Privacy: Social Issues and Current Technologies

Ian GrahamCentre for Academic Technology

Information CommonsUniversity of Toronto

Talk Overview

• Introduction (Why we care)

• Social history of privacy

• Privacy-related topics

• Privacy and Web application design

• Future technologies

1. Why We Care:

• New Information Technologies:

• A) Digital storage, retrieval, distribution– Enormous cost reductions

• B) Data sharing and processing – Combine, re-use, re-purpose data

• (data mining)

• An emergent and fundamental change

Why We Care:

• All technologies have unanticipated side effects:– Cannot predict most of them

• (how will the nature of communication change, of interpersonal relationships, work, …)

– One we can predict: privacy• Lots of information floating about; how should we

handle concerns over use of this information?

Why We Care:

• Privacy (rough definition):

– The ability or right of an individual to control their exposure to the rest of the world, and to be able to hide knowledge about themselves

– Privacy has only recently become “topical”...

Why We Care:

0

10

20

30

40

50

60

1901 1911 1921 1931 1941 1951 1961 1971 1981 1991

Nu

mb

er

“Privacy” Books per year (University Library database)

2. Social History

• What is Privacy?– Try a dictionary definition:

privacy (15c) (from private) The state or quality of being private.1 a. The state or condition of being withdrawn from the society of

others, or from public interest; seclusion.b. The state or condition of being alone, undisturbed, orfree from public attention, as a matter of choice or right;freedom from interference or intrusion. Also attrib.,designating that which affords a privacy of this kind.

2. a. pl. Private or retired places; private apartments; places ofretreat. Now rare.b. A secret place, a place of concealment. (Obsolete)

3. a. Absence or avoidance of publicity or display; acondition approaching to secrecy or concealment. asynonym for secrecyb. Keeping of a secret, reticence. (Obsolete)

4. a. A private matter, a secret; pl. private or personal matters orrelations. Now rare.b. pl. The private parts. (Obsolete)

5. Intimacy, confidential relations. (Obsolete)6. The state of being privy to some act; = privity. rare.

Examples of first Use:• 1 b. The state or condition of being alone, undisturbed, or free from

public attention, as a matter of choice or right; freedom from interference or intrusion. Also attrib., designating that which affords a privacy of this kind. <one's right to privacy>

– 1814 J. Campbell Rep. Cases King's Bench III. 81 Though the defendant might not object to a small window looking into his yard, a larger one might be very inconvenient to him, by disturbing his privacy, and enabling people to come through to trespass upon his property.

– 1890 Warren & Brandeis in Harvard Law Rev. IV. 193 (title) The right to privacy.

Privacy is “new”

• Questions:– Why is that?– What does that tell us about

• privacy

• attitudes to privacy

• control over privacy

History

• 1) Privacy requires a social context that defines “public” and “private” realms

– small, communal societies don’t display this distinction.

History

• 2) Privacy requires multiple power centres– Not just state and people, but state, other power

brokers, and individuals

• < 15th century -- single power centres within states

• > 17th century -- rise of merchant class

History

• 3) Privacy requires individual rights

– “Human experience is the foundation of understanding and truth; external authority is less important the personal experience.”

– The Age of Enlightenment (17th century)

History

• Defining Moments– Evolution of merchant classes– Age of enlightenment; new conception of

individual rights

– Property rights; legal dispute arbitration; political recognition of individual rights

• individual right to control public exposure

“Modern” Privacy Concerns

• Property rights until 1950s

• Two new concerns:– Concentration of “private” information in

Government databases– Desire for “public” access to appropriate

“private” information

• Digital Personas (extension)

Privacy Concerns

• Two types of legislation

– Freedom of information• Allow access to non-sensitive information

– Data protection (a.k.a. privacy protection)• Protection from misuse of private information

• Initially -- Government data

Privacy Concerns

• Important Points– Privacy bounds vary between cultures– Laws, rules, conventions, vary as well– Focus originally on only one relationship

• Government citizen

• (citizens have little control over the information they provide...)

Going Digital

• Starting around 1970– Commercial databases– Open data exchange standards– Data exchange mechanisms (networks)– exponentially increasing amounts of usable

data

Going Digital

• More places to be concerned about privacy:– Library Awareness Program (FBI)– Corporate database reuse – Digital/electronic eavesdropping

• More ways of unwitting exposure– Subscription to services; tracking from standard

business transactions

Four Issues

• Coercion to divulge information

• Accidental release of information

• Surreptitious collection of information

• Ability to negotiate privacy limits– (less relevant for government)

Application Design Goals

• Design data usage policies at the start– e.g., Library awareness program

• Design for user-centric privacy policies– Customized policy for each user

• Publicized privacy statements

4. Application Design

• Several related issues– Application software design– Networking architecture– Physical access/administrative policies– publicity mechanisms (policy statements)

Application Design

• Based on a pre-defined privacy policy– database design– encryption technologies– identity verification (digital certificates for

company and/or individuals)– policies for archived data, information reuse

Data Security

• Firewall & network design

• Encryption of archived data

• Physical document management

• Network/system access controls– User authentication/identification

• Auditing tools

Communications Security

• Web page encryption – SSL, PCT

• Mail message encryption– PGP, S-MIME

• Archived message encryption

• Data destruction / reuse policy

Identification/Non-Repudiation

• Username/password login– (with or without SSL)

• Server certificates: SSL, S-MIME/PGP– identifies corporation

• Client certificates: SSL, S-MIME/PGP– identifies message “author”– problems with unsecured client machine

Physical Access

Access controlCabling protectionOff-site backupsPhysical doc. policy (shredding / destruction)

Network Architecture

Internal vs. externalFirewalls and rulesServers and locationsAccess control rulesAuditing tools (logins, accesses, attacks)E-mail encryptionWeb page encryptionApplication Design

Data modelData access rulesData encryptionWeb page encryptionEmail encryptionServer certificatesUser certificatesAlternate authenticationData deletion policiesCache protection

Data securityData security

Communications Communications SecuritySecurity

Identification & Identification & non-repudiationnon-repudiation

PRIVACY POLICYPRIVACY POLICY

Dependencies

dependencies

Future Technologies:

• User-Centric Privacy

– Current E-commerce sites generally require a fixed set of user information(“all-or-none” approach)

– Option: Different services for different classes of customer

User-Centric Privacy

• Requires:– More complex “subscription” mechanism (risks

alienation)– Ideal would be software-negotiation, based on

user-preferences and machine-readable statement of privacy policies.

Platform for Privacy Preferences

• P3P– A language for defining privacy policies– A language for expressing private information,

privacy statements– A World Wide Web Consortium project

http://www.w3.org/P3P/– Commercial approaches (e.g., DigitalMe)

http://www.w3.org/P3P/implementations

Conclusions

• Privacy is new, and changing

• Policies vary between countries

• Privacy should be considered during application design; lots of technologies

• Policies need to be publicized

• User-centric, “custom” privacy agreements for the future

Ian Graham

• Additional Information– http://www.utoronto.ca/ian/privacy/

http://www.utoronto.ca/ian

• Contact– Centre for Academic Technology

Information CommonsUniversity of Toronto130 St George St. M5S 3H1: ian.graham@utoronto.ca: (416) 978-4548