0x1A Great Papers in Computer Security Vitaly Shmatikov CS 380S

Slides:



Advertisements
Similar presentations
FERPA - Sharing Student Information
Advertisements

Information for Students MGH Institute of Health Professions Use your down arrow or click your mouse to advance through the presentation.
University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.
A Brief History of Information Privacy IC211. Colonial America Eavesdropping “listen[ing] under walls or windows, or the eaves of a house, to hearken.
Today’s Schools face:  Numerous State and Federal Regulations  Reduced Technology Funding  More Stringent Guidelines for Technology Use.
Regulatory Issues in Campus Computing Privacy and Security in a Digital World Presented by David Gleason, Esq. University Counsel University of Maryland,
Interaction of RFID Technology and Public Policy Presentation at RFID Privacy MIT 15 TH November 2003 By Rakesh Kumar
Confidentiality in the Schools A Presentation by Clay “G” Mills, Ph.D. WCSD School Psychologist Copyright 2008 This information is intended for an individual.
IS3350 Security Issues in Legal Context
13.1 Chapter 13 Privacy © 2003 by West Legal Studies in Business/A Division of Thomson Learning.
FERPA: Family Educational Rights and Privacy Act.
Privacy and Contextual Integrity: Framework and Applications Adam Barth, Anupam Datta, John C. Mitchell (Stanford), and Helen Nissenbaum (NYU) TRUST Winter.
Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.
Privacy Chris Kelly iLaw July 5, 2002.
CS294-1 Deeply Embedded Networks Privacy Discussion 11/25/03 David Culler University of California, Berkeley.
Privacy and Sensor Networks: Do Sensor Networks fit with Fair Information Practices Deirdre K. Mulligan Acting Clinical Professor of Law Director, Samuelson.
On Privacy and Compliance: Philosophy and Law meets Computer Science Anupam Datta Stanford University Oakland PC Crystal Ball Workshop January 2007.
C MU U sable P rivacy and S ecurity Laboratory Philosophical definitions of privacy Lorrie Faith Cranor October 19, 2007.
Contextual Integrity in PORTIA PI: Helen Nissenbaum Students: Timothy Weber & Michael Zimmer New York University In collaboration with: Sam Hawala (U.S.
Privacy & Personal Information -- Why do we care or do we?
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
1 Raymond Doray Conflicts between the new Canadian Money Laundering Act and the rules of professional conduct and ethics September 13, 2002.
Banks and the Privacy of Medical Information 8 th National HIPAA Summit March 8, 2004 Joy Pritts, JD Health Policy Institute Georgetown University
Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style PRIVACY AS & AND CONTEXTUAL INTEGRITY Helen Nissenbaum.
INLS 200 today’s line-up online privacy short video discussion questions from you? ethics cases? Ulrich’s Guide to Periodicals.
Privacy and Ubiquitous Computing Deirdre K. Mulligan Acting Clinical Professor of Law Director Samuelson Law, Technology & Public Policy Clinic, Boalt.
Anonymity, Security, Privacy and Civil Liberties
1 General Awareness Training Security Awareness Module 1 Overview and Requirements.
Privacy Information: A Consumer Action Project information.org Workplace Privacy Your rights on the job © Consumer Action 2009.
Legal and Ethical Issues. Major Topics Protecting Programs and Data Information and the Law Rights of Employees and Employers Software Failures Computer.
Confidentiality and Public Information Act LISD Special Education Department Training SY
Privacy as contextual integrity Helen Nissenbaum New York University September 6, 2007 Ars Electronica, Linz Support.
Slides prepared by Cyndi Chie and Sarah Frye1 A Gift of Fire Third edition Sara Baase Chapter 2: Privacy.
1 The interplay of stopping computer crime while protecting privacy Svein Yngvar Willassen Department of Telematics, Norwegian University of Science and.
Risk Assessment. InfoSec and Legal Aspects Risk assessment Laws governing InfoSec Privacy.
Slides prepared by Cyndi Chie and Sarah Frye1 A Gift of Fire Third edition Sara Baase Chapter 2: Privacy.
Privacy and Contextual Integrity: Framework and Applications Adam Barth, Anupam Datta, John C. Mitchell (Stanford) Helen Nissenbaum (NYU)
“You have zero privacy,” “You own your data,” and other Myths Dr. Gilad L. Rosner Visiting Researcher Horizon Digital Economy Research Institute
Contextual Integrity as a Normative Guide for Privacy Helen Nissenbaum New York University * School of Information, UC Berkeley April 2, 2008 * Supported.
F.E.R.P.A. Family Educational Rights and Privacy Act Cindy Johnson–Taylor, Ph.D. Mary Martin, Ed.D. Mark Mitchell, Ed.D. Linda Winter, Ph.D. Winthrop University.
Do you believe in this? Due to its very nature, the Internet is NOT a safe or secure environment. It is an ever-changing medium where anyone and everyone.
Privacy in computing Material/text on the slides from Chapter 10 Textbook: Pfleeger.
Privacy in Context Helen Nissenbaum Department of Culture and Communication New York University m Research supported.
Privacy in Healthcare Challenges Associated with Implementing Privacy in an Electronic Health Records Environment John P. Houston, J.D. Vice President,
Dimensions of Privacy 18739A: Foundations of Security and Privacy Anupam Datta Fall 2009.
Types of privacy (Solove, Understanding Privacy)
1 CONFIDENTIALITY. 2 Requirement Under IDEA 34 CFR Sec (c) All staff collecting or using personally identifiable information in public education.
Privacy as Contextual Integrity Helen Nissenbaum Department of Culture & Communications, NYU
FIRMA April 2010 DATA BREACHES & PRIVACY Christine M. Farquhar Managing Director, Compliance J.P. Morgan U.S. Private Banking.
Computer Ethics Chapter 14 – Computers: Understanding Technology.
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Privacy in Context: Contextual Integrity Peter Radics Usable Security – CS 6204.
14.1 Chapter 14 Privacy © 2003 by West Legal Studies in Business/A Division of Thomson Learning.
Student Financial Assistance. Session 55-2 Session 55 Internet Privacy Laws.
Privacy and Contextual Integrity: Framework and Applications Adam Barth, Anupam Datta, John C. Mitchell (Stanford) Helen Nissenbaum (NYU)
Safeguarding Sensitive Information. Agenda Overview Why are we here? Roles and responsibilities Information Security Guidelines Our Obligation Has This.
1 Ethical Issues in Computer Science CSCI 328, Fall 2013 Session 13 Privacy as a Value.
Legal, Regulations, Investigations, and Compliance Chapter 9 Part 2 Pages 1006 to 1022.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
1 Ethics of Computing MONT 113G, Spring 2012 Session 31 Privacy as a value.
CONFIDENTIALITY. Three Confidentiality Laws 1.FERPA-Family Education Rights and Privacy Act (State Policy 4350: Procedures for the Collection, Maintenance.
Self-determination and Information Privacy: A Plotinian Virtue Ethics Approach Giannis Stamatellos University of Copenhagen Centre for Neoplatonic Virtue.
DIGITAL FOOTPRINTS 11 TIPS FOR MONITORING YOUR DIGITAL FOOTPRINT AND 5 TIPS TO MAKE IT POSITIVE.
Privacy. Some Web Science Issues Kieron O’Hara 29 November 2011.
PRIVACY AND DATA PROTECTION in THE BIG DATA AGE JONATHAN PRICE.
FERPA & HIPAA: Maintaining Student Confidentiality.
Privacy and the Law.
E&O Risk Management: Meeting the Challenge of Change
DATA BREACHES & PRIVACY Christine M
Lecture 27: Privacy CS /7/2018.
IT and Society Week 2: Privacy.
Presentation transcript:

0x1A Great Papers in Computer Security Vitaly Shmatikov CS 380S

H. Nissenbaum Privacy as Contextual Integrity (Washington Law Review 2004)

Common-Law Right to Privacy uCharacterized by Samuel Warren and Louis Brandeis (1890) u“An individual’s right of determining, ordinarily, to what extent his thoughts, sentiments, and emotions shall be communicated to others” slide 3

Definitions of Privacy (1) u“Privacy is not simply an absence of information about us in the minds of others; rather it is the control we have over information about ourselves” --Charles Fried u“Privacy is a limitation of others’ access to an individual through information, attention, or physical proximity” --Ruth Gavison u“Privacy is the right to control information about and access to oneself” -- Priscilla Regan slide 4

Definitions of Privacy (2) u"Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extend information about them is communicated to others” u“...privacy is the voluntary and temporary withdrawal of a person from the general society through physical or psychological means, either in a state of solitude or small-group intimacy or, when among larger groups, in a condition of anonymity or reserve” –A. Westin. “Privacy and Freedom” (1967) slide 5

Three Guiding Legal Principles uProtecting privacy of individuals against intrusive government agents 1st, 3rd, 4th, 5th, 9th, 14th amendments, Privacy Act (1974) uRestricting access to sensitive, personal, or private information FERPA, Right to Financial Privacy Act, Video Privacy Protection Act, HIPAA uCurtailing intrusions into spaces or spheres deemed private or personal 3rd, 4th amendments slide 6

Gray Areas uPrivate vs. public space uUSA PATRIOT Act u“Credit headers” Basic information in a credit report about the person to whom the credit report applies - name, variations of names, current and prior addresses, phone number, date of birth, SSN uOnline privacy in the workplace slide 7

Downsides of Three Principles uNot conditioned on additional dimensions Time, location, etc. uPrivacy based on dichotomies Private – public Sensitive – non-sensitive Government – private … slide 8

Modern Privacy Threats uAutomated capture of enhanced/large amounts of information RFID tags, EZ Pass, online tracking, video surveillance, DRM, etc. uConsumer profiling, data mining, aggregation ChoicePoint, Census, credit bureaus, etc. uPublic records online Courts, county clerks, etc. Local vs. global access of data slide 9

Contextual Integrity uPhilosophical account of privacy Aims to describe what people care about uMain idea: every transfer of personal information happens in a certain social context uContext-dependent norms govern the type of information and the principles of transmission Information is categorized by type –Example: personal health information, psychiatric records, … –Rejects public/private dichotomy Principles of transmission depend on context –Confidentiality, reciprocity, etc slide 10

Cornerstone Norms uNorms of appropriateness determine what types of information are or are not appropriate for a given context uNorms of distribution determine the principles governing flow or transfer of information from one party to another Volunteered, inferred, mandated, expected, demanded, etc. Discretion, entitlement, third-party confidentiality, commercial exchange, reciprocal vs. one-way, etc. slide 11

Privacy as Contextual Integrity uContextual integrity is respected when norms of appropriateness and distribution are respected uIt is violated when any of the norms are infringed slide 12

Example: Gramm-Leach-Bliley slide 13 Sender roleSubject roleAttribute Transmission principle Financial institutions must notify consumers if they share their non-public personal information with non- affiliated companies, but the notification may occur either before or after the information sharing occurs

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.