Introduction to Privacy September 2011 CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/
Download ReportTranscript Introduction to Privacy September 2011 CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/
Introduction to Privacy September 2011 CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 1 Outline Defining privacy Visualizing privacy Engineering privacy Design of privacy tools Design for privacy in everyday software Obtaining informed consent CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 2 Privacy is hard to define “Privacy is a value so complex, so entangled in competing and contradictory dimensions, so engorged with various and distinct meanings, that I sometimes despair whether it can be usefully addressed at all.” Robert C. Post, Three Concepts of Privacy, 89 Geo. L.J. 2087 (2001). CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 3 Limited access to self 1890: “the right to be let alone” - Samuel D. Warren and Louis D. Brandeis, The Right to Privacy, 4 Harv. L. Rev. 193 (1890) “Being alone.” - Shane (age 4) 1980: “our concern over our accessibility to others: the extent to which we are known to others, the extent to which others have physical access to us, and the extent to which we are the subject of others attention. - Ruth Gavison, “Privacy and the Limits of the Law,” Yale Law Journal 89 (1980) CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 4 Control over information “Privacy is the claim of individuals, groups or institutions to determine for themselves when, how, and to what extent information about them is communicated to others.” “…each individual is continually engaged in a personal adjustment process in which he balances the desire for privacy with the desire for disclosure and communication….” Alan Westin, Privacy and Freedom, 1967 CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 5 WHAT DOES PRIVACY LOOK LIKE? CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 6 CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 7 CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 8 CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 9 CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 10 CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 11 CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 12 CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 13 Ad*Access On-Line Project — Ad #T3199. John W. Hartman Center for Sales, Advertising & Marketing History; Duke University Rare Book, Manuscript, and Special Collections Library. http://scriptorium.lib.duke.edu/adaccess/ CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 14 CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 15 CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 16 CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 17 Only a goldfish can live without privacy… CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 18 CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 19 CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 22 Laptop Compubody Sock for privacy, warmth, and concentration in public spaces Created by Becky Stern http://sternlab.org/2008/04/body-technology-interfaces/ CIPP/IT Section Three | Privacy Protection Mechanisms CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 23 CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 24 CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 25 Privacy policy matches user’s privacy preferences Privacy policy does not match user’s privacy preferences CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 26 CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 27 CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 28 Advertising option icon CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 29 KnowPrivacy http://knowprivacy.org UC Berkeley student project, June 2009 CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 30 http://www.azarask.in/blog/post/privacy-icons/ CyLab Usable Privacy and Security Laboratory 2010 http://cups.cs.cmu.edu/ 31 Allows for information to be found in the same place every time CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 32 Engineering privacy CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 33 How Privacy Rights are Protected By policy By architecture – Protection through laws and organizational privacy policies – Must be enforced – Often requires mechanisms to obtain and record consent – Transparency facilitates choice and accountability – Technology facilitates compliance and reduces the need to rely solely on trust and external enforcement – Technology reduces or eliminates any form of manual processing or intervention by humans – Violations still possible due to bad actors, mistakes, government mandates – Protection through technology – Reduces the need to rely on trust and external enforcement – Violations only possible if technology fails or the availability of new data or technology defeats protections – Often viewed as too expensive or restrictive • Limits the amount of data available for data mining, R&D, targeting, other business purposes • May require more complicated system architecture, expensive cryptographic operations • Pay now or pay later CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 34 Privacy stages 0 identifiability Approach to privacy protection privacy by policy (notice and choice) identified 1 Linkability of data to personal identifiers linked • unique identifiers across databases • contact information stored with profile information linkable with reasonable & automatable effort • no unique identifies across databases • common attributes across databases • contact information stored separately from profile or transaction information not linkable with reasonable effort • no unique identifiers across databases • no common attributes across databases • random identifiers • contact information stored separately from profile or transaction information • collection of long term person characteristics on a low level of granularity • technically enforced deletion of profile details at regular intervals unlinkable • no collection of contact information • no collection of long term person characteristics • k-anonymity with large value of k pseudonymous 2 privacy by architecture 3 anonymous System Characteristics CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ Sarah Spiekermann and Lorrie Faith Cranor. Engineering Privacy. IEEE Transactions on Software Engineering. Vo. 35, No. 1, January/February, 2009, pp. 67-82. http://ssrn.com/abstract=1085333 Degrees of Identifiability 35 Design of Privacy Tools CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 36 Privacy tool examples Cookie managers Anonymizers Encryption tools Disk wiping utilities P3P user agents CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 37 Issues to consider Privacy is a secondary task – Users of privacy tools often seek out these tools due to their awareness of or concern about privacy – Even so, users still want to focus on their primary tasks Users have differing privacy concerns and needs – One-size-fits-all interface may not work Most users are not privacy experts – Difficult to explain current privacy state or future privacy implications – Difficult to explain privacy options to them – Difficult to capture privacy needs/preferences Many privacy tools reduce application performance, functionality, or convenience CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 38 Design for privacy in every day software CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 39 Examples Ecommerce personalization systems – Concerns about use of user profiles Software that “phones home” to fetch software updates or refresh content, report bugs, relay usage data, verify authorization keys, etc. – Concerns that software will track and profile users Communications software (email, IM, chat) – Concerns about traffic monitoring, eavesdroppers Presence systems (buddy lists, shared spaces, friend finders) – Concerns about limiting when info is shared and with whom CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 40 Issues to consider Similar to issues to consider for privacy tools PLUS Users may not be aware of privacy issues up front – When they find out about privacy issues they may be angry or confused, especially if they view notice as inadequate or defaults as unreasonable Users may have to give up functionality or convenience, or spend more time configuring system for better privacy Failure to address privacy issues adequately may lead to bad press and legal action CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 41 Obtaining informed consent Informing users and obtaining their consent about collection and use of their data helps protect privacy In some cases it may be required by law But if not done well, can disrupt user experience CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 42 CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 43 CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 44 CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 45 Discussion A. Braunstein, L. Granka, and J. Staddon. Indirect Content Privacy Surveys: Measuring Privacy Without Asking About It. SOUPS 2011. CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 46