PRIVACY
Authentication, Data Mining, Web, Email Security, Emerging
Technologies, Where the Field Is Headed
Authentication and Privacy
• Individual Authentication
When you are born, your birth is registered at a government records office, and the
office issues a birth certificate to your parents. A few years later, your parents enroll
you in school, presenting the birth certificate so that the school can issue you a
school identity card.
• Identity Authentication
We use many different identities. There may or may not be ways to connect all
these different identities. A credit card links to the name and address of the card
payer, who may be you, your spouse, or anyone else willing to pay your expenses.
• Anonymized Records
Sometimes, individual data elements are not sensitive, but the linkages
among them are.
For instance, some person is named Erin, some person has the medical
condition diabetes; neither of those facts is sensitive. The linkage that Erin
has diabetes becomes sensitive.
Medical researchers want to study populations to determine incidence of
diseases, common factors, trends, and patterns. To preserve privacy,
researchers often deal with anonymized records: records from which
identifying information has been removed. If those records can be
reconnected to the identifying information, privacy suffers.
Data Mining
• Private sector data mining is a lucrative and rapidly growing industry.
The more data are collected, the more opportunities open for
learning from various aggregations.
• Determining trends, market preferences, and characteristics may be
good because they lead to an efficient and effective market.
• Government Data Mining
• Privacy-Preserving Data Mining
1. Privacy for Correlation
2. Privacy for Aggregation
Privacy on the Web
• Understanding the Online Environment
The Internet is like a big, unregulated bazaar. Every word you speak can be
heard by many others.
• Payments on the Web
Credit Card Payments
Payment Schemes
• Site and Portal Registrations
• Whose Page Is This?
Third-Party Ads
Contests and Offers
• Precautions for Web Surfing
Cookies are files of data put in place by a website. Third-party cookies permit
an aggregator to link information from a user’s visit to websites of different
organizations. There is online profiling. Sensitive information, such as credit
card number or even name and address, should be encrypted or otherwise
protected in the cookie.
Web Bugs invisible graphics embedded in an image that resides on a web
page. Solution is not to restrict the image but to restrict the action the bug can
invoke. However, restricting web bugs also restricts the richness of content
display.
Spyware collects and reports activity by web users. Keystroke loggers can
seriously compromise privacy by obtaining passwords, bank account
numbers, contact names, and web-search arguments.
Hijackers Another category of spyware is software that hijacks a program
installed for a different purpose. The privacy issue for a service such as
Altnet is that even if a user authorizes use of spare computing power or
sharing or files or other resources, there may be no control over access to
other sensitive data on the user’s computer.
Adware displays selected advertisements in pop-up windows or in the
main browser window. Writers of adware software are paid to get their
clients’ ads in front of users. It is usually installed as part of another piece
of software without notice.
• Shopping on the Internet
Web merchants are under no obligation to price products the same for all
customers, or the same as other sellers price the same product.
Example is Amazon.com, which priced a DVD at 30 percent, 35 percent,
and 40 percent off list price concurrently to different customers.
A fair market occurs when seller and buyer have complete knowledge: If
both can see and agree with the basis for a decision, each knows the
other party is playing fairly.
Email Security
• Where Does Email Go, and Who Can Access It?
Mail from Janet to Scott can easily involve at least six parties: (a) Janet and her computer,
(b) Janet’s organization’s SMTP server, (c) Janet’s organization’s ISP, (d) the ISP
connecting to Scott’s POP server, (e) Scott’s POP server, and (f) Scott and his computer.
Any of them can log the fact it was sent or can even keep a copy of the message .
• Interception of Email
Email is subject to interception and modification at many points from sender to recipient.
S/MIME and PGP are two widely used email protection programs. A virtual private
network can protect data on the connection between a client’s workstation and some
edge point, usually a router or firewall, at the organization to which the client belongs.
• Monitoring Email
In many countries, companies and government agencies can legitimately
monitor their employees’ email use. Similarly, schools and libraries can
monitor their students’ or patrons’ computer use. Network
administrators and ISPs can monitor traffic for normal business purposes,
such as to measure traffic patterns or to detect spam.
• Anonymous, Pseudonymous, and Disappearing Email
1. Simple Remailers
2. Multiple Remailers
3. Disappearing Email
• Spoofing and Spamming
Spoofing the source address of an email message is not difficult. This
limitation facilitates the sending of spam because it is impossible to
trace the real sender of a spam message.
Phishing is a form of spam in which the sender attempts to convince
the receiver to reveal personal data, such as banking details. The
sender enhances the credibility of a phishing message by spoofing a
convincing source address or using a deceptive domain name.
User awareness is the best defense.
Privacy Impacts of Emerging
Technologies
• Radio Frequency Identification (RFID)
Consumer Products
Your shirt, shoes, pen, wallet, credit card, mobile phone, media player, and candy
bar wrapper might each have an RFID tag. One tag from an employee ID might
reveal for whom you work, another from a medicine bottle might disclose a
medical condition.
RFID Tags for Individuals
Some people with an unusual medical condition have already had an RFID tag
permanently implanted on their bodies. This way, even if a patient is brought
unconscious to a hospital, the doctors can scan for a tag, receive the person’s
unique number, and look up the person’s medical record by that number.
• Electronic Voting
Privacy and the Voting Process
Generating and counting ballots is the most obvious step in the election
process; building and maintaining the list of eligible voters, recording who
has voted, supporting absentee ballots, and transmitting election results to
election headquarters are other important steps. Each of these has obvious
privacy implications.
Privacy-Preserving Technology
Encrypting a vote with the public key of the election board, could preserve
confidentiality. The difficulty is in ensuring that only authorized people can
vote and that an authorized person can vote only once.
• VoIP and Skype
Cellular telephony and Internet-based phone service have significantly
changed the situation of traditional telephony. Voice over IP (VoIP) is a
protocol for transmission of voice traffic over the Internet.
Major VoIP carriers include Skype, Google Talk, and Vonage.
Privacy can be sacrificed even if the voice traffic is solidly encrypted,
the source and destination of the phone call will be somewhat
exposed through packet headers.
• Privacy in Cloud
Where the Field Is Headed
• Various privacy rights organizations, such as the Center for Democracy and Technology,
the Electronic Privacy Information Center (EPIC), Privacy.Org, and Privacy International,
and professional computing societies, such as IEEE and ACM, must continue their
efforts.
• The Johns Hopkins Information Security Institute, of which Rubin is Technical Director,
has produced several good studies of privacy vulnerabilities.
• Annie Antón of Georgia Institute of Technology has developed tools to analyze privacy
policies.
• Bob Gellman is a well-respected consultant on privacy issues.
• IEEE Security & Privacy magazine has at least one article about privacy in every issue, in
its Privacy Interests department.