Presentation is loading. Please wait.

Presentation is loading. Please wait.

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Privacy in Context: Contextual Integrity Peter Radics Usable Security – CS 6204.

Published byBarrie Adams Modified over 8 years ago

Similar presentations

Presentation on theme: "Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Privacy in Context: Contextual Integrity Peter Radics Usable Security – CS 6204."— Presentation transcript:

1 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Privacy in Context: Contextual Integrity Peter Radics Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech

2 Papers H. Nissenbaum. Privacy as contextual integrity. Washington Law Review, 79(1):119–158, 2004. A. Barth, A. Datta, J. Mitchell, and H. Nissenbaum. Privacy and contextual integrity: framework and applications. In Security and Privacy, 2006 IEEE Symposium on, pages 15 pp.–198, May 2006. Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech

3 Privacy Scenarios Public Records Online  Local vs. Global access of data Consumer Profiling and Data Mining  Aggregation/analysis of data vs. single occurrence RFID Tags  Automated capture of enhanced/large amounts of information Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech

4 Current Practice in Law Three guiding principles: 1. Protecting privacy of individuals against intrusive government agents  1 st, 3 rd, 4 th, 5 th, 9 th, 14 th amendments, Privacy Act (1974) 2. Restricting access to sensitive, personal, or private information  FERPA, Right to Financial Privacy Act, Video Privacy Protection Act, HIPAA 3. Curtailing intrusions into spaces or spheres deemed private or personal  3 rd, 4 th amendments Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech

5 Grey Areas of the Three Principles USA PATRIOT Act Credit headers Private vs. public space Online privacy at the workplace Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech

6 Principles and Public Surveillance Public surveillance not covered by principles  No government agents pursuing access to citizens  No collection of personal/sensitive information  No intrusion personal/private spaces  No privacy problems!

7 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Reasonable Expectation of Privacy Extension to principles 1. Person expects privacy 2. Expectation deemed reasonable by society But: Yielding privacy in public space!

8 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Downsides of Three Principles Not conditioned on additional dimensions  Time, location, etc. Privacy based on dichotomies  Private – public, sensitive – non-sensitive, government – private, …

9 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Contextual Integrity: Idea Main idea:  Everything happens within a certain context  Context can be used to provide normative account of privacy

10 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Contextual Integrity: Corner Stones Contextual Integrity based on two corner stones:  Appropriateness Norms about what is appropriate within context Norms about what is not appropriate within context Allowable, expected, demanded information  Distribution Norms about information flow Free choice, discretion, confidentiality, need, entitlement, obligation

11 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Concerns Could be detrimentally conservative Loses prescriptive character through ties to practice and convention Favors status quo

12 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Solution Distinguish actual and prescribed practice Grounds for prescription can vary between different possibilities Norms can change over time/locations

13 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Change of Norms Compare current with proposed norm, compare social, political, and moral values Affected Values:  Prevention of information-based harm  Informational inequality  Autonomy and Freedom  Preservation of important human relationships  Democracy and other social values

14 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Privacy Scenarios (revisited) Public Records Online  Local vs. Global access of data Consumer Profiling and Data Mining  Aggregation/analysis of data vs. single occurrence RFID Tags  Automated capture of enhanced/large amounts of information

15 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Second paper Formalization of Contextual Integrity:  Linear Temporal Logic Agents P, attributes T, computation roles (t,t') Knowledge state Messages M,  k -> p,q,m -> k', k' := k U q x content(m) Roles R, contexts C (partition of R) Role state Trace: sequence of triples (k, p, a)

16 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Temporal Logic Grammar

17 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Model Checking Consistency Entailment Compliance

18 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Example: HIPAA

19 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Comparison to Other Models

20 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Discussion What are strengths/weaknesses of Contextual Integrity? Is a formal model of Contextual Integrity useful? How can an end-user benefit?

Download ppt "Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Privacy in Context: Contextual Integrity Peter Radics Usable Security – CS 6204."

Similar presentations

Workpackage 2: Norms www.agreement-technologies.org.

Workpackage 2: Norms
Formalization of Health Information Portability and Accountability Act (HIPAA) Simon Berring, Navya Rehani, Dina Thomas.

Formalization of Health Information Portability and Accountability Act (HIPAA) Simon Berring, Navya Rehani, Dina Thomas.
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Multimedia Communications Tejinder Judge Usable Security – CS 6204 – Fall, 2009.

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Multimedia Communications Tejinder Judge Usable Security – CS 6204 – Fall, 2009.
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Privacy and Trust Frameworks/Systems Presented by Zalia Shams Usable Security –

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Privacy and Trust Frameworks/Systems Presented by Zalia Shams Usable Security –
Welfare: Consumer and Producer Surplus and Internal Rate of Return Daniel Mason-D’Croz Sherman Robinson.

Welfare: Consumer and Producer Surplus and Internal Rate of Return Daniel Mason-D’Croz Sherman Robinson.
Privacy and Contextual Integrity: Framework and Applications Adam Barth, Anupam Datta, John C. Mitchell (Stanford), and Helen Nissenbaum (NYU) TRUST Winter.

Privacy and Contextual Integrity: Framework and Applications Adam Barth, Anupam Datta, John C. Mitchell (Stanford), and Helen Nissenbaum (NYU) TRUST Winter.
Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.
Problems with Notice and Consent? Helen Nissenbaum, NYU INCO-TRUST Workshop, May 3-5 2010 Work supported by: NSF ITR-0331542: Sensitive Information in.

Problems with Notice and Consent? Helen Nissenbaum, NYU INCO-TRUST Workshop, May Work supported by: NSF ITR : Sensitive Information in.
Privacy Chris Kelly iLaw July 5, 2002.

Privacy Chris Kelly iLaw July 5, 2002.
CS294-1 Deeply Embedded Networks Privacy Discussion 11/25/03 David Culler University of California, Berkeley.

CS294-1 Deeply Embedded Networks Privacy Discussion 11/25/03 David Culler University of California, Berkeley.
Ethics and Responsibility

Ethics and Responsibility
On Privacy and Compliance: Philosophy and Law meets Computer Science Anupam Datta Stanford University Oakland PC Crystal Ball Workshop January 2007.

On Privacy and Compliance: Philosophy and Law meets Computer Science Anupam Datta Stanford University Oakland PC Crystal Ball Workshop January 2007.
The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.

The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.
Food & Ethics (Source: Michael Korthals, 2001, “Taking Consumers Seriously...,” Journal of Agricultural & Environmental Ethics, 14:201-215.) Seriously...,”

Food & Ethics (Source: Michael Korthals, 2001, “Taking Consumers Seriously...,” Journal of Agricultural & Environmental Ethics, 14: ) Seriously...,”
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style PRIVACY AS & AND CONTEXTUAL INTEGRITY Helen Nissenbaum.

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style PRIVACY AS & AND CONTEXTUAL INTEGRITY Helen Nissenbaum.
UNIT 2: CONTEXT. Chapter 3: Ethics & Social Responsibility.

UNIT 2: CONTEXT. Chapter 3: Ethics & Social Responsibility.
Privacy After Nixon's resignation, the govt took control of all of his presidential records, including the tapes, in the Presidential Recordings and Materials.

Privacy After Nixon's resignation, the govt took control of all of his presidential records, including the tapes, in the Presidential Recordings and Materials.
C4- Social, Legal, and Ethical Issues in the Digital Firm

C4- Social, Legal, and Ethical Issues in the Digital Firm
Theoretical Constructs

Theoretical Constructs
Anonymity, Security, Privacy and Civil Liberties

Anonymity, Security, Privacy and Civil Liberties

Similar presentations

Ads by Google