chap 10: privacy in computing. privacy as an aspect of security authentication effects on privacy ...

SE571Security in Computing

Chap 10: Privacy in Computing

SE571 Security in Computing Dr. Ogara 2

This Chapter Examines… Privacy as an aspect of security Authentication effects on privacy Privacy and the Internet Privacy implications for emerging

technologies


What is privacy? Is the right to control who knows

certain aspects about you, your communications, and your activities

Information privacy has three aspects:• sensitive data• affected parties• controlled disclosure


What is sensitive data? personal identity information finances, credit, bank details medical information school records communications: mail, e-mail,

telephone calls, spam illegal activities, criminal records


Affected parties Organizations need to protect personal

information and sensitive data

Companies• product plans• key customers• profit margins• newly discovered technologies

Hospitals and Schools• Personal data for students and patients


Computer-Related Privacy Problems Information collection: Data are collected

only with knowledge and explicit consent Information usage: Data are used only for

certain specified purposes Information retention: Data are retained

for only a set period of time Information disclosure: Data are

disclosed to only an authorized set of people


Computer-Related Privacy Problems Information security: Appropriate

mechanisms are used to ensure the protection of the data

Access control: All modes of access to all forms of collected data are controlled

Monitoring: Logs are maintained showing all accesses to data

Policy changes: Less restrictive policies are never applied after-the-fact to already obtained data


Computer-Related Privacy Problems Examples:

• Job applicants asked to turn over their Facebook passwords

• Some employers are asking job applicants for Facebook username

• Fork over your Facebook log-on or you don't get hired. What?

• Facebook Warns Employers Not to Ask Job Applicants for Log-in

http://www.nydailynews.com/news/national/job-applicants-asked-turn-facebook-passwords-article-1.1047427




http://www.nj.com/news/index.ssf/2012/03/some_employers_are_asking_job.html






http://www.google.com/url?sa=t&rct=j&q=job%20applicants%20private%20information%20in%20facebook&source=web&cd=1&ved=0CDQQqQIwAA&url=http%3A%2F%2Fnews.cnet.com%2F8301-1023_3-57403315-93%2Ffork-over-your-facebook-log-on-or-you-dont-get-hired-what%2F&ei=UiluT9y-CdSctweBkq2NBg&usg=AFQjCNHsYjZH4NTdntNuF1_SEGtRKwcRrA&cad=rja




http://www.pcworld.com/article/252436/facebook_warns_employers_not_to_ask_job_applicants_for_login_credentials.html





Did you know that … All of the mobile phone companies keep details about the

location of cell towers used by every phone, for a year or longer.

All of the mobile phone companies keep records about voice calls and text messages received and sent for a year or longer. Verizon stores the contents of every text message for three to five days. (The others don't keep the text.)

IP session information -- tying your phone to an IP address -- is kept for a year by Verizon and 60 days on Sprint and Nextel.

IP destination information -- which IP addresses you connected to -- is stored for 90 days at Verizon and 60 days on Sprint and Nextel

Source: http://www.infoworld.com/t/internet-privacy/mobile-phone-companies-keep-your-records-longer-you-think-175466


Privacy principles and policies Fair information policies U.S. Privacy laws Controls on U.S. government

Websites Controls on commercial Websites Non- U.S. privacy principles Anonymity, multiple identities Govern and privacy Identity theft


Fair information policies (1973) Collection limitation. Data should be obtained

lawfully and fairly. Data quality. Data should be relevant to their

purposes, accurate, complete, and up-to-date. Purpose specification. The purposes for which

data will be used should be identified and the data destroyed if no longer necessary to serve that purpose.

Use limitation. Use for purposes other than those specified is authorized only with consent of the data subject or by authority of law.


Fair information policies (1973) Openness. It should be possible to acquire

information about the collection, storage, and use of personal data systems.

Individual participation. The data subject normally has a right to access and to challenge data relating to her.

Security safeguards. Procedures to guard against loss, corruption, destruction, or misuse of data should be established

Accountability. A data controller should be designated and accountable for complying with the measures to give effect to the principles.


Fair information policies (1973) Problem

• Above principles describe right of individuals and NOT protection of data collected

Solution• Reduce data exposure – ask for what is necessary• Reduce data sensitivity by interchanging data

items• Anonymize data - remove/modify identifying

information• Encrypt the data


U.S. Privacy Laws Covers data protection Applies to all personal data held anywhere

in the government

Examples• Fair Credit Reporting Act – consumers credit• Health Insurance Portability and Accountability Act

(HIPAA)• Gramm–Leach–Bliley Act (GLBA) – financial services• Children’s Online Privacy Protection Act (COPPA)• Federal Educational Rights and Privacy Act


U.S. Privacy Laws Problems Target areas of the laws overlap e.g.

Which law (if any) would require privacy protection of a university student’s health center bills paid by credit card?

Gaps between laws e.g. evolving technologies


Controls on U.S. Government Web Sites

Federal Trade Commission (FTC) has jurisdiction over web sites

5 privacy factors government Websites must address in order to obey the Privacy Act• Notice. Data collectors must disclose their information practices

before collecting personal information from consumers. • Choice. Consumers must be given a choice as to whether and how

personal information collected from them may be used. • Access. Consumers should be able to view and contest the

accuracy and completeness of data collected about them. • Security. Data collectors must take reasonable steps to ensure

that information collected from consumers is accurate and secure from unauthorized use.

• Enforcement. A reliable mechanism must be in place to impose sanctions for noncompliance with these fair information practices.


E-Government Act of 2002 Federal government agencies post

privacy policies on their web sites to disclose:• information collected • reason for collecting information• intended use of the information • whom the information will be shared with• notice or opportunities for consent• security of information• the rights of the individual under the Privacy Act


Controls on Commercial Web Sites Some companies display solid and

detailed privacy statements while others may not

Privacy outside government is protected by other laws:• Credit• Banking• Education• healthcare


Controls on Commercial Web Sites FTC can sue companies that engage

in deceptive practices Example

• 2005 CartManager International – runs web shopping cart software was sued by FTC because they sold customer data


Non-U.S. Privacy Principles 1981 Council of Europe adopted

Convention 108 to protect individual data

1995 European Union adopted Directive 95/46/EC , also called European Privacy Directive


European Privacy Directive Individual data should be:

• processed fairly and lawfully • collected for specified, explicit and

legitimate purposes• adequate, relevant, and not excessive in

relation to the purposes for which they are collected

• accurate• kept in a form that permits identification of

data subjects for no longer than is necessary


European Privacy Directive Also individuals have the right to:

• access data collected about them• correct inaccurate or incomplete data• have those corrections sent to those who

have received the data


European Privacy Directive Three more principles to the Fair

Information Policies• Greater restrictions on data collection and

processing that involves “sensitive data - racial or ethnic origin, political opinions, religious beliefs, philosophical or ethical persuasion

• Authorized users restricted from transferring information to third parties without the permission of the data subject

• Entities that process personal data should not only be accountable but should also be subject to independent oversight


Controversial privacy issue Following September 11 terrorist attack, U.S

collects data from Passenger Name Record (PRN) – maintained by airlines

U.S asked Europe to supply PNR data within 15 minutes of plane departure to the U.S.

In 2004, European Commission and European Council accepted the request

In 2006, European Parliament and European Court of Justice objected on privacy grounds

U.S could deny landing rights to airlines that refuse


Anonymity, Multiple Identities Anonymity

• Heath issue• Sexual orientation• Etc


Government and Privacy What are the implications to

government access to data?• Misuse and violation of privacy rights

through access to personal information• Data access risks – data errors, inaccurate

linking of data, incorrect data and many more


Steps to Protect Against Privacy Loss

Data minimization - Obtain least data necessary

Data anonymization Audit trail Security and controlled access Training Quality – determine usefulness of data Restricted usage – uses should be consistent

with purpose of collecting data Leave data in place with original owner Policy


Identity Theft Taking another person’s identity

• Credit card• Drivers license


Authentication and Privacy Authentication takes three forms

• Individual – birth certificate, passport/national ID

• Identity – credit card, meal plan card, magnetic access card

• Attributes – age to take alcohol or drive


Privacy in Data Mining Data mining threatens privacy We can derive do data mining

without sacrificing privacy How?

• Swapping data fields to prevent linking records

• Limited swapping balances accuracy and privacy


Privacy on the Web Internet is the greatest threat to privacy Sophisticated web applications can

know a lot about a user How do users loose privacy on the

Internet? User uncertain about authenticity of the

server Payments over the Web Credit card payments


Privacy on the Web Payment schemes e.g. PayPal Third party ads – mortgages, banking, loans, etc Site and portal registrations Contests and offers – to get private information Technologies

• Cookies - text file stored on the user’s computer and passed by the user’s browser to the web site when the user goes to that site

• Cookie may contain users ID, password, a credit card number, the customer name and shipping address, the date of the last visit to the site, the number of items purchased or the dollar volume of purchases


Keystroke Loggers and Spyware Spyware is a program or code designed to

spy on a user, collecting data (including anything the user types)

Keystroke loggers are programs that reside in a computer and record every key pressed.

Keystroke loggers sometimes record only web sites visited or, even more serious, only the keystrokes entered at a particular web site (for example, the login ID and password to a banking site.)


Adware Display selected ads in pop-up

windows or in the main browser window

Often selected according to user’s characteristics

Usually installed as part of another piece of software without notice


Email Security Privacy of an e-mail message can be

compromised on either the sender’s or receiver’s side

Interception - E-mail is exposed from sender to receiver, and there are numerous points for interception. Without encryption it is difficult to prevent access along the way


Email Security Email monitoring

• Companies and organizations • Network admin• ISP

Anonymous Email and Remailers• Employees sending tips or complaints to

management• People beginning personal relationships


Email Security Simple Remailers

• A remailer is a trusted third party to whom you send an e-mail message and indicate to whom you want it sent

• strips off the sender’s name and address, assigns an anonymous pseudonym as the sender, and forwards the message to the designated recipients

• removes the recipient’s name and address from reply and forwards it to the sender

• knows both sender and receiver, so it provides pseudonymity


Spoofing and Spamming E-mail has very little authenticity

protection SMTP protocol does not verify the

accuracy and legitimacy of the listed sender

This enhances spoofing of source address and hence spam because it is difficult to trace real sender


Privacy Impacts on Emerging Technologies

RFID Electronic voting VoIP and Skype


Radio frequency identification or RFID

Uses small, low-power wireless radio transmitters called RFID tags

Tags are tuned to a particular frequency and each has a unique ID number

When a tag receives its signal, it sends its ID number signal in response

Tags are passive – have no power of their own but powered up when they receive signals



Uses of RFID Tags• toll plaza payments • transit system fare cards • stock or inventory labels • passports and identity cards



Privacy Issues• Tracking individuals wherever they go• Discern sensitive data about people• you work for, medical condition (based on

medicine bottle), and finances

Solutions• Disabling tags• Blocking/shield from receivers• Reprogramme• Encryption


Electronic Voting Privacy Issues

• Who has voted for who• Internet related privacy issues


VoIP and Skype Voice over IP (VoIP) is a protocol for

transmission of voice-grade telephone traffic over the Internet

Privacy Issues• Who has voted for who• Internet related privacy issues

chap 10: privacy in computing. privacy as an aspect of security authentication effects on privacy ...

Documents