300 likes | 569 Views
“The poorest man may in his cottage bid defiance to all the force of the crown.” --- William Pitt, Prime-minister of Great Britain, 1783 – 1801 and 1804- till his death in 1806.
E N D
“The poorest man may in his cottage bid defiance to all the force of the crown.” --- William Pitt, Prime-minister of Great Britain, 1783 – 1801 and 1804- till his death in 1806
From “Fear and Freedom on the Internet “ --Peter Singer, Professor of Bio-ethics, Princeton University “There’s really no way to …repress information today, and I think that’s a wonderful advance we can all feel good about... This is a medium of total openness and total freedom, and that’s what makes it so special.” -- Bill Gates, October 2005 Two newsitems of Jan 2006: • At the request of China’s rulers, Microsoft shut down the website of Zhao Jing , a Chinese blogger, who had been reporting on a strike by journalists at The Beijing News that followed the dismissal of the newspaper’s independent-minded editor.. The blog was hosted on MSN Spaces in USA. • Microsoft’s blog tool in China filters words like “democracy” and “human rights” from blog titles, to comply with local laws.
Today’s news Wednesday, Jan 25, 2006 Google officially launched a new www.google.cn site that plans to filter out or block links to material likely to be considered politically sensitive by China's ruling Communist Party.
INTERNET PRIVACY: a DEFINITION The ability • to control what information one reveals about oneself over the Internet, and • to control who can access that information. Experts in the field of Internet privacy: Internet privacy does not really exist. Privacy advocates believe that it should exist. Reference: http://en.wikipedia.org/wiki/Internet_privacy as of September 18, 2007
PRIVACY • Right to a sense of personal autonomy • Right to have information about oneself used fairly ensuring that organizations act fairly in the way they (i) collect (ii) store (iii) use and (iv) disclose one’s personal information • Right to be left alone • Right to decide what part of one’s personal information is to be shared with (i) doctor (ii) employer (iii) banker (iv) neighbor (v) friend or (vi) stranger
Who cares? • 2004:US government: introduced free ‘do not call’ service: 28 million phone numbers registered within a month • 2001 Survey in Australia: 90% Australians consider it important how their personal information is used by organizations and to whom it is disclosed.
Costs of Privacy • Privacy of data its non-availability at some time, when required • Attempts to retain privacy inconvenience or forgoing certain benefits
Privacy protection • To shield innocent persons from an overzealous government Profiling can lead to a misinterpretation of accurate information • To permit every one to preserve her/his dignity and autonomy To not let governments and big corporations to have and to exercise undue power over individuals
Privacy protection and Public Interest • To support freedom of expression, freedom of speech and freedom of association. • Anonymity fosters creativity. • Permits individuals to make a fresh start and become useful members of society. • Privacy protection is integral to trust. Trust is the cornerstone of a strong relationship.
How to protect? • Records should be kept for no longer than necessary. • Records , if inaccurate, must be deleted or corrected. Sometimes not possible to delete: Example: Health records wrongly state that you have diabetes. Accordingly some wrong treatment was started. If the record is deleted, the reason why the wrong treatment was given will also go and the medication history will not make sense. • Be proactive in defense of privacy. The default barriers of time, distance and cost, against publication and retention of your private information, have vanished. PROBLEMS: • Right to research vs autonomy; • Right to forget vs. Right to know
Risks • Stealing information through Cookies (Example: Cross-site scripting ) • Browsing profile • Weak spot: ISP • Spyware, Phishing, malicious proxy servers • Web-bug: techniques used to track who is reading a web page or e-mail, when, and from what computer. They can also be used to see if an e-mail was forwarded to someone else.
The Google age • “We are becoming a transparent society of record such that documentation of our past history, current identity, location, communication and physiological and psychological states and behavior is increasingly possible. With predictive profiles and DNA there are even claims to be able to know individual futures”. Gary Marx, “Privacy and Technology”, Telektronik, January 1996.
Health Information Acts stress PRIVACY • Apply to hospitals, doctors, laboratories, insurance companies, employers etc • Allow individuals to be informed about their health care • Provide both privacy and legitimate access to health information
Facts and needs • Personal information: available in tens of data-bases under the control of different organizations. • Onus on the person to correct his information, when he does not even know about all the places, where his information is. • Ownership? vs Control? Needs: • PRIVACY, • CORRECTNESS OF INFORMATION, • AVAILABILITY WHEREVER REQUIRED
Proposed Systems • IBM: a third party to maintain and release information by following certain rules • Information to be maintained by the owner
Ownership of data Ownership may not mean • Write-access Ex: Government-owned information: social security number, passport ( A government can revoke a passport); Financial information: Annual Tax returns, bank balances • Read- access Ex: Reports by: physicians, laboratories Reference: for the next set of slides: Carrie Gates, Jacob Slonim ,“ Owner-Controlled Information,” http://flame.cs.dal.ca/~gates/papers/nspw03.ps.
Ownership of data ….continued Ownership means • Permitting others to access part of the information • Role-based access control, augmented by location (say in a hospital, when both the owner and the doctor are in the same room) • Deciding about individuals, who can access it in case of disability • Deciding about overarching access in case of an emergency/ in case of death • Societal Needs to access • For medical research • For identifying concerned individuals Example: spread of SARS
Escrowed Encryption Standard (EES) • EES: uses key escrow method of enabling eavesdropping by authorized government agencies, under a court order. (FIPS 185) • escrow: a deed, a bond, money, or a piece of property held in trust by a third party to be turned over to the grantee (in this case- a Law Enforcement Agency) only upon fulfillment of a condition Reference: Merriam-Webster’s Online Dictionary
SKIPJACK • encryption/decryptionalgorithm used by EES • can be incorporated into voice, facsimile (fax), and computer data devices • Has a Law-Enforcement Access Field (LEAF), and two LEAF decryption keys • Clipper: the chip designed through US Dept of Commerce grants in 1994 Reference:http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci837181,00.html as of September 18, 2007
Escrowed Encryption • Research in Escrowed encryption standard abandoned after 1994 Ref.: http://csrc.nist.gov/publications/fips/fips185/fips185.txt • Partial key Escrow that obey the secret sharing property (that any k pieces of the key can reconstruct the key, but that no t pieces provide information about the key, where t < k) Ref.: http://www.cse.ucsd.edu/users/mihir/papers/escrow.html
Physical Ownership Need for an individual to carry information with him: • Ownership and control • Distributed and incomplete information: likely to be non-synchronized and erroneous • May not be available, when required • Can allow access to appropriate parts of information to various entities under specified conditions • Misused in spite of assurances Ex: census information supposed to be retained for 99 years only for research; after 9/11, the president made it available to law-enforcement agencies
Problems of Physical Ownership • Theft of identity • Loss and recreation of information • Requirement of Temper-proof hardware and protected storage areas • To encash a cheque, without a cenralized data? • How to ensure that the authorized user has not made a copy of the data released to him? • Provision for expiry of data (like passport, health card, driving license • Secure back-ups • A friendly User interface and granularity of information
Trust • No one is a super-user? • Non-repudiated Audit Trail • Alerts, in case unauthorized change has been done. Ex: A bank may • sign the information, when it writes into the personal device. • inserts a hash in the database. • Next time when the device is presented to the Bank, it verifies the hash before starting the transaction. • IDS to detect if someone tries to copy the data.
Existing services 1. Microsoft Passport service: • a single sign-on service • may contain e-wallet containing billing and shipping information (e-Wallet: safely stores • name, • address, • credit-card numbers, • password and any other information needed for purchase from e-commerce sites ) References: 1. https://www.passport.net/ 2. http://www.projectliberty.org/
Existing services …. continued MS wanted to extend Passport to XML based Hailstorm to contain • calendars, • phone books, • address books, • documents, using passport authentication mechanism. However the project was abandoned in the face of criticism. 2. Liberty Alliance of 150 companies for a federated identity infrastructure: • Links databases maintained at a number of organizations rather than at a single (set of ) servers
Existing services …. Continued 2 3. Persona Project at Oregon State University • single sign-on, • consumer-centered identity model, that is distributed across multiple systems • holds a user's personal information, including identity, passwords, preferences and e-wallet information • can be accessed via desktops, personal digital assistants (PDAs), cell phones, and even from cybercafes.
The Persona project • The persona is "an active software agent that encapsulates private and personal data and performs a range of authentication and personalization services on behalf of its owner.“ The basic premise: • The user: authenticates himself to his persona. • The persona: acts on behalf of the user to supply on-line information such as billing information or personal schedules. • Access to this information: moderated by the access control rules employed by the user (e.g. so that only a limited number of companies can access credit card information, for example). Ref.: http://www.cs.pdx.edu/~ktoth/index_files/ RHASPersonaPaperTothSubramaniumV6.pdf
Issues • CENTRAL VS FEDERATED VS PERSONALLY CARRIED INFORMATION IN SMART CARDS/FLASH KEYS ETC • Authentication of the owner through biometric information • Authentication of every one allowed to have a read or write access References: 1. Electronic Privacy Information Center (EPIC) http://www.epic.org/privacy/consumer/microsoft/passport.html 2 M.Fairhurst, R.Guest, F. Deravi and J. George,” Using Biometrics as an enabling technology in balancing universality and selectivity for management of information access,” Universal Access: Theoretical Perspectives, Practice and Experience: 7th ERCIM International Workshop on User Interface for All, Paris France Oct 24-25, 2002, Springer-Verlag Lecture Notes in CS 2615, pp 249-259
Implementation of Privacy Policies Implementation requires • a careful study of the Vulnerabilities and Requirements of the Organization; • formulation of appropriate Security and Privacy policies; • development of the Architecture of the Security system; • selection of Security Technologies; • verification whether the design of the system conforms to the statutory requirements and standards.
Assignment I • Use Ataraxis; Topic: Internet Privacy References: • ACM Digital Library, IEEE Explorer and Lecture Notes in Computer Science series at Leddy Library Electronic offerings • Researchers: Sweeney L., Malin B., Clifton C., Vaidya J. • Computers Freedom and Privacy Conference (http://www.cfp.org/) • Anonymity project (http://idtrail.org/) • Electronics Privacy Information Center (http://www.epic.org/) • http://www.privacy.org/, http://www.privacyinternational.org/ • Studies on Privacy Vulnerabilities by John Hopkins Information Security Institute (http://web.jhu.edu/jhuisi/)