seductive myths about privacy
play

Seductive myths about privacy Myth: The major privacy risk is from - PowerPoint PPT Presentation

Oct 31, 2022 •260 likes •504 views

Seductive myths about privacy Myth: The major privacy risk is from unauthorized access to information Myth: Privacy can be adequately protected by removing personally identifying information (PII) from records to be released. Myth:

  1. Seductive myths about privacy • Myth: The major privacy risk is from unauthorized access to information • Myth: Privacy can be adequately protected by removing personally identifying information (PII) from records to be released. • Myth: Notice and choice is an adequate framework for privacy protection • Myth: Personal privacy is about individuals 7/27/2010 Hal Abelson, MIT CSAIL, <hal@mit.edu> 1

  2. Seductive myths about privacy • Myth: The major privacy risk is from unauthorized access to information • Myth: Privacy can be adequately protected by removing personally identifying information (PII) from records to be released. • Myth: Notice and choice is an adequate framework for privacy protection • Myth: Personal privacy is about individuals 7/27/2010 Hal Abelson, MIT CSAIL, <hal@mit.edu> 2

  3. Seductive myths about privacy • Myth: The major privacy risk is from unauthorized access to information • Reality: Confounding security and privacy is a favorite myth of the computer security industry and of IT organizations everywhere. 7/27/2010 Hal Abelson, MIT CSAIL, <hal@mit.edu> 3

  4. Seductive myths about privacy • Myth: The major privacy risk is from unauthorized access to information • Myth: Privacy can be adequately protected by removing personally identifying information (PII) from records to be released. • Myth: Notice and choice is an adequate framework for consumer privacy concerns • Myth: Personal privacy is personal 7/27/2010 Hal Abelson, MIT CSAIL, <hal@mit.edu> 4

  5. Seductive myths about privacy • Myth: The major privacy risk is from unauthorized access to information • Myth: Privacy can be adequately protected by removing personally identifying information (PII) from records to be released. • Reality: The belief that information can be de- identified is the basis for much current privacy regulation. But information can be readily re- identified. 7/27/2010 Hal Abelson, MIT CSAIL, <hal@mit.edu> 5

  6. 7/27/2010 Hal Abelson, MIT CSAIL, <hal@mit.edu> 6

  7. 7/27/2010 Hal Abelson, MIT CSAIL, <hal@mit.edu> 7

  8. { date of birth , gender , 5-digit ZIP } uniquely identifies 87.1% of USA pop. courtesy Latanya Sweeney, CMU 7/27/2010 Hal Abelson, MIT CSAIL, <hal@mit.edu> 8

  9. Seductive myths about privacy • Myth: The major privacy risk is from unauthorized access to information • Myth: Privacy can be adequately protected by removing personally identifying information (PII) from records to be released. • Myth: Notice and choice is an adequate framework for privacy protection • Reality: Both opt-in our opt-out are meaningless if the choice is not informed. “User choice” has become a way for industry to shift blame to users. 7/27/2010 Hal Abelson, MIT CSAIL, <hal@mit.edu> 9

  10. Seductive myths about privacy • Myth: The major privacy risk is from unauthorized access to information • Myth: Privacy can be adequately protected by removing personally identifying information (PII) from records to be released. • Myth: Notice and choice is an adequate framework for privacy protection • Reality: Choice, whether opt-in our opt-out are meaningless if the choice is not informed. “User choice” has become a way for industry to shift blame to users. 7/27/2010 Hal Abelson, MIT CSAIL, <hal@mit.edu> 10

  11. 7/27/2010 Hal Abelson, MIT CSAIL, <hal@mit.edu> 11

  12. Seductive myths about privacy • Myth: Personal privacy is about individuals 7/27/2010 Hal Abelson, MIT CSAIL, <hal@mit.edu> 12

  13. Seductive myths about privacy • Myth: Personal privacy is about individuals • Reality: On the internet, people really can judge you by your friends (your mother was right). • A “personal choice” to reveal information about yourself also reveals information about your associates. 7/27/2010 Hal Abelson, MIT CSAIL, <hal@mit.edu> 13

  14. Information Leakage from Social Networks Jernigan and Mistree (2007) 7/27/2010 Hal Abelson, MIT CSAIL, <hal@mit.edu> 14

  15. Seductive myths about privacy • Myth: The major privacy risk is from unauthorized access to information • Myth: Privacy can be adequately protected by removing personally identifying information (PII) from records to be released. • Myth: Notice and choice is an adequate framework for privacy protection • Myth: Personal privacy is about individuals 7/27/2010 Hal Abelson, MIT CSAIL, <hal@mit.edu> 15

  16. Moving from an old privacy framework … • Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others . 7/27/2010 Hal Abelson, MIT CSAIL, <hal@mit.edu> 16

  17. To a privacy framework for the information age • Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others . • Privacy is the claim of individuals, groups, or institutions to determine when, how, and to what extent information about them is used by others in ways that affect them. 7/27/2010 Hal Abelson, MIT CSAIL, <hal@mit.edu> 17

  18. The RMP restrictions • We currently offer five RMP restrictions: o no-commercial o no-depiction o no-employment o no-financial o no-medical • A user is able to choose any combination of these restrictions to apply on their personal information. • The user is then given an icon, similar to the Creative Commons icon, that can be publicly posted on their profile pages.

  19. RMP on Facebook/OpenSocial • RMP applications for Facebook and OpenSocial. • The applications allow users to create and display restrictions on their private information. • An icon is created from their choices that is displayed on a user's profile page and links to a page containing more information.

  20. Information Accountability : When information has been used, it should to possible to determine what happened, and to pinpoint use that is inappropriate 7/27/2010 Hal Abelson, MIT CSAIL, <hal@mit.edu> 20

  21. Technology to support information accountability • Information is annotated with provenance that identifies its source. • Data transfers and uses are logged so that chains of transfers have audit trails • Databases and data providers supply machine- readable policies that govern permissible uses of the data. • Automated reasoning engines use policies to determine whether data use is appropriate. • Users manipulate information via policy-aware interfaces that can enforce policies and/or signal non- compliant uses. 7/27/2010 Hal Abelson, MIT CSAIL, <hal@mit.edu> 21

  22. Use Case: Data sharing in Fusion Centers • Current CSAIL research for DHS • Example – Sender: Mia Analysa of Massachusetts Commonwealth Fusion Center – Data: Request for Information regarding Robert Guy – Receiver: Fedd Agenti of DHS – Is this allowed under policies of the involved parties ? 7/27/2010 Hal Abelson, MIT CSAIL, <hal@mit.edu> 22

  23. Automated policy reasoning 7/27/2010 Hal Abelson, MIT CSAIL, <hal@mit.edu> 23

  24. END Myth: The major privacy risk is from unauthorized

Recommend

Legends &amp; Myths Greek Mythology What are Myths? What purpose do they serve? Purposes for

Legends &amp; Myths Greek Mythology What are Myths? What purpose do they serve? Purposes for

Legends &amp; Myths Greek Mythology What are Myths? What purpose do they serve? Purposes for Myths To teach a lesson/educate To explain an event or phenomena To frighten or warn people For entertainment Titans Elder Gods, ruled the Earth

216 views • 18 slides
A seductive vision : Having a creative, well thought vision on the sweets markets is what makes

A seductive vision : Having a creative, well thought vision on the sweets markets is what makes

Chocolate products Biscuits Confectionery A seductive vision : Having a creative, well thought vision on the sweets markets is what makes the difference today. Hamlets strenghts lies in the development of new products, attractive packaging

445 views • 13 slides
Pinot Noir: The Savage Yet Seductive Grape The Beauty and the Beast Dr. Karl Kaiser

Pinot Noir: The Savage Yet Seductive Grape The Beauty and the Beast Dr. Karl Kaiser

Pinot Noir: The Savage Yet Seductive Grape The Beauty and the Beast Dr. Karl Kaiser CCOVI Professional Affiliate Brock University, St. Catharines, ON Introduction to Pinot Noir The Story of the Origin Quotes taken from Pinot

818 views • 38 slides
The Vital Need for Privacy and Security by Design Ann Cavoukian, Ph.D. Executive Director

The Vital Need for Privacy and Security by Design Ann Cavoukian, Ph.D. Executive Director

The Vital Need for Privacy and Security by Design Ann Cavoukian, Ph.D. Executive Director Global Privacy &amp; Security by Design Centre Technion Summer School on Cyber Security Haifa, Israel September 9, 2020 Lets Dispel The Myths

929 views • 55 slides
Pinot Noir: The Savage Yet Seductive Grape The Beauty and the Beast Dr. Karl Kaiser

Pinot Noir: The Savage Yet Seductive Grape The Beauty and the Beast Dr. Karl Kaiser

Pinot Noir: The Savage Yet Seductive Grape The Beauty and the Beast Dr. Karl Kaiser CCOVI Professional Affiliate Brock University, St. Catharines, ON Introduction to Pinot Noir The Story of the Origin Quotes taken from Pinot Noir

710 views • 39 slides
The EU is coming to get you New risks for US businesses targeting Europe and exploding some EU

The EU is coming to get you New risks for US businesses targeting Europe and exploding some EU

The EU is coming to get you New risks for US businesses targeting Europe and exploding some EU data privacy myths Stephen Groom BAA Chicago 7 November 2014 osborneclarke.com What is this deck about? Exploding four myths around US

321 views • 17 slides
$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

Presentation Slides $ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

318 views • 13 slides
Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; Security and Cooperation in Wireless Networks Georg-August University Gttingen Chapter outline 1 Important privacy related

1.12k views • 33 slides
Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

CISPA Center for IT Security, Privacy and Accountabiltiy Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when,

573 views • 26 slides
$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

Presentation Slides $ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

429 views • 13 slides
CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies

CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies

CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies US Privacy Laws Sources: Baase: A Gift of Fire and Quinn: Ethics for the Information Age Ethics Spring 2010 Privacy 1 Privacy The original

725 views • 45 slides
Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is

1.01k views • 76 slides
Universal SSL Nick Sullivan @grittygrease Real Real World Crypto: HTTPS 2 HTTPS Myths

Universal SSL Nick Sullivan @grittygrease Real Real World Crypto: HTTPS 2 HTTPS Myths

January 9th 2015 Universal SSL Nick Sullivan @grittygrease Real Real World Crypto: HTTPS 2 HTTPS Myths Only for banking Only for authentication Too hard 3 HTTPS is used for Visitor privacy Invasive

1.07k views • 81 slides
Privacy Rule Ron Honberg, J.D. Senior Advisor, Policy and Advocacy National Alliance on Mental

Privacy Rule Ron Honberg, J.D. Senior Advisor, Policy and Advocacy National Alliance on Mental

Myths and Reality: The HIPAA Privacy Rule Ron Honberg, J.D. Senior Advisor, Policy and Advocacy National Alliance on Mental Illness March 2018 Disclaimer This webinar was developed [in part] under contract number

369 views • 26 slides
Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in

Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in

Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in many ways over the years. Usually privacy is concerned with the individual human being. We may talk about privacy as the control over your own

230 views • 21 slides
Dyslexia; the myths and the science Kim Stuckey Kim.Stuckey@dese.mo.gov Learning Intentions

Dyslexia; the myths and the science Kim Stuckey Kim.Stuckey@dese.mo.gov Learning Intentions

Dyslexia; the myths and the science Kim Stuckey Kim.Stuckey@dese.mo.gov Learning Intentions Debunking myths Defining Dyslexia Review mandates and requirements Debunking the Myths Myth: People with dyslexia see letters or words

716 views • 24 slides
Engineering privacy by design Privacy by Design Let's have it! Information and Privacy

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy Commissioner of Ontario https://www.ipc.on.ca/images/resources/7foundationalprinciples.pdf Privacy by Design Let's have it! Article 25 European

1.32k views • 118 slides
Anonymity &amp; Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy.

Anonymity &amp; Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy.

Anonymity &amp; Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy. College Bescherming Persoonsgegevens (CBP) What is privacy? Users must be able to determine for themselves when, how, to what extent and

798 views • 45 slides
Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics

Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics

ECE598NB Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics Course Structure Privacy Define privacy Privacy History Privacy has always existed Cities / large populations have made

173 views • 14 slides
Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering &amp; Public Policy Lorrie Faith Cranor November 11, 2014 y &amp; c S a e v c i u r P r i t e y l b L a a s

555 views • 21 slides
Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering &amp; Public Policy Lorrie Faith Cranor October 29, 2013 y &amp; c S a e v c i u r P r i t e y l b L a a s

245 views • 20 slides
Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law &amp; Policy

Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law &amp; Policy

Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law &amp; Policy Alexandra Wood Berkman Klein Center for Internet &amp; Society at Harvard University DIMACS/Northeast Big Data Hub Workshop on Overcoming Barriers to

964 views • 54 slides
Digital Childhood: Myths and Realities Natalia Kucirkova The Open University Myths &amp;

Digital Childhood: Myths and Realities Natalia Kucirkova The Open University Myths &amp;

Digital Childhood: Myths and Realities Natalia Kucirkova The Open University Myths &amp; realities/ key issues Myths &amp; realities/ key issues 1, Pedagogy versus technology 2, Technology versus nature 3, All technology is equal 4,

438 views • 22 slides
Privacy and Anonymity 1 Privacy Privacy and society Basic individual right &amp; desire

Privacy and Anonymity 1 Privacy Privacy and society Basic individual right &amp; desire

CS 134 Privacy and Anonymity 1 Privacy Privacy and society Basic individual right &amp; desire (Image from geekologie.com) Relevant to corporations &amp; government agencies Recently increased awareness However, general public

171 views • 16 slides

More recommend