PrivacyMonday4
Privacy
• NOT about changing your privacy stance
• You are entitled to your privacy stance,
ranging from Don’t Care to Care a Lot
• Looking at the privacy landscape to help
you to understand other stances
What Privacy Topic is about
Privacy – Simply Put
“A working definition of privacy is the ability to
choose your audience”
— Alex Harrowell
Definition – Privacy
• Privacy is the faculty and right that a person
has to define, preserve and control the
boundaries that limit the extent to which the
rest of society can interact or intrude. At the
same time, he or she retains full control over
information generated by and related to him
or her.
Difference between privacy and
confidentiality
Privacy Confidentiality
• Ordered Employees to cease speaking to
online magazine CNET
• CNET published an article full of personal
private information about Eric Schmidt
(politician donations, hobbies, salary, and
neighborhood)
• They used only
Google tools
Does he really believe that?
• Mark Zuckerberg buys a house in Palo Alto
• He also buys all four adjacent houses so that
he can enjoy a zone of privacy
Does he really believe that?
Assange
Glenn Greenwald
• Privacy crusader
• If people tell him they have
nothing to hide, he asks for
all their email passwords
• No one gives them to him
• https://www.youtube.com/
watch?v=pcSlowAhvUk
Video
• We instinctively understand the need for
privacy
• Even if we cannot articulate it
• Or demand it
• We also have a need for other people
• We publish information
• Essentially: we have a place to go to be free
from judgemental eyes of other people
Oh dear
Right to Privacy?
• The European Convention on Human Rights
(1950) guarantees a right to privacy and this
convention forms the basis for privacy
legislation in the EU
• Emerged from the aftermath of the Second
World War and was intended to prevent
– oppressive actions by states
– bugging
– late night knocks on the door by secret police
Article 8 of this convention
guarantees a right to privacy:
‘Everyone has the right for his private and family life,
his home and his correspondence.
There shall be no interference by a public authority
with the exercise of this right except such as is in
accordance with the law and is necessary in a
democratic society in the interests of national
security, public safety or the economic well-being of
the country, for the prevention of disorder or crime,
for the protection of health or morals, or for the
protection of the rights and freedoms of others.
Balance…
• Privacy is a balance between individual rights
and public interest.
• Mandates appropriate information
governance
• “There can be no justification for this gradual
but incessant creep towards every detail
about us being recorded and pored over by
the state”
– Lord Goodlad. Chairman of House of Lords Select
Committee into privacy, surveillance, and the
effects on civilians.
I’ve nothing to hide
• Privacy is not just about hiding things
• Privacy is related to self-possession,
autonomy, and integrity
• Privacy is about the woman who is afraid of
to use the Internet to organize her
community against a proposed toxic
dump………..
I’ve nothing to hide
• Privacy is relational. It depends on the
audience.
– You don’t want your employer to know you’re
job hunting.
– You don’t spill details about your love life to your
mom, or your kids.
– You don’t tell trade secrets to your rivals.
• You need to be able to control who accesses
your information – manage the audience
Nothing to Hide?
Nothing to Hide?
Informants
• In the GDR, there was one Stasi officer
or informant for every sixty-three
people. If part-time informers are
included, some estimates have the ratio
as high as one informer for every 6.5
citizens
• Catherine Epstein at the Department of
History at Amherst College, contends
that East Germany had the highest
agent/informer to population rate in
history. 25
• “Informant reports will enter databases for
future reference and/or action … [which] will
then be broadly available within the
department, related agencies and local police
forces. The targeted individual will remain
unaware of the existence of the report and of
its contents.“
• Informants have apparently been used to
frame targets for crimes or to participate in
staged events which foster character
assassination.
26
The Impact?
• Watched people behave differently
• You get compliance
• People make decisions based on others’
expectations
Jeremy Bentham Panopticon (1791): “a
mill for grinding rogues honest”
• The concept of the design is to allow a single
watchman to observe (-opticon) all (pan-)
inmates of an institution without the inmates
being able to tell whether or not they are
being watched.
• Designed for Prisons
• inmates cannot know when they are being
watched
• all inmates must act as though they are
watched at all times
The Aim
• Behaviour controlled by one person
• Morals reformed—health preserved—
industry invigorated—instruction diffused—
public burthens lightened—Economy seated,
as it were, upon a rock—the gordian knot of
the poor-law not cut, but untied—all by a
simple idea in Architecture!
—Jeremy Bentham
Foucault
• Michel Foucault, in his Discipline and Punish
(1975), as a metaphor for modern
“disciplinary” societies and their pervasive
inclination to observe and normalise
• Key means of societal control for modern
societies
• Mass surveillance creates a prison of the
mind
• More effective than brute force
George Orwell
• Book: 1984
• A modern Panopticon
• You don’t know when you are
being observed so you behave
as if you are being observed
• Common conclusion
– Invisible monitoring
– Breeds conformity, obedience,
submission
Privacy means…
• The space to think, reflect, have your own
opinions
• Without being judged
• This is where creativity comes from
• It makes governments careful about how
they take freedoms away from us
2 myths from observers
1. Only bad people need privacy
– Poses challenges to those exercising power?
2. If you are willing to render yourselves to
observation, then you can be safe
The measure of how free a society is, is how it
treats its dissidents
– Suffragette movement – all they wanted was the
vote
– Apartheid South Africa
– Nazi Germany
• Big brother (Governments)
• Middle Brother (Corporations)
• Little Brother (Individuals)
Threats?
Information Brokers
• Collect data and analyse it for FBI, Credit
Monitoring, DoD
• Examples:
– ChoicePoint (http://www.choicepoint.com/)
– Discreet Search
(http://www.discreetresearch.com/)
• Governments
– Trying to sway public opinion (Wag the Dog
http://en.wikipedia.org/wiki/Wag_the_Dog)
• Used IMSI-catchers to determine the use and
block use of mobile phones within prison.
• Deemed the project a failure as it did not
provide the expected insight or block calls.
• Prisoners developed ‘innovative
countermeasures’ to circumvent the system.
• Increased use of phones, created a business
of renting phones and being in debt for use.
• Did not block 4G signal and potentially
blocked those in local community.
Scottish Prison Service
• Governments have access to databases
• Some governments spy on their people
Big Brother
Regulation of Investigatory Powers Act
Mobile Phones & Info Leakage
On the Internet EVERYONE knows you’re a dog
Little Brother Working for Big Brother
• Companies offering services
– Transport/comms/financial
– Gmail
– Google docs
– Facebook
– Easychair
• Companies that spy on your behaviour
– ISP and phone network operators
– Phorm
– Facebook “like” button
– Google analytics
Middle Brother
What?
• Lower Merion School District issued laptops to
over 1000 students in their school district.
• One day Blake Robbins came to school and was
handed a disciplinary note for “improper
behavior in his home”.
• They found out that their school issued laptops
all have web cams on them that can be turned
on remotely.
• The admins/teachers were turning on the web
cams and viewed the students acting in ways
that would get them in trouble.
Councils Behaving Badly
Surveillance in Stores
Why?
•Detect Market Trends
•Targeting Ads properly
•Detect Behaviours
INFORMATION IS POWER
• One camera for every 18 UK citizens
Faces can be tracked from half a mile
away. ‘The rapid advancement of digital
technology means that 16-megapixel,
high-definition cameras are now very
affordable,’ he has warned.
‘A tiny camera in a dome with a 360-
degree view can capture your face in
the crowd. I’ve seen the test reviews
that show there’s a high success rate
of picking out your face against a
database.’
The days of the grainy black and white
shot are long gone.
Internet Eyes
• Neighbours, friends and strangers who
– point their phones at you
– watch your facebook page
• Neighbours that spy on you
– Tracking your RFID tags
– Tracking your phone
– Using your wireless network
Little Brother
• A bank noticed that a number of withdrawals
were being made between midnight and
2am.
• Was it foul play?
• No – People were withdrawing cash on their
way to a red-light district
• A bank can now predict which customers visit
red light districts and when they did it
Example
• Drug Enforcement agency links Electricity
Consumption records with records from
lawn-and-garden stores
• Looking for people growing marijuana
• They caught some
• They also caught some innocent gardeners
Example
• To avoid. . .
– incorrect conclusions, resulting from deliberate
or accidental errors in the data, or
misinterpretations, or prejudice
– blackmail or extortion, or other abuse of power
– commercial pestering (spam)
• Privacy concerns all aspects of life, including
past relationships, political views, financial
affairs, past deeds, and also the trivia of
everyday life
Why would people want privacy?
• people might
– abuse privacy to do bad things. . .
– commit fraud, evade taxes
– trade in child pornography images
– commit terrorism, to kill or injure without being
detected
– commandeer a botnet to take down Google
But the lawgivers’ argument….
Govt Scans all Credit Card Records
What does “wrong”mean?
Blame associated with diseases
• Used to be thought
– Cholera was caused by sin
– Spanish Flu caused by poor hygeine
• Blame diseases today:
– AIDS
– Obesity
Example
Problems?
• Info out of context
• Distorted Info
• Aggregated Info
• Powerlesness, vulnerability
• Bureaucracy: indifference, error, abuse,
frustration, lack of transparency,
accountability
The greater good
• The risk of dying from terrorism miniscule
– Same as being hit by lightning
• Society only works to the extent that it allows
people freedom from the intrusiveness of
others (Solove)
• Privacy constitutes a society’s attempt to
promote civility
• Who watches the watchers?
?
Privacy
Privacy Cont’d
Your Homework
Consider “first thoughts” perceptions of
“Privacy”.
1. Concerns about other people
2. Security & Safety not strong enough
3. Privacy policies not Transparent
4. Reputation Management
5. Password Management
6. Technology not understood
7. Boundaries inside/outside not clear
8. No reliable feedback
9. Want help with strategies
10. Parental Guidelines needed
11. Facebook
12. Google
13. NHS
Your participants
• You are sitting in Starbucks and someone you don’t
know takes a picture of you without asking first
• You are working on your laptop in a public place and
someone looks at your screen over your shoulder
• You put a “do not disturb” sign on your door.
Someone knocks and comes in
• The government implements a scheme that requires
all citizens to have their DNA taken
• Your employer requires you to use your thumb print
to enter the building
•Privacy Perceptions
•How do we preserve
privacy in a specific
context
Today
Westin’s Categories
•Fundamentalist
•Pragmatic
•Unconcerned
Privacy Threat Levels
•Level 1 – Irritating
•Level 2 – Infuriating
•Level 3 – Devastating
Level 1
• A Slow but manageable leak of personal
information, behavior and geographic
location
• Public cameras, licence plate reading cameras
• Location-based services
– Post where you’ve been, not
where you are
– Set privacy settings
If you do nothing wrong, you have nothing to
fear?
A Word about Surveillance
Cookies
• Can be used by marketers to track your activity
• Cookies are also stored by Adobe’s ubiquitous Flash
software
• Kamkar has created an “evercookie” that constantly
repopulates itself, even across browsers, every time
you try to delete it
• To control Flash cookies, right-click on any Web-
based Flash content (such as a YouTube video), and
select Global Settings to bring up the Adobe Settings
Manager. To clear the cookies, go to the Website
Storage Settings panel.
PRISM
• PRISM is a clandestine mass electronic
surveillance data mining program known to
have been operated by the United States
National Security Agency (NSA) since 2007
• Prism program collects stored Internet
communications based on demands made to
Internet companies such as Google Inc. under
Section 702 of the FISA Amendments Act of
2008
The color scheme ranges from green (least
subjected to surveillance) through yellow and
orange to red (most surveillance).
• NSA cracked or circumvented the encryption
systems used by internet companies, banks
and other organisations to persuade
consumers that online transactions could be
confidential and secure
• NSA seems to have covertly suborned the
process by which encryption standards are
set by the supposedly independent US
National Institute of Standards and
Technology (NIST)
• the NSA inserted a secret back door into the
encryption system for its own use
Level 2
• Deeply personal and potentially financial‚ yet
ultimately repairable
• Whole body scanners
• Stolen Databases
• Mobile Phone Hacking
• Wi-Fi Hacking
• Smart TVs, particularly
Samsung’s (005930) last few generations
of flat screens
• Can be hacked to give attackers remote
access
• Hackers could potentially use to perform
malicious activities that range from stealing
accounts linked through apps to using built-in
webcams and microphones to spy on
unsuspecting couch potatoes
Big Brother strikes….
Level 3
• Psychological and physical Threats,
oppressive Orwellian Intrusion
• GPS car tracking
• Trolls
• Cyberstalking
• Aware Home/Ubiquitous
Computing
Privacy
Preservation
Is it really privacy vs security?
Full Body Scannin
Face De-Identification
Privacy
Preservation
Exercise
Organ Donations
DNA Sequencing
$100 personal DNA sequencing
So, Imagine …..
The government
decides that it will carry
out DNA sequencing on
all citizens to be able to
prevent diseases
So, lets think about …
1. How would you cope with people who refuse to
have it carried out?
– Parents who refuse to allow DNA to be collected from
their children
2. What about people who don’t want to be told the
results of their sequencing/refuse to be treated for
diseases they *might* develop?
3. What kinds of harmful feature creep could occur?
– And how could this be prevented?
4. What levels of control should we allow patients to
have?
5. What kinds of controls should be in place to ensure
that data is protected?
Feature Creep
• Someone with Huntington’s disease is not allowed
to drive after the age of 30
• There are 100 places in a University course. Might
they choose the healthiest people to invest money
in?
• A couple both carry a recessive gene so that their
children have a 50% chance of having a bad disease.
Does the government try to dissuade them from
having children?
• Someone has a 50% chance of developing a disease.
A preventative treatment can reduce this by ½, but
is sometimes harmful. Prevention costs £1000,
disease costs £100 000 to treat. Can people refuse?
• What might happen 5-10 years down the
road?
• What kinds of feature creep could occur
• What kinds of controls should be in place to
ensure that data is protected?
– What kinds of threats are there to this data?
Virtual IDs
which can often uniquely identify
you.
That’s creepy, but who cares
about some random site?
Those sites usually have third-
party ads,
and those third-parties build
profiles about you,
and that’s why those ads follow
you everywhere.
That’s creepy too, but who cares
about some herpes ads?
Your profile can also be sold,
and potentially show up in
unwanted places,
like insurance, credit &
background checks.