Privacy: Social Issues and Current Technologies Ian Graham Centre for Academic Technology Information Commons University of Toronto.

Slides:

Advertisements

Similar presentations

Ethics, Privacy and Information Security

Advertisements

Chapters 14 & 15 Internet Databases. E-Commerce  Bringing new products, services, or ideas to market, supporting and enhancing business operations 

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

Privacy No matter how exemplary your life is, there are things you want to keep to yourself © 2004, Lawrence Snyder.

Riverside Community School District

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

CoreGRID Workpackage 5 Virtual Institute on Grid Information and Monitoring Services Authorizing Grid Resource Access and Consumption Erik Elmroth, Michał.

 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.

Using Digital Credentials On The World-Wide Web M. Winslett.

Harvard Human Subjects Payments Policy Effective 1/1/11 1.

Privacy: Challenges and Opportunities Tadayoshi Kohno Department of Computer Science and Engineering University of Washington.

Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.

An Agent-Oriented Approach to the Integration of Information Sources Michael Christoffel Institute for Program Structures and Data Organization, University.

Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.

Chapter 14: Personalization and TrustCopyright © 2004 by Prentice Hall User-Centered Website Development: A Human- Computer Interaction Approach.

Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.

Telenet for Business Mobile & Security? Brice Mees Security Services Operations Manager.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 18 Slide 1 Software Reuse 2.

Electronic Payment Systems

Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.

C4- Social, Legal, and Ethical Issues in the Digital Firm

Database  A database is an organized collection of data for one or more purposes, usually in digital form. The data are typically organized to model.

COMP 6005 An Introduction To Computing Session Four: Internetworking and the World Wide Web.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.

What is Enterprise Architecture?

The Internet in Education Objectives Introduction Overview –The World Wide Web –Web Page v. Web Site v. Portal Unique and Compelling Characteristics Navigation.

1 Dr. Markus Hillenbrand, ICSY Lab, University of Kaiserslautern, Germany A Generic Database Web Service for the Venice Service Grid Michael Koch, Markus.

1 An Introduction to Electronic Commerce Electronic commerce: conducting business activities (e.g., distribution, buying, selling, marketing, and servicing.

Security Squad Keeping your Equipment and Information Safe Security Squad Keeping your Equipment and Information Safe Security Squad Video Series, Part.

Demonstration of the Software Prototypes PRIME PROJECT 17 December 2004.

E-commerce Vocabulary Terms. E-commerce Buying and selling of goods, services, or information via World Wide Web, , or other pathways on the Internet.

E-commerce Vocabulary Terms By: Laura Kinchen. Buying and selling of goods, services, or information via World Wide Web, , or other pathways on the.

OHT 11.1 © Marketing Insights Limited 2004 Chapter 9 Analysis and Design EC Security.

Center of Excellence for IT at Bellevue College. Cyber security and information assurance refer to measures for protecting computer systems, networks,

Advanced Accounting Information Systems Day 27 Financial Reporting in an Electronic Environment October 28, 2009.

Looking beyond the obvious!! HOW SECURE IS BANKS’ CORE DATA? Prashant Pande Head Professional Services IDBI Intech Ltd.

Cryptography, Authentication and Digital Signatures

The Eighth Asian Bioethics Conference Biotechnology, Culture, and Human Values in Asia and Beyond Confidentiality and Genetic data: Ethical and Legal Rights.

E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.

Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.

Session 7 LBSC 690 Information Technology Security.

1 Personalization and Trust Personalization Mass Customization One-to-One Marketing Structure content & navigation to meet the needs of individual users.

Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.

12 Developing a Web Site Section 12.1 Discuss the functions of a Web site Compare and contrast style sheets Apply cascading style sheets (CSS) to a Web.

Section 12.1 Discuss the functions of a Web site Create a feedback form Compare and contrast option buttons and check boxes Section 12.2 Explain the use.

IT Strategy for Business © Oxford University Press 2008 All rights reserved Chapter 12 IT Security Strategies.

Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin

ACM 511 Introduction to Computer Networks. Computer Networks.

1 CS 502: Computing Methods for Digital Libraries Lecture 19 Interoperability Z39.50.

Customer Interface for wuw.com 1.Context. Customer Interface for wuw.com 2. Content Our web-site can be classified as an service-dominant website. 3.

Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #22 Secure Web Information.

CS453: Introduction to Information Security for E-Commerce Prof. Tom Horton.

On Requirements for Mobile Commerce By Aj.Pongthep Termsnguanwong.

DIGITAL SIGNATURE.

Information Systems, Security, and e-Commerce* ACCT7320, Controllership C. Bailey *Ch in Controllership : The Work of the Managerial Accountant,

Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Organisations and Data Management 1 Data Collection: Why organisations & individuals acquire data & supply data via websites 2Techniques used by organisations.

Jump to first page Internet Security in Perspective Yong Cao December 2000.

Lecture 15 Page 1 CS 236 Online Evaluating Running Systems Evaluating system security requires knowing what’s going on Many steps are necessary for a full.

Vijay V Vijayakumar.  Implementations  Server Side Security  Transmission Security  Client Side Security  ATM’s.

Content Introduction History What is Digital Signature Why Digital Signature Basic Requirements How the Technology Works Approaches.

Encryption and Security Tools for IA Management Nick Hornick COSC 481 Spring 2007.

Top Ten Ways to Protect Privacy Online -Abdul M. Look for privacy policies on Web Sites  Web sites can collect a lot of information about your visit.

CAN A DATABASE REALLY BE SECURE?

Section 12.1 Section 12.2 Discuss the functions of a Web site

Keeping Member Data Safe

Making Privacy Possible: Research on Organizational Privacy Technology

Presentation transcript:

Privacy: Social Issues and Current Technologies Ian Graham Centre for Academic Technology Information Commons University of Toronto

Talk Overview Introduction (Why we care) Social history of privacy Privacy-related topics Privacy and Web application design Future technologies

1. Why We Care: New Information Technologies: A) Digital storage, retrieval, distribution –Enormous cost reductions B) Data sharing and processing –Combine, re-use, re-purpose data (data mining) An emergent and fundamental change

Why We Care: All technologies have unanticipated side effects: –Cannot predict most of them (how will the nature of communication change, of interpersonal relationships, work, …) –One we can predict: privacy Lots of information floating about; how should we handle concerns over use of this information?

Why We Care: Privacy (rough definition): –The ability or right of an individual to control their exposure to the rest of the world, and to be able to hide knowledge about themselves –Privacy has only recently become “topical”...

Why We Care: “Privacy” Books per year (University Library database)

2. Social History What is Privacy? –Try a dictionary definition:

Examples of first Use: 1 b. The state or condition of being alone, undisturbed, or free from public attention, as a matter of choice or right; freedom from interference or intrusion. Also attrib., designating that which affords a privacy of this kind. –1814 J. Campbell Rep. Cases King's Bench III. 81 Though the defendant might not object to a small window looking into his yard, a larger one might be very inconvenient to him, by disturbing his privacy, and enabling people to come through to trespass upon his property. –1890 Warren & Brandeis in Harvard Law Rev. IV. 193 (title) The right to privacy.

Privacy is “new” Questions: –Why is that? –What does that tell us about privacy attitudes to privacy control over privacy

History 1) Privacy requires a social context that defines “public” and “private” realms –small, communal societies don’t display this distinction.

History 2) Privacy requires multiple power centres –Not just state and people, but state, other power brokers, and individuals < 15th century -- single power centres within states > 17th century -- rise of merchant class

History 3) Privacy requires individual rights –“Human experience is the foundation of understanding and truth; external authority is less important the personal experience.” –The Age of Enlightenment (17th century)

History Defining Moments –Evolution of merchant classes –Age of enlightenment; new conception of individual rights –Property rights; legal dispute arbitration; political recognition of individual rights individual right to control public exposure

“Modern” Privacy Concerns Property rights until 1950s Two new concerns: –Concentration of “private” information in Government databases –Desire for “public” access to appropriate “private” information Digital Personas (extension)

Privacy Concerns Two types of legislation –Freedom of information Allow access to non-sensitive information –Data protection (a.k.a. privacy protection) Protection from misuse of private information Initially -- Government data

Privacy Concerns Important Points –Privacy bounds vary between cultures –Laws, rules, conventions, vary as well –Focus originally on only one relationship Government  citizen (citizens have little control over the information they provide...)

Going Digital Starting around 1970 –Commercial databases –Open data exchange standards –Data exchange mechanisms (networks) –exponentially increasing amounts of usable data

Going Digital More places to be concerned about privacy: –Library Awareness Program (FBI) –Corporate database reuse –Digital/electronic eavesdropping More ways of unwitting exposure –Subscription to services; tracking from standard business transactions

Four Issues Coercion to divulge information Accidental release of information Surreptitious collection of information Ability to negotiate privacy limits –(less relevant for government)

Application Design Goals Design data usage policies at the start –e.g., Library awareness program Design for user-centric privacy policies –Customized policy for each user Publicized privacy statements

4. Application Design Several related issues –Application software design –Networking architecture –Physical access/administrative policies –publicity mechanisms (policy statements)

Application Design Based on a pre-defined privacy policy –database design –encryption technologies –identity verification (digital certificates for company and/or individuals) –policies for archived data, information reuse

Data Security Firewall & network design Encryption of archived data Physical document management Network/system access controls –User authentication/identification Auditing tools

Communications Security Web page encryption –SSL, PCT Mail message encryption –PGP, S-MIME Archived message encryption Data destruction / reuse policy

Identification/Non-Repudiation Username/password login –(with or without SSL) Server certificates: SSL, S-MIME/PGP –identifies corporation Client certificates: SSL, S-MIME/PGP –identifies message “author” –problems with unsecured client machine

Physical Access  Access control  Cabling protection  Off-site backups  Physical doc. policy (shredding / destruction) Network Architecture  Internal vs. external  Firewalls and rules  Servers and locations  Access control rules  Auditing tools (logins, accesses, attacks)  encryption  Web page encryption Application Design  Data model  Data access rules  Data encryption  Web page encryption  encryption  Server certificates  User certificates  Alternate authentication  Data deletion policies  Cache protection Data security Communications Security Identification & non-repudiation PRIVACY POLICY Dependencies dependencies

Future Technologies: User-Centric Privacy –Current E-commerce sites generally require a fixed set of user information (“all-or-none” approach) –Option: Different services for different classes of customer

User-Centric Privacy Requires: –More complex “subscription” mechanism (risks alienation) –Ideal would be software-negotiation, based on user-preferences and machine-readable statement of privacy policies.

Platform for Privacy Preferences P3P –A language for defining privacy policies –A language for expressing private information, privacy statements –A World Wide Web Consortium project –Commercial approaches (e.g., DigitalMe)

Conclusions Privacy is new, and changing Policies vary between countries Privacy should be considered during application design; lots of technologies Policies need to be publicized User-centric, “custom” privacy agreements for the future

Ian Graham Additional Information – Contact –Centre for Academic Technology Information Commons University of Toronto 130 St George St. M5S 3H1  :  : (416)