Ethics and Policy issues in Computing Carnegie Mellon University Spring 2008 Tongia 1 Privacy –

Slides:



Advertisements
Similar presentations
Critical Reading Strategies: Overview of Research Process
Advertisements

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
TPS – UNIQUE HARDWARE ( Option 1: Transaction Processing Systems.
Chapter 12 – Strategies for Effective Written Reports
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Principles of Information Security, 2nd edition1 Cryptography.
 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.
RFID Security CMPE 209, Spring 2009 Presented by:- Snehal Patel Hitesh Patel Submitted to:- Prof Richard Sinn.
Computers and Society Carnegie Mellon University Spring 2007 Cranor/Tongia 1 Privacy Week 6 - February 20,
Usable Privacy and Security Carnegie Mellon University Spring 2007 Cranor/Hong 1 Design for Privacy February 20,
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Location Systems for Ubiquitous Computing Jeffrey Hightower and Gaetano Borriello.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Data Privacy.
Institute of Information Systems, Humboldt University, 2006· Privacy Engineering Sarah Spiekermann & Lorrie Faith Cranor DIMACS Workshop, Rutgers University.
August 6, 2003 Security Systems for Distributed Models in Ptolemy II Rakesh Reddy Carnegie Mellon University Motivation.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Usable Privacy and Security Carnegie Mellon University Spring 2008 Lorrie Cranor 1 Design for Privacy February.
RFID in Mobile Commerce and Security Concerns Chassica Braynen April 25, 2007.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2005 Lorrie Cranor 1 Privacy and Technology Week.
Privacy and Encryption The threat of privacy due to the sale of sensitive personal information on the internet Definition of anonymity and how it is abused.
RFID – An Introduction Murari Raghavan UNC-Charlotte.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
Chapter 10: Authentication Guide to Computer Network Security.
RFID Policy Update 1/23/08 Dan Caprio President DC Strategies, LLC.
Radio Frequency Identification By Bhagyesh Lodha Vinit Mahedia Vishnu Saran Mitesh Bhawsar.
CMU Usable Privacy and Security Laboratory Hey, That’s Personal! Lorrie Faith Cranor 28 July 2005
Writing Research Papers. Research papers are often required of students in high school and in higher education.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2004 Lorrie Cranor 1 Privacy and technology Week.
Invitation to Computer Science 5th Edition
CHAPTER 4 Engineering Communication
Electronic Commerce & Marketing. What is E-Commerce? Business communications and transactions over networks and through computers, specifically –The buying.
Put the Lesson Title Here A webquest for xth grade Designed by Put your You may include graphics, a movie, or sound to any of the slides. Introduction.
MIXNET for Radio Frequency Identification Jaanus Uudmae, Harshitha Sunkara, Dale R. Thompson, Sean Bruce, and Jayamadhuri.
Chloe Miles IMPROVING PRODUCTIVITY USING IT. Menu Using Word Advantages Disadvantages Conclusion E-Safety Social Media Dangers of Social Media Sites Staying.
Dr. Bhavani Thuraisingham October 2006 Trustworthy Semantic Webs Lecture #16: Web Services and Security.
Cryptography, Authentication and Digital Signatures
DATA COLLECTION METHODS CONTENT PAGE How data is collected via questionnaires. How data is collected via questionnaires. How data is collected with mark.
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Configuring Directory Certificate Services Lesson 13.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Types of Electronic Infection
12 Developing a Web Site Section 12.1 Discuss the functions of a Web site Compare and contrast style sheets Apply cascading style sheets (CSS) to a Web.
Advanced Technical Writing Lecture 4 Memorandums.
11-Basic Cryptography Dr. John P. Abraham Professor UTPA.
ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) TRUST
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
ITGS Databases.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Law Enforcement.
Systems that support electronically executed business transactions.
CS453: Introduction to Information Security for E-Commerce Prof. Tom Horton.
DIGITAL SIGNATURE.
Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.
ICOM 5018 Network Security and Cryptography Description This course introduces and provides practical experience in network security issues and cryptographic.
THE INTERNET OF THINGS (IOT). THE INTERNET OF THINGS Objects can transmit and share information without any human intervention.
Describe direct data entry and associated devices, e. g
Ian F. C. Smith Writing a Journal Paper. 2 Disclaimer / Preamble This is mostly opinion. Suggestions are incomplete. There are other strategies. A good.
IDENTITY NUMBERS BY A.M.VILLAVAN M.TECH(COS). RFID Acronymn: Radio Frequency Identification Device RFID is a technology, whose origins are found in the.
LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.
1 UNIT 13 The World Wide Web. Introduction 2 The World Wide Web: ▫ Commonly referred to as WWW or the Web. ▫ Is a service on the Internet. It consists.
Regulation models addressing data protection issues in the EU concerning RFID technology Ioannis Iglezakis Assistant Professor in Computers & Law Faculty.
TAG Presentation 18th May 2004 Paul Butler
English for Advance Learners I
Crypto in information security
TAG Presentation 18th May 2004 Paul Butler
Encryption, Cryptography, and Steganography:
Lecture 4 - Cryptography
Radio Frequency Identification
Presentation transcript:

Ethics and Policy issues in Computing Carnegie Mellon University Spring 2008 Tongia 1 Privacy – Personalization, RFIDs, Surveilance, and Encryption Week 6 - February 19, 21

Ethics and Policy issues in Computing Carnegie Mellon University Spring 2008 Tongia 2 Privacy risks from personalization

Ethics and Policy issues in Computing Carnegie Mellon University Spring 2008 Tongia 3 Unsolicited marketing Desire to avoid unwanted marketing causes some people to avoid giving out personal information

Ethics and Policy issues in Computing Carnegie Mellon University Spring 2008 Tongia 4 My computer can “figure things out about me” The little people inside my computer might know it’s me… … and they might tell their friends

Ethics and Policy issues in Computing Carnegie Mellon University Spring 2008 Tongia 5 Inaccurate inferences “My TiVo thinks I’m gay!”

Ethics and Policy issues in Computing Carnegie Mellon University Spring 2008 Tongia 6 Surprisingly accurate inferences Everyone wants to be understood. No one wants to be known.

Ethics and Policy issues in Computing Carnegie Mellon University Spring 2008 Tongia 7 You thought that on the Internet nobody knew you were a dog… …but then you started getting personalized ads for your favorite brand of dog food

Ethics and Policy issues in Computing Carnegie Mellon University Spring 2008 Tongia 8 Price discrimination Concerns about being charged higher prices Concerns about being treated differently

Ethics and Policy issues in Computing Carnegie Mellon University Spring 2008 Tongia 9 Revealing private information to other users of a computer Revealing info to family members or co-workers Gift recipient learns about gifts in advance Co-workers learn about a medical condition Revealing secrets that can unlock many accounts Passwords, answers to secret questions, etc.

Ethics and Policy issues in Computing Carnegie Mellon University Spring 2008 Tongia 10 Exposing secrets to criminals Stalkers, identity thieves, etc. People who break into account may be able to access profile info People may be able to probe recommender systems to learn profile information associated with other users

Ethics and Policy issues in Computing Carnegie Mellon University Spring 2008 Tongia 11 Subpoenas Records are often subpoenaed in patent disputes, child custody cases, civil litigation, criminal cases

Ethics and Policy issues in Computing Carnegie Mellon University Spring 2008 Tongia 12 Privacy invasive technologies Location tracking (cell phones, GPS devices that phone home, etc.) RFID Transit cards Computer software that phones home Devices that phone home Video cameras (hidden cameras, cell phones) Personalized ecommerce sites Automobile data recorders Face recognition

Ethics and Policy issues in Computing Carnegie Mellon University Spring 2008 Tongia 13 The Global Positioning System (GPS) Radio-navigation system operated by US DoD Comprised of 24 satellites and 5 ground stations Uses satellites to triangulate and calculate 3D position from 4 satellite signals Receivers listen for radio beacons and triangulate their position Typical accuracy in meters, cm accuracy possible DoD intentionally degraded accuracy until May 2000 One-way system Use other system to report location back Does not work indoors

Ethics and Policy issues in Computing Carnegie Mellon University Spring 2008 Tongia 14 Radio-frequency identification (RFID) Tags Antenna bonded to small silicon chip encapsulated in glass or plastic (as small as grain of rice) Unpowered (passive) tags and powered (active) tags Readers Broadcast energy to tags, causing tags to broadcast data Energy from readers can also power onboard sensors or cause tag to write new data to memory Read ranges currently a few centimeters up to a few meters Source: Sixwise

Ethics and Policy issues in Computing Carnegie Mellon University Spring 2008 Tongia 15 Current and near term uses of RFID Automobile immobilizers Animal tracking Building proximity cards Payment systems Automatic toll collection Inventory management (mostly at pallet level) Prevent drug counterfeiting Passports

Ethics and Policy issues in Computing Carnegie Mellon University Spring 2008 Tongia 16 Electronic Product Code Standard managed by EPCglobal Relatively small tags Inexpensive No encryption, limited security Kill feature Password feature Designed to replace UPC bar codes 96-bit+ serial number Object Name Service (ONS) database operated by EPCglobal

Ethics and Policy issues in Computing Carnegie Mellon University Spring 2008 Tongia 17 Post-sale uses Read product labels to blind people Sort packaging for recycling Provide laundry instructions to washer, dryer, dry cleaner Allow smart refrigerator to automatically generate shopping lists and warn about expired items and recalls Allow smart closet to suggest outfits Simplify product returns

Ethics and Policy issues in Computing Carnegie Mellon University Spring 2008 Tongia 18 Privacy concerns with EPCs? What are the privacy risks? What are possible solutions? What are the limitations of these solutions?

Ethics and Policy issues in Computing Carnegie Mellon University Spring 2008 Tongia 19 Building proximity cards Used for access control to buildings Many prox cards have no security features Easily clonable, even remotely Can be read through someone’s pocket or from longer distances while card is being read by legitimate reader Solutions involve adding crypto to cards

Ethics and Policy issues in Computing Carnegie Mellon University Spring 2008 Tongia 20 RFID payment systems Gas station keyfobs Coming soon to the major credit cards in your wallet Chase “Blink” card Can be read from about 20 cm Integrated into watches and cell phones Main advantage is to save time Don’t have to swipe machine Don’t need signature Crypto used to prevent cloning, but JHU researchers demonstrated how to break SpeedPass

Ethics and Policy issues in Computing Carnegie Mellon University Spring 2008 Tongia 21 Engineering privacy Privacy by policy Privacy by architecture

Ethics and Policy issues in Computing Carnegie Mellon University Spring 2008 Tongia 22 Privacy stages identifiability Approach to privacy protection Linkability of data to personal identifiers System Characteristics 0identified privacy by policy (notice and choice) linked unique identifiers across databases contact information stored with profile information 1 pseudonymous linkable with reasonable & automatable effort no unique identifies across databases common attributes across databases contact information stored separately from profile or transaction information 2 privacy by architecture not linkable with reasonable effort no unique identifiers across databases no common attributes across databases random identifiers contact information stored separately from profile or transaction information collection of long term person characteristics on a low level of granularity technically enforced deletion of profile details at regular intervals 3anonymousunlinkable no collection of contact information no collection of long term person characteristics k-anonymity with large value of k

Ethics and Policy issues in Computing Carnegie Mellon University Spring 2008 Tongia 23 Black Boxes Where are these found? Question becomes who has control and access to the information? What insurance uses can you foresee?

Ethics and Policy issues in Computing Carnegie Mellon University Spring 2008 Tongia 24 Research and Communication Skills Organizing a research paper Decide up front what the point of your paper is and stay focused as you write Once you have decided on the main point, pick a title Start with an outline Use multiple levels of headings (usually 2 or 3) Don’t ramble!

Ethics and Policy issues in Computing Carnegie Mellon University Spring 2008 Tongia 25 Research and Communication Skills Typical paper organization Abstract Short summary of paper Introduction Motivation (why this work is interesting/important, not your personal motivation) Background and related work Sometimes part of introduction, sometimes two sections Methods What you did In a systems paper you may have system design and evaluation sections instead Results What you found out Discussion Also called Conclusion or Conclusions May include conclusions, future work, discussion of implications,etc. References Appendix Stuff not essential to understanding the paper, but useful, especially to those trying to reproduce your results - data tables, proofs, survey forms, etc. These sections may be different in your papers

Ethics and Policy issues in Computing Carnegie Mellon University Spring 2008 Tongia 26 Research and Communication Skills Road map Papers longer than a few pages should have a “road map” so readers know where you are going Road map usually comes at the end of the introduction Tell them what you are going to say in the roadmap, say it, (then tell them what you said in the conclusions) Examples In the next section I introduce X and discuss related work. In Section 3 I describe my research methodology. In Section 4 I present results. In Section 5 I present conclusions and possible directions for future work. Waldman et al, 2001: “This article presents an architecture for robust Web publishing systems. We describe nine design goals for such systems, review several existing systems, and take an in- depth look at Publius, a system that meets these design goals.”

Ethics and Policy issues in Computing Carnegie Mellon University Spring 2008 Tongia 27 Research and Communication Skills Use topic sentences (Almost) every paragraph should have a topic sentence Usually the first sentence Sometimes the last sentence Topic sentence gives the main point of the paragraph First paragraph of each section and subsection should give the main point of that section Examples from Waldman et al, 2001 In this section we attempt to abstract the particular implementation details and describe the underlying components and architecture of a censorship-resistant system. Anonymous publications have been used to help bring about change throughout history.

Ethics and Policy issues in Computing Carnegie Mellon University Spring 2008 Tongia 28 Research and Communication Skills Avoid unsubstantiated claims Provide evidence for every claim you make Related work Results of your own experiments Conclusions should not come as a surprise Analysis of related work, experimental results, etc. should support your conclusions Conclusions should summarize, highlight, show relationships, raise questions for future work Don’t introduce new ideas in discussion or conclusion section (other than ideas for related work) Don’t reach conclusions not supported by the rest of your paper

Ethics and Policy issues in Computing Carnegie Mellon University Spring 2008 Tongia 29 Wiretaps, encryption, and government surveillance

Ethics and Policy issues in Computing Carnegie Mellon University Spring 2008 Tongia 30 Surveillance systems you should know about Clipper Echelon CAPS II TIA Carnivore CALEA MATRIX

Ethics and Policy issues in Computing Carnegie Mellon University Spring 2008 Tongia 31 Government surveillance Governments increasingly looking for personal records to mine in the name of fighting terrorism People may be subject to investigation even if they have done nothing wrong

Ethics and Policy issues in Computing Carnegie Mellon University Spring 2008 Tongia 32 Risks may be magnified in future Wireless location tracking Semantic web applications Ubiquitous computing

Ethics and Policy issues in Computing Carnegie Mellon University Spring 2008 Tongia 33 Encryption Encryption has multiple aspects that are important Stakeholders  More than just the endpoints, often Mechanisms  Symmetric/Asymmetric  Key management systems Usability Impacts/implications

Ethics and Policy issues in Computing Carnegie Mellon University Spring 2008 Tongia 34 How Encryption Works (simplified) There are 2 types of encryption Symmetric Asymmetric

Ethics and Policy issues in Computing Carnegie Mellon University Spring 2008 Tongia 35 Cryptography Basics Encryption algorithm used to make content unreadable by all but the intended receivers E(plaintext,key) = ciphertext D(ciphertext,key) = plaintext Symmetric (shared) key cryptography A single key is used is used for E and D D( E(p,k1), k1 ) = p Management of keys determines who has access to content E.g., password encrypted

Ethics and Policy issues in Computing Carnegie Mellon University Spring 2008 Tongia 36 Public Key Cryptography Public Key cryptography Each key pair consists of a public and private component: k + (public key), k - (private key) D( E(p, k + ), k - ) = p D( E(p, k - ), k + ) = p Public keys are distributed (typically) through public key certificates Anyone can communicate secretly with you if they have your certificate E.g., SSL-base web commerce

Ethics and Policy issues in Computing Carnegie Mellon University Spring 2008 Tongia 37 Public Key Cryptography Public Domain Images

Ethics and Policy issues in Computing Carnegie Mellon University Spring 2008 Tongia 38 Public Key Encryption Public/Private key combinations can also be used for signing documents Proof of originator Non-repudiation Signing involves using the private key to create the modified message, which anyone read (is NOT secret), but the public key will verify the originator

Ethics and Policy issues in Computing Carnegie Mellon University Spring 2008 Tongia 39 Signing Public Domain Images

Ethics and Policy issues in Computing Carnegie Mellon University Spring 2008 Tongia 40 Problems with Encryption Usability Software required Complicated Key management Certificate authorities PKI (public key infrastructure) What happens when you lose a key????? False sense of security Policy and regulatory issues “What have you got to hide?”

Ethics and Policy issues in Computing Carnegie Mellon University Spring 2008 Tongia 41 Homework 3 discussion sp07/homework/hw3.html sp07/homework/hw3.html Pick one new-technology-related privacy concern that you believe to be particularly significant. Explain the privacy issue and why you think it is a significant concern. What might be done to mitigate the concern? Pick a particular industry or type of web site and use Privacy Finder to find two P3P-enabled web sites of that type. At each site read both the human-readable privacy policy and the Privacy Finder privacy report. Privacy Finder Describe what aspects of each privacy policy you liked and what aspects you did not like (address both how well the sites protect privacy and how the privacy policies are presented). Compare the experience reading the privacy policies with the experience reading the Privacy Finder privacy report.

Ethics and Policy issues in Computing Carnegie Mellon University Spring 2008 Tongia 42 Class debate #3 The State of Pennsylvania should adopt legal restrictions on the use of web cams

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.