Privacy: Social Issues and Current Technologies Ian Graham Centre for Academic Technology Information Commons University of Toronto
Talk Overview Introduction (Why we care) Social history of privacy Privacy-related topics Privacy and Web application design Future technologies
1. Why We Care: New Information Technologies: A) Digital storage, retrieval, distribution –Enormous cost reductions B) Data sharing and processing –Combine, re-use, re-purpose data (data mining) An emergent and fundamental change
Why We Care: All technologies have unanticipated side effects: –Cannot predict most of them (how will the nature of communication change, of interpersonal relationships, work, …) –One we can predict: privacy Lots of information floating about; how should we handle concerns over use of this information?
Why We Care: Privacy (rough definition): –The ability or right of an individual to control their exposure to the rest of the world, and to be able to hide knowledge about themselves –Privacy has only recently become “topical”...
Why We Care: “Privacy” Books per year (University Library database)
2. Social History What is Privacy? –Try a dictionary definition:
Examples of first Use: 1 b. The state or condition of being alone, undisturbed, or free from public attention, as a matter of choice or right; freedom from interference or intrusion. Also attrib., designating that which affords a privacy of this kind. –1814 J. Campbell Rep. Cases King's Bench III. 81 Though the defendant might not object to a small window looking into his yard, a larger one might be very inconvenient to him, by disturbing his privacy, and enabling people to come through to trespass upon his property. –1890 Warren & Brandeis in Harvard Law Rev. IV. 193 (title) The right to privacy.
Privacy is “new” Questions: –Why is that? –What does that tell us about privacy attitudes to privacy control over privacy
History 1) Privacy requires a social context that defines “public” and “private” realms –small, communal societies don’t display this distinction.
History 2) Privacy requires multiple power centres –Not just state and people, but state, other power brokers, and individuals < 15th century -- single power centres within states > 17th century -- rise of merchant class
History 3) Privacy requires individual rights –“Human experience is the foundation of understanding and truth; external authority is less important the personal experience.” –The Age of Enlightenment (17th century)
History Defining Moments –Evolution of merchant classes –Age of enlightenment; new conception of individual rights –Property rights; legal dispute arbitration; political recognition of individual rights individual right to control public exposure
“Modern” Privacy Concerns Property rights until 1950s Two new concerns: –Concentration of “private” information in Government databases –Desire for “public” access to appropriate “private” information Digital Personas (extension)
Privacy Concerns Two types of legislation –Freedom of information Allow access to non-sensitive information –Data protection (a.k.a. privacy protection) Protection from misuse of private information Initially -- Government data
Privacy Concerns Important Points –Privacy bounds vary between cultures –Laws, rules, conventions, vary as well –Focus originally on only one relationship Government citizen (citizens have little control over the information they provide...)
Going Digital Starting around 1970 –Commercial databases –Open data exchange standards –Data exchange mechanisms (networks) –exponentially increasing amounts of usable data
Going Digital More places to be concerned about privacy: –Library Awareness Program (FBI) –Corporate database reuse –Digital/electronic eavesdropping More ways of unwitting exposure –Subscription to services; tracking from standard business transactions
Four Issues Coercion to divulge information Accidental release of information Surreptitious collection of information Ability to negotiate privacy limits –(less relevant for government)
Application Design Goals Design data usage policies at the start –e.g., Library awareness program Design for user-centric privacy policies –Customized policy for each user Publicized privacy statements
4. Application Design Several related issues –Application software design –Networking architecture –Physical access/administrative policies –publicity mechanisms (policy statements)
Application Design Based on a pre-defined privacy policy –database design –encryption technologies –identity verification (digital certificates for company and/or individuals) –policies for archived data, information reuse
Data Security Firewall & network design Encryption of archived data Physical document management Network/system access controls –User authentication/identification Auditing tools
Communications Security Web page encryption –SSL, PCT Mail message encryption –PGP, S-MIME Archived message encryption Data destruction / reuse policy
Identification/Non-Repudiation Username/password login –(with or without SSL) Server certificates: SSL, S-MIME/PGP –identifies corporation Client certificates: SSL, S-MIME/PGP –identifies message “author” –problems with unsecured client machine
Physical Access Access control Cabling protection Off-site backups Physical doc. policy (shredding / destruction) Network Architecture Internal vs. external Firewalls and rules Servers and locations Access control rules Auditing tools (logins, accesses, attacks) encryption Web page encryption Application Design Data model Data access rules Data encryption Web page encryption encryption Server certificates User certificates Alternate authentication Data deletion policies Cache protection Data security Communications Security Identification & non-repudiation PRIVACY POLICY Dependencies dependencies
Future Technologies: User-Centric Privacy –Current E-commerce sites generally require a fixed set of user information (“all-or-none” approach) –Option: Different services for different classes of customer
User-Centric Privacy Requires: –More complex “subscription” mechanism (risks alienation) –Ideal would be software-negotiation, based on user-preferences and machine-readable statement of privacy policies.
Platform for Privacy Preferences P3P –A language for defining privacy policies –A language for expressing private information, privacy statements –A World Wide Web Consortium project –Commercial approaches (e.g., DigitalMe)
Conclusions Privacy is new, and changing Policies vary between countries Privacy should be considered during application design; lots of technologies Policies need to be publicized User-centric, “custom” privacy agreements for the future
Ian Graham Additional Information – Contact –Centre for Academic Technology Information Commons University of Toronto 130 St George St. M5S 3H1 : : (416)