1 CPSC156: The Internet Co-Evolution of Technology and Society Lecture 15: March 8, 2007 Identity, Anonymity, and Accountability in Information Systems.

Slides:

Advertisements

Similar presentations

What is Primary Research and How do I get Started?

Advertisements

Biometrics By: Ashley Rodriguez. Biometrics An automated method of recognizing a person based on physical or behavioral traits. Consist of two main classes.

Claudia Diaz, Hannelore Dekeyser, Markulf Kohlweiss, Girma Nigusse K.U.Leuven IDIS Workshop 29/05/2008 [Work done in the context of the ADAPID project]

Characteristics of Culture

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Driver Education Info.

Social Networking facebook, bebo, MySpace and others.

Culture, Tradition & Customer Behavior Menekşe Uçaroğlu Istanbul, May 25th 2011 III. Istanbul International Insurance Conference.

Privacy in the Next Generation Internet Data Protection in the Context of European Union Policy Alberto Escudero-Pascual Royal Institute of Technology.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

2/16/2010 The Family Educational Records and Privacy Act.

CMSC 414 Computer (and Network) Security Lecture 15 Jonathan Katz.

CULTURE AND GENDER IN PLAY. FINDINGS ABOUT PLAY Play serves as common features of children’s lives, it can be found in all themes of culture. Consequently,

Virtual Ethnicity By Hassan Rone 6 April What Is Ethnicity? “Ethnicity is a more particularistic form of identification than race: it allows for.

CMSC 414 Computer (and Network) Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.

1 Software Testing and Quality Assurance Lecture 37– SWE 205 Course Objective: Learn about ethical issues of software engineering.

CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.

Economic Location-Based Services, Privacy and the Relationship to Identity Lothar Fritsch Lehrstuhl für M-Commerce & Mehrseitige.

1 CPSC156: The Internet Co-Evolution of Technology and Society Lectures 16 and 17: March 27 and 29, 2007 Solove’s taxonomy of privacy.

1 CPSC156: The Internet Co-Evolution of Technology and Society Lecture 24: April 24, 2007 Review for Second Exam.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

1 The New York State Education Department New York State’s Student Reporting and Accountability System.

Identity Management What is it? Why? Responsibilities? Bill Weems Academic Computing University of Texas Health Science Center at Houston.

 All employees will be able to communicate with other people in the district, schools, colleges, and various organizations.  Access is provided to hundreds.

Citizenship We belong to many communities: We belong to many communities:  Neighborhood  (Zhangjiang)  City (Shanghai)  Country (China) Citizenship.

Chapter 10: Authentication Guide to Computer Network Security.

1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.

Identity A legal perspective FIDIS WP2 workshop 2/3 december 2003

Who am I? Mats Ohlin Swedish Defence Materiel Administration (FMV) IT Security area –International Standardisation: ISO/IEC JTC 1/SC 27/WG 3 (Security.

E-IDENTITY: RESPONSIBILITY OR COMMODITY? Dina Crnec Anita Salopek Ph.D. Sanja Seljan, assistant professor Ph.D. Hrvoje Stančić, assistant professor Faculty.

Literary Theory How Do I Evaluate a Text?.

Groups within Society Chapter 4, section 4 Pgs

Student data Privacy and security in a Connected Learning world

1 / 14 FIDIS 2 nd WS WP2 – Fontainebleau, December 2004 Identity in the Ambient Intelligence Environment Sabine Delaitre.

Protecting information rights – advancing information policy The Australian Privacy Principles.

WELNS 670: Wellness Research Design Chapter 5: Planning Your Research Design.

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2004 Lorrie Cranor 1 Identity and biometrics.

Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.

According to netiquette simply refers to our behavior the internet.

MMTK Access control. Session overview Introduction to access control Passwords –Computers –Files –Online spaces and networks Firewalls.

Socialization Understanding behaviour in Society.

Red Flag Training IDENTITY THEFT PREVENTION PROGRAM OVERVIEW AUTOMOTIVE.

Web is public space. So, when we are connected to it we have to follow some rules. What is illegal Offline is illegal Online!!! Internet gives us opportunities.

Location, Location, Location: The Emerging Crisis in Wireless Data Privacy Ari Schwartz & Alan Davidson Center for Democracy and Technology

CSC 382: Computer SecuritySlide #1 CSC 382: Computer Security Identity.

1 Ethical Issues in Computer Science CSCI 328, Fall 2013 Session 15 Privacy as a Value.

1 The New York State Education Department New York State’s Student Data Collection and Reporting System.

Community and family cultural assessment Lecture Clinical Application for Community Health Nursing (NUR 417)

IT Applications Theory Slideshows By Mark Kelly Vceit.com Privacy Laws.

Social Structure.

Proposed Privacy Taxonomy for IOT Scott Shorter, Electrosoft, These slides are based on work contributed to the IDESG Use Case AHG in January.

Security & Privacy. Learning Objectives Explain the importance of varying the access allowed to database elements at different times and for different.

ANONYMISATION Research Data Management. c Research Data Management Sensitive Data Sensitive Data is information covering: The racial or ethnic origin.

Access Security IS3230.

Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.

1 Ethical Issues in Computer Science CSCI 328, Fall 2013 Session 7 Ethics in IT Societies.

1 Privacy and Accountability: Introduction to Workshop Themes JOAN FEIGENBAUM June 28, 2006; Cambridge MA.

1 Ethics of Computing MONT 113G, Spring 2012 Session 31 Privacy as a value.

CMSC 414 Computer and Network Security Lecture 18 Jonathan Katz.

Chapter 2 Culture & Intercultural Communication

Understanding Privacy An Overview of our Responsibilities.

Building Blocks of Social Structure. Status Social Structure – the network of interrelated statuses & roles that guide human interaction Status – a socially.

Unlinking Private Data

Understanding Privacy An Overview of our Responsibilities.

Identity on the Internet

Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity and Identity Management – A Consolidated Proposal for Terminology Authors: Andreas.

Module 2 OBJECTIVE 14: Compare various security mechanisms.

Presentation transcript:

1 CPSC156: The Internet Co-Evolution of Technology and Society Lecture 15: March 8, 2007 Identity, Anonymity, and Accountability in Information Systems

2 Reading Assignment “Identity and Anonymity: Some Conceptual Distinctions and Issues for Research,” by G. T. Marx web.mit.edu/gtmarx/www/identity.html Posits 7 types of “identity knowledge.”

3 1. A Person’s Legal Name Usually an answer to the question “Who are you?” Involves connection to biological and social lineage. Many people may have the same name, but the assumption is often made that there is at most one person of each name born to particular parents at a given time and place.

4 2. A Person’s Address Usually an answer to the question “Where are you?” Involves location and reachability in actual space or cyberspace. Need not involve knowing the person’s name or even a pseudonym. Note that a person may be unreachable even if his name and address are known; this was true of, e.g., Robert Vesco when he was a fugitive in Cuba.

5 3. Unique ID: Linkable Unique alphanumeric strings, biometric patterns, or pseudonyms that can be linked back to actual people but need not be. Involves trusted intermediaries and conditions under which they should link IDs to people. Social security numbers could be used in this way if we had widespread agreement on how they should be used and when they should be linked to names and addresses.

6 4. Unique ID: Unlinkable Unique alphanumeric strings, biometric patterns, or pseudonyms that cannot be linked back to actual people. Provides a means of discerning information about people without identifying them; someone tested for AIDS may be given a number that he can use to call for results but never have to reveal his name or address. Spies, undercover operatives, and con artists may use fraudulent IDs and never reveal their real names to those they deal with.

7 5. Distinct Appearance or Behavior Patterns Some information is necessarily revealed when one interacts with others. “Being unnamed is not necessarily the same as being unknown.” To a limited extent, you “know” the person you see at 8:15 a.m. on the M23 bus every day. Leakage of identifying information is a condition of social existence and has been greatly expanded by new technologies.

8 6. Social Categorization Forms of identification that do not distinguish among members of a group; the group may be defined by gender, ethnicity, religion, age, economic class, etc. Number of categories has exploded with new technology and expanded bureaucracy. New categories (credit scores, IQs, life-style categories used in marketing, etc.) may or may not be known by the people in them; this was not true of traditional social categories.

9 7. Certification: Proof of the possession of knowledge or skill Knowing a secret password, being able to swim, etc. are ways to prove that one is entitled to certain privileges or is a member of a certain group. These proofs may be linkable to individual people (as passwords often are) but need not be. Provides essential balance between the need to control sensitive personal information and the need to restrict access to and prevent abuse of systems.

10 “Policies” for the Handling of Sensitive Data (not from Marx) Collection Retention, destruction Use, mining Sharing, selling Updating, cleaning, correcting De-identifying, scrubbing, re-identifying...

11 Basic Questions (1) What are the best tools for expressing and analyzing policies? How can an organization ensure that it is following its own data-management policies? How can those who transmit data to an organization ensure themselves that the organization is following its data- management policies?

12 Basic Questions (2) What recourse does one have when an organization that handles one’s data violates a policy? Are there “implicit policies” or, more generally, when should one be held accountable for actions not clearly governed by a specific policy?

13 Who is Accountable to Whom? Individuals Organizations Governments Technology vendors Network operators...

14 When is it ok NOT to be Accountable? Anonymous activity? Unobservable activity? “Pseudonymous” = Unidentifiable but accountable? Offline analogs...