Privacy is….? Secrecy, Concealment, Seclusion, Solitude, Confidentiality, Anonymity Prejudicial Information Personally Identifiable Information (PII) Whatever you want it to be
Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others.
Viewed in terms of the relation of the individual to social participation, privacy is the voluntary and temporary withdrawal of a person from a general society into a condition of anonymity or reserve.
Privacy is the ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively.
Privacy in Colonial America Find an open field to talk Sneak off into the woods No privacy indoors Churches encouraged neighbors to snoop on each other
Privacy in the 1800s Long‐distance communication by telegraph Letters Concern about invasive press Snooping discouraged Gossip, Word of Mouth
Privacy from 1900 ‐ 1965 First bugging device Search of electronic conversations constitutional Telephone communications over wires Cold War prompts government to increase surveillance of civilians without their knowledge
Privacy from 1965 ‐ 1990 Watergate Scandal Personal computers Public‐key encryption invented Internet emerged Sensationalist journalism
Privacy from 1990 ‐ 2001 No privacy for public figures Wireless communication Cameras Satellites Confusion over who owns content on computer networks
Privacy After September 11th Private customer information divulged to federal authorities hunting for terrorists or criminals Airport searches Polls in the US indicated that people think that the 1st amendment of the US Constitution might go too far
Total Information Awareness Post 9/11 project to: [Create] enormous computer databases to gather and store the personal information in the United States, including personal emails, social network analysis, credit card records, phone calls, medical records, and numerous other sources, without any requirement for a search warrant. Additionally, the program included funding for a biometric surveillance technologies that could identify and track individuals using surveillance cameras and other methods.
Television & Privacy 1992 brought the launch of Reality Television where everyone’s lives became public consumption This brought about shows about people: Living together in homes and islands Families struggling with personal issues Celebrities private issues made public People showing off their stupidity to win money and fame In short, Reality TV took the privacy discussion to a new level
Privacy Today YouTube has ended all forms of personal privacy Bloggers have made their personal (and their friends/ acquaintances) lives topics of discussion of the entire world And then came social networks…. We are comfortable sharing our lives and thoughts instantly with thousands of people – close friends and strangers alike
Ways Technology Threatens Privacy Phishing Cloud Computing Malware & Spyware Electronic Medical Data Social Networking sites Public Wi‐Fi Photo & Video Sharing Retail Loyalty Cards Web History Workplace Computers Targeted Advertising & Cell Phones Cookies
Why Privacy Has Changed? Curiosity Convenience The Internet and Evolving Technology Social Trends Desire to relate & share with others Identity Fame Posterity
The primary business model of today’s most successful corporation is the monetization in the mass collection, correlation & analysis of individual private data
Private Info Monetized Acxiom – 750 billion pieces of information or 1,500 facts on ½ billion people Correlate “consumer” info from signups, surveys, magazine subscriptions USD 1. 38 billion turnover for FY2008 Colligent – Actionable consumer research derived from social networks Rapleaf – 450 million social network profiles Submit request and aggregated social network profiles returned within a day Phorm Uses “behavioral keywords” – keywords derived from a combination of search terms, URLs and even contextual page analysis over time – to find the right users
White’s Taxonomy of Online Privacy Invasion Web Request Cross Site Tracking Rich Browser Environments Application Data Aggregation, Correlation & Meta‐Data
Taxonomy – Web Request A single web request An image on a website One webpage is made up of multiple requests What They Can Find Out Web Location (Latitude, Longitude, Request City, Country) Language Operating System & Browser What site you came from ISP Have you been here before?
Taxonomy – Cross Site Tracking Using cookies to track across computers and affiliated sites Cookie is stored on your computer and sent with every request Cross Site Tracking Cookies usually associated with login details What They Can Find Out Who you are What sites you visit Behavioral profiles
Taxonomy – Application Data Rich Information Inputs Structured & Unstructured Data Search requests E‐mails Calendar items Application Data Instant Message Communications What They Can Find Out Who you are Who your friends are What you’re doing on Sunday Your Interests
Taxonomy – Aggregation, Correlation & Meta Data Combining the previous levels Meta‐Data – Include interactions with applications Aggregation – combining the information from various sources Correlation – normalizing Aggregation, entities across sources Correlation & Provides information you may Meta‐Data not be aware of What they can find out Social networks Behavioral profiles Psychological profiles Deep databases
By ISPs ISPs always know your IP address and the IP address to which you are communicating ISPs are capable of observing unencrypted data passing between you and the Internet but not properly‐ encrypted data They are usually prevented to do so due to social pressure and law
By E‐Mail May be inappropriately spread by the original receiver May be intercepted May be legally viewed or disclosed by service providers or authorities
By Discussion Groups There is no barrier for unsolicited messages or emails within a mailing list or online discussion group Any member of the list or group could collect and distribute your email address and information you post
By Internet Browsers Most web browsers can save some forms of personal data, such as browsing history, cookies, web form entries and password You may accidentally reveal such information when using a browser on a public computer or someone elses
By Search Engines Search engines have and use the ability to track each one of your searches by IP address, search terms and time of day
How Do We Know ‐ AOL Aug 7, 06 ‐ AOL apologized for releasing search log data on subscribers that had been intended for use with the companys newly launched research site. Almost two weeks before that, AOL had quietly released roughly twenty million search record from 658,000 users on their new AOL Research site. The data includes a number assigned to the anonymous user, the search term, the date and time of the search, and the website(s) visited as a result of the search. NY Times was able to identify several users by cross‐ referencing with phonebooks/public records
How Do We Know – Department of Justice Jan 06, the US Dept of Justice issued a subpoena asking popular search engines to provide a "random sampling" of 1 million IP addresses that used the search engine, and a random sampling of 1 million search queries submitted over a one‐week period. The government wanted the information to defend a child pornography law. Microsoft, Yahoo and AOL complied with the request, while Google fought the subpoena.
How Do We Know ‐ Google Google collects massive amounts of user data Gmail has a machine reading email to improve the relevance of advertisements displayed Google Street View ‐ public/private property & people captured in images Search histories are kept for two years and identified via a cookie
By Indirect Marketing Web bugs ‐ a graphic (in a website or a graphic enabled email) that can confirm when the message or web page is viewed and record the IP address of the viewer Third party cookies ‐ a web page may contain images or other components stored on servers in other domains. Cookies that are set during retrieval of these components are called third‐party cookies.
What Are Cookies? Cookies are data packets sent by a server to a web client and then sent back unchanged by the client each time it accesses that server Cookies are used for authenticating, session tracking and maintaining specific information about users, such as site preferences or the contents of their electronic shopping carts Cookies are only data, not programs or viruses There are two types of cookies ‐ persistent and non‐ persistent
Why Don’t We Like Cookies? Cookies can be hijacked and modified by attackers Cookies can be used to track browsing behavior so some think they are tagged
By Direct Marketing Direct marketing is a sales pitch targeted to a person based on previous consumer choices. It is common these days Many companies also sell or share your information to others. This sharing with other businesses can be done rapidly and cheaply
By Instant Messaging Your IM conversation can be saved onto a computer even if only one person agrees Workplace IM can be monitored by your employer SPIM ‐ Spam distributed in IM
By Employers 76% of employers monitor employees website connections 65% use technology to blocked connections to banned websites 55% monitor email
By Cybercrime Spyware takes advantage of security holes to attack the browser and force it to be downloaded and installed to gather information without your knowledge Phishing occurs when criminals lure the victim into providing financial data to an unsecure website Pharming occurs when criminals plant programs in the victims computer which redirect the victim from legitimate websites to scam look‐alike sites