chap 10: privacy in computing. privacy as an aspect of security authentication effects on privacy ...
DESCRIPTION
Is the right to control who knows certain aspects about you, your communications, and your activities Information privacy has three aspects: sensitive data affected parties controlled disclosure SE571 Security in Computing Dr. Ogara 3TRANSCRIPT
SE571Security in Computing
Chap 10: Privacy in Computing
SE571 Security in Computing Dr. Ogara 2
This Chapter Examines… Privacy as an aspect of security Authentication effects on privacy Privacy and the Internet Privacy implications for emerging
technologies
SE571 Security in Computing Dr. Ogara 3
What is privacy? Is the right to control who knows
certain aspects about you, your communications, and your activities
Information privacy has three aspects:• sensitive data• affected parties• controlled disclosure
SE571 Security in Computing Dr. Ogara 4
What is sensitive data? personal identity information finances, credit, bank details medical information school records communications: mail, e-mail,
telephone calls, spam illegal activities, criminal records
SE571 Security in Computing Dr. Ogara 5
Affected parties Organizations need to protect personal
information and sensitive data
Companies• product plans• key customers• profit margins• newly discovered technologies
Hospitals and Schools• Personal data for students and patients
SE571 Security in Computing Dr. Ogara 6
Computer-Related Privacy Problems Information collection: Data are collected
only with knowledge and explicit consent Information usage: Data are used only for
certain specified purposes Information retention: Data are retained
for only a set period of time Information disclosure: Data are
disclosed to only an authorized set of people
SE571 Security in Computing Dr. Ogara 7
Computer-Related Privacy Problems Information security: Appropriate
mechanisms are used to ensure the protection of the data
Access control: All modes of access to all forms of collected data are controlled
Monitoring: Logs are maintained showing all accesses to data
Policy changes: Less restrictive policies are never applied after-the-fact to already obtained data
SE571 Security in Computing Dr. Ogara 8
Computer-Related Privacy Problems Examples:
• Job applicants asked to turn over their Facebook passwords
• Some employers are asking job applicants for Facebook username
• Fork over your Facebook log-on or you don't get hired. What?
• Facebook Warns Employers Not to Ask Job Applicants for Log-in
SE571 Security in Computing Dr. Ogara 9
Did you know that … All of the mobile phone companies keep details about the
location of cell towers used by every phone, for a year or longer.
All of the mobile phone companies keep records about voice calls and text messages received and sent for a year or longer. Verizon stores the contents of every text message for three to five days. (The others don't keep the text.)
IP session information -- tying your phone to an IP address -- is kept for a year by Verizon and 60 days on Sprint and Nextel.
IP destination information -- which IP addresses you connected to -- is stored for 90 days at Verizon and 60 days on Sprint and Nextel
Source: http://www.infoworld.com/t/internet-privacy/mobile-phone-companies-keep-your-records-longer-you-think-175466
SE571 Security in Computing Dr. Ogara 10
Privacy principles and policies Fair information policies U.S. Privacy laws Controls on U.S. government
Websites Controls on commercial Websites Non- U.S. privacy principles Anonymity, multiple identities Govern and privacy Identity theft
SE571 Security in Computing Dr. Ogara 11
Fair information policies (1973) Collection limitation. Data should be obtained
lawfully and fairly. Data quality. Data should be relevant to their
purposes, accurate, complete, and up-to-date. Purpose specification. The purposes for which
data will be used should be identified and the data destroyed if no longer necessary to serve that purpose.
Use limitation. Use for purposes other than those specified is authorized only with consent of the data subject or by authority of law.
SE571 Security in Computing Dr. Ogara 12
Fair information policies (1973) Openness. It should be possible to acquire
information about the collection, storage, and use of personal data systems.
Individual participation. The data subject normally has a right to access and to challenge data relating to her.
Security safeguards. Procedures to guard against loss, corruption, destruction, or misuse of data should be established
Accountability. A data controller should be designated and accountable for complying with the measures to give effect to the principles.
SE571 Security in Computing Dr. Ogara 13
Fair information policies (1973) Problem
• Above principles describe right of individuals and NOT protection of data collected
Solution• Reduce data exposure – ask for what is necessary• Reduce data sensitivity by interchanging data
items• Anonymize data - remove/modify identifying
information• Encrypt the data
SE571 Security in Computing Dr. Ogara 14
U.S. Privacy Laws Covers data protection Applies to all personal data held anywhere
in the government
Examples• Fair Credit Reporting Act – consumers credit• Health Insurance Portability and Accountability Act
(HIPAA)• Gramm–Leach–Bliley Act (GLBA) – financial services• Children’s Online Privacy Protection Act (COPPA)• Federal Educational Rights and Privacy Act
SE571 Security in Computing Dr. Ogara 15
U.S. Privacy Laws Problems Target areas of the laws overlap e.g.
Which law (if any) would require privacy protection of a university student’s health center bills paid by credit card?
Gaps between laws e.g. evolving technologies
SE571 Security in Computing Dr. Ogara 16
Controls on U.S. Government Web Sites
Federal Trade Commission (FTC) has jurisdiction over web sites
5 privacy factors government Websites must address in order to obey the Privacy Act• Notice. Data collectors must disclose their information practices
before collecting personal information from consumers. • Choice. Consumers must be given a choice as to whether and how
personal information collected from them may be used. • Access. Consumers should be able to view and contest the
accuracy and completeness of data collected about them. • Security. Data collectors must take reasonable steps to ensure
that information collected from consumers is accurate and secure from unauthorized use.
• Enforcement. A reliable mechanism must be in place to impose sanctions for noncompliance with these fair information practices.
SE571 Security in Computing Dr. Ogara 17
E-Government Act of 2002 Federal government agencies post
privacy policies on their web sites to disclose:• information collected • reason for collecting information• intended use of the information • whom the information will be shared with• notice or opportunities for consent• security of information• the rights of the individual under the Privacy Act
SE571 Security in Computing Dr. Ogara 18
Controls on Commercial Web Sites Some companies display solid and
detailed privacy statements while others may not
Privacy outside government is protected by other laws:• Credit• Banking• Education• healthcare
SE571 Security in Computing Dr. Ogara 19
Controls on Commercial Web Sites FTC can sue companies that engage
in deceptive practices Example
• 2005 CartManager International – runs web shopping cart software was sued by FTC because they sold customer data
SE571 Security in Computing Dr. Ogara 20
Non-U.S. Privacy Principles 1981 Council of Europe adopted
Convention 108 to protect individual data
1995 European Union adopted Directive 95/46/EC , also called European Privacy Directive
SE571 Security in Computing Dr. Ogara 21
European Privacy Directive Individual data should be:
• processed fairly and lawfully • collected for specified, explicit and
legitimate purposes• adequate, relevant, and not excessive in
relation to the purposes for which they are collected
• accurate• kept in a form that permits identification of
data subjects for no longer than is necessary
SE571 Security in Computing Dr. Ogara 22
European Privacy Directive Also individuals have the right to:
• access data collected about them• correct inaccurate or incomplete data• have those corrections sent to those who
have received the data
SE571 Security in Computing Dr. Ogara 23
European Privacy Directive Three more principles to the Fair
Information Policies• Greater restrictions on data collection and
processing that involves “sensitive data - racial or ethnic origin, political opinions, religious beliefs, philosophical or ethical persuasion
• Authorized users restricted from transferring information to third parties without the permission of the data subject
• Entities that process personal data should not only be accountable but should also be subject to independent oversight
SE571 Security in Computing Dr. Ogara 24
Controversial privacy issue Following September 11 terrorist attack, U.S
collects data from Passenger Name Record (PRN) – maintained by airlines
U.S asked Europe to supply PNR data within 15 minutes of plane departure to the U.S.
In 2004, European Commission and European Council accepted the request
In 2006, European Parliament and European Court of Justice objected on privacy grounds
U.S could deny landing rights to airlines that refuse
SE571 Security in Computing Dr. Ogara 25
Anonymity, Multiple Identities Anonymity
• Heath issue• Sexual orientation• Etc
SE571 Security in Computing Dr. Ogara 26
Government and Privacy What are the implications to
government access to data?• Misuse and violation of privacy rights
through access to personal information• Data access risks – data errors, inaccurate
linking of data, incorrect data and many more
SE571 Security in Computing Dr. Ogara 27
Steps to Protect Against Privacy Loss
Data minimization - Obtain least data necessary
Data anonymization Audit trail Security and controlled access Training Quality – determine usefulness of data Restricted usage – uses should be consistent
with purpose of collecting data Leave data in place with original owner Policy
SE571 Security in Computing Dr. Ogara 28
Identity Theft Taking another person’s identity
• Credit card• Drivers license
SE571 Security in Computing Dr. Ogara 29
Authentication and Privacy Authentication takes three forms
• Individual – birth certificate, passport/national ID
• Identity – credit card, meal plan card, magnetic access card
• Attributes – age to take alcohol or drive
SE571 Security in Computing Dr. Ogara 30
Privacy in Data Mining Data mining threatens privacy We can derive do data mining
without sacrificing privacy How?
• Swapping data fields to prevent linking records
• Limited swapping balances accuracy and privacy
SE571 Security in Computing Dr. Ogara 31
Privacy on the Web Internet is the greatest threat to privacy Sophisticated web applications can
know a lot about a user How do users loose privacy on the
Internet? User uncertain about authenticity of the
server Payments over the Web Credit card payments
SE571 Security in Computing Dr. Ogara 32
Privacy on the Web Payment schemes e.g. PayPal Third party ads – mortgages, banking, loans, etc Site and portal registrations Contests and offers – to get private information Technologies
• Cookies - text file stored on the user’s computer and passed by the user’s browser to the web site when the user goes to that site
• Cookie may contain users ID, password, a credit card number, the customer name and shipping address, the date of the last visit to the site, the number of items purchased or the dollar volume of purchases
SE571 Security in Computing Dr. Ogara 33
Keystroke Loggers and Spyware Spyware is a program or code designed to
spy on a user, collecting data (including anything the user types)
Keystroke loggers are programs that reside in a computer and record every key pressed.
Keystroke loggers sometimes record only web sites visited or, even more serious, only the keystrokes entered at a particular web site (for example, the login ID and password to a banking site.)
SE571 Security in Computing Dr. Ogara 34
Adware Display selected ads in pop-up
windows or in the main browser window
Often selected according to user’s characteristics
Usually installed as part of another piece of software without notice
SE571 Security in Computing Dr. Ogara 35
Email Security Privacy of an e-mail message can be
compromised on either the sender’s or receiver’s side
Interception - E-mail is exposed from sender to receiver, and there are numerous points for interception. Without encryption it is difficult to prevent access along the way
SE571 Security in Computing Dr. Ogara 36
Email Security Email monitoring
• Companies and organizations • Network admin• ISP
Anonymous Email and Remailers• Employees sending tips or complaints to
management• People beginning personal relationships
SE571 Security in Computing Dr. Ogara 37
Email Security Simple Remailers
• A remailer is a trusted third party to whom you send an e-mail message and indicate to whom you want it sent
• strips off the sender’s name and address, assigns an anonymous pseudonym as the sender, and forwards the message to the designated recipients
• removes the recipient’s name and address from reply and forwards it to the sender
• knows both sender and receiver, so it provides pseudonymity
SE571 Security in Computing Dr. Ogara 38
Spoofing and Spamming E-mail has very little authenticity
protection SMTP protocol does not verify the
accuracy and legitimacy of the listed sender
This enhances spoofing of source address and hence spam because it is difficult to trace real sender
SE571 Security in Computing Dr. Ogara 39
Privacy Impacts on Emerging Technologies
RFID Electronic voting VoIP and Skype
SE571 Security in Computing Dr. Ogara 40
Radio frequency identification or RFID
Uses small, low-power wireless radio transmitters called RFID tags
Tags are tuned to a particular frequency and each has a unique ID number
When a tag receives its signal, it sends its ID number signal in response
Tags are passive – have no power of their own but powered up when they receive signals
SE571 Security in Computing Dr. Ogara 41
Radio frequency identification or RFID
Uses of RFID Tags• toll plaza payments • transit system fare cards • stock or inventory labels • passports and identity cards
SE571 Security in Computing Dr. Ogara 42
Radio frequency identification or RFID
Privacy Issues• Tracking individuals wherever they go• Discern sensitive data about people• you work for, medical condition (based on
medicine bottle), and finances
Solutions• Disabling tags• Blocking/shield from receivers• Reprogramme• Encryption
SE571 Security in Computing Dr. Ogara 43
Electronic Voting Privacy Issues
• Who has voted for who• Internet related privacy issues
SE571 Security in Computing Dr. Ogara 44
VoIP and Skype Voice over IP (VoIP) is a protocol for
transmission of voice-grade telephone traffic over the Internet
Privacy Issues• Who has voted for who• Internet related privacy issues