BA 572 - J. Galván1 PRIVACY and Other Social Issues.
-
Upload
lynne-simon -
Category
Documents
-
view
217 -
download
0
Transcript of BA 572 - J. Galván1 PRIVACY and Other Social Issues.
BA 572 - J. Galván 1
PRIVACY
and
Other Social Issues
BA 572 - J. Galván 2
WHAT IS PRIVACY?
Freedom from observation, intrusion, or attention of others
Society’s needs sometimes trump individual privacy
Privacy rights are not absolute Balance needed
Individual rights Society’s need
Privacy and “due process”
BA 572 - J. Galván 3
PRIVACY AND THE LAW
No constitutional right to privacy The word “privacy” is not in the Constitution Congress has passed numerous laws
Not particularly effective Issue is pace of change
Privacy is a function of culture Privacy means different things in different
countries and regions Serious problem on global Internet
BA 572 - J. Galván 4
SOME U.S. PRIVACY LAWS.
Year Title Intent
1970 Fair Credit Reporting Act
Limits the distribution of credit reports to those who need to know.
1974 Privacy Act Establishes the right to be informed about personal information on government databases.
1978 Right to Financial Privacy Act
Prohibits the federal government from examining personal financial accounts without due cause.
1986 Electronic Communications Privacy Act
Prohibits the federal government from monitoring personal e-mail without a subpoena.
1988 Video Privacy Protection Act
Prohibits disclosing video rental records without customer consent or a court order.
2001 Patriot Act Streamlines federal surveillance guidelines to simplify tracking possible terrorists.
BA 572 - J. Galván 5
Collecting Personal Information (e.g., your email address => email spam)
Notice/awareness You must be told when and why
Choice/consent Opt-in or opt-out
Access/participation You can access and suggest corrections
Integrity/security Collecting party is responsible
Enforcement/redress You can seek legal remedies
BA 572 - J. Galván 6
AMAZON.COM’S PRIVACY POLICY.
BA 572 - J. Galván 7
DELL DISPLAYS THE BBB SEAL.
Seal of approval BBB TRUSTe WebTrust
Enhances Web site’s credibility
BA 572 - J. Galván 8
COLLECTING PERSONAL INFORMATION
Often voluntary Filling out a form Registering for a prize Supermarket “Rewards” cards
Legal, involuntary sources Demographics Change of address Various directories Government records
BA 572 - J. Galván 9
ONLINE PERSONAL INFORMATION.
BA 572 - J. Galván 10
COMPLETING THE PICTURE
Aggregation Combining data from multiple sources Complete dossier Demographics
Finding missing pieces Browser supplied data – TCP/IP Public forums – monitoring Samurai
BA 572 - J. Galván 11
CAPTURING CLICKSTREAM DATA
Record of individual’s Internet activity Web sites and newsgroups visited Incoming and outgoing e-mail addresses
Tracking Secretly collecting clickstream data ISP in perfect position to track you
All transactions go through ISP
Using cookies Using Web bugs
BA 572 - J. Galván 12
TRACKING WITH COOKIES.
1. Client requests Acme page
2. Acme returns page
3. Client requests embedded banner from Gotcha
4. Gotcha returns banner and cookie
Cookies
Clientbrowser
Acme'sWeb server
Gotcha'sWeb server
Web page
Gotcha'sdatabase
Gotcha'scookies
Gotcha's<IMG>
1
2
3
4
Request page
Return page
Request bannerReturn cookies
Return bannerReturn another cookie
BA 572 - J. Galván 13
TRACKING WITH WEB “PIXEL SPYWARE”
Web pixel spyware – single-pixel clear GIF Image reference buried in HTML Browser requests image Server returns bug plus cookie Request provides clickstream data Difficult to spot a Web pixel spyware
Web pixel spyware in HTML formatted e-mail Secret return receipt
BA 572 - J. Galván 14
A DEMONSTRATION WEB SPYWARE.
This Web bug is designed to be seen
BA 572 - J. Galván 15
A WEB PIXEL SPYWARE BURIED IN AN E-MAIL MESSAGE.
Again, this one is designed to be seen
BA 572 - J. Galván 16
SURVEILLANCE AND MONITORING
Surveillance Continual observation Tampa – facial scanning at Super Bowl Packet sniffing
Monitoring The act of watching someone or something E-mail Web bugs Workplace monitoring is legal
BA 572 - J. Galván 17
SURVEILLANCE AND MONITORING TOOLS
Spyware Sends collected data over back channel
Snoopware Records target’s online activities Retrieved later
Screen shots, logs, keystrokes Other surveillance/monitoring sources
OnStar and GPS tracking E-ZPass systems (road toll system in USA) Phone calls and credit card purchases
BA 572 - J. Galván 18
SPAM
Electronic junk mail Spammers use anonymous remailers Mailing list sources
Online personal information services Dictionary attack software
Do not respond in any way!
BA 572 - J. Galván 19
ANONYMOUS REMAILERS
Some good FAQs http://www.andrebacard.com/remail.html
An example http://www.anonymizer.com
What they know about you Not an endorsement
BA 572 - J. Galván 20
THIS BANNER AD MIMICS A DIALOG BOX. DO NOT CLICK “OK”.
Fake banner ads like this one are very annoying Spawner – spawns its own pop-up ads Mouse-trapper
Turns off browser’s Back button Disable pop-ups ad’s close button No way to close ad – must reboot
Spam is a source of spawners and mouse-trappers
BA 572 - J. Galván 21
FRAUD
The crime of obtaining money or some other benefit by deliberate deception.
Most common forms of IT fraud Identity theft Credit card fraud Scammers and con artists Financial swindles
BA 572 - J. Galván 22
PROTECTING YOUR ONLINE PRIVACY
Implement appropriate security measures Get a copy of your credit report Use:
Junk e-mail account Anonymous remailer Stealth surfing service Common sense
Deal with recognized, trusted e-retailers Keep important numbers and passwords secret Use good passwords If your computer acts strangely, find out why
BA 572 - J. Galván 23
How to build a parking ticket