Modernizing Privacy
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Modernizing Privacy as PDF for free.
More details
- Words: 475
- Pages: 17
Introduction to Privacy Todd Ritchie
1
What is Privacy? “[T]he content of privacy cannot be captured if we focus exclusively on either information, access, or intimate decisions because privacy involves all three areas. . . privacy’s content covers intimate information, access, and decisions.” – Julie Inness 2
What is Privacy? • Control over access to personal, intimate information • Control over what is personal, intimate information • Control over decisions made based on this information
3
Modernizing Privacy Todd Ritchie
4
Privacy concerns ... • SIN, medical records, tax records … these are personal but not intimate • Sexuality, religion, relationships … these are personal and intimate • Why are these concerns? 5
Dangers • Monetary: Blackmail, fraud • Social: Embarrassment • Physical: Threats
6
Monetary dangers • Blackmail: Paying money to avoid information leaking with likely negative consequence. • For example: Pay someone to prevent them from publishing embarassing photos
7
Monetary dangers • Fraud: Illicit use of information or misrepresentation • In privacy's scope: Identity theft • Not in privacy's scope: Lying on your taxes
8
Social dangers • Embarrassment • For example: Taboo relationships (interracial, interreligious) • Taboo behaviours (intoxicated photos on Facebook) 9
Physical dangers • Threat to person • For example: FindARat.com exposing undercover agents to threats from criminals using publicly accessible court documents
10
Privacy Laws • Two kinds: Privacy law dealing with the government, privacy law dealing with private entities • Privacy Act deals with federal government, PIPEDA deals with private entities • In general, you can only collect information you need 11
Control • Privacy is about control: You can manage risk. We all decide on risk vs. privacy tradeoff in security matters. • Airmiles takes your purchase history, Facebook takes your date of birth • Once information is no longer needed, it has to be made anonymous • Sexual predator registry is a tradeoff 12
Problems with Privacy Laws • Not enough investigative authority • Doesn't deal with cross-border leak concerns at the private level • Only deals with information at a “personal level” • No breach notification
13
Not enough authority • Could not investigate Abika.com • Abika.com did not break US law, but broke Canadian law • Required presence in Canada but did not have power investigate
14
Cross-border information leak • Comparatively relaxed wiretap laws in US and UK • Tax records and e-mail are often stored in United States • Bell Nexxia outsources Deep Packet Inspection management to India
15
“Individual level” • Aggregate data is considered safe • AOL taught us it is not always • Oversight is needed
16
Breach notification • What if an e-merchant is broken into and millions of credit card records are stolen? • It happened to HBC • HBC did not have to tell anyone, they did but waited too long, thousands were victimized
17
1
What is Privacy? “[T]he content of privacy cannot be captured if we focus exclusively on either information, access, or intimate decisions because privacy involves all three areas. . . privacy’s content covers intimate information, access, and decisions.” – Julie Inness 2
What is Privacy? • Control over access to personal, intimate information • Control over what is personal, intimate information • Control over decisions made based on this information
3
Modernizing Privacy Todd Ritchie
4
Privacy concerns ... • SIN, medical records, tax records … these are personal but not intimate • Sexuality, religion, relationships … these are personal and intimate • Why are these concerns? 5
Dangers • Monetary: Blackmail, fraud • Social: Embarrassment • Physical: Threats
6
Monetary dangers • Blackmail: Paying money to avoid information leaking with likely negative consequence. • For example: Pay someone to prevent them from publishing embarassing photos
7
Monetary dangers • Fraud: Illicit use of information or misrepresentation • In privacy's scope: Identity theft • Not in privacy's scope: Lying on your taxes
8
Social dangers • Embarrassment • For example: Taboo relationships (interracial, interreligious) • Taboo behaviours (intoxicated photos on Facebook) 9
Physical dangers • Threat to person • For example: FindARat.com exposing undercover agents to threats from criminals using publicly accessible court documents
10
Privacy Laws • Two kinds: Privacy law dealing with the government, privacy law dealing with private entities • Privacy Act deals with federal government, PIPEDA deals with private entities • In general, you can only collect information you need 11
Control • Privacy is about control: You can manage risk. We all decide on risk vs. privacy tradeoff in security matters. • Airmiles takes your purchase history, Facebook takes your date of birth • Once information is no longer needed, it has to be made anonymous • Sexual predator registry is a tradeoff 12
Problems with Privacy Laws • Not enough investigative authority • Doesn't deal with cross-border leak concerns at the private level • Only deals with information at a “personal level” • No breach notification
13
Not enough authority • Could not investigate Abika.com • Abika.com did not break US law, but broke Canadian law • Required presence in Canada but did not have power investigate
14
Cross-border information leak • Comparatively relaxed wiretap laws in US and UK • Tax records and e-mail are often stored in United States • Bell Nexxia outsources Deep Packet Inspection management to India
15
“Individual level” • Aggregate data is considered safe • AOL taught us it is not always • Oversight is needed
16
Breach notification • What if an e-merchant is broken into and millions of credit card records are stolen? • It happened to HBC • HBC did not have to tell anyone, they did but waited too long, thousands were victimized
17
Related Documents
Modernizing Privacy
November 2019 13
Privacy
October 2019 34
Privacy
May 2020 17
Modernizing It Education_larica
November 2019 7
Xoops Privacy
November 2019 17