Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy Science, Copyright Robert Thibadeau, CMU, 2001 1 Privacy Science Robert Thibadeau, Ph.D. Director, Internet Systems Laboratory

Published byEvelyn Phinney Modified over 9 years ago

Similar presentations

Presentation on theme: "Privacy Science, Copyright Robert Thibadeau, CMU, 2001 1 Privacy Science Robert Thibadeau, Ph.D. Director, Internet Systems Laboratory"— Presentation transcript:

1

2 Privacy Science, Copyright Robert Thibadeau, CMU, 2001 1 Privacy Science Robert Thibadeau, Ph.D. Director, Internet Systems Laboratory http://www.internetlab.ri.cmu.edu Institute for eCommerce School of Computer Science Carnegie Mellon University Pittsburgh, Pennsylvania

3 Privacy Science, Copyright Robert Thibadeau, CMU, 2001 2 Examples of Hard Problems Negotiating in a Millisecond –Default : no negotiation (but is this realistic?) –The human mind is not fast enough to make new decisions –Persona/Virtual Identities : Pre-understood agreements. Linkability == Inductive Reasoning == we don’t know to do… (Thresholds?) Email as PII –17 year olds – no? –57 year olds – yes? Jurisdiction Mixing –What is the answer when there is no answer? –E.g., European living in America –…Micro-Jurisdiction / Self-Jurisdiction / Personal Info Sphere? »Global Identities

4 Privacy Science, Copyright Robert Thibadeau, CMU, 2001 3 Information Privacy Technology Law No matter how much you want to, you can’t get technology out of privacy or the law out of privacy

5 Privacy Science, Copyright Robert Thibadeau, CMU, 2001 4 Reasons There is no technically perfect solution possible : Thomas Jefferson’s notion of public and private. –Therefore the Law becomes Indispensible Technology – actually the computer – will always surprise you : The Turing Principle –Therefore Technology cannot be frozen to a form Technology – you need locks on the doors, stuff to make the laws easy to use, and policing of the laws –This requires Technology

6 Privacy Science, Copyright Robert Thibadeau, CMU, 2001 5 Privacy Server Protocol http://yuan.ecom.cmu.edu/psp http://yuan.ecom.cmu.edu/psp Port-based, not (necessarily) HTTP –Scope : Persistence in Time and Scoping across Modality P3P Vocabulary (as excellent starter) Negotiated Privacy –Persona Driven Bilateral Privacy –Museums - Universal Studios – Ford Have Privacy Needs Too Non-Repudiate-able Contracts –Utilizing ASN.1/SMPTE 298M/DVBX Globally Unique Contract Names without central servers.

7 Privacy Science, Copyright Robert Thibadeau, CMU, 2001 6 CMU PERSONA MODEL Schwab StockPicker Client Browser User Agent Web Site Server Agent Amazon Shopper DoubleClick User BN Shopper BUY Shopper Database System Privacy Policy Agreements Amazon Shopper DoubleClick User CMU Shadow

8 Privacy Science, Copyright Robert Thibadeau, CMU, 2001 7 CMU PERSONA MODEL Schwab StockPicker Client Browser User Agent Web Site Server Agent Amazon Shopper DoubleClick User BN Shopper BUY Shopper Database System Amazon Shopper DoubleClick User CMU Shadow I want the Shopping Cart Need to be a Shopper I ‘m an Amazon Shopper OK, Sign Here OK, Now you Sign Done, Come on In!

9 Privacy Science, Copyright Robert Thibadeau, CMU, 2001 8 CMU PERSONA MODEL *ALT Schwab StockPicker Client Browser User Agent Web Site Server Agent Amazon Shopper DoubleClick User BN Shopper BUY Shopper Database System Amazon Shopper DoubleClick User CMU Shadow I want the Shopping Cart Need to be a BN Shopper Can I be an Amazon Shopper? OK, Sign Here OK, Now you Sign Done, Come on In! What’s That? It’s This P3P Policy

10 Privacy Science, Copyright Robert Thibadeau, CMU, 2001 9 CMU PERSONA MODEL *ALT Schwab StockPicker Client Browser User Agent Web Site Server Agent Amazon Shopper DoubleClick User BN Shopper BUY Shopper Database System Amazon Shopper DoubleClick User CMU Shadow I want the Shopping Cart Need to be a Shopper Can I be an Amazon Shopper? OK, Now You Sign OK, Sign Here Done, I’m Coming In! OK, But you need to be DoubleClick User TOO!

11 Privacy Science, Copyright Robert Thibadeau, CMU, 2001 10 cmu persona A Persona is a Set of Credentials of which a Proper Subset is distinguished for Authorizing Access To the Remainder of the Set Name : Credit Card Number : Card Expiration : Mailing Address : Mothers Name : Child Persona : … Username : Password : Credentials as Other Persona Recogniz-er : FillerIn-er : Communicat-er : HowToUse-er : P3P APPEL :

12 Privacy Science, Copyright Robert Thibadeau, CMU, 2001 11 cmu persona interface IE/Netscape Plugin is EMPTY PERSONA EDIT OR APPLY ENGINE Fill it with actual person in different ways: CMU PERSONA PLUGIN Active Persona Storage REMOTE BASESTATION WEB SERVER : PORT 80 (Web Page Activates Persona) AMAZON SHOPPER THIRD PARTY WEB SERVER : PORT 80 MY OTHER SHOPPER My Secure Hard Disk OR My Floppy Disk MY OTHER SHOPPER Like to Use Amazon Shopper

13 Privacy Science, Copyright Robert Thibadeau, CMU, 2001 12 Technological Organization David-Olivier Jaquet-Chiffelle david-olivier.jaquet-chiffelle@hta-bi.bfh.ch Anonymity Unlinkability Unobservability Theoretical Practical ConditionalUnconditional Pseudoanonymity

14 Privacy Science, Copyright Robert Thibadeau, CMU, 2001 13 Legal/Technical Organization ‘The Law defines its own world’ Anonymity Unlinkability Unobservability Law Technical ConditionalUnconditional Pseudoanonymity

Download ppt "Privacy Science, Copyright Robert Thibadeau, CMU, 2001 1 Privacy Science Robert Thibadeau, Ph.D. Director, Internet Systems Laboratory"

Similar presentations

Copyright line. Configuring Server Roles in Windows 2008 Exam Objectives New Roles in 2008 New Roles in 2008 Read-Only Domain Controllers (RODCs) Read-Only.

Copyright line. Configuring Server Roles in Windows 2008 Exam Objectives New Roles in 2008 New Roles in 2008 Read-Only Domain Controllers (RODCs) Read-Only.
Privacy & Other Issues. Acceptable Use Policies When you sign up for an account at school or from an Internet Service Provider, you agree to their rules.

Privacy & Other Issues. Acceptable Use Policies When you sign up for an account at school or from an Internet Service Provider, you agree to their rules.
GT 4 Security Goals & Plans Sam Meder

GT 4 Security Goals & Plans Sam Meder
Robert Thibadeau, Copyright 2000 1 It’s not what IT does to Privacy it’s what Privacy does to IT Robert Thibadeau, Ph.D. www.internetlab.ri.cmu.edu www.w3.org/p3pwww.w3.org/p3p.

Robert Thibadeau, Copyright It’s not what IT does to Privacy it’s what Privacy does to IT Robert Thibadeau, Ph.D.
CP3397 ECommerce.

CP3397 ECommerce.
Lesson 1. Course Outline E-Commerce and its types, Internet and WWW Basics, Internet standards and protocols, IP addressing, Data communication on internet,

Lesson 1. Course Outline E-Commerce and its types, Internet and WWW Basics, Internet standards and protocols, IP addressing, Data communication on internet,
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter 1 Visualizing Privacy II.

Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter 1 Visualizing Privacy II.
Aim: What strategies can we use to keep our financial information safe online? Do Now: What do you do to protect your information online?

Aim: What strategies can we use to keep our financial information safe online? Do Now: What do you do to protect your information online?
CC3.12 Lecture 12 Erdal KOSE Based of Prof. Ziegler Lectures.

CC3.12 Lecture 12 Erdal KOSE Based of Prof. Ziegler Lectures.
6/10/2015Cookies1 What are Cookies? 6/10/2015Cookies2 How did they do that?

6/10/2015Cookies1 What are Cookies? 6/10/2015Cookies2 How did they do that?
User Managed Privacy Using Distributed Trust Privacy and Security Research Workshop Carnegie Mellon University May 29-30, 2002 Lark M. Allen / Wave Systems.

User Managed Privacy Using Distributed Trust Privacy and Security Research Workshop Carnegie Mellon University May 29-30, 2002 Lark M. Allen / Wave Systems.
Copyright © 2004 Pearson Education, Inc. Slide 7-1 E-commerce Kenneth C. Laudon Carol Guercio Traver business. technology. society. Second Edition.

Copyright © 2004 Pearson Education, Inc. Slide 7-1 E-commerce Kenneth C. Laudon Carol Guercio Traver business. technology. society. Second Edition.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
Email Extras Plus! Pepper. Objectives E-mail extra knowledge Cookies Picture handling when creating site.

Extras Plus! Pepper. Objectives extra knowledge Cookies Picture handling when creating site.
Using Digital Credentials On The World-Wide Web M. Winslett.

Using Digital Credentials On The World-Wide Web M. Winslett.
Introduction To Windows NT ® Server And Internet Information Server.

Introduction To Windows NT ® Server And Internet Information Server.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Masud Hasan 03-60-475 Secure Email Project 1. Secure Email It uses Digital Certificate combined with S/MIME capable email clients to digitally sign and.

Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.
Hosted Exchange 2007. The purpose of this Startup Guide is to familiarize you with ExchangeDefender's Exchange and SharePoint Hosting. ExchangeDefender.

Hosted Exchange The purpose of this Startup Guide is to familiarize you with ExchangeDefender's Exchange and SharePoint Hosting. ExchangeDefender.

Similar presentations

Ads by Google