Research report
Security in Computing, Fifth Edition
Chapter 9: Privacy
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
1
Chapter 9 Objectives
Define privacy and fundamental computer-related privacy challenges
Privacy principles and laws
Privacy precautions for web surfing
Spyware
Email privacy
Privacy concerns in emerging technologies
2
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
What Is Privacy?
Privacy is the right to control who knows certain aspects about you, your communications, and your activities
Types of data many people consider private:
Identity
Finances
Health
Biometrics
Privileged communications
Location data
Subject: person or entity being described by the data
Owner: person or entity that holds the data
3
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
Computer-Related Privacy Problems
Data collection
Advances in computer storage make it possible to hold and manipulate huge numbers of records, and those advances continue to evolve (new cyber warfare technique)
Notice and consent
Notice of collection and consent to allow collection of data are foundations of privacy, but with modern data collection, it is often impossible to know what is being collected
Control and ownership of data
Once a user consents to provide data, the data is out of that user’s control. It may be held indefinitely or shared with other entities.
4
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
Fair Information Practices
Data should be obtained lawfully and fairly
Data should be relevant to their purposes, accurate, complete, and up to date
The purposes for which data will be used should be identified and that data destroyed if no longer necessary for that purpose
Use for purposes other than those specified is authorized only with consent of data subject or by authority of law
Procedures to guard against loss, corruption, destruction, or misuse of data should be established
It should be possible to acquire information about the collection, storage, and use of personal data systems
The data subjects normally have a right to access and challenge data relating to them
A data controller should be designated and accountable for complying with the measures to effect these principles
5
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
Based on a 1973 study led by Willis Ware.
5
U.S. Privacy Laws
The 1974 Privacy Act embodies most of the principles above but applies only to data collected by the U.S. government
Other federal privacy laws:
HIPAA (healthcare data)
GLBA (financial data)
COPPA (children’s web access)
FERPA (student records)
State privacy law varies widely
6
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
Non-U.S. Privacy Principles
European Privacy Directive (1995)
Applies the Ware Committee’s principles to governments and businesses
Also provides for extra protection for sensitive data, strong limits on data transfer, and independent oversight to ensure compliance
General Data Protection Regulation (GDPR)
Europeans will be able to tell companies to stop profiling them, they’ll have much greater control over what happens to their data, and they’ll find it easier to launch complaints about the misuse of their information. What’s more, the companies on the receiving end of those complaints face serious fines if they don’t toe the line.
A list of other nations’ privacy laws can be found at http://www.informationshield.com/intprivacylaws.html
7
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
Privacy-Preserving Data Mining
Removing identifying information from data doesn’t work
Even if the overtly identifying information can be removed, identification from remaining data is often possible
Data perturbation (probability or value distribution)
As discussed in Chapter 7, data perturbation can limit the privacy risks associated with the data without impacting analysis results
Data mining often focuses on correlation and aggregation, both of which can generally be reliably accomplished with perturbed data
8
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
Precautions for Web Surfing
Cookies (EU Cookie Law update 2017)
Cookies are a way for websites to store data locally on a user’s machine
They may contain sensitive personal information, such as credit card numbers
Third-party tracking cookies
Some companies specialize in tracking users by having numerous popular sites place their cookies in users’ browsers
This tracking information is used for online profiling, which is generally used for targeted advertising
Web bugs
A web bug is more active than a cookie and has the ability to immediately send information about user behavior to advertising services
9
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
Spyware
Spyware is code designed to spy on a user, collecting data
General spyware:
Advertising applications, identity theft
Hijackers:
Hijack existing programs and use them for different purposes, such as reconfiguring file sharing software to share sensitive information
Adware
Displays selected advertisements in pop-up windows or the main browser window
Often installed in a misleading way as part of other software packages
10
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
Where Does Email Go?
When Janet sends an email to Scott, the message is transferred via simple mail transfer protocol (SMTP)
The message is then transferred through multiple ISPs and servers before it arrives at Scott’s post office protocol (POP) server
Scott receives the email when his email client logs into the POP server on his behalf
Any of the servers in this chain of communication can see and keep Janet’s email
Demonstrate
11
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
Anonymous or Disappearing Email
Disposable email addresses from sites like mailinator.com
Remailers are trusted third parties that replace real addresses with pseudonymous ones to protect identities in correspondence
Multiple remailers can be used in a TOR-like configuration to gain stronger anonymity
Disappearing email
Because email travels through so many servers, it cannot be made to truly disappear
Messaging services like Snapchat, which claims to make messages disappear, cannot guarantee that recipients will not be able to save those messages
12
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
The TOR-like configuration: The sender selects three remailers; he encrypts the message with each of their public keys in succession; he then sends the message through them in the reverse of that order, with each one’s public key being able to open only one layer of message.
12
Radio Frequency Identification (RFID)
RFID tags are small, low-power wireless radio transmitters
When a tag receives a signal on the correct frequency, it responds with its unique ID number
Privacy concerns:
As RFID tags become cheaper and more ubiquitous, and RFID readers are installed in more places, it may become possible to track individuals wherever they go
As RFID tags are put on more items, it will become increasingly possible to discern personal information by reading those tags
13
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
Other Emerging Technologies
Electronic voting
Among other issues, research into electronic voting includes privacy concerns, such as maintaining privacy of who has voted and who each person voted for
Voice over IP (VoIP)
While VoIP adds the possibility of encryption to voice calls, it also allows a new set of service providers to track sources and destinations of those calls
Cloud computing
Physical location of information in the cloud may have significant effects on privacy and confidentiality protections
Cloud data may have more than one legal location at a time
Laws could oblige cloud providers to examine user data for evidence of criminal activity
Legal uncertainties make it difficult to assess the status of cloud data
14
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
Summary
What data is considered private is subjective
Privacy laws vary widely by jurisdiction
Cookies and web bugs track user behavior across websites
Spyware can be used to track behavior for targeted advertising or for much more nefarious purposes
Email has little privacy protection by default
Emerging technologies are fraught with privacy uncertainties, including both technological and legal issues
15
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.