want to propose something different
All projects have final paper, presentation, and
poster as deliverable
Some projects may have other deliverables such as
software, user interface designs, etc.
http://cups.cs.cmu.edu/courses/privpolawtechfa10/project.html
CyLab Usable Privacy and Security Laboratory
http://cups.cs.cmu.edu/
15
Past projects
http://cups.cs.cmu.edu/courses/privpolawtech-fa07/poster.html
http://lorrie.cranor.org/courses/fa05/poster.html
http://lorrie.cranor.org/courses/fa04/poster.html
Several past projects have been turned into a thesis or published paper
– The Real ID Act: Fixing Identity Documents with Duct Tape. I/S: A Journal of Law and Policy for
the Information Society, Fall/Winter 2005 (Serge Egelman).
– How Technology Drives Vehicular Privacy. I/S: A Journal of Law and Policy for the Information
Society, 2(3), Fall 2006, 981-1015 (Aleecia McDonald).
– Scrubbing Stubborn Data: An evaluation of counter-forensic privacy tools. IEEE Security &
Privacy, September/October 2006 (Matthew Geiger).
– Peripheral Privacy Notifications for Wireless Networks. In Proceedings of the 2005 Workshop
on Privacy in the Electronic Society, 7 November 2005, Alexandria, VA (Braden Kowitz).
– Privacy in India: Attitudes and Awareness. In Proceedings of the 2005 Workshop on Privacy
Enhancing Technologies (PET2005), 30 May - 1 June 2005, Dubrovnik, Croatia (Ponnurangam
Kumaraguru).
– PANAMA: Privacy Assured Name-Addressable Messaging Architecture For Unlinkable Instant
Message Conversations. INI Thesis 2005 (Ryan Mahon).
CyLab Usable Privacy and Security Laboratory
http://cups.cs.cmu.edu/
16
Selecting a research topic
CyLab Usable Privacy and Security Laboratory
http://cups.cs.cmu.edu/
17
Selecting a research topic
Brainstorm
–
–
–
–
What are you interested in?
What would you like to learn more about?
What topics might be relevant to your thesis work?
What topics might be relevant to your future career?
Select a small number of candidate topics
Read
–
–
–
–
–
How much information seems to be available?
Is this topic over done?
What open questions are there?
Do you still find this topic interesting?
Do you have the skills necessary to pursue this topic?
Focus (September 28 - one paragraph description)
Read some more
Write a project proposal (October 19)
– Select a topic
– Define a focused research question
– Conduct a “literature review”
– Adjust your topic as needed
CyLab Usable Privacy and Security Laboratory
http://cups.cs.cmu.edu/
18
Writing a Literature Review
CyLab Usable Privacy and Security Laboratory
http://cups.cs.cmu.edu/
19
Writing a literature review
What is a literature review?
– A critical summary of what has been published on a topic
• What is already known about the topic
• Strengths and weaknesses of previous studies
– Often part of the introduction or a section of a research paper, proposal, or
thesis
A literature review should
– be organized around and related directly to the thesis or research question
you are developing
– synthesize results into a summary of what is and is not known
– identify areas of controversy in the literature
– formulate questions that need further research
Dena Taylor and Margaret Procter. 2004. The literature review: A few tips on
conducting it. http://www.writing.utoronto.ca/advice/specific-types-ofwriting/literature-review
CyLab Usable Privacy and Security Laboratory
http://cups.cs.cmu.edu/
20
Literature review do’s and don’ts
Don’t create a list of article summaries or quotes
Do point out what is most relevant about each article
to your paper
Do compare and contrast the articles you review
Do highlight controversies raised or questions left
unanswered by the articles you review
Do take a look at some examples of literature reviews
or related work sections before you try to create one
yourself
– For an example, of a literature review in a CS conference
paper see section 2 of
http://cs1.cs.nyu.edu/~waldman/publius/paper.html
CyLab Usable Privacy and Security Laboratory
http://cups.cs.cmu.edu/
21
Fair Information Practices
CyLab Usable Privacy and Security Laboratory
http://cups.cs.cmu.edu/
22
Privacy terminology
Data subject
Data controller
Secondary use of data
CyLab Usable Privacy and Security Laboratory
http://cups.cs.cmu.edu/
23
OECD fair information principles
http://www.oecd.org/document/18/0,3343,en_2649_
34255_1815186_1_1_1_1,00.html
Collection limitation
Data quality
Purpose specification
Use limitation
Security safeguards
Openness
Individual participation
Accountability
CyLab Usable Privacy and Security Laboratory
http://cups.cs.cmu.edu/
24
US FTC simplified principles
Notice and disclosure
Choice and consent
Data security
Data quality and access
Recourse and remedies
US Federal Trade Commission, Privacy Online: A Report to
Congress (June 1998),
http://www.ftc.gov/reports/privacy3/
CyLab Usable Privacy and Security Laboratory
http://cups.cs.cmu.edu/
25
How do the various FIPs differ?
CyLab Usable Privacy and Security Laboratory
http://cups.cs.cmu.edu/
26
The Prada NYC dressing room
http://www.sggprivalite
.com/
What aspects seem
privacy invasive?
How could the design
be changed to reduce
privacy concerns?
CyLab Usable Privacy and Security Laboratory
http://cups.cs.cmu.edu/
27
Discussion questions
Which technologies are privacy invasive?
Which technologies are privacy protective?
Can we turn one into the other?
How can we use the FIPs in our analysis?
CyLab Usable Privacy and Security Laboratory
http://cups.cs.cmu.edu/
28
Applying the FIPs
Google Street View
Gmail advertising
Hillman Library Web Cam
Amazon.com book recommendations
Giant Eagle Advantage Card
Transportation Security Administration watch
lists
CyLab Usable Privacy and Security Laboratory
http://cups.cs.cmu.edu/
29