Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy: Social Issues and Current Technologies Ian Graham Centre for Academic Technology Information Commons University of Toronto.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Privacy: Social Issues and Current Technologies Ian Graham Centre for Academic Technology Information Commons University of Toronto."— Presentation transcript:

1 Privacy: Social Issues and Current Technologies Ian Graham Centre for Academic Technology Information Commons University of Toronto

2 Talk Overview Introduction (Why we care) Social history of privacy Privacy-related topics Privacy and Web application design Future technologies

3 1. Why We Care: New Information Technologies: A) Digital storage, retrieval, distribution –Enormous cost reductions B) Data sharing and processing –Combine, re-use, re-purpose data (data mining) An emergent and fundamental change

4 Why We Care: All technologies have unanticipated side effects: –Cannot predict most of them (how will the nature of communication change, of interpersonal relationships, work, …) –One we can predict: privacy Lots of information floating about; how should we handle concerns over use of this information?

5 Why We Care: Privacy (rough definition): –The ability or right of an individual to control their exposure to the rest of the world, and to be able to hide knowledge about themselves –Privacy has only recently become “topical”...

6 Why We Care: “Privacy” Books per year (University Library database)

7 2. Social History What is Privacy? –Try a dictionary definition:

8

9 Examples of first Use: 1 b. The state or condition of being alone, undisturbed, or free from public attention, as a matter of choice or right; freedom from interference or intrusion. Also attrib., designating that which affords a privacy of this kind. –1814 J. Campbell Rep. Cases King's Bench III. 81 Though the defendant might not object to a small window looking into his yard, a larger one might be very inconvenient to him, by disturbing his privacy, and enabling people to come through to trespass upon his property. –1890 Warren & Brandeis in Harvard Law Rev. IV. 193 (title) The right to privacy.

10 Privacy is “new” Questions: –Why is that? –What does that tell us about privacy attitudes to privacy control over privacy

11 History 1) Privacy requires a social context that defines “public” and “private” realms –small, communal societies don’t display this distinction.

12 History 2) Privacy requires multiple power centres –Not just state and people, but state, other power brokers, and individuals < 15th century -- single power centres within states > 17th century -- rise of merchant class

13 History 3) Privacy requires individual rights –“Human experience is the foundation of understanding and truth; external authority is less important the personal experience.” –The Age of Enlightenment (17th century)

14 History Defining Moments –Evolution of merchant classes –Age of enlightenment; new conception of individual rights –Property rights; legal dispute arbitration; political recognition of individual rights individual right to control public exposure

15 “Modern” Privacy Concerns Property rights until 1950s Two new concerns: –Concentration of “private” information in Government databases –Desire for “public” access to appropriate “private” information Digital Personas (extension)

16 Privacy Concerns Two types of legislation –Freedom of information Allow access to non-sensitive information –Data protection (a.k.a. privacy protection) Protection from misuse of private information Initially -- Government data

17 Privacy Concerns Important Points –Privacy bounds vary between cultures –Laws, rules, conventions, vary as well –Focus originally on only one relationship Government  citizen (citizens have little control over the information they provide...)

18 Going Digital Starting around 1970 –Commercial databases –Open data exchange standards –Data exchange mechanisms (networks) –exponentially increasing amounts of usable data

19 Going Digital More places to be concerned about privacy: –Library Awareness Program (FBI) –Corporate database reuse –Digital/electronic eavesdropping More ways of unwitting exposure –Subscription to services; tracking from standard business transactions

20 Four Issues Coercion to divulge information Accidental release of information Surreptitious collection of information Ability to negotiate privacy limits –(less relevant for government)

21 Application Design Goals Design data usage policies at the start –e.g., Library awareness program Design for user-centric privacy policies –Customized policy for each user Publicized privacy statements

22 4. Application Design Several related issues –Application software design –Networking architecture –Physical access/administrative policies –publicity mechanisms (policy statements)

23 Application Design Based on a pre-defined privacy policy –database design –encryption technologies –identity verification (digital certificates for company and/or individuals) –policies for archived data, information reuse

24 Data Security Firewall & network design Encryption of archived data Physical document management Network/system access controls –User authentication/identification Auditing tools

25 Communications Security Web page encryption –SSL, PCT Mail message encryption –PGP, S-MIME Archived message encryption Data destruction / reuse policy

26 Identification/Non-Repudiation Username/password login –(with or without SSL) Server certificates: SSL, S-MIME/PGP –identifies corporation Client certificates: SSL, S-MIME/PGP –identifies message “author” –problems with unsecured client machine

27 Physical Access  Access control  Cabling protection  Off-site backups  Physical doc. policy (shredding / destruction) Network Architecture  Internal vs. external  Firewalls and rules  Servers and locations  Access control rules  Auditing tools (logins, accesses, attacks)  E-mail encryption  Web page encryption Application Design  Data model  Data access rules  Data encryption  Web page encryption  Email encryption  Server certificates  User certificates  Alternate authentication  Data deletion policies  Cache protection Data security Communications Security Identification & non-repudiation PRIVACY POLICY Dependencies dependencies

28 Future Technologies: User-Centric Privacy –Current E-commerce sites generally require a fixed set of user information (“all-or-none” approach) –Option: Different services for different classes of customer

29 User-Centric Privacy Requires: –More complex “subscription” mechanism (risks alienation) –Ideal would be software-negotiation, based on user-preferences and machine-readable statement of privacy policies.

30 Platform for Privacy Preferences P3P –A language for defining privacy policies –A language for expressing private information, privacy statements –A World Wide Web Consortium project http://www.w3.org/P3P/ –Commercial approaches (e.g., DigitalMe) http://www.w3.org/P3P/implementations

31 Conclusions Privacy is new, and changing Policies vary between countries Privacy should be considered during application design; lots of technologies Policies need to be publicized User-centric, “custom” privacy agreements for the future

32 Ian Graham Additional Information –http://www.utoronto.ca/ian/privacy/ http://www.utoronto.ca/ian Contact –Centre for Academic Technology Information Commons University of Toronto 130 St George St. M5S 3H1  : ian.graham@utoronto.ca  : (416) 978-4548

Download ppt "Privacy: Social Issues and Current Technologies Ian Graham Centre for Academic Technology Information Commons University of Toronto."

Similar presentations

Ethics, Privacy and Information Security

Ethics, Privacy and Information Security
Chapters 14 & 15 Internet Databases. E-Commerce  Bringing new products, services, or ideas to market, supporting and enhancing business operations 

Chapters 14 & 15 Internet Databases. E-Commerce  Bringing new products, services, or ideas to market, supporting and enhancing business operations 
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Privacy No matter how exemplary your life is, there are things you want to keep to yourself © 2004, Lawrence Snyder.

Privacy No matter how exemplary your life is, there are things you want to keep to yourself © 2004, Lawrence Snyder.
Riverside Community School District

Riverside Community School District
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
CoreGRID Workpackage 5 Virtual Institute on Grid Information and Monitoring Services Authorizing Grid Resource Access and Consumption Erik Elmroth, Michał.

CoreGRID Workpackage 5 Virtual Institute on Grid Information and Monitoring Services Authorizing Grid Resource Access and Consumption Erik Elmroth, Michał.
 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.

 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.
Using Digital Credentials On The World-Wide Web M. Winslett.

Using Digital Credentials On The World-Wide Web M. Winslett.
Harvard Human Subjects Payments Policy Effective 1/1/11 1.

Harvard Human Subjects Payments Policy Effective 1/1/11 1.
Privacy: Challenges and Opportunities Tadayoshi Kohno Department of Computer Science and Engineering University of Washington.

Privacy: Challenges and Opportunities Tadayoshi Kohno Department of Computer Science and Engineering University of Washington.
Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.

Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.
An Agent-Oriented Approach to the Integration of Information Sources Michael Christoffel Institute for Program Structures and Data Organization, University.

An Agent-Oriented Approach to the Integration of Information Sources Michael Christoffel Institute for Program Structures and Data Organization, University.
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.

Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.
Chapter 14: Personalization and TrustCopyright © 2004 by Prentice Hall User-Centered Website Development: A Human- Computer Interaction Approach.

Chapter 14: Personalization and TrustCopyright © 2004 by Prentice Hall User-Centered Website Development: A Human- Computer Interaction Approach.
Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.

Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.
Telenet for Business Mobile & Security? Brice Mees Security Services Operations Manager.

Telenet for Business Mobile & Security? Brice Mees Security Services Operations Manager.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 18 Slide 1 Software Reuse 2.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 18 Slide 1 Software Reuse 2.
Electronic Payment Systems

Electronic Payment Systems

Similar presentations

Ads by Google