COAP:Privacy: Difference between revisions

Introduction

This page includes the program and the resources for the module on digital (or Internet) privacy

Day one

Let's see how you are tracked

Install the Lightbeam and Ghostery navigator extensions according to instructions

• Lightbeam is a Firefox extension that will tell you who is spying on you. When you start it, it will track and visualize all third party websites that interact with your page and your browser.

• Ghostery is a Firefox/Chrome browser plugin that “sees the invisible web - tags, web bugs, pixels and beacons. Ghostery tracks the trackers and gives you a roll-call of the ad networks, behavioral data providers, web publishers, and other companies interested in your activity.”

If you do have a Google account (Gmail), see what Google knows about you:

• Ads settings
• History of your search

Quizzes on privacy

Most people don't seem to informed about the situation. See for yourself:

Santa Clara University quiz

• Hoofnagle, Chris Jay, King, Jennifer, Li, Su and Turow, Joseph, "How Different are Young Adults from Older Adults when It Comes to Information Privacy Attitudes and Policies?" (April 14, 2010). Available at SSRN: http://ssrn.com/abstract=1589864 or http://dx.doi.org/10.2139/ssrn.1589864
• Santa Clara University (web page with the quiz)

Online Privacy Questions (Hoofnagle et al., 2014, p. 17)

1. If a website has a privacy policy, it means that the site cannot share information about you with other companies, unless you give the website your permission.

True / False

2. If a website has a privacy policy, it means that the site cannot give your address and purchase history to the government

True / False

3. If a website has a privacy policy, it means that the website must delete information it has about you, such as name and address, if you request them to do so.

True / False

4. If a website violates its privacy policy, it means that you have the right to sue the website for violating it.

True / False

5. If a company wants to follow your internet use across multiple sites on the internet, it must first obtain your permission.

True / False

Offline Privacy Questions

6. When you subscribe to a newspaper or magazine by mail or phone, the publisher is not allowed to sell your address and phone number to other companies without your permission.

True / False

7. When you order a pizza by phone for home delivery, the pizza company is not allowed to sell your address and phone number to other companies without your permission.

True / False

8. When you enter a sweepstakes contest, the sweepstakes company is not allowed to sell your address or phone number to other companies without your permission.

True / False

9. When you give your phone number to a store cashier, the store is not allowed to sell your address or phone number to other companies without your permission.

True / False

Other privacy quizzes

Each student should take one and write down 1-2 surprising things.

• Privacy 001. From the canadian government, to sensitize people about the use of social sharing and networking sites.
• ACLU privacy quiz from the American Civil Liberties Union
  • see also their files on [https://www.aclu.org/issues/privacy-technology/internet-privacy Internet Privacy)
• Privacy IQ (from Awast)

Presentation of 1 or 2 cases

• Girls around me (Santa Clara Univ.)

Discussion

• Why does privacy matter ?

Regulations

Privacy and data projection laws in Europe, Switzerland and the EU

Information from government agencies

• Guide to data protection (UK)

Protection strategies

What can a user do ?

• How to Protect Your Online Privacy, by Irina Raicu, Santa Clara University, 2014.
• How You Ruin Your Privacy Online Every Day (And How To Stop), by Thorin Klosowski, 2014.
• Protecting Online Privacy, We do care about our privacy online, and we can protect it from surveillance, By Siva Vaidhyanathan, May 2011, IEEE Spectrum special report on the battle for the future of the social Web

Homework reading list

Instructions

1. Each student must read one paper from the reading list below (or part of it). Work will be distributed at the end of lesson 1
2. Please come back with the following:
   1. One important idea or fact found in the article
   2. One guideline for either institutions that collect data or individuals that provide data (found in the article)
   3. One question you would like to discuss

Copies of these papers are available through an Intranet. The instructor will give you a login + password. Otherwise, you may try to obtain them through Webster's library online service.

Defining (Internet) Privacy

• Privacy, Stanford Encyclopedia of Philosophy, First published Tue May 14, 2002; substantive revision Fri Aug 9, 2013
  • Read all

• Daniel J. Solove (2006). Taxonomy Of Privacy, University of Pennsylvania Law Review.
  • Read first part of The Taxonomy (p 483-490) plus the Conclusion.
  • [solove-2006-taxonomy.pdf

Young people's behavior

• Boyd, Danah and Marwick, Alice E., Social Privacy in Networked Publics: Teens’ Attitudes, Practices, and Strategies (September 22, 2011). A Decade in Internet Time: Symposium on the Dynamics of the Internet and Society, September 2011. Available at SSRN: http://ssrn.com/abstract=1925128
  • This paper represents an ethnographic study on what is teen's privacy and how it is managed
  • Read at least "Privacy in Public" (last section) plus another section on a topic that is of interest.
  • boyd-marwick-2011.pdf

• Hoofnagle, Chris Jay and King, Jennifer and Li, Su and Turow, Joseph, How Different are Young Adults from Older Adults When it Comes to Information Privacy Attitudes and Policies? (April 14, 2010). Available at SSRN: http://ssrn.com/abstract=1589864 or http://dx.doi.org/10.2139/ssrn.1589864
  • Quote: We conclude then that that young-adult Americans have an aspiration for increased privacy even while they participate in an online reality that is optimized to increase their revelation of personal data.
  • Skim the whole paper
  • hoofnagle-et-al-2010.pdf

• Marwick, Alice E. and Murgia-Diaz, Diego and Palfrey, John G., Youth, Privacy and Reputation (Literature Review). Berkman Center Research Publication No. 2010-5; Harvard Public Law Working Paper No. 10-29. Available at SSRN: http://ssrn.com/abstract=1588163 (80 pages)
  • Quote: The scope of this literature review is to map out what is currently understood about the intersections of youth, reputation, and privacy online, focusing on youth attitudes and practices. We summarize both key empirical studies from quantitative and qualitative perspectives and the legal issues involved in regulating privacy and reputation. This project includes studies of children, teenagers, and younger college students.
  • Read pages 60-65
  • marwick-et-al-2010.pdf

• H. Almuhimedi, F. Schaub, N. Sadeh, I. Adjerid, A. Acquisti, J. Gluck, L. Cranor and Y. Agrawal, Your Location has been Shared 5,398 Times! A Field Study on Mobile App Privacy Nudging to appear in In Proceedings of the 33rd annual SIGCHI Conference on Human Factors in Computing Systems, CHI2015. April 2015 (also available as Tech Report CMU-ISR-14-116) PDF,
• Summary: Study Shows People Act To Protect Privacy When Told How Often Phone Apps Share Personal Information, By Byron Spice, March 2015, CMU News.
  • Read all of the summary
  • Almuhimedi-et-al-2015.pdf

Privacy on the Internet - technical issues

• Michal Kosinski, David Stillwell, and Thore Graepel, Private traits and attributes are predictable from digital records of human behavior, PNAS 2013 110 (15) 5802-5805; published ahead of print March 11, 2013, doi:10.1073/pnas.1218772110
  • Quote: We show that easily accessible digital records of behavior, Facebook Likes, can be used to automatically and accurately predict a range of highly sensitive personal attributes including: sexual orientation, ethnicity, religious and political views, personality traits, intelligence, happiness, use of addictive substances, parental separation, age, and gender.
  • See also: MyPersonality Database
  • Read the whole article
  • Kosinski-PNAS-2013.pdf

• Seda Gürses. 2014. Can you engineer privacy?. Commun. ACM 57, 8 (August 2014), 20-23. DOI=10.1145/2633029 http://doi.acm.org/10.1145/2633029
  • Quote: We cannot engineer society, but neither are our societies independent of the systems we engineer. Hence, as practitioners and researchers we have the responsibility to engineer systems that address privacy concerns.
  • Read All
  • gurses-2014.pdf

• Paul Weiser and Simon Scheider. 2014. A civilized cyberspace for geoprivacy. In Proceedings of the 1st ACM SIGSPATIAL International Workshop on Privacy in Geographic Information Collection and Analysis (GeoPrivacy '14), Carsten Kessler, Grant D. McKenzie, and Lars Kulik (Eds.). ACM, New York, NY, USA, , Article 5 , 8 pages. DOI=10.1145/2675682.2676396 http://doi.acm.org/10.1145/2675682.2676396
  • Read sections 1,2, 6 (conclusion) and try 5
  • weiser-et-al-2014.pdf

• Solon Barocas and Helen Nissenbaum. 2014. Big data's end run around procedural privacy protections. Commun. ACM 57, 11 (October 2014), 31-33. DOI=10.1145/2668897 http://doi.acm.org/10.1145/2668897
  • Quote: When consent is given (or not withheld) or the data is anonymized, virtually any information practice becomes permissible.
  • Read all
  • barocas-et-al-2014.pdf

• Tanmay Sinha, Vrns Srikanth, Mangal Sain, and Hoon Jae Lee. 2013. Trends and research directions for privacy preserving approaches on the cloud. In Proceedings of the 6th ACM India Computing Convention (Compute '13). ACM, New York, NY, USA, , Article 21 , 12 pages. DOI=10.1145/2522548.2523138 http://doi.acm.org/10.1145/2522548.2523138
  • Read sections 1,6,7,8
  • tanmay-et-al-2013.pdf

• Risks to Internet Privacy (Wikipedia chapter of the Internet Privacy article)
  • Read all

Mobile apps

• Results of the 2014 Global Privacy Enforcement Network Sweep, OTTAWA, September 10, 2014
  • Quote: The second Global Privacy Enforcement Network (GPEN) Privacy Sweep demonstrates the ongoing commitment of privacy enforcement authorities to work together to promote privacy protection around the world. Some 26 privacy enforcement authorities in 19 countries participated in the 2014 Sweep, which took place May 12-18. Over the course of the week, participants downloaded 1,211 popular mobile apps in a bid to assess the transparency of their privacy practices.
  • Other summaries of this survey: European Results of the 2014 Global Privacy Enforcement Network Sweep - European Data Protection Authorities, Global survey finds 85% of mobile apps fail to provide basic privacy information, ICO, 2014 (UK), Data Protection (IE).
• Read all (short HTML pages)

Privacy in Internet-supported research

• John Leslie King. 2015. Humans in computing: growing responsibilities for researchers. Commun. ACM 58, 3 (February 2015), 31-33. DOI=10.1145/2723675 http://doi.acm.org/10.1145/2723675
  • Quote: Open issues regarding human welfare will not be settled using an authoritarian approach. Computing researchers in universities and companies cannot do whatever they like. Doctoral students and postdoctoral fellows should be aware of science and engineering ethics. Ethical concerns must lead professional practice and regulation, not the other way around.
  • Read all
  • king-2015.pdf

Political action and opinions

• Liberty in the age of technology ACLU, 2014, (3 pages)
  • Quote: Increasing government surveillance worldwide raises tough questions for democracy and civil liberty. Left unchecked, the deployment of intrusive new technologies poses a profound threat to individual privacy. What we need, says Barry Steinhardt, is stronger regulation to ensure that such technology is used fairly – by governments and businesses alike.
  • Read the whole article
  • Kosinski-PNAS-2013.pdf

• Privacy, Publicness, and the Web: A Manifesto. By Jeff Jarvis, May 21011, IEEE Spectrum's special report on the battle for the future of the social Web.

Day two

Presentations / discussion

• Short presentations of readings

A common text about digital privacy

(rough draft)

Summary of issues

Minimal legal and ethical guidelines

Advice for protection

Additional resources

• Privacy online, Santa Clara University
• Internet Privacy (Wikipedia)
• Privacy by Design, A Canadian-based NGO with worldwide impact.
• Online Guide to Privacy Resources (EPIC.org)
• Information rights video for schools (ICO, UK)
• OpenRightsGroup, NGO, UK