COAP:Privacy: Difference between revisions

The educational technology and digital learning wiki
Jump to navigation Jump to search
 
(48 intermediate revisions by the same user not shown)
Line 1: Line 1:
== Introduction ==
== Introduction ==


This page includes the program and the resources for the module on digital (or Internet) privacy.
This page includes the program and the resources for a two lesson module on '''digital (or Internet) privacy'''.


Massive use of ICT in business and private life has led to [http://en.wikipedia.org/wiki/Personally_identifiable_information personally identifiable information] ('''PII'''), i.e. information that can be used to uniquely identify, contact, or locate a single person or can be used with other sources to uniquely identify a single individual (Wikipedia). In addition, the use of [[social software]] and in particular [[social networking]] applications like Facebook allows to draw quite extensive digital profiles of many people. This situation requires - at least in principle - that persons adopt some kind of strategy to manage this information (Jones, 2008). In addition, there should be appropriate legal frameworks to protect the citizens.
Massive use of ICT in business and private life has led to [http://en.wikipedia.org/wiki/Personally_identifiable_information personally identifiable information] ('''PII'''), i.e. information that can be used to uniquely identify, contact, or locate a single person or can be used with other sources to uniquely identify a single individual (Wikipedia). In addition, the use of [[social software]] and in particular [[social networking]] applications like Facebook allows to draw quite extensive digital profiles of many people. This situation requires - at least in principle - that persons adopt some kind of strategy to manage this information (Jones, 2008). In addition, there should be appropriate legal frameworks to protect the citizens.


== Day one ==
Program
* Lesson 1 - This page
* Lesson 2 - [[COAP:Privacy - part 2]]


=== Let's see how you are tracked ===
== A look at tracking ==


Install the Lightbeam and Ghostery navigator extensions according to instructions
=== Let's see how you are tracked on the web ===


* [https://www.mozilla.org/en-US/lightbeam/ Lightbeam] is a Firefox extension that will tell you who is spying on you. When you start it, it will track and visualize all third party websites that interact with your page and your browser.
For starters, let's look at the [http://analyze.privacy.net/ simple footprint] of your browser.


* [http://www.ghostery.com/ Ghostery] is a Firefox/Chrome browser plugin that {{quotation|sees the invisible web - tags, web bugs, pixels and beacons. Ghostery tracks the trackers and gives you a roll-call of the ad networks, behavioral data providers, web publishers, and other companies interested in your activity.}}
Two  interesting extensions for the Firefox web browser allow understanding some of the tracking


If you do have a Google account (Gmail), see what Google knows about you:
# Launch the Firefox web browser (recent version required !)
# Install the Lightbeam and Ghostery navigator extensions by clicking on the links below
#* [https://www.mozilla.org/en-US/lightbeam/ Lightbeam] is a Firefox extension that will tell you who is spying on you. When you start it, it will track and visualize all third party websites that interact with your page and your browser.
#* [https://addons.mozilla.org/en-US/firefox/addon/ghostery/ Ghostery] ([http://www.ghostery.com/ home page]) is another Firefox/Chrome browser plugin that sees the invisible web - tags, web bugs, pixels and beacons. [https://extension.ghostery.com/intro Introduction] (tutorial)
# Then interact with two tools, (use the icons top right)
## Go to your facebook page
## Search something in google
## Open http://www.webster.ch
 
Notice: Such web browser plugins cannot track every tracking ! E.g. they will not show in which ways you are tracked on a facebook page.
 
=== What do search engines know about you ? ===
 
If you do have a Google account (Gmail), see what Google knows about you and how you set your privacy settings:
* https://myaccount.google.com/
Have a look at:
* [https://www.google.com/settings/u/0/ads?hl=en Ads settings]
* [https://www.google.com/settings/u/0/ads?hl=en Ads settings]
* [https://history.google.com/ History of your search]
* [https://history.google.com/ History of your search]


* Short google analytics demo
Engines like ''google web analytics'' do not provide individual data to customers since it is (a) not needed for advertising and (b) not allowed in some countries. However, one still can know quite a lot about a cohort of users
* https://analytics.google.com/
** Audience -> User explorer


=== What does your teacher know about you ? ===
Worldclassroom demo:
* People -> Select a person -> Access report or Analytics
=== Other forms of tracking ===
'''Email tracking''' (less known)
* An email may include customized pictures or just a little pixel image that will uniquely identify you. E.g. employers can know whether you did open an email (not very harmful) or forwarded and email (harmful)
* [https://en.wikipedia.org/wiki/Email_tracking#Opt-out E-mail tracing] (Wikipedia article)
* [https://en.wikipedia.org/wiki/Email_tracking#Opt-out E-mail tracing] (Wikipedia article)


Data can be aggregated from various resources:
'''Data can be aggregated from various resources and then sold'''
* Services like 123people are dead. A few will sell data, but most aggregated data is just for business analytics and intelligence.
 
* [https://www.spokeo.com/ Spokeo] (USA only). E.g. try Elizabeth J. Stroble (university president)
Such information must be paid, freely available information is not very interesting.
* In Europe, most services (e.g. [http://www.123peoplesearch.com/ 123people] or [https://www.intelius.com/ Intelius], [https://www.spokeo.com/ Spokeo]) are now disabled. However, online private investigation services do exist.
* Few people aggregation services like the following ones offer some data: [https://pipl.com/ Pipl.com], (international),  (USA only)
 
=== Predictive modeling ===
 
* Statistical "big data" models allow inferring things about you.
 
Try this! Predicting personality traits and behavior from text and Facebook 'likes'
* https://applymagicsauce.com/demo
** If your are a Facebook and or Twitter user, try ! (Notice: As of Summer 2018, the FaceBook component is down, as of Sept. 2018 the Twitter interface did work).


=== Quizzes on privacy ===
Facebook "likes" allow inferring political orientation, sexual preferences and more. Also read [https://sites.google.com/michalkosinski.com/mypersonality Michal Kosinski]'s ending notes about the related [https://sites.google.com/michalkosinski.com/mypersonality mypersonality.org] project. Basically, both documents show that Kosinki et al. are ahead of [https://en.wikipedia.org/wiki/Cambridge_Analytica Cambridge Analytica] and its most well known data scientist, [https://en.wikipedia.org/wiki/Aleksandr_Kogan Alksandr Kogan]. They were warning about various dangers to privacy well before the "[https://en.wikipedia.org/wiki/Cambridge_Analytica Facebook" Scandal] in spring 2018.
 
== What do you know about the legal aspects of privacy issues ? ==


Most people don't seem to informed about the situation. See for yourself:
Most people don't seem to informed about the situation. See for yourself:
Line 70: Line 110:


=== Presentation of 1 or 2 cases ===
=== Presentation of 1 or 2 cases ===
* [http://www.scu.edu/ethics-center/privacy/case/ Girls around me] (Santa Clara Univ.)
* [http://www.scu.edu/ethics-center/privacy/case/ Girls around me] (Santa Clara Univ.)
* [http://www.cnet.com/news/how-hp-bugged-e-mail/?page=2 Commercial online service was used to track e-mail sent to a reporter in Hewlett-Packard's leak probe]


=== Discussion ===
=== Discussion ===
Line 76: Line 118:
* Why does privacy matter ?
* Why does privacy matter ?


=== Regulations ===
== Regulations ==
* [http://www.oecd.org/internet/ieconomy/oecdguidelinesontheprotectionofprivacyandtransborderflowsofpersonaldata.htm OECD recommendations] - (summarized [[Data_protection_and_privacy_rules_for_research#OECD_Recommendations_for_protection_of_personal_data|here]])


'''Major data projection laws in Switzerland, The UK and EU directives'''
'''Major data projection laws in Switzerland, The UK, the EU and the US'''


* [http://www.admin.ch/ch/e/rs/2/235.1.en.pdf Federal Act on Data Protection], cornerstone of the [http://www.edoeb.admin.ch/org/00129/index.html?lang=en Swiss legal framework.]
* [http://www.admin.ch/ch/e/rs/2/235.1.en.pdf Federal Act on Data Protection], cornerstone of the [http://www.edoeb.admin.ch/org/00129/index.html?lang=en Swiss legal framework.]


* [http://www.oecd.org/internet/ieconomy/oecdguidelinesontheprotectionofprivacyandtransborderflowsofpersonaldata.htm OECD recommendations] - (summarized [[Data_protection_and_privacy_rules_for_research#OECD_Recommendations_for_protection_of_personal_data|here]])
* EU [http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2016.119.01.0001.01.ENG&toc=OJ:L:2016:119:TOC Regulation (EU) 2016/679] and [http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2016.119.01.0089.01.ENG&toc=OJ:L:2016:119:TOC Directive (EU) 2016/680] (2016). Read the European Commission - Fact Sheet [http://europa.eu/rapid/press-release_MEMO-15-6385_en.htm Questions and Answers - Data protection reform] (December 2015).


* [http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32002L0058:EN:HTML Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002]
* OLD EU legislation: [http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32002L0058:EN:HTML Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002] and [http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:EN:HTML Directive 95/46/EC on the processing of personal data and on the free movement of such data]
* [http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:EN:HTML Directive 95/46/EC on the processing of personal data and on the free movement of such data]


* [http://www.legislation.gov.uk/ukpga/1998/29/contents Data Protection Act 1998] (UK)
* [http://www.legislation.gov.uk/ukpga/1998/29/contents Data Protection Act 1998] (UK)
Line 97: Line 139:
* [http://en.wikipedia.org/wiki/Data_Protection_Directive EU Data Protection Directive] (Wikipedia)
* [http://en.wikipedia.org/wiki/Data_Protection_Directive EU Data Protection Directive] (Wikipedia)


=== Protection strategies ===
== Protection strategies ==


What can a user do ?
What can a user do ?
Line 103: Line 145:
'''Navigators'''
'''Navigators'''
* Use "private browsing features" when searching for sensitive data
* Use "private browsing features" when searching for sensitive data
* Use blocking software if you want more privacy
* Use ad blocking software if you want more privacy
* Erase cookies when closing the browser
* Erase cookies when closing the browser (you can change that in the browser settings).
* Erase/inhibit [http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html Flash cookies] and more recent JavaScript/HTML5 based tricks.
* Log out of Google, Yahoo etc. when you conduct search
* Log out of Google, Yahoo etc. when you conduct search
* ...
* Customize privacy settings, e.g. in Google, examine options in http://myaccount.google.com or directly do the [https://myaccount.google.com/intro/privacycheckup privacy checkup]
* Use proxies or specialized safe browsers like [https://www.torproject.org/ Tor]


'''Email tracking'''
'''Email tracking'''
Line 115: Line 159:
* Think, before you post anything publicly (or privately).
* Think, before you post anything publicly (or privately).
* Remove sensitive data, then ask search engines to remove old information, e.g. using [https://www.google.com/webmasters/tools/removals?pli=1 Google's remove tool]. Changes must be made "at the source". ([http://www.cnet.com/how-to/how-to-delete-yourself-from-the-internet/ How to delete yourself from the Internet], by Seth Rosenblatt, April 2012, C|Net.
* Remove sensitive data, then ask search engines to remove old information, e.g. using [https://www.google.com/webmasters/tools/removals?pli=1 Google's remove tool]. Changes must be made "at the source". ([http://www.cnet.com/how-to/how-to-delete-yourself-from-the-internet/ How to delete yourself from the Internet], by Seth Rosenblatt, April 2012, C|Net.
* If online data about you violates laws, you can try to act. (e.g. Google's [https://support.google.com/legal/answer/3110420?rd=1 Legal Removal Requests]. However, it will not be easy ...
* If online data about you violates laws, you can try to act. (e.g. Google's [https://support.google.com/legal/answer/3110420?rd=1 Legal Removal Requests]). However, it will not be easy ...
* Develop your Internet strategy, i.e. plan ahead.
* Develop your Internet strategy, i.e. plan ahead.
* Use a privacy check application.
== Links ==


'''Further (optional) Reading'''
'''Further (optional) Reading'''
Line 125: Line 172:
* [http://www.gcflearnfree.org/internetsafety/7 Internet Safety]. Smart Social Networking and Communication Tips, GCFLearnFree.org
* [http://www.gcflearnfree.org/internetsafety/7 Internet Safety]. Smart Social Networking and Communication Tips, GCFLearnFree.org
* [http://blog.hide-my-ip.com/a-crash-course-on-cookies-ip-mac-tp-advertisers/ A Crash-Course on Cookies, IP, MAC & TP Advertisers] by J. Leger
* [http://blog.hide-my-ip.com/a-crash-course-on-cookies-ip-mac-tp-advertisers/ A Crash-Course on Cookies, IP, MAC & TP Advertisers] by J. Leger
== Day 2 preparation - reading list ==
'''Instructions'''
# Each student must read one paper from the reading list below (or part of it). Work will be distributed at the end of lesson 1
# Please come back with the following items found in your reading:
## One '''important idea or fact''' found in the article (issues)
## One '''guideline''' for either ''institutions that collect data'' or ''individuals that provide data''
## One '''question''' you would like to discuss 
Copies of these papers are available through an Intranet. The instructor will give you a login + password. Otherwise, you may try to obtain them through Webster's library online service.
==== Defining (Internet) Privacy ====
# '''''[http://plato.stanford.edu/entries/privacy/ Privacy]''''', Stanford Encyclopedia of Philosophy, First published Tue May 14, 2002; substantive revision Fri Aug 9, 2013
#* '''Student''':
#* Summary: This article discusses the multiple facets of privacy. Good, but somewhat difficult reading.
#* ''Read all''
# Daniel J. Solove (2006). '''''Taxonomy Of Privacy''''', University of Pennsylvania Law Review.
#* '''Student''': AK.
#* Read first part of ''The Taxonomy'' (p 483-490) plus the Conclusion.
#* [http://tecfa.unige.ch/guides/privacy/solove-2006-taxonomy.pdf solove-2006-taxonomy.pdf] (access restricted)
==== Young people's behavior ====
# Boyd, Danah and Marwick, Alice E., '''''Social Privacy in Networked Publics: Teens’ Attitudes, Practices, and Strategies''''' (September 22, 2011). A Decade in Internet Time: Symposium on the Dynamics of the Internet and Society, September 2011. Available at SSRN: http://ssrn.com/abstract=1925128
#* '''Student''': Arti
#* This paper represents an ethnographic study on what is teen's privacy and how it is managed
#* Read at least "Privacy in Public" (last section) plus another section on a topic that is of interest.
#* [http://tecfa.unige.ch/guides/privacy/boyd-marwick-2011.pdf boyd-marwick-2011.pdf]  (access restricted)
# Hoofnagle, Chris Jay and King, Jennifer and Li, Su and Turow, Joseph, '''''How Different are Young Adults from Older Adults When it Comes to Information Privacy Attitudes and Policies?''''' (April 14, 2010). Available at SSRN: http://ssrn.com/abstract=1589864 or http://dx.doi.org/10.2139/ssrn.1589864
#* '''Student''': LM
#* Quote: We conclude then that that young-adult Americans have an aspiration for increased privacy even while they participate in an online reality that is optimized to increase their revelation of personal data.
#* ''Skim the whole paper''
#* [http://tecfa.unige.ch/guides/privacy/hoofnagle-et-al-2010.pdf hoofnagle-et-al-2010.pdf]  (access restricted)
# Marwick, Alice E. and Murgia-Diaz, Diego and Palfrey, John G., '''''Youth, Privacy and Reputation''''' (Literature Review). Berkman Center Research Publication No. 2010-5; Harvard Public Law Working Paper No. 10-29. Available at SSRN: http://ssrn.com/abstract=1588163 (80 pages)
#* '''Student''': Rea
#* Quote: The scope of this literature review is to map out what is currently understood about the intersections of youth, reputation, and privacy online, focusing on youth attitudes and practices. We summarize both key empirical studies from quantitative and qualitative perspectives and the legal issues involved in regulating privacy and reputation. This project includes studies of children, teenagers, and younger college students.
#* ''Read pages 60-65''
#* [http://tecfa.unige.ch/guides/privacy/marwick-et-al-2010.pdf marwick-et-al-2010.pdf]  (access restricted)
==== Privacy on the Internet - practical and technical issues ====
# Djordje Krivokapi, '''''Who Should Take Care of Identity, Privacy and Reputation?''''' in Cortesi et al., Digitally Connected: Global Perspectives on Youth and Digital Media (March 26, 2015). Berkman Center Research Publication No. 2015-6. Available at SSRN: http://ssrn.com/abstract=2585686 or http://dx.doi.org/10.2139/ssrn.2585686
#* '''Student''': AZ
#* ''Read the whole article by Krivokapi (5 pages, p. 35-40)''
#* [http://tecfa.unige.ch/guides/privacy/cortesi-gasser-eds-2015.pdf cortesi-gasser-eds-2015.pdf]
# Michal Kosinski, David Stillwell, and Thore Graepel, '''''Private traits and attributes are predictable from digital records of human behavior''''', ''PNAS'' 2013 110 (15) 5802-5805; published ahead of print March 11, 2013, doi:10.1073/pnas.1218772110
#* '''Student''': PG
#* Quote: We show that easily accessible digital records of behavior, Facebook Likes, can be used to automatically and accurately predict a range of highly sensitive personal attributes including: sexual orientation, ethnicity, religious and political views, personality traits, intelligence, happiness, use of addictive substances, parental separation, age, and gender.
#* See also: [http://mypersonality.org/wiki/doku.php MyPersonality Database]
#* ''Read the whole article''
#* [http://tecfa.unige.ch/guides/privacy/Kosinski-PNAS-2013.pdf Kosinski-PNAS-2013.pdf]  (access restricted)
# Seda Gürses. 2014. ''''' Can you engineer privacy?'''''. Commun. ACM 57, 8 (August 2014), 20-23. DOI=10.1145/2633029 http://doi.acm.org/10.1145/2633029
#* '''Student''':
#* Quote: We cannot engineer society, but neither are our societies independent of the systems we engineer. Hence, as practitioners and researchers we have the responsibility to engineer systems that address privacy concerns.
#* ''Read All''
#* [http://tecfa.unige.ch/guides/privacy/gurses-2014.pdf gurses-2014.pdf]  (access restricted)
# Paul Weiser and Simon Scheider. 2014. '''''A civilized cyberspace for geoprivacy.''''' In Proceedings of the 1st ACM SIGSPATIAL International Workshop on Privacy in Geographic Information Collection and Analysis (GeoPrivacy '14), Carsten Kessler, Grant D. McKenzie, and Lars Kulik (Eds.). ACM, New York, NY, USA, , Article 5 , 8 pages. DOI=10.1145/2675682.2676396 http://doi.acm.org/10.1145/2675682.2676396
#* '''Student''':
#* ''Read sections 1,2, 6 (conclusion) and try 5''
#* [http://tecfa.unige.ch/guides/privacy/weiser-et-al-2014.pdf weiser-et-al-2014.pdf]  (access restricted)
# Fabian, B., Bender, B., & Weimann, L. (2015). '''''E-Mail Tracking in Online Marketing-Methods, Detection, and Usage''', Wirtschaftsinformatik (pp. 1100-1114).
#* '''Student''':
#* Quote: EMail tracking uses personalized links and pictures for gathering in-formation on user behavior, for example, where, when, on what kind of device, and how often an e-mail has been read. This information can be very useful for marketing  purposes.  On  the  other  hand,  privacy  and security  requirements  of customers could be violated by tracking.
#* ''Read All''
#* [http://tecfa.unige.ch/guides/privacy/barocas-et-al-2014.pdf fabian-2015.pdf]  (access restricted)
# Solon Barocas and Helen Nissenbaum. 2014. '''''Big data's end run around procedural privacy protections'''''. Commun. ACM 57, 11 (October 2014), 31-33. DOI=10.1145/2668897 http://doi.acm.org/10.1145/2668897
#* '''Student''': JC
#* Quote: When consent is given (or not withheld) or the data is anonymized, virtually any information practice becomes permissible.
#* ''Read all''
#* [http://tecfa.unige.ch/guides/privacy/barocas-et-al-2014.pdf barocas-et-al-2014.pdf]  (access restricted)
# Tanmay Sinha, Vrns Srikanth, Mangal Sain, and Hoon Jae Lee. 2013. '''''Trends and research directions for privacy preserving approaches on the cloud.''''' In Proceedings of the 6th ACM India Computing Convention (Compute '13). ACM, New York, NY, USA, , Article 21 , 12 pages. DOI=10.1145/2522548.2523138 http://doi.acm.org/10.1145/2522548.2523138
#* '''Student''':
#* ''Read sections 1,6,7,8''
#* [http://tecfa.unige.ch/guides/privacy/tanmay-et-al-2013.pdf tanmay-et-al-2013.pdf]  (access restricted)
# '''''[http://en.wikipedia.org/wiki/Internet_privacy#Risks_to_Internet_privacy Risks to Internet Privacy]''''' (Wikipedia chapter of the Internet Privacy article)
#* '''Student''':
#* ''Read all''
# Robert Faris and David R. O’Brien, '''''Data and Privacy''''', in Gasser et al. in Gasser, Urs and Zittrain, Jonathan and Faris, Robert and Heacock Jones, Rebekah, Internet Monitor 2014: Reflections on the Digital World: Platforms, Policy, Privacy, and Public Discourse (December 15, 2014). Berkman Center Research Publication No. 2014-17. Available at SSRN: http://ssrn.com/abstract=2538813.
#* '''Student''':
#* Quote: The mismatch between traditional mechanisms for preserving privacy and the realities of digital networks are more apparent each day. The Internet, “the world’s biggest copy machine,”1 has eliminated the principal mechanism for preserving privacy; it used to be expensive to record and maintain information on the everyday comings and goings of citizens.
#* Read the introduction (p. 63-65) plus 2-3 following ultra-short articles
#* [http://tecfa.unige.ch/guides/privacy/gasser-et-al-2014.pdf gasser-et-al-2014.pdf]
==== Mobile apps and other data from your mobile ====
# '''''[https://www.priv.gc.ca/media/nr-c/2014/bg_140910_e.asp Results of the 2014 Global Privacy Enforcement Network Sweep]''''', OTTAWA, September 10, 2014
#* '''Student''': FS
#* Quote: The second Global Privacy Enforcement Network (GPEN) Privacy Sweep demonstrates the ongoing commitment of privacy enforcement authorities to work together to promote privacy protection around the world. Some 26 privacy enforcement authorities in 19 countries participated in the 2014 Sweep, which took place May 12-18. Over the course of the week, participants downloaded 1,211 popular mobile apps in a bid to assess the transparency of their privacy practices.
#* Other summaries of this survey: [https://www.privaworks.com/Details/AlertReference.aspx?mode=fr&guid=55026293-89cf-49b5-b427-b62ad1586f3a European Results of the 2014 Global Privacy Enforcement Network Sweep - European Data Protection Authorities], [https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2014/09/global-survey-finds-85-of-mobile-apps-fail-to-provide-basic-privacy-information/ Global survey finds 85% of mobile apps fail to provide basic privacy information], ICO, 2014 (UK), [http://dataprotection.ie/docimages/GPEN_Summary_Global_Results_2014.pdf Data Protection] (IE).
#* ''Read all'' (short HTML pages)
# H. Almuhimedi, F. Schaub, N. Sadeh, I. Adjerid, A. Acquisti, J. Gluck, L. Cranor and Y. Agrawal, '''''Your Location has been Shared 5,398 Times! A Field Study on Mobile App Privacy Nudging''''', to appear in In Proceedings of the 33rd annual SIGCHI Conference on Human Factors in Computing Systems, CHI2015. April 2015 (also available as Tech Report CMU-ISR-14-116) [http://reports-archive.adm.cs.cmu.edu/anon/isr2014/CMU-ISR-14-116.pdf PDF]
#* '''Student''':
#* Summary: [http://www.cmu.edu/news/stories/archives/2015/march/privacy-nudge.html Study Shows People Act To Protect Privacy When Told How Often Phone Apps Share Personal Information], By Byron Spice, March 2015, CMU News.
#* ''Read the whole summary'' and skim the article
#* [http://tecfa.unige.ch/guides/privacy/Almuhimedi-et-al-2015.pdf Almuhimedi-et-al-2015.pdf]  (access restricted)
==== Privacy in Internet-supported research ====
# John Leslie King. 2015. '''''Humans in computing: growing responsibilities for researchers'''''. Commun. ACM 58, 3 (February 2015), 31-33. DOI=10.1145/2723675 http://doi.acm.org/10.1145/2723675
#* '''Student''': AA
#* Quote: Open issues regarding human welfare will not be settled using an authoritarian approach. Computing researchers in universities and companies cannot do whatever they like. Doctoral students and postdoctoral fellows should be aware of science and engineering ethics. Ethical concerns must lead professional practice and regulation, not the other way around.
#* ''Read all''
#* [http://tecfa.unige.ch/guides/privacy/king-2015.pdf king-2015.pdf]  (access restricted)
==== Political action, law and opinions ====
# '''''[https://www.aclu.org/files/FilesPDFs/global_agenda.pdf Liberty in the age of technology]'''''. ACLU, 2014, (3 pages)
#* '''Student''':
#* Quote: Increasing government surveillance worldwide raises tough questions for democracy and civil liberty. Left unchecked, the deployment of intrusive new technologies poses a profound threat to individual privacy. What we need, says  Barry Steinhardt, is stronger regulation to ensure that such technology is used fairly – by governments and businesses alike.
#* Read the whole article
#  Jeff Jarvis, '''[http://spectrum.ieee.org/telecom/internet/privacy-publicness-and-the-web-a-manifesto Privacy, Publicness, and the Web: A Manifesto]'''. May 21011,  IEEE Spectrum's special report on the battle for the future of the social Web.
#* '''Student''': KS
#* Read the whole article (a short opinion piece)
#  Bolton, Robert Lee, '''The Right to Be Forgotten: Forced Amnesia in a Technological Age''' (October 15, 2014). 31 J. Marshall J. Info. Tech. & Privacy L. 133 (2015); John Marshall Journal of Computer & Information Law, Forthcoming. Available at SSRN: http://ssrn.com/abstract=2513652
#* Quote: In much of Europe, among the citizenry’s rights is a legal concept referred to as le droit à l’oubli. This “right to be forgotten” is a nebulous term whose exact meaning varies by country, but can generally be defined as the right of an individual to control data pertaining to them and have it destroyed if they so desire
#* '''Student''': RC
#* Read sections "Introduction", "The Law abroad" and Conclusion
#* [http://tecfa.unige.ch/guides/privacy/bolton-2015.pdf bolton-2015.pdf] (access restricted)
==== Use of medical e-health data ====
* To do: Data stored and used by various sensors (digital coaches, etc.) to influence your behavior, e.g. via health insurance.
== Day two ==
=== Presentations / discussion ===
* Each student will present the three items (an issue, a guideline, and a question)
* We will discuss any of these (depending on participant's interests & available time)
=== Notes from the presentations and discussion on digital privacy ===
(The instructor tried to compile a rough draft of student contributions and discussion ....)
==== Summary of issues ====
* Privacy is related to society. Without it, no need for privacy. Invasion of privacy is defined as "not consent".
* What is consent ?
* Young people have different definitions, also with respect to different locations (e.g. request privacy at home). Privacy of thought is important. Goffman's civil inattention. Young people want to be both private and public.
* There is direct and indirect peer preasure to participate in social networks, even from the university. People may think that you are boring, don't want to maintain friendship, etc.
* Survey shows that of 18-24 olds, 82% refuse to give infos to a company (same as old people).
* Some young people have two accounts. One for the family and one for friends.
* Online identity is defined by us (contents, activities). Reputation is defined by society, by third parties. These can combine data, use it for their own purposes. This is an issue for children who don't understand long term consequences.
* Study shows that "facebook likes" predict personality traits. Correlation is very hight for many traits and other personality features. E.g. predict intelligence. Even two "likes" can predict.
* The older you get the more you share (according to some article).
* Every person should know what she/he does on the Internet.
* There are a lot of loopholes in consent forms with respect to anonymity. In addition, consent forms cannot be understood. People cannot understand privacy statements.
* Permission for mobile phone apps (surveys in Europe and Canada). Ask for too much
* Does nudging people to be aware of privacy work ? If you "see clearly" "that people use it" then you might react.
* Change the business model. From "you as a product" to pay services where they become product.
* No one acts on the world stage, except big companies.
==== Minimal legal and ethical guidelines ====
* Invasion of privacy must be defined by the judicial system in operational terms.
* "Consent" must be defined.
* With respect to the younger generation it is difficult to come with recommendations / definitions / rules. However,
** There should be some privacy at home
** There should be less peer preasure to participate in Facebook, Snapshot, Instagram, ....
* There should be levels of privacy in social networking software. Users must be able to configure settings.
** Very young people should be trained
** Governement should insist on proctective (private) default settings
** Should websites actively help people set their privacy settings, e.g. during a posting dialog ?
* Privacy guidelines must be discussed by all stakeholders
* Researchers and any other third party should try to understand what "identity, privacy and reputation" means to the youth.
* There should be warnings that "likes" (or other postings) can be used for predictive modeling (not just in terms of agreement but in popups).
* How can we force providers to provide clear information about privacy guidelines ? For example translate profile data into single image and show it and tell what they can do with it.
* Give more importance to education, i.e. people should learn that they should read before they click.
* Force people to pass a quiz before taking decisions ?
* The issues must be addressed at "world level", create some basic universal principles.
* Today's world is about sharing and that cannot be changed .... but dealt with in some ways.
== Additional resources ==
* [http://www.scu.edu/ethics-center/privacy/ Privacy online], Santa Clara University
* [http://www.scu.edu/ethics-center/privacy/ Privacy online], Santa Clara University
* [http://en.wikipedia.org/wiki/Internet_privacy Internet Privacy] (Wikipedia)
* [http://en.wikipedia.org/wiki/Internet_privacy Internet Privacy] (Wikipedia)
Line 333: Line 178:
* [https://ico.org.uk/for-organisations/education/ Information rights video for schools] (ICO, UK)
* [https://ico.org.uk/for-organisations/education/ Information rights video for schools] (ICO, UK)
* [https://www.openrightsgroup.org/ OpenRightsGroup], NGO, UK
* [https://www.openrightsgroup.org/ OpenRightsGroup], NGO, UK
* [https://www.theguardian.com/technology/2017/sep/26/tinder-personal-data-dating-app-messages-hacked-sold  Iasked Tinder for my data. It sent me 800 pages of my deepest, darkest secrets]


; Classes
; Classes
* [https://www.coursera.org/course/surveillance Surveillance Law] (Stanford, Coursera MOOC)
* You can find various MOOCs on privacy, e.g. [https://www.coursera.org/learn/digital-footprint Digital Footprint] (University of Edinburg) on Coursera
* [http://www.cyberwisecert.com/how-to-protect-your-online-privacy How to Protect Your Online Privacy] (Cyberwise)
* [http://www.cyberwisecert.com/how-to-protect-your-online-privacy How to Protect Your Online Privacy] (Cyberwise) - $9


; Classes (recent past)
; Classes (recent past)
* [http://cyber.law.harvard.edu/privacy/ Privacy in Cyberspace] Archived class, Berkman Center for Internet & Society, Spring of 2002.
* [http://cyber.law.harvard.edu/privacy/ Privacy in Cyberspace] Archived class, Berkman Center for Internet & Society, Spring of 2002.
* [http://www.cs.virginia.edu/~evans/cs551/ CS551: Security and Privacy on the Internet], University of Virginia, 2000.
* [http://www.cs.virginia.edu/~evans/cs551/ CS551: Security and Privacy on the Internet], University of Virginia, 2000.
[[category: courses and workshops]]
[[category: Privacy]]

Latest revision as of 11:10, 25 September 2018

Introduction

This page includes the program and the resources for a two lesson module on digital (or Internet) privacy.

Massive use of ICT in business and private life has led to personally identifiable information (PII), i.e. information that can be used to uniquely identify, contact, or locate a single person or can be used with other sources to uniquely identify a single individual (Wikipedia). In addition, the use of social software and in particular social networking applications like Facebook allows to draw quite extensive digital profiles of many people. This situation requires - at least in principle - that persons adopt some kind of strategy to manage this information (Jones, 2008). In addition, there should be appropriate legal frameworks to protect the citizens.

Program

A look at tracking

Let's see how you are tracked on the web

For starters, let's look at the simple footprint of your browser.

Two interesting extensions for the Firefox web browser allow understanding some of the tracking

  1. Launch the Firefox web browser (recent version required !)
  2. Install the Lightbeam and Ghostery navigator extensions by clicking on the links below
    • Lightbeam is a Firefox extension that will tell you who is spying on you. When you start it, it will track and visualize all third party websites that interact with your page and your browser.
    • Ghostery (home page) is another Firefox/Chrome browser plugin that sees the invisible web - tags, web bugs, pixels and beacons. Introduction (tutorial)
  3. Then interact with two tools, (use the icons top right)
    1. Go to your facebook page
    2. Search something in google
    3. Open http://www.webster.ch

Notice: Such web browser plugins cannot track every tracking ! E.g. they will not show in which ways you are tracked on a facebook page.

What do search engines know about you ?

If you do have a Google account (Gmail), see what Google knows about you and how you set your privacy settings:

Have a look at:

Engines like google web analytics do not provide individual data to customers since it is (a) not needed for advertising and (b) not allowed in some countries. However, one still can know quite a lot about a cohort of users

What does your teacher know about you ?

Worldclassroom demo:

  • People -> Select a person -> Access report or Analytics

Other forms of tracking

Email tracking (less known)

  • An email may include customized pictures or just a little pixel image that will uniquely identify you. E.g. employers can know whether you did open an email (not very harmful) or forwarded and email (harmful)
  • E-mail tracing (Wikipedia article)

Data can be aggregated from various resources and then sold

Such information must be paid, freely available information is not very interesting.

  • In Europe, most services (e.g. 123people or Intelius, Spokeo) are now disabled. However, online private investigation services do exist.
  • Few people aggregation services like the following ones offer some data: Pipl.com, (international), (USA only)

Predictive modeling

  • Statistical "big data" models allow inferring things about you.

Try this! Predicting personality traits and behavior from text and Facebook 'likes'

  • https://applymagicsauce.com/demo
    • If your are a Facebook and or Twitter user, try ! (Notice: As of Summer 2018, the FaceBook component is down, as of Sept. 2018 the Twitter interface did work).

Facebook "likes" allow inferring political orientation, sexual preferences and more. Also read Michal Kosinski's ending notes about the related mypersonality.org project. Basically, both documents show that Kosinki et al. are ahead of Cambridge Analytica and its most well known data scientist, Alksandr Kogan. They were warning about various dangers to privacy well before the "Facebook" Scandal in spring 2018.

What do you know about the legal aspects of privacy issues ?

Most people don't seem to informed about the situation. See for yourself:

Santa Clara University quiz

Online Privacy Questions concerning US law (Hoofnagle et al., 2014, p. 17)
1. If a website has a privacy policy, it means that the site cannot share information about you with other companies, unless you give the website your permission.
True / False
2. If a website has a privacy policy, it means that the site cannot give your address and purchase history to the government
True / False
3. If a website has a privacy policy, it means that the website must delete information it has about you, such as name and address, if you request them to do so.
True / False
4. If a website violates its privacy policy, it means that you have the right to sue the website for violating it.
True / False
5. If a company wants to follow your internet use across multiple sites on the internet, it must first obtain your permission.
True / False
Offline Privacy Questions
6. When you subscribe to a newspaper or magazine by mail or phone, the publisher is not allowed to sell your address and phone number to other companies without your permission.
True / False
7. When you order a pizza by phone for home delivery, the pizza company is not allowed to sell your address and phone number to other companies without your permission.
True / False
8. When you enter a sweepstakes contest, the sweepstakes company is not allowed to sell your address or phone number to other companies without your permission.
True / False
9. When you give your phone number to a store cashier, the store is not allowed to sell your address or phone number to other companies without your permission.
True / False

Other privacy quizzes

Each student should take one and write down 1-2 surprising things.

Presentation of 1 or 2 cases

Discussion

  • Why does privacy matter ?

Regulations

Major data projection laws in Switzerland, The UK, the EU and the US

  • None (USA). However there are other laws that partially address the issue, plus "case law" derived from other acts, plus local regulations.

Summaries, including information from government agencies

Protection strategies

What can a user do ?

Navigators

  • Use "private browsing features" when searching for sensitive data
  • Use ad blocking software if you want more privacy
  • Erase cookies when closing the browser (you can change that in the browser settings).
  • Erase/inhibit Flash cookies and more recent JavaScript/HTML5 based tricks.
  • Log out of Google, Yahoo etc. when you conduct search
  • Customize privacy settings, e.g. in Google, examine options in http://myaccount.google.com or directly do the privacy checkup
  • Use proxies or specialized safe browsers like Tor

Email tracking

  • Disable pictures

Social networks

  • Never post sensitive data, anywhere.
  • Think, before you post anything publicly (or privately).
  • Remove sensitive data, then ask search engines to remove old information, e.g. using Google's remove tool. Changes must be made "at the source". (How to delete yourself from the Internet, by Seth Rosenblatt, April 2012, C|Net.
  • If online data about you violates laws, you can try to act. (e.g. Google's Legal Removal Requests). However, it will not be easy ...
  • Develop your Internet strategy, i.e. plan ahead.
  • Use a privacy check application.

Links

Further (optional) Reading

Classes
Classes (recent past)
Retrieved from "https://edutechwiki.unige.ch/mediawiki/index.php?title=COAP:Privacy&oldid=69763"