COAP:Privacy - introduction

Introduction

This page includes the program and the resources for an introductory lesson on digital (or Internet) privacy.

Massive use of ICT in business and private life has led to personally identifiable information (PII), i.e. information that can be used to uniquely identify, contact, or locate a single person or can be used with other sources to uniquely identify a single individual (Wikipedia). In addition, the use of social software and in particular social networking applications like Facebook allows to draw quite extensive digital profiles of many people. This situation requires - at least in principle - that persons adopt some kind of strategy to manage this information (Jones, 2008). In addition, there should be appropriate legal frameworks to protect the citizens.

Your privacy online

Let's see how you are tracked

Install the Lightbeam and Ghostery navigator extensions according to instructions. Then interact with two tools, (icons top right)

• Lightbeam is a Firefox extension that will tell you who is spying on you. When you start it, it will track and visualize all third party websites that interact with your page and your browser.

• Ghoster (home page) is a Firefox/Chrome browser plugin that “sees the invisible web - tags, web bugs, pixels and beacons. Ghostery tracks the trackers and gives you a roll-call of the ad networks, behavioral data providers, web publishers, and other companies interested in your activity.”
  • Introduction (tutorial)

Search engines

If you do have a Google account (Gmail), see what Google knows about you:

• Ads settings
• History of your search
• Academics are tracked by http://scholar.google.com (but can control results)

• Short google analytics demo

Email tracking (less known)

• E-mail tracing (Wikipedia article)

Data can be aggregated from various resources

• In Europe, most services (e.g. 123people) are now dead and for various reasons. However, online private investigation services do exist.
• Existing people aggregation services like the following ones offer some data: Pipl.com, (international), Spokeo (USA only)

Predicting personality traits and behavior from your Facebook 'likes'

• http://applymagicsauce.com/

Quizzes on privacy

Most people don't seem to informed about the situation. See for yourself:

Santa Clara University quiz

• Hoofnagle, Chris Jay, King, Jennifer, Li, Su and Turow, Joseph, "How Different are Young Adults from Older Adults when It Comes to Information Privacy Attitudes and Policies?" (April 14, 2010). Available at SSRN: http://ssrn.com/abstract=1589864 or http://dx.doi.org/10.2139/ssrn.1589864
• Santa Clara University (web page with the quiz)

Online Privacy Questions concerning US law (Hoofnagle et al., 2014, p. 17)

1. If a website has a privacy policy, it means that the site cannot share information about you with other companies, unless you give the website your permission.

True / False

2. If a website has a privacy policy, it means that the site cannot give your address and purchase history to the government

True / False

3. If a website has a privacy policy, it means that the website must delete information it has about you, such as name and address, if you request them to do so.

True / False

4. If a website violates its privacy policy, it means that you have the right to sue the website for violating it.

True / False

5. If a company wants to follow your internet use across multiple sites on the internet, it must first obtain your permission.

True / False

Offline Privacy Questions

6. When you subscribe to a newspaper or magazine by mail or phone, the publisher is not allowed to sell your address and phone number to other companies without your permission.

True / False

7. When you order a pizza by phone for home delivery, the pizza company is not allowed to sell your address and phone number to other companies without your permission.

True / False

8. When you enter a sweepstakes contest, the sweepstakes company is not allowed to sell your address or phone number to other companies without your permission.

True / False

9. When you give your phone number to a store cashier, the store is not allowed to sell your address or phone number to other companies without your permission.

True / False

Other privacy quizzes

Each student should take one and write down 1-2 surprising things.

• Privacy 001. From the canadian government, to sensitize people about the use of social sharing and networking sites.
• ACLU privacy quiz from the American Civil Liberties Union
  • see also their files on Internet Privacy
• Privacy IQ (from Awast)
• Consumer online privacy quiz (California)
• Facebook privacy

Presentation of 1 or 2 cases

• Girls around me (Santa Clara Univ.)
• Commercial online service was used to track e-mail sent to a reporter in Hewlett-Packard's leak probe

Discussion

• Why does privacy matter ?

Regulations

Major data projection laws in Switzerland, The UK and EU directives

• Federal Act on Data Protection, cornerstone of the Swiss legal framework.

• OECD recommendations - (summarized here)

• New: Data protection reform - Parliament approves new rules fit for the digital era. 14-04-2016 - 12:11]
• Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002
• Directive 95/46/EC on the processing of personal data and on the free movement of such data

• Data Protection Act 1998 (UK)

• None (USA). However there are other laws that partially address the issue, plus "case law" derived from other acts, plus local regulations.

Summaries, including information from government agencies

• Protection of personal data (EU landing page for data protection)
• Guide to data protection (UK)
• EU Data Protection Directive (Wikipedia)

Protection strategies

What can a user do ?

Navigators

• Use "private browsing features" when searching for sensitive data
• Use blocking software if you want more privacy
• Erase cookies when closing the browser
• Log out of Google, Yahoo etc. when you conduct search
• Customize privacy settings, e.g. in Google, examine options in http://myaccount.google.com
• Use proxies or specialized safe browsers like Tor

Email tracking

• Disable pictures

Social networks

• Never post sensitive data, anywhere.
• Think, before you post anything publicly (or privately).
• Remove sensitive data, then ask search engines to remove old information, e.g. using Google's remove tool. Changes must be made "at the source". (How to delete yourself from the Internet, by Seth Rosenblatt, April 2012, C|Net.
• If online data about you violates laws, you can try to act. (e.g. Google's Legal Removal Requests. However, it will not be easy ...
• Develop your Internet strategy, i.e. plan ahead.

Further (optional) Reading

• How to Protect Your Online Privacy, by Irina Raicu, Santa Clara University, 2014.
• How You Ruin Your Privacy Online Every Day (And How To Stop), by Thorin Klosowski, 2014.
• Protecting Online Privacy, We do care about our privacy online, and we can protect it from surveillance, By Siva Vaidhyanathan, May 2011, IEEE Spectrum special report on the battle for the future of the social Web
• Internet Safety. Smart Social Networking and Communication Tips, GCFLearnFree.org
• A Crash-Course on Cookies, IP, MAC & TP Advertisers by J. Leger

Discussion on digital privacy

(if time left)

Summary of issues

Ideas for guidelines

Additional resources

• Privacy online, Santa Clara University
• Internet Privacy (Wikipedia)
• Privacy by Design, A Canadian-based NGO with worldwide impact.
• Online Guide to Privacy Resources (EPIC.org)
• Information rights video for schools (ICO, UK)
• OpenRightsGroup, NGO, UK

Classes

• Surveillance Law (Stanford, Coursera MOOC)
• How to Protect Your Online Privacy (Cyberwise)

Classes (recent past)

• Privacy in Cyberspace Archived class, Berkman Center for Internet & Society, Spring of 2002.
• CS551: Security and Privacy on the Internet, University of Virginia, 2000.