Privacy & Cyberspace IIBy:

Marcus Everson Forrest FalkAnthony FammartinoChristopher FursethRudy GarciaLeonard Gomez

Table of Contents

● Google Subpoena● Privacy Enhancing Technologies (PETs)● Data Mining & Privacy● Privacy Legislation● Public Webcams● Computers in Cars

Google Subpoena

● In January 2006, the US government asked to review users’ search records from major web search engines○ Part of Justice Department’s case for tougher anti-

pornography laws○ Current laws blocked on grounds of violating free

speech○ Justice Department wanted to show web-filtering

software did not protect children from obscene material

● Request for users’ search information by law enforcement routine○ Can detect suspicious search patterns○ Gathers evidence for prosecution○ Limited to specific individuals who are already

under investigation● Justice Department Subpoena includes all

users and all information

● Google refuses to comply○ Cites user privacy, trade secrets○ Earns support from civil liberties groups for

protecting users’ privacy○ Raises questions about just what kind of

information search engines retain

● Search engines store cookies on users’ computers○ Cookies store information on users’ browsing

habits and what sites they like○ Returns better search results and targets

advertising○ Google’s cookies do not expire until 2036

● Search engines with e-mail services store personal information○ Conducting searches while signed in allows search

engines to store your search preferences and search habits

● Buying services from search engines allows them to store your credit card information○ Can be used to discover your personal information

● Search engine data could be used for criminal purposes○ Identity theft○ Spam

■ Spam with embedded malware and viruses■ Phishing

● Search data could harm real world reputation○ A separate user of your IP address could search for

suspicious or disreputable material

● Possible ways to protect your personal data during web searches○ Delete cookies○ Clear Internet files○ Use a browser’s private browsing settings○ Use proxy servers for anonymous browsing

■ Proxy servers hide your IP address■ Slow surfing speeds■ Some web pages block anonymous browsing

Privacy Enhancing Technologies (PETs)

Anthony Fammartino

What are PETs?Technical and organizational concepts that aim at protecting personal identities.[9]

Technical concepts■ Online tools■ Specific programs

Organizational concepts■ Industry standard ideas■ Government regulation

What do PETs accomplish?Secure Data (Technical)

■ Personal Information● Medical records● Name or Email● Address or phone number

■ Search history and web browsing● Saved search history● Site access

Standardize Privacy Protection(Organizational)

■ Online Vendor's Privacy Policies● Backed by trusted third-parties

Organizational■ Privacy Seals

● TRUSTe○ CommerceNet

Consortium[8]

● WebTrust○ Online Privacy

Alliance[8]

■ Web Features● Platform for

Privacy Protection (P3P)

ExamplesTechnical

■ Anonymizer● Anonymizer Universal

■ Encryption Tools● Symantec's PGP

■ Opt-out Technologies● Do Not Track

AnalyzationAnonymizers

■ Concealment of Identities

Online Vendors■ Privacy Policy■ Government Regulations

● Online Entrepreneur

Cloud Databases■ To trust or not to trust

Data Mining & PrivacyMarcus Everson

What is data mining?

Generally - The process of analyzing data from different perspectives and summarizing it into useful information. Information that can be used to cut costs or increase revenue.

Technically - data mining is the process of finding correlations or patterns among fields in large relational databases.

How It Works...

Data mining software analyzes relationships and patterns in stored transaction data based on open-ended user queries.

Generally, four types of relationshipsClasses - Uses stored data to locate data in predetermined groups Ex. Restaurant stores data about when and what customers eat.

Clusters - data items are grouped according to logical relationships Ex. Used to identify market segments

Associations - data can be mined to identify associations between multiple products Ex. Stores will place products next to each other, that are most likely bought together

Sequential Patterns - data is used to anticipate behavior patterns and trendsEx. Used to anticipate the sale of one product based on the purchase of other products

5 Major Elements- extract, transform, and load data onto the data warehouse system

- store and manage the data in a multidimensional database system

- provide data access to analysts and professionals

- analyze the data by application software

- present the data in a useful format such as a graph or table

Who Uses it? - Companies that have a strong consumer focus

Retail, Financial, Communication, and Marketing organizations

Data Mining Software

Oracle Data Miner 11g ARMiner

SQL Server DataDetective

Tiberious GhostMiner

CART ... and many more

...And Privacy

Sears Case: Sears ran an online feature (My SHC) that invited consumers to

download software onto their pc that according to the FTC "asked asked them to journal their shopping and purchasing behaviour." The program ran continuously and collected personal information such as: details about bank accounts, medical prescriptions, emails, and instant messages.

The FTC declared Sears' practice to be "deceptive" and ordered the data be destroyed

Data Mining typically gathers large amounts of personal information so that companies can market better and the biggest problem is keeping such sensitive information secure.

LexisNexis Case:

In 2005, a LexisNexis integration team spotted irregularities with users accounts.

An investigation revealed that unauthorized persons used IDs and passwords of actual customers, and had access to social security numbers, and drivers license numbers.

They reviewed and analyzed search activity across their own database from the previous 27 months.

They discovered additional incidents where there was a chance that unauthorized persons had access to personal identifying information of at least 208,000 individuals.

Privacy LegislationLeonard Gomez

Digital privacy rules taking shape

● The Federal Trade Commission (FTC) announced that they were going to enact new online privacy legislation.

● They said that creating all new laws would "level the playing field" between companies that already have privacy policies and those that lacked them.

● They say right now, there is not much of a way to deal with companies that do not have a written privacy policy. And even when companies do lie or go against their own rules, it is very hard to do anything about it.

● The FTC says that creating new laws on privacy and giving them the right to enforce the laws with civil penalties, would promote internet commerce by improving the trust Americans put in online transactions

● The FTC wrote a 73 page report on the issue hoping that many companies would change themselves under the suggested regulations, but they threatened to make laws if no one would change voluntarily

● One of the things the FTC wanted to see happen was a "do not track" button on web browsers by the end of the year. Companies could not agree with what "do not track" meant and as of right now the best the FTC has accomplished is a "do not target" button that would get rid of targeted ads, but would not stop data from being collected. This would be implemented by about 400 companies

● For the first time the FTC also went after offline data brokers who sell and buy personal information like addresses and names.

● The FTC wanted them to create a central website where all of the information would be hosted so consumers could edit their information and see what has been collected about them.

● data brokers have refused so far because they say it would be much too expensive and that the information they deal with is not hurting anyone

Mobile privacy legislation

● A new bill in the US congress would require any app developer, mobile phone manufacturer, and network provider to let all customers know about any monitoring software installed on their devices.

● The mobile device privacy act, introduced by representative Ed Markey, would also make it so that they would need the customer to agree to let them monitor their device and collect data.

● The goal of this legislation is to make app developers and others who collect data on customers, to be more transparent with how and what they monitor and what they do with that information.

● The legislation would require companies that collect personal information through mobile devices to put policies in place that would keep data safe.

● It would also allow the FTC, Federal Communications Commission, and state attorneys to take action against mobile companies that do not follow their own policies, lie, or violate regulations.

● Customers would also be able to then file lawsuits against companies that have violated their privacy.

● Something that this is a step in the right direction but may not solve anything yet, because it might not even pass

● Some say that we should take a light approach when regulating app developers and that regulations should not be too heavy.

● The app development industry has gone from almost nothing 4 years ago to over US$20 billion today

● Many of them need this data to expand and grow and if we regulate it to much, it could hurt the industry and its growth.

Search warrants needed for email and cell tracking

● There is new privacy legislation that would require the police to get warrants to check through Ameircans emails and to track thier cell phones.

● It is a big point of conflict for law enforcment and companies like Google and Amazon.com

Companies Backing it● Google

● Amazon.com

● Apple

● AT&T

● eBay

● Intel

● Microsoft

● Twitter

● Law Enforcement officials say that this legislation would cause them many problems and hurt investigations.

● It would hinder their ability to quickly gather information in serious crimes and it would take longer for them to act on anything.

● Tougher standards for location data would make it harder for the government to gather information when they need to.

● Groups that are for it says that although it might slow some investigations down a bit and takes away some of their power when it comes to gathering information quickly, it would be for the best

● It would keep them from going overboard on surveillance

● Updating the laws would help deal with changing technology, old laws were not meant to deal with issues like "the cloud" and were writen with floppy drives in mind.

Public WebcamsForrest Falk

WebcamsWhat is a Webcam?● A video camera which feeds its real time images into a computer

or computer network. ● These images can then be processed onto a website as a video

feed or still images.

Uses● Recording Social Videos● Security Surveillance ● Computer Vision● Video Broadcasting● Streaming over the World Wide Web

Public Webcams Examples

University of Oregon - Microservices Front Desk

Route 202 Buenos Aire

Sniff Dog HotelPortland, Oregon

Case Western Reserve University

Webcam Policy● Webcams broadcasting still or streaming images via the internet

are valuable tools in CERN's education and outreach efforts.

Concern of Privacy ○ Members of the CERN community ○ Other individuals captured by the webcam○ The reputation of the CERN organization

CERN Computer Security

1. Visible signs stating the use of recording equipment

2. Broadcast to employees who work in the area

3. "On Air" indicator

4. "Blind Spots" to work in

5. Privacy shall be respected to the maximum extent

6. Presenters must sign CERN Speaker's Release

7. No intrusive recordings

8. Recording personal e-mail or internet use is prohibited

CERN Webcam Regulations

They want to share...● Daily operations● up-to-date information● Enhance communication with colleagues● Open up the global scientific community

Without● Leaking any important project information● Supervising its members' activities● The use for security purposes● Disturbing the privacy of the organization or its members

CERN Webcam Regulations

Robbins v. Lower Merion School District

Background● Philadelphia, Pennsylvania ● Lower Merion School District issued 2,306 Apple MacBooks ● Installed anti-theft software "TheftTrack"● Track down stolen/lost computers● Takes a picture every 15 minutes and records application

history.

Robbins v. Lower Merion School District"WebcamGate" Scandal

● Schools secretly spied on students while in the privacy of their own homes.

● November 11, 2009, Blake Robbins was punished for his behavior at his home.

● The "evidence" used a picture taken of the student in his room.

Conclusion● October 2010, agreed to pay $610,000 to settle the lawsuit● The computers snapped over 66,000 photos● Photos contained photos of students sleeping, partially

dressed, and their parents.● School district never obtained the consent from the students

or parents.

● Webcams are great for communicating ideas, sharing experiences, or gathering information from a distance.

● The ethical problem comes when people misuse this technology to supervise or track people. This can lead to a violation of that individual's privacy and personal information.

● Usually, these individuals do not know that they are even being watched.

Public Webcam Conclusion

Computers in CarsChristopher Furseth

GPS ● Global Positional System

○ Uses satellites to determine location

● Police use to track position○ Didn't need warrant in past

Black Box ● Also known as an Event Data Collector in cars● Been being used in cars as early as 1994

○ GM first used it to monitor airbag deployment● Records Pre-crash Data

○ Was the seat belt used?○ Speed○ Brakes

● Section 31406 of Senate Bill 1813○ Starting in 2015 mandatory in new vehicles

● Insurance firm fights against claim

OnStar - What it is● Formed in 1995 by General Motors

● Services○ 24-hour Helpline ○ Remote Diagnostics○ Turn-by-Turn Navigation○ Security○ Hands Free Calling

OnStar - Privacy● OnStar uses a 2 way system with their technology

○ Tracks driving data ■ Locations, Driving Habits, etc.

● OnStar withholds the right to sell this information ● After contract termination OnStar keeps compiling

this data

Hacking

● Repo companies remotely shut off cars

● Security Risks?

● 100 cars turned off/hacked○ Who has access to controls?

● UofC Research 2011○ Security Risks○ ECU leaves vehicle vulnerable

Discussion Questions

●●

Thinking Questions● How much and what information should the government obtain from

the computers located in vehicles? Should companies have the rights to sell your information on things such as driving habits?

● What information should people be allowed to gather from public webcams? (traffic numbers, facial recognition, license plates) Are there cases where these should be allowed?

● Should strict regulations be put on companies that collect user data? Is it ok for them to monitor you without you knowing? and how far can they go with what they do with that information? Should you have a say in it?

● http://www.npr.org/templates/story/story.php?storyId=5165854

● http://www.anderson.ucla.edu/faculty/jason.frand/teacher/technologies/palace/datamining.htm

● http://www.the-data-mine.com/Software/DataMiningSoftware

● http://www.time.com/time/nation/article/0,8599,2059237,00.html

● http://www.ethicapublishing.com/ethical/3CH16.pdf

● http://abovethelaw.com/2009/06/lexisnexis-privacy-breach/

● http://www.lexisnexis.com/presscenter/SanfordTestimonyJudiciary.pdf

● [8]http://www.uschamber.com/issues/technology/online-privacy-seal-programs

● [9]http://delivery.acm.org.ezproxy1.lib.asu.edu/10.1145/580000/572278/p6-tavani.pdf?ip=129.219.247.33&acc=ACTIVE%20SERVICE&CFID=121709361&CFTOKEN=18196419&__acm__=1349048518_66b63845a522816a5d1c834202621082

References

● http://content.usatoday.com/communities/ondeadline/post/2010/02/school-district-accused-of-issuing-webcam-laptops-to-spy-on-students/1#.UGlAnU3A-vY

● http://articles.philly.com/2010-07-28/news/24972175_1_webcam-monitoring-system-culinary-school

● http://lmsd.org/documents/news/100503_l3_report.pdf

● https://security.web.cern.ch/security/rules/en/webcams.shtml

● http://www.opentopia.com/hiddencam.php

● http://www.startribune.com/business/130539798.html?refer=y

● http://www.atlanta-insurance-claims-resource.com/car-black-box.html

● http://www.wired.com/threatlevel/2010/03/hacker-bricks-cars/

● http://content.usatoday.com/communities/driveon/post/2011/01/car-theives-can-eaisly-hack-remote-keyless-systems-swiss-research-discovers/1#.UGiYJlGSWu8

● esearchers at the University of California

References

References● http://online.wsj.com/article/SB10001424052702303404704577305473061190762.html

● http://www.nytimes.com/2012/05/10/business/ftc-and-white-house-push-for-online-privacy-laws.html?_r=1&

● http://www.pcworld.com/article/262244/lawmaker_pushes_mobile_privacy_legislation.html

● http://news.cnet.com/8301-13578_3-57520147-38/privacy-bill-requires-search-warrants-for-e-mail-cell-tracking/