Date post: | 19-Dec-2015 |
Category: |
Documents |
View: | 217 times |
Download: | 0 times |
Privacy: Social Issues and Current Technologies
Ian GrahamCentre for Academic Technology
Information CommonsUniversity of Toronto
Talk Overview
• Introduction (Why we care)
• Social history of privacy
• Privacy-related topics
• Privacy and Web application design
• Future technologies
1. Why We Care:
• New Information Technologies:
• A) Digital storage, retrieval, distribution– Enormous cost reductions
• B) Data sharing and processing – Combine, re-use, re-purpose data
• (data mining)
• An emergent and fundamental change
Why We Care:
• All technologies have unanticipated side effects:– Cannot predict most of them
• (how will the nature of communication change, of interpersonal relationships, work, …)
– One we can predict: privacy• Lots of information floating about; how should we
handle concerns over use of this information?
Why We Care:
• Privacy (rough definition):
– The ability or right of an individual to control their exposure to the rest of the world, and to be able to hide knowledge about themselves
– Privacy has only recently become “topical”...
Why We Care:
0
10
20
30
40
50
60
1901 1911 1921 1931 1941 1951 1961 1971 1981 1991
Nu
mb
er
“Privacy” Books per year (University Library database)
privacy (15c) (from private) The state or quality of being private.1 a. The state or condition of being withdrawn from the society of
others, or from public interest; seclusion.b. The state or condition of being alone, undisturbed, orfree from public attention, as a matter of choice or right;freedom from interference or intrusion. Also attrib.,designating that which affords a privacy of this kind.
2. a. pl. Private or retired places; private apartments; places ofretreat. Now rare.b. A secret place, a place of concealment. (Obsolete)
3. a. Absence or avoidance of publicity or display; acondition approaching to secrecy or concealment. asynonym for secrecyb. Keeping of a secret, reticence. (Obsolete)
4. a. A private matter, a secret; pl. private or personal matters orrelations. Now rare.b. pl. The private parts. (Obsolete)
5. Intimacy, confidential relations. (Obsolete)6. The state of being privy to some act; = privity. rare.
Examples of first Use:• 1 b. The state or condition of being alone, undisturbed, or free from
public attention, as a matter of choice or right; freedom from interference or intrusion. Also attrib., designating that which affords a privacy of this kind. <one's right to privacy>
– 1814 J. Campbell Rep. Cases King's Bench III. 81 Though the defendant might not object to a small window looking into his yard, a larger one might be very inconvenient to him, by disturbing his privacy, and enabling people to come through to trespass upon his property.
– 1890 Warren & Brandeis in Harvard Law Rev. IV. 193 (title) The right to privacy.
Privacy is “new”
• Questions:– Why is that?– What does that tell us about
• privacy
• attitudes to privacy
• control over privacy
History
• 1) Privacy requires a social context that defines “public” and “private” realms
– small, communal societies don’t display this distinction.
History
• 2) Privacy requires multiple power centres– Not just state and people, but state, other power
brokers, and individuals
• < 15th century -- single power centres within states
• > 17th century -- rise of merchant class
History
• 3) Privacy requires individual rights
– “Human experience is the foundation of understanding and truth; external authority is less important the personal experience.”
– The Age of Enlightenment (17th century)
History
• Defining Moments– Evolution of merchant classes– Age of enlightenment; new conception of
individual rights
– Property rights; legal dispute arbitration; political recognition of individual rights
• individual right to control public exposure
“Modern” Privacy Concerns
• Property rights until 1950s
• Two new concerns:– Concentration of “private” information in
Government databases– Desire for “public” access to appropriate
“private” information
• Digital Personas (extension)
Privacy Concerns
• Two types of legislation
– Freedom of information• Allow access to non-sensitive information
– Data protection (a.k.a. privacy protection)• Protection from misuse of private information
• Initially -- Government data
Privacy Concerns
• Important Points– Privacy bounds vary between cultures– Laws, rules, conventions, vary as well– Focus originally on only one relationship
• Government citizen
• (citizens have little control over the information they provide...)
Going Digital
• Starting around 1970– Commercial databases– Open data exchange standards– Data exchange mechanisms (networks)– exponentially increasing amounts of usable
data
Going Digital
• More places to be concerned about privacy:– Library Awareness Program (FBI)– Corporate database reuse – Digital/electronic eavesdropping
• More ways of unwitting exposure– Subscription to services; tracking from standard
business transactions
Four Issues
• Coercion to divulge information
• Accidental release of information
• Surreptitious collection of information
• Ability to negotiate privacy limits– (less relevant for government)
Application Design Goals
• Design data usage policies at the start– e.g., Library awareness program
• Design for user-centric privacy policies– Customized policy for each user
• Publicized privacy statements
4. Application Design
• Several related issues– Application software design– Networking architecture– Physical access/administrative policies– publicity mechanisms (policy statements)
Application Design
• Based on a pre-defined privacy policy– database design– encryption technologies– identity verification (digital certificates for
company and/or individuals)– policies for archived data, information reuse
Data Security
• Firewall & network design
• Encryption of archived data
• Physical document management
• Network/system access controls– User authentication/identification
• Auditing tools
Communications Security
• Web page encryption – SSL, PCT
• Mail message encryption– PGP, S-MIME
• Archived message encryption
• Data destruction / reuse policy
Identification/Non-Repudiation
• Username/password login– (with or without SSL)
• Server certificates: SSL, S-MIME/PGP– identifies corporation
• Client certificates: SSL, S-MIME/PGP– identifies message “author”– problems with unsecured client machine
Physical Access
Access controlCabling protectionOff-site backupsPhysical doc. policy (shredding / destruction)
Network Architecture
Internal vs. externalFirewalls and rulesServers and locationsAccess control rulesAuditing tools (logins, accesses, attacks)E-mail encryptionWeb page encryptionApplication Design
Data modelData access rulesData encryptionWeb page encryptionEmail encryptionServer certificatesUser certificatesAlternate authenticationData deletion policiesCache protection
Data securityData security
Communications Communications SecuritySecurity
Identification & Identification & non-repudiationnon-repudiation
PRIVACY POLICYPRIVACY POLICY
Dependencies
dependencies
Future Technologies:
• User-Centric Privacy
– Current E-commerce sites generally require a fixed set of user information(“all-or-none” approach)
– Option: Different services for different classes of customer
User-Centric Privacy
• Requires:– More complex “subscription” mechanism (risks
alienation)– Ideal would be software-negotiation, based on
user-preferences and machine-readable statement of privacy policies.
Platform for Privacy Preferences
• P3P– A language for defining privacy policies– A language for expressing private information,
privacy statements– A World Wide Web Consortium project
http://www.w3.org/P3P/– Commercial approaches (e.g., DigitalMe)
http://www.w3.org/P3P/implementations
Conclusions
• Privacy is new, and changing
• Policies vary between countries
• Privacy should be considered during application design; lots of technologies
• Policies need to be publicized
• User-centric, “custom” privacy agreements for the future
Ian Graham
• Additional Information– http://www.utoronto.ca/ian/privacy/
http://www.utoronto.ca/ian
• Contact– Centre for Academic Technology
Information CommonsUniversity of Toronto130 St George St. M5S 3H1: [email protected]: (416) 978-4548