Download - COPS: Community-Oriented Privacy System
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
COPS: Community-Oriented Privacy System
The Email Prototype
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
2Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
IntroductionMotivationEmail PrototypeFuture work
COPS
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
3Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
What is privacy? The quality or state of being apart from company
or observationHow do we protect privacy?
Doors, locks, alarms, fences/gates Passwords, encryption, information flow
Whose privacy is being protected? The individual
Individual Privacy
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
4Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
What is a ‘group’? Collaborative, Cooperative, Collective
What is privacy? A boundary regulation process that is context
dependentHow is privacy protected?
A dynamic process driven by a group of users
Group Privacy
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
5Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
How do groups of people share information? In person Postal mail Telephone Email/Fax Social networking Cloud
Communication
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
6Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Facebook News Feed (2006)
• Facebook made privacy changes that made status updates, images, and other user-created content public by default, which motivated more than a third of Facebook users to alter their privacy settings.
Beacon (2007-2009)• Beacon was a part of Facebook's advertisement system that sent data
from external websites to Facebook, for the purpose of allowing targeted advertisements and allowing users to share their activities with their friends.
Cookies (Oct. 2011)• Facebook sued for “tracking, collecting, and storing its users’ wire or
electronic communications, including but not limited to portions of their internet browsing history even when the users were not logged-in to Facebook.”
Motivation
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
7Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Cloud privacy concerns Amazon’s cloud browser• "All of your web surfing habits will transit Amazon's cloud.
If you think that Google AdWords and Facebook are watching you, this service is guaranteed to have a record of everything you do on the Web.“ -Chester Wisniewski, a senior security adviser at British computer security firm Sophos
Dropbox• “Insecure by design” –Derek Newton of Information
Security Insights• Will turn your files over to the Government if asked
Motivation
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
8Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Have you ever sent an email to the wrong person accidentally? “One of Eli Lilly & Co.'s sub-contracted lawyers at
Philadelphia based Pepper Hamilton had mistakenly emailed confidential Eli Lilly's discussions to Times reporter Alex Berenson (instead of Bradford Berenson, her co-counsel), costing Eli Lilly nearly $1 billion.” (Zilberman 2010)
Other issues: Huge recipient lists, similar/duplicate names
Motivation
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
9Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Are there any solutions out there to stop this from happening? Gmail undo:
Complex privacy policies (Leon 2011)• “Online opt-out tools were challenging for users to
understand and configure”
Email Leakage
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
10Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Community-Oriented Privacy System (COPS)Privacy boundaries are defined through "community
tags“Regulation of privacy is provided through
mechanisms for setting, changing, and making exceptions to the community tags.
Sense of community is realized through mechanisms for notification (making actions of individuals visible to the group) and consensus (allowing the group to vote on changes and exceptions)
COPS
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
11Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Why take a community-based approach? Shared expertise - privacy-enhancing features like
rules and settings are underutilized by the individual. Shared expertise will lead to better utilization of the privacy mechanisms and better awareness of the privacy requirements and privacy threats.
Shared responsibility - social pressure from the group encourages the individual to pay better attention to neglected privacy tasks due to a sense of responsibility to the community.
COPS
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
12Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Community Tag
Protect privacy by requiring group consensus required for tag creation/modification and exceptions
Tag usage is enforced by the users
COPS
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
13Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Threat model - In computer security the term threat modeling is used to describe a set of issues that the designer of the system is interested in. In order to achieve a feeling of privacy we must cover four areas in particular: Accidental disclosure Lack of awareness Inability to understand the privacy rules or system
interfaces Inability of the system to guarantee desired privacy
COPS
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
14Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Accidental disclosure - when a user accidentally sends an email to the wrong recipient or incorrectly forwards an email to someone that should not have seen it. We anticipate that most privacy breaches are the result of accidental disclosure and we've seen that accidental disclosure can have significant ramifications
COPS
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
15Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Lack of awareness - Related to accidental disclosure but mostly caused by the lack of knowledge rather than being a mere mistake. Lack of awareness privacy breaches most likely occur as a result of email forwarding and long recipient lists. Tracking an email's forwarding history can be a daunting task and trying to read through an email's recipient list of more than a dozen people is an exercise of frustration
COPS
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
16Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Inability to understand the privacy rules or system interfaces - As the designers of this system, we're responsible for providing an interface that's easy to use and understand. Our research should look into the metaphors and current practices that people use when protecting privacy and leverage these practices
COPS
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
17Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Inability of the system to guarantee desired privacy - Our research much span across various different domains -- from academia to the business world and from small informal groups to large group communication. Different domains have different requirements and enforce privacy in different ways. We must take into account these different practices and design a system that can translate easily from one domain to another
COPS
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
18Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Email Prototype Proof of concept Mockups High fidelity prototype
COPS
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
19Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
COPS
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
20Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
21Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
COPS
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
22Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
COPS
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
23Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
COPS
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
24Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
COPS
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
25Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
High fidelity prototype
COPS
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
26Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Usability Studies Single user observations Interactive task-based experiment In the experiment the user will take the role of an
employee working in the Human Resources department at a fictitious company.
Tasks will start out easy and straightforward and will ramp up in difficulty as the participant works through the problems.
COPS
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
27Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Evaluation Gather data from intro/exit questionnaires, post-
experiment interviews, observation, system monitoring
Measure performance through ease of use, task completion time, error rate, and user satisfaction
Most importantly, do users understand the new privacy features and do they find them useful in the context of an Email application?
COPS
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
28Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Future work Group of users interacting with the system at once Writing a plug-in for existing Email applications File system/cloud implementation
COPS