Presentation is loading. Please wait.

Presentation is loading. Please wait.

ICE0534 – Web-based Software Development ICE1338 – Programming for WWW Lecture #13 Lecture #13 In-Young Ko iko.AT. icu.ac.kr iko.AT. icu.ac.kr Information.

Similar presentations


Presentation on theme: "ICE0534 – Web-based Software Development ICE1338 – Programming for WWW Lecture #13 Lecture #13 In-Young Ko iko.AT. icu.ac.kr iko.AT. icu.ac.kr Information."— Presentation transcript:

1 ICE0534 – Web-based Software Development ICE1338 – Programming for WWW Lecture #13 Lecture #13 In-Young Ko iko.AT. icu.ac.kr iko.AT. icu.ac.kr Information and Communications University (ICU) - Summer 2005 -

2 Summer 2005 2 ICE 0534/ICE1338 – WWW © In-Young Ko, Information and Communications University Announcements Project Presentation (Aug. 11) Project Presentation (Aug. 11) The order of project presentations The order of project presentations Daejeon Teams (Teams # 1, 2, 3, 4, 8, 9) Daejeon Teams (Teams # 1, 2, 3, 4, 8, 9) Seoul Teams (Teams # 5, 6, 7) Seoul Teams (Teams # 5, 6, 7) The presentation can be given by multiple team members The presentation can be given by multiple team members Send your presentation material to the TA by August 10 th 5PM Send your presentation material to the TA by August 10 th 5PM All presentation and demo must be done on the machine in the classroom (please do not use your laptop computers) All presentation and demo must be done on the machine in the classroom (please do not use your laptop computers) Write summaries of other teams’ presentations Write summaries of other teams’ presentations

3 Summer 2005 3 ICE 0534/ICE1338 – WWW © In-Young Ko, Information and Communications University Last Lecture Semantic Web Semantic Web Ph.D. Lecture Ph.D. Lecture Integration of Biological XML data [p2: Woo-Hyuck Jang] Integration of Biological XML data [p2: Woo-Hyuck Jang] Technology Surveys Technology Surveys Semantic Web Services [g24: Chan-kyu Park] Semantic Web Services [g24: Chan-kyu Park] Web-services Challenges [g21.1: Janarbek] Web-services Challenges [g21.1: Janarbek] Web Services Security [g21.2: Jongsoo Bae] Web Services Security [g21.2: Jongsoo Bae]

4 Summer 2005 4 ICE 0534/ICE1338 – WWW © In-Young Ko, Information and Communications University This Lecture Privacy issues on the Web Privacy issues on the Web The Future of the Web The Future of the Web Technology Reviews on Web Applications Technology Reviews on Web Applications Web-based collaboration tools [u19: Suran Cho] Web-based collaboration tools [u19: Suran Cho] Blogs (Web Logs) [u20: Dongpyo Rhee] Blogs (Web Logs) [u20: Dongpyo Rhee] Technology Surveys on Future Web Technologies Technology Surveys on Future Web Technologies Mobile Web [g25: Jongho Kim] Mobile Web [g25: Jongho Kim] Embedded Web [g26: Hyungmin Koo] Embedded Web [g26: Hyungmin Koo] Ubiquitous computing with Web-based technologies [g27: Eunchae Yoon] Ubiquitous computing with Web-based technologies [g27: Eunchae Yoon] M-Commerce [g28: Miyul Park] M-Commerce [g28: Miyul Park] (1) (3) (2) (4) (5) (6)

5 Summer 2005 5 ICE 0534/ICE1338 – WWW © In-Young Ko, Information and Communications University Privacy Issues on the Web

6 Summer 2005 6 ICE 0534/ICE1338 – WWW © In-Young Ko, Information and Communications University Why are we getting spam emails?

7 Summer 2005 7 ICE 0534/ICE1338 – WWW © In-Young Ko, Information and Communications University Acxiom The premier source of addresses and phone numbers for telemarketers and mass mailers The premier source of addresses and phone numbers for telemarketers and mass mailers Maintains a database of information on 176 million Americans Maintains a database of information on 176 million Americans Collects information from public records, private companies, the Postal Service and product warranty cards Collects information from public records, private companies, the Postal Service and product warranty cards Made $958 million in revenue in 2002 Made $958 million in revenue in 2002 A member of DMA (Direct Marketing Association) A member of DMA (Direct Marketing Association) http://www.wired.com/news/privacy/0,1848,61240,00.html

8 Summer 2005 8 ICE 0534/ICE1338 – WWW © In-Young Ko, Information and Communications University Private Citizen Offers individuals the ability to pay an annual fee ($20) to stop telemarketers and junk mailers Offers individuals the ability to pay an annual fee ($20) to stop telemarketers and junk mailers Sends the signed requests to each of the eight largest direct-marketing databases including Acxiom Sends the signed requests to each of the eight largest direct-marketing databases including Acxiom Acxiom has been refusing Private Citizen’s requests Acxiom has been refusing Private Citizen’s requests http://www.wired.com/news/privacy/0,1848,61240,00.html

9 Summer 2005 9 ICE 0534/ICE1338 – WWW © In-Young Ko, Information and Communications University Is this a misuse of private information?

10 Summer 2005 10 ICE 0534/ICE1338 – WWW © In-Young Ko, Information and Communications University Is this profiling?

11 Summer 2005 11 ICE 0534/ICE1338 – WWW © In-Young Ko, Information and Communications University Personal Information “Information relating to an identified or identifiable natural person” [European Council] “Information relating to an identified or identifiable natural person” [European Council] “Information about an identifiable individual” [Canadian Privacy Commissioner] “Information about an identifiable individual” [Canadian Privacy Commissioner] Name, age, weight, height Name, age, weight, height Medical records Medical records Income, purchases and spending habits Income, purchases and spending habits Race, ethnic origin and color Race, ethnic origin and color Blood type, DNA code, fingerprints Blood type, DNA code, fingerprints Education, marital status and religion Education, marital status and religion Home address and phone number Home address and phone number Does not include the name, job title, business address or office telephone number of an employee of an organization Does not include the name, job title, business address or office telephone number of an employee of an organization

12 Summer 2005 12 ICE 0534/ICE1338 – WWW © In-Young Ko, Information and Communications University Uses of Personal Information Good uses of personal information Good uses of personal information Transmission of useful information to individuals Transmission of useful information to individuals Use personal information to produce customized products Use personal information to produce customized products Monitoring activities of felons and terrorists? Monitoring activities of felons and terrorists? Misuses of personal information Misuses of personal information Spamming Spamming Profiling – individual, demographic, gender, race Profiling – individual, demographic, gender, race Incorrect alterations Incorrect alterations Secondary use – disclosing personal data to third party Secondary use – disclosing personal data to third party

13 Summer 2005 13 ICE 0534/ICE1338 – WWW © In-Young Ko, Information and Communications University Definitions Privacy: “The quality or state of being apart from company or observation”, “Freedom from unauthorized intrusion” [Merriam-Webster] Privacy: “The quality or state of being apart from company or observation”, “Freedom from unauthorized intrusion” [Merriam-Webster] Information Privacy: “The ability of the individual to personally control information about oneself” [Milberg et al., 1995] Information Privacy: “The ability of the individual to personally control information about oneself” [Milberg et al., 1995]

14 Summer 2005 14 ICE 0534/ICE1338 – WWW © In-Young Ko, Information and Communications University Technical Aspects Internet & Web – multinational data sourcing, ‘data creeping’ Internet & Web – multinational data sourcing, ‘data creeping’ Low-cost memory – large-scale personal data warehousing Low-cost memory – large-scale personal data warehousing Powerful processors – fast processing of personal data Powerful processors – fast processing of personal data Software technology such as Web crawlers, spyware, email worms, etc. – ease of collecting and storing personal data Software technology such as Web crawlers, spyware, email worms, etc. – ease of collecting and storing personal data [Reidenberg 2000]

15 Summer 2005 15 ICE 0534/ICE1338 – WWW © In-Young Ko, Information and Communications University Three Entities [Korba & Kenny 2002]

16 Summer 2005 16 ICE 0534/ICE1338 – WWW © In-Young Ko, Information and Communications University First Principles Data quality Data quality Transparency or openness of processing Transparency or openness of processing Treatment of particularly sensitive data (health, race, religious beliefs, sexual life, etc.) Treatment of particularly sensitive data (health, race, religious beliefs, sexual life, etc.) Enforcement mechanisms Enforcement mechanisms [Reidenberg 2000]

17 Summer 2005 17 ICE 0534/ICE1338 – WWW © In-Young Ko, Information and Communications University Detail Elements of First Principles Must be accountable for all personal info. Must be accountable for all personal info. Should identify the purposes of using the info. Should identify the purposes of using the info. Must get a consent to collect personal info. Must get a consent to collect personal info. Should limit the information collection Should limit the information collection Should not reuse or disclose the info. Should not reuse or disclose the info. Should retain info. only as long as necessary Should retain info. only as long as necessary Keep info. accurate, complete, and up to date Keep info. accurate, complete, and up to date Protect info. with appropriate security safeguards Protect info. with appropriate security safeguards Should be open about its policies and practices Should be open about its policies and practices Allow data subjects access to their info. Allow data subjects access to their info. [Reidenberg 2000]

18 Summer 2005 18 ICE 0534/ICE1338 – WWW © In-Young Ko, Information and Communications University International Efforts to Adopt the First Principles OECD adopted voluntary guidelines for fair treatment of personal information, 1980 OECD adopted voluntary guidelines for fair treatment of personal information, 1980 UN adopted a resolution affirming the First Principles as a global imperative, 1990 UN adopted a resolution affirming the First Principles as a global imperative, 1990 EU adopted the European Directive on Data Protection (The Directive), 1995 EU adopted the European Directive on Data Protection (The Directive), 1995

19 Summer 2005 19 ICE 0534/ICE1338 – WWW © In-Young Ko, Information and Communications University Implementations of the First Principles 1.Self-regulatory Approach Use narrowly targeted sectoral protections Use narrowly targeted sectoral protections Protect privacy through practices developed by industry Protect privacy through practices developed by industry 2.Social Protection Approach Create a comprehensive data protection law Create a comprehensive data protection law Create data protection supervisory agencies Create data protection supervisory agencies 3.Technical Approach Implement the First Principles technically Implement the First Principles technically Define engineering specifications of data protection Define engineering specifications of data protection [Reidenberg 2000]

20 Summer 2005 20 ICE 0534/ICE1338 – WWW © In-Young Ko, Information and Communications University W3C’s Platform for Privacy Preferences Project (P3P) An emerging industry standard that provides a simple, automated way for users to control the use of personal information on Web sites An emerging industry standard that provides a simple, automated way for users to control the use of personal information on Web sites Users can easily set privacy preferences in their Web browsers and agents by using a policy editor Users can easily set privacy preferences in their Web browsers and agents by using a policy editor Major aspects of a Web site's privacy policies are represented in a standard, human-readable, machine- readable (XML-based) format Major aspects of a Web site's privacy policies are represented in a standard, human-readable, machine- readable (XML-based) format We browsers and agents can automatically accept or reject a Web site's requests for information, based on user preferences We browsers and agents can automatically accept or reject a Web site's requests for information, based on user preferences The HTTP header from a Web server includes a privacy policy reference (e.g., a URL of the policy XML file) The HTTP header from a Web server includes a privacy policy reference (e.g., a URL of the policy XML file) http://www.w3.org/P3P/

21 Summer 2005 21 ICE 0534/ICE1338 – WWW © In-Young Ko, Information and Communications University A P3P Privacy Report Example

22 Summer 2005 22 ICE 0534/ICE1338 – WWW © In-Young Ko, Information and Communications University Safe Harbor A framework developed by the US Department of Commerce (DoC) A framework developed by the US Department of Commerce (DoC) To bridge the gap of policy differences on data privacy between US and EU To bridge the gap of policy differences on data privacy between US and EU Approved by EU in 2000 Approved by EU in 2000 Benefits of participating organizations: Benefits of participating organizations: EU’s requirements for prior approval of data transfers either will be waived or approval will be automatically granted EU’s requirements for prior approval of data transfers either will be waived or approval will be automatically granted Claims brought by EU citizens against US organization will be heard in US Claims brought by EU citizens against US organization will be heard in US http://www.export.gov/safeharbor/

23 Summer 2005 23 ICE 0534/ICE1338 – WWW © In-Young Ko, Information and Communications University How Safe Harbor Works Entering the safe harbor is voluntary Entering the safe harbor is voluntary Participants must comply with the safe harbor’s requirements; Participants must comply with the safe harbor’s requirements; Publicly declare that they do so Publicly declare that they do so Self certify annually – send a self certification letter to DoC Self certify annually – send a self certification letter to DoC DoC maintain a list of all participants, and make it publicly available DoC maintain a list of all participants, and make it publicly available http://www.export.gov/safeharbor/

24 Summer 2005 24 ICE 0534/ICE1338 – WWW © In-Young Ko, Information and Communications University Safe Harbor Principles Notice to individuals about data collection and processing, and contact information for inquiries or complaints Notice to individuals about data collection and processing, and contact information for inquiries or complaints Choice of making personal data disclosed to a third party or be used for different purposes Choice of making personal data disclosed to a third party or be used for different purposes Onward Transfer of data to a third party only if the third party provides the same level of privacy protection Onward Transfer of data to a third party only if the third party provides the same level of privacy protection Access to personal data to modify or delete the information Access to personal data to modify or delete the information Security mechanism to protect personal data Security mechanism to protect personal data Data Integrity for ensuring reliability of data for its intended use Data Integrity for ensuring reliability of data for its intended use Enforcement mechanisms to investigate complaints and disputes, to verify companies’ compliance, and to remedy any problems Enforcement mechanisms to investigate complaints and disputes, to verify companies’ compliance, and to remedy any problems http://www.export.gov/safeharbor/

25 Summer 2005 25 ICE 0534/ICE1338 – WWW © In-Young Ko, Information and Communications University The CAN-SPAM Act Main Provisions Main Provisions Bans false or misleading header information Bans false or misleading header information Prohibits deceptive subject lines Prohibits deceptive subject lines Requires that commercial emails give recipients an opt- out method Requires that commercial emails give recipients an opt- out method Requires that commercial emails be identified as an advertisement and include the sender's valid physical postal address Requires that commercial emails be identified as an advertisement and include the sender's valid physical postal address Penalties Penalties Up to $11,000 fine for each violation of the provisions Up to $11,000 fine for each violation of the provisions Additional fines for harvesting email address, “dictionary attacks”, relaying emails without permission Additional fines for harvesting email address, “dictionary attacks”, relaying emails without permission http://www.ftc.gov/bcp/conline/pubs/buspubs/canspam.htm

26 Summer 2005 26 ICE 0534/ICE1338 – WWW © In-Young Ko, Information and Communications University Privacy Statements

27 Summer 2005 27 ICE 0534/ICE1338 – WWW © In-Young Ko, Information and Communications University Recommended Privacy Statement What personal information is collected What personal information is collected How personal information is used How personal information is used Instructions to make choices regarding the dissemination and use of personal information Instructions to make choices regarding the dissemination and use of personal information Instructions to access, update and correct personal information Instructions to access, update and correct personal information How to ensure data integrity How to ensure data integrity The process to manage and address consumer concerns The process to manage and address consumer concerns http://www.truste.org/pdf/WriteAGreatPrivacyPolicy.pdf

28 Summer 2005 28 ICE 0534/ICE1338 – WWW © In-Young Ko, Information and Communications University Privacy References [Reidenberg 2000] J.R. Reidenberg. Resolving conflicting international data privacy rules in cyberspace. Stanford Law Review 52 (2000), pp. 1315-1376. [Reidenberg 2000] J.R. Reidenberg. Resolving conflicting international data privacy rules in cyberspace. Stanford Law Review 52 (2000), pp. 1315-1376. [Korba & Kenny 2002] L. Korba and S. Kenny. Towards Meeting the Privacy Challenge: Adapting DRM. ACM Workshop on Digital Rights Management, Washington, DC, November 2002. [Korba & Kenny 2002] L. Korba and S. Kenny. Towards Meeting the Privacy Challenge: Adapting DRM. ACM Workshop on Digital Rights Management, Washington, DC, November 2002. [Milberg et al., 1995] Sandra J. Milberg and Sandra J. Burke and H. Jeff Smith and Ernest A. Kallman. Values, personal information privacy, and regulatory approaches. Commun. ACM, Vol. 38, No. 12, 1995, pp. 65-74. [Milberg et al., 1995] Sandra J. Milberg and Sandra J. Burke and H. Jeff Smith and Ernest A. Kallman. Values, personal information privacy, and regulatory approaches. Commun. ACM, Vol. 38, No. 12, 1995, pp. 65-74. 1/2

29 Summer 2005 29 ICE 0534/ICE1338 – WWW © In-Young Ko, Information and Communications University Privacy References [EC 2003] Data Protection. European Opinion Research Group, European Commission, 2003. http://europa.eu.int/comm/public_opinion/archives/ebs/ebs_196_data_protection.pdf [EC 2003] Data Protection. European Opinion Research Group, European Commission, 2003. http://europa.eu.int/comm/public_opinion/archives/ebs/ebs_196_data_protection.pdf http://europa.eu.int/comm/public_opinion/archives/ebs/ebs_196_data_protection.pdf The Directive. Directive 95/46/EC of the European Parliament and of the Council: http://europa.eu.int/comm/internal_market/privacy/law_en.htm The Directive. Directive 95/46/EC of the European Parliament and of the Council: http://europa.eu.int/comm/internal_market/privacy/law_en.htm http://europa.eu.int/comm/internal_market/privacy/law_en.htm Safe Harbor: http://www.export.gov/safeharbor/ Safe Harbor: http://www.export.gov/safeharbor/ http://www.export.gov/safeharbor/ FTC Privacy Initiatives: http://www.ftc.gov/privacy/ FTC Privacy Initiatives: http://www.ftc.gov/privacy/ http://www.ftc.gov/privacy/ EPIC Privacy site: http://www.epic.org/privacy/ EPIC Privacy site: http://www.epic.org/privacy/ http://www.epic.org/privacy/ Platform for Privacy Preferences (P3P) Project: http://www.w3.org/P3P/ Platform for Privacy Preferences (P3P) Project: http://www.w3.org/P3P/ http://www.w3.org/P3P/ 2/2

30 Summer 2005 30 ICE 0534/ICE1338 – WWW © In-Young Ko, Information and Communications University The Future of the Web

31 Summer 2005 31 ICE 0534/ICE1338 – WWW © In-Young Ko, Information and Communications University The Web: A New Infrastructure for Software Engineering Provides repositories for searching software component services Provides repositories for searching software component services Provides a medium for deploying software components as services Provides a medium for deploying software components as services Provides protocols to access software services Provides protocols to access software services Provides an environment to dynamically compose (assemble or synthesize) software systems Provides an environment to dynamically compose (assemble or synthesize) software systems

32 Summer 2005 32 ICE 0534/ICE1338 – WWW © In-Young Ko, Information and Communications University The Web: A Ubiquitous Computing Environment User Requirement Changes Exceptional Situations Environmental Changes Applications Context Awareness Support Context-sensitive Component Brokering Dynamic Application Composition and Reconfiguration

33 Summer 2005 33 ICE 0534/ICE1338 – WWW © In-Young Ko, Information and Communications University Mobile Web Drivers – Mobile commerce, mobile entertainment, mobile enterprise, location-based services, communication Drivers – Mobile commerce, mobile entertainment, mobile enterprise, location-based services, communication WAP (Wireless Application Protocol) devices exceed computers WAP (Wireless Application Protocol) devices exceed computers Benefits – Mobile technology industry, society and business in general Benefits – Mobile technology industry, society and business in general Challenges – cramped user input, limited output, difficult environment, limited bandwidth, intermittent connectivity Challenges – cramped user input, limited output, difficult environment, limited bandwidth, intermittent connectivity  Similar situation as the Web in 1996 (too slow, lack of interoperability, “what’s new?” …) Goal: make mobile Web content development and access Goal: make mobile Web content development and access Seamless, uncomplicated, reliable, as desktop/laptop Web access Seamless, uncomplicated, reliable, as desktop/laptop Web access Overall goal: One Web Overall goal: One Web W3c Mobile Web Initiative W3c Mobile Web Initiative http://www.w3.org/2005/Talks/0511-keynote-tbl/


Download ppt "ICE0534 – Web-based Software Development ICE1338 – Programming for WWW Lecture #13 Lecture #13 In-Young Ko iko.AT. icu.ac.kr iko.AT. icu.ac.kr Information."

Similar presentations


Ads by Google