CS170 Privacy and Security Chapter 12 PDF

Summary

This document discusses privacy and security in the context of computer applications. It includes topics such as controlling the use of information, historical privacy background, threats to privacy, and the 4th Amendment. The document also outlines various use cases and legal aspects of privacy and security.

Full Transcript

Privacy and
Security Scosd
(Chapter 12)

CS170
Computer Applications for Business
Topics- CH 12
Chapter 12 – Privacy and Security
Controlling the use of information
OECD Fair Information
Privacy: Historical background Practices
The 4th Amendment Data Controller

Threats to Privacy, examples US Privacy laws
Cookies, Identity Theft
Malware, Phishing
Cryptography: examples
Encryption terms
Public Key Cryptography
 12.1 Explain the meaning of privacy and the difference between privacy and security.
12.2 Describe issues surrounding privacy of information
12.3 List and explain the meaning of OECD Fair Information Practices
12.4 Describe how the use of information on the Internet is controlled.
12.5 List at least three ways a computer can be compromised
12.6 Explain Public Key Encryption and the methods used in its use.
12.7 Given an encryption technique or algorithm, encrypt and decrypt simple messages.
12.8 Explain how Google and/or Facebook are affected by laws governing safe harbor.
12.9 Explain the “Right to be Forgotten” (2014 European Union).
12.10 Explain the impact that Edward Snowden had on digital privacy/security.
12.11 Explain the difference between private key encryption and public key encryption.
12.12 Discuss the Fourth Amendment of the US Constitution and its relationship to digital
privacy.
Modern Devices and
Privacy

Fourth Amendment
In the past, it was hard for people’s privacy to
be violated without their knowledge

With modern technological devices, people’s
privacy can be violated without their knowing it

Your image and your information deserves
“sufficient safeguards against improper
circulation”
Privacy: Whose Information Is It?

Buying a product at a business generates
a transaction, which produces information

What information is generated?

Who’s information is it?

Who can sell or share the information?
Privacy is a basic human right!!!
"The individual's right to be left alone."
Supreme Court Justice Louis D. Brandeis
The right of people to choose freely under what
circumstances and to what extent they will reveal
themselves, their attitudes, and their behavior to
each other.
Can private information be kept private with the
Internet?
Right to be forgotten
On 13 May 2014, the Court of Justice of the
European Union issued a landmark ruling on the
'right to be forgotten', in relation to online search
engines.

The European Court of Justice ruled that the
European citizens have a right to request that
commercial search firms, such as Google, that
gather personal information for profit should
remove links to private information when asked,
provided the information is no longer relevant.
Right to be forgotten
Since Google’s European right-to-be-forgotten program
began, the company has delisted 43% of 2.4 million URL
removal requests, according to its recent transparency
report. Close to 95 percent of those filing requests were
private individuals. Web pages that users wanted to be
delisted included directories, social media, news articles and
government pages.

https://www.forbes.com/sites/rebeccaheilweil1/2018/03/0
4/how-close-is-an-american-right-to-be-forgotten/#7758847
1626e
Right to be forgotten—in US???
https://www.forbes.com/sites/rebeccaheilweil1/2018/03
/04/how-close-is-an-american-right-to-be-forgotten/#4
06eaa56626e

Violates the First Amendment?
Aims to censor what people say, under a broad, vague
test based on what the government thinks the public
should or shouldn’t be discussing ???
Right-to-be-forgotten does not censor material, but
simply changes Google’s search results (and it’s
unclear whether search lists are protected speech).
Right to be forgotten in US
One American law that seems to mimic some aspects of
the European right-to-be-forgotten is California’s
“eraser law” for minors, which, in a sense,
“seals” juvenile internet records.
2018 The New York State Assembly has come nearest to
an American version of a right-to-be-forgotten. The Bill,
A05323, titled “An act to amend the civil rights law and
the civil practice law and rules, in relation to creating
the right to be forgotten act,” One problem with the NY
bill is that it aims to censor what people say, under a
broad, vague test based on what the government thinks
the public should or shouldn’t be discussing,
Facebook facing European Privacy
laws
US: When users “tag” a friend in a photo uploaded
to Facebook, the service stores and remembers
facial features that identify that unique individual.
Facebook is then able to suggest “tags” on newly
uploaded photos to match pictures with names.
(use of biometrics)
 Facebook facing European Privacy
laws
Facebook photo tagging in Europe (and Canada) is
different than in the US.
Canada and European Union have ruled that
Facebook's photo-tagging system violates privacy
law, so the European version of the app had to rely
on other methods.
users to manually identify the various faces,
May 11, 2016
https://www.theguardian.com/technology/2016/may/11/facebook-moments-facial-reco
gnition-app-europe
www.mugshots.com
Suppose you are arrested and agree to a
"pretrial diversion program involving
counseling."
Suppose that you were promised that your
record would be clean after this program.
….
‘We’d like to hire him, but we Google every
potential employee, and the first thing that
came up when we searched for … was a mug
shot for a drug arrest'

https://www.nytimes.com/2013/10/06/business/mugged-by-a-mug-shot-online.html
Security
Security is a necessary tool to build privacy.
BUT a communication can be secure and not private.
The objective of data security programs is the protection
of data privacy. (Source)
Security is confidentiality, integrity and availability of
data.
Security offers the ability to be confident that your
privacy decisions are respected.
Cell phone communication: can someone listen to my
calls?
Privacy goal allows me to say NO
Security technology allows that goal to be realized.
Controlling the Use of Information

There are five main possibilities of what happens to the
information:
1. No Uses. The information ought to be deleted when the
business is finished with it.
2. Approval or Opt-in. The business can use it for other
purposes, but only if you approve.
3. Objection or Opt-out. The business can use it for other
purposes, but not if you object.
4. No Limits. The information can be used any
way the business chooses.
5. Internal Use. The business can use for future activities
with you (keeping your address or credit card on file).
A Privacy Definition
Privacy: The right of people to choose freely
under what circumstances and to what extent
they will reveal themselves, their attitude, and
their behavior to others.

We tend to “give away” information
– Government
– Business
– Socially
– Convenience
 OECD’s Fair Information Practices
Organization for Economic Cooperation and Development

8 point list of privacy principles.
– Limited Collection: collected with consent
– Quality: relevant, accurate, complete and up-to-date
– Purpose: uses limited to stated purpose
– Use Limitation: not to be disclosed outside of stated use
– Security: protected by reasonable security measures
– Openness: policies and practices have a general openness
– Participation: individual able to know what is collected
– Accountability: Data Controller accountable to complying
 United States uses a Sectoral Approach

Rather than a single privacy standard, specific
regulations apply to specific sectors or industries
– HIPAA regulates medical information privacy
– PCI regulates credit card information
– Other specific laws for auto registration,
video rental, cable television, etc.