privacy
play

Privacy Professor Patrick McDaniel CSE545 - Advanced Network - PowerPoint PPT Presentation

Mar 27, 2024 •559 likes •1.29k views

Privacy Professor Patrick McDaniel CSE545 - Advanced Network Security Spring 2011 CSE545 - Advanced Network Security - Professor McDaniel Page 1 What are we talking about? What is privacy? What privacy concerns do you have when you go

  1. Privacy Professor Patrick McDaniel CSE545 - Advanced Network Security Spring 2011 CSE545 - Advanced Network Security - Professor McDaniel Page 1

  2. What are we talking about? • What is privacy? • What privacy concerns do you have when you go online? • What privacy concerns have you heard about? • How are online privacy concerns different from offline privacy concerns? CSE545 - Advanced Network Security - Professor McDaniel Page 2

  3. The online privacy landscape • Web privacy concerns • Solutions ‣ Surveys – Privacy policies ‣ Fair information practice – Voluntary guidelines principles – Seal programs • How do they get my Data? – Chief privacy officers ‣ Browser chatter – Laws and Regulations ‣ Cookies 101 ‣ Online and offline merging – Software tools ‣ Subpoenas ‣ Spyware ‣ Monitoring devices CSE545 - Advanced Network Security - Professor McDaniel Page 3

  4. Privacy concerns • Data is often collected silently ‣ Web allows large quantities of data to be collected inexpensively and unobtrusively • Data from multiple sources may be merged • Non-identifiable information can become identifiable when merged • Data collected for business purposes may be used in civil and criminal proceedings • Users given no meaningful choice ‣ Few sites offer alternatives CSE545 - Advanced Network Security - Professor McDaniel Page 4

  5. Surveys show concerns ... • People say they are concerned about online privacy (80-90% of US Net users) • Improved privacy protection is factor most likely to persuade non-Net users to go online • 27% of US Net users have abandoned online shopping carts due to privacy concerns • 64% of US Net users decided not to use a web site or make an online purchase due to privacy concerns • 34% of US Net users who do not buy online would buy online if they didn’t have privacy concerns CSE545 - Advanced Network Security - Professor McDaniel Page 5

  6. Few read privacy policies • 3% review online privacy policies carefully most of the time – Most likely to review policy before providing credit card info – Policies too time consuming to read and difficult to understand • 70% would prefer standard privacy policy format • Most interested in knowing about data sharing and how to get off marketing lists • People are more comfortable at sites that have privacy policies, even if they don ’ t read them CSE545 - Advanced Network Security - Professor McDaniel Page 6

  7. Few read privacy policies • 3% review online privacy policies carefully most of the time – Most likely to review policy before providing credit card info – Policies too time consuming to read and difficult to understand • 70% would prefer standard privacy policy format • Most interested in knowing about data sharing and how to get off marketing lists • People are more comfortable at sites that have privacy policies, even if they don ’ t read them CSE545 - Advanced Network Security - Professor McDaniel Page 6

  8. OECD fair information principles • Organization of Economic Cooperation and Development, 1980 • Guidelines: ‣ Collection limitation ‣ Data quality ‣ Purpose specification ‣ Use limitation ‣ Security safeguards ‣ Openness ‣ Individual participation ‣ Accountability http://www.privacyrights.org/ar/fairinfo.htm CSE545 - Advanced Network Security - Professor McDaniel Page 7

  9. OECD fair information principles • Collection Limitation .There should be limits to the collection of personal data and any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject. • Data quality principle . Personal data should be relevant to the purposes for which they are to be used, and, to the extent necessary for those purposes, should be accurate, complete and kept up-to-date. • Purpose specification . The purposes for which personal data are collected should be specified not later than at the time of data collection and the subsequent use limited to the fulfilment of those purposes or such others as are not incompatible with those purposes and as are specified on each occasion of change of purpose. CSE545 - Advanced Network Security - Professor McDaniel Page 8

  10. OECD fair information principles • Use limitation principle . Personal data should not be disclosed, made available or otherwise used for purposes other than those specified in accordance with Paragraph 9 except: ‣ (a) with the consent of the data subject; or ‣ (b) by the authority of law. • Security safeguards principle . Personal data should be protected by reasonable security safeguards against such risks as loss or unauthorized access, destruction, use, modification or disclosure of data. • Openness principle . There should be a general policy of openness about developments, practices and policies with respect to personal data. Means should be readily available of establishing the existence and nature of personal data, and the main purposes of their use, as well as the identity about usual residence of the data controller. CSE545 - Advanced Network Security - Professor McDaniel Page 9

  11. OECD fair information principles • Individual participation principle . An individual should have the right: ‣ (a) to obtain from a data controller, or otherwise, confirmation of whether or not the data controller has data relating to him; ‣ (b) to have communicated to him, data relating to him • within a reasonable time; • at a charge, if any, that is not excessive; • in a reasonable manner; and • in a form that is readily intelligible to him; ‣ (c) to be given reasons if a request made under subparagraphs (a) and (b) is denied, and to be able to challenge such denial; and ‣ (d) to challenge data relating to him and, if the challenge is successful, to have the data erased; rectified, completed or amended. • Accountability principle . A data controller should be accountable for complying with measures which give effect to the principles stated above. CSE545 - Advanced Network Security - Professor McDaniel Page 10

  12. Simplified principles • Notice and disclosure • Choice and consent • Data security • Data quality and access • Recourse and remedies US Federal Trade Commission, Privacy Online: A Report to Congress (June 1998), http://www.ftc.gov/reports/privacy3/ Page 11 CSE545 - Advanced Network Security - Professor McDaniel

  13. Browser Chatter • To anyone who might be • Browsers chatter about listening – IP address, domain name, – End servers organization, – System administrators – Referring page – Internet Service Providers – Platform: O/S, browser – Other third parties – What information is requested • Advertising networks • URLs and search terms – Anyone who might – Cookies subpoena log files later Page 12 CSE545 - Advanced Network Security - Professor McDaniel

  14. Typical HTTP request with cookie GET /retail/searchresults.asp?qu=beer HTTP/1.0 Referer: http://www.us.buy.com/default.asp User-Agent: Mozilla/4.75 [en] (X11; U; NetBSD 1.5_ALPHA i386) Host: www.us.buy.com Accept: image/gif, image/jpeg, image/pjpeg, */* Accept-Language: en Cookie: buycountry=us; dcLocName=Basket; dcCatID=6773; dcLocID=6773; dcAd=buybasket; loc=; parentLocName=Basket; parentLoc=6773; ShopperManager%2F=ShopperManager %2F=66FUQULL0QBT8MMTVSC5MMNKBJFWDVH 7; Store=107; Category=0 Page 13 CSE545 - Advanced Network Security - Professor McDaniel

  15. Referer log problems • GET methods result in values in URL • These URLs are sent in the referer header to next host, e.g., http://www.merchant.com/cgi_bin/order? name=Tom+Jones&address=here +there&credit +card=234876923234&PIN=1234&- >index.html Page 14 CSE545 - Advanced Network Security - Professor McDaniel

  16. Cookies 101 • Cookies can be useful – Used like a staple to attach multiple parts of a form together – Used to identify you when you return to a web site so you don ’ t have to remember a password – Used to help web sites understand how people use them • Cookies can do unexpected things – Used to profile users and track their activities, especially across web sites Page 15 CSE545 - Advanced Network Security - Professor McDaniel

  17. How cookies work – the basics • A cookie stores a small string of characters • A web site asks your browser to “ set ” a cookie • Whenever you return to that site your browser sends the cookie back automatically Please store Here is cookie cookie xyzzy xyzzy site browser site browser First visit to site Later visits Page 16 CSE545 - Advanced Network Security - Professor McDaniel

  18. How cookies work – • Cookies are only sent back to the “ site ” that set them – but this may be any host • Cookies can store user info or a in domain database key that is used to look up – Sites setting cookies indicate path, domain, user info – either way the cookie and expiration for cookies enables info to be linked to the current browsing session Database Users … Send me Send me with User=Joe Email … with any requests for Email= Visits … request to index.html on Joe@ x.com y.x.com for this x.com until 2008 session only Visits=13 User=4576 904309 Page 17 CSE545 - Advanced Network Security - Professor McDaniel

Recommend

$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

Presentation Slides $ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

318 views • 13 slides
Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; Security and Cooperation in Wireless Networks Georg-August University Gttingen Chapter outline 1 Important privacy related

1.12k views • 33 slides
Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

CISPA Center for IT Security, Privacy and Accountabiltiy Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when,

573 views • 26 slides
$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

Presentation Slides $ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

429 views • 13 slides
CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies

CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies

CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies US Privacy Laws Sources: Baase: A Gift of Fire and Quinn: Ethics for the Information Age Ethics Spring 2010 Privacy 1 Privacy The original

725 views • 45 slides
Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is

1.01k views • 76 slides
Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in

Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in

Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in many ways over the years. Usually privacy is concerned with the individual human being. We may talk about privacy as the control over your own

230 views • 21 slides
Engineering privacy by design Privacy by Design Let's have it! Information and Privacy

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy Commissioner of Ontario https://www.ipc.on.ca/images/resources/7foundationalprinciples.pdf Privacy by Design Let's have it! Article 25 European

1.32k views • 118 slides
Anonymity & Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy.

Anonymity & Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy.

Anonymity & Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy. College Bescherming Persoonsgegevens (CBP) What is privacy? Users must be able to determine for themselves when, how, to what extent and

798 views • 45 slides
Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics

Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics

ECE598NB Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics Course Structure Privacy Define privacy Privacy History Privacy has always existed Cities / large populations have made

173 views • 14 slides
Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering & Public Policy Lorrie Faith Cranor October 29, 2013 y & c S a e v c i u r P r i t e y l b L a a s

245 views • 20 slides
Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering & Public Policy Lorrie Faith Cranor November 11, 2014 y & c S a e v c i u r P r i t e y l b L a a s

555 views • 21 slides
Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy

Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy

Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy Alexandra Wood Berkman Klein Center for Internet & Society at Harvard University DIMACS/Northeast Big Data Hub Workshop on Overcoming Barriers to

964 views • 54 slides
Privacy and Anonymity 1 Privacy Privacy and society Basic individual right & desire

Privacy and Anonymity 1 Privacy Privacy and society Basic individual right & desire

CS 134 Privacy and Anonymity 1 Privacy Privacy and society Basic individual right & desire (Image from geekologie.com) Relevant to corporations & government agencies Recently increased awareness However, general public

171 views • 16 slides
PRIVACY IN UBIQUITOUS PRIVACY IN UBIQUITOUS Understanding Privacy Technical Approaches

PRIVACY IN UBIQUITOUS PRIVACY IN UBIQUITOUS Understanding Privacy Technical Approaches

Marc Langheinrich: Privacy in Ubiquitous Computing 5/29/2010 Todays Menu PRIVACY IN UBIQUITOUS PRIVACY IN UBIQUITOUS Understanding Privacy Technical Approaches COMPUTING Definitions Challenges 1. History and legal aspects 1.

264 views • 13 slides
Privacy in Wireless Networks privacy notions and metrics; privacy in RFID systems; location

Privacy in Wireless Networks privacy notions and metrics; privacy in RFID systems; location

Mobile Networks - Module H2 Privacy in Wireless Networks privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; privacy preserving routing in ad hoc networks; Slides adapted from Security and

909 views • 55 slides
Privacy October 2006 Overview I. Definition II. Basic Privacy Principles III. Privacy Issues

Privacy October 2006 Overview I. Definition II. Basic Privacy Principles III. Privacy Issues

Simone Fischer-Hbner Privacy October 2006 Overview I. Definition II. Basic Privacy Principles III. Privacy Issues (LBS, RFID,...) IV. European Privacy Legislation/ Directives I. Definition Warren & Brandeis 1890 The right to

694 views • 30 slides
matching and the Privacy Act 1988 (Cth) Dimitrios (Jim) Kormas | Assistant Director| Privacy

matching and the Privacy Act 1988 (Cth) Dimitrios (Jim) Kormas | Assistant Director| Privacy

Government data matching and the Privacy Act 1988 (Cth) Dimitrios (Jim) Kormas | Assistant Director| Privacy Assessments 17 May 2018 Brief overview of the OAIC, Privacy Act and Australian Privacy Principles (APPs) OAICs involvement

454 views • 16 slides
Privacy Presentation Task Force on Autonomous Vehicles Subcommittee on Cybersecurity, Privacy,

Privacy Presentation Task Force on Autonomous Vehicles Subcommittee on Cybersecurity, Privacy,

Privacy Presentation Task Force on Autonomous Vehicles Subcommittee on Cybersecurity, Privacy, and Data April 18, 2019 The Pessimistic View (or, Privacy is Dead) Internet Privacy A More Realistic View Privacy Monetization Convenience

355 views • 9 slides
Privacy September 26 th , 2018 Have you ever felt as though your u privacy was violated? u When?

Privacy September 26 th , 2018 Have you ever felt as though your u privacy was violated? u When?

CS4001: Computing, Society and Professionalism Sauvik Das | Assistant Professor Privacy September 26 th , 2018 Have you ever felt as though your u privacy was violated? u When? How?* Privacy * Dont need to share specifics, just u

427 views • 29 slides
Differential Privacy (Part III) Approximate (or ( , ))-differential privacy

Differential Privacy (Part III) Approximate (or ( , ))-differential privacy

Differential Privacy (Part III) Approximate (or ( , ))-differential privacy Generalized definition of differential privacy allowing for a (supposedly small) additive factor Used in a variety of applications A query mechanism M is (

1.27k views • 43 slides
Who we are: Tom Walker // @thomwithoutanh Privacy The right to privacy : individuals should be

Who we are: Tom Walker // @thomwithoutanh Privacy The right to privacy : individuals should be

Beneficial ownership transparency, Title Page privacy and data protection 23 October Presented by Tom Walker tom@theengineroom.org @thomwithoutanh Who we are: Tom Walker // @thomwithoutanh Privacy The right to privacy : individuals should be

702 views • 13 slides
CS573 Data Privacy and Security Local Differential Privacy Li Xiong Privacy at Scale: Local

CS573 Data Privacy and Security Local Differential Privacy Li Xiong Privacy at Scale: Local

CS573 Data Privacy and Security Local Differential Privacy Li Xiong Privacy at Scale: Local Differential Privacy in Practice (Module 1) Graham Cormode, Somesh Jha, Tejas Kulkarni, Ninghui Li, Divesh Srivastava, and Tianhao Wang Differential

819 views • 38 slides
Differential privacy and applications to location privacy Catuscia Palamidessi INRIA & Ecole

Differential privacy and applications to location privacy Catuscia Palamidessi INRIA & Ecole

Differential privacy and applications to location privacy Catuscia Palamidessi INRIA & Ecole Polytechnique 1 Plan of the talk General introduction to privacy issues A naive approach to privacy protection: anonymization Why it

740 views • 44 slides

More recommend