Privacy in Computing

Overview

Privacy: According to S. Warren and L. Brandeis, quoted in Cyberethics (Spinello), "right to be let alone."

Control Theory: I have privacy if I control information about myself.

Restricted Access Theory: I have privacy if others are restricted from obtaining information about me (assuring me some level of secrecy, anonymity, and solitude).

Extrinsic Freedom: Loss of privacy causes a loss of extrinsic freedom if others can use private information about me to restrict things that I can do: deny me a job, deny me other opportunities I would otherwise have, etc.

Intrinsic Freedom: Loss of privacy causes a loss of intrinsic freedom if I choose not to engage in certain activities that I would otherwise engage in because I feel that my actions are being monitored.

Suppose you run an ISP. One of your customers has applied for a job at your company (ISP). Should you monitor his/her Internet activity to determine if he/she is suitable for the job? Suppose you do monitor his/her Internet logs, and you find some activity you do not agree with. Do you deny him/her the job, if he/she is otherwise qualified?

Now, suppose you are the customer. You know that the owner of your ISP graduated from the University of Nebraska. You've applied for a job at that ISP. Do you browse www.kstatesports.com when the Wildcats beat the Huskers?

Privacy Policies

Amazon.com Privacy Policy

Amazon.com knows that you care how information about you is used and shared, and we appreciate your trust that we will do so carefully and sensibly. This notice describes our privacy policy. By visiting Amazon.com, you are accepting the practices described in this Privacy Notice. ...
What Personal Information About Customers Does Amazon.com Gather? ...
Does Amazon.com Share the Information It Receives? ...
[http://www.amazon.com/exec/obidos/tg/browse/-/468496/103-9875847-8619811]

Cox Cable Broadband Internet Privacy Policy

Information We Collect
Personally Identifiable Information — In providing services to you, we obtain certain “personally identifiable information”; that is, information that identifies you individually. Personally identifiable information may include your: name, service address, billing address, telephone numbers, social security number, driver’s license number, premium services you have selected, user IDs, passwords, email addresses, correspondence and communications records. We maintain customer information concerning credit, billing and payment, security deposits, maintenance and repair, equipment used and services provided and other service-related functions. In providing our services, we may also collect information about your video equipment, computer hardware and software, modems, routers, settings and other preferences to aid in customer support. ...
Unless you are notified and agree, we do not collect personally identifiable information concerning most video program viewing. Aggregate information that is not individually identifiable may be collected and used for programming, advertising and similar purposes. In providing some specific cable television services, such as pay-per-view, entertainment-on-demand and interactive cable services we do maintain limited usage information for billing, programming and related purposes. When we provide digital video recorder services, we may also receive detailed information concerning your use and operation of the recorder for the uses described below.
Internet Services — In providing Internet services, we automatically collect personal and usage information, such as the Internet Protocol (IP) addresses assigned (numbers assigned to your computer while online), bandwidth used, system and connection performance, browsers used, dates and times of access, and Internet resource requests, including requests to access web pages. We do not store emails sent and received unless left in your Cox High Speed Internet account file. As explained below, we could be required by court order to disclose such information if left on our system. ...
[http://www.cox.com/policy/04privacyrights.asp]

Kansas State University Information Technology Usage Policy

.040 Confidentiality and Privacy
Authorized access to data or information entails both privilege and responsibility, not only for the user, but also for the system administrator. In general, the university will treat information stored on computers as confidential. However, there is no expectation of privacy or confidentiality for documents and messages stored on University-owned equipment. Additionally, e-mail and data stored on KSU's network of computers may be accessed by the university for the following purposes:

troubleshooting hardware and software problems,
preventing unauthorized access and system misuse,
retrieving business related information,*
investigating reports of violation of this policy or local, state or federal law,*
complying with legal requests for information,*
rerouting or disposing of undeliverable mail.
* The system administrator will need specific approval from the Vice Provost for Academic Services and Technology or the appropriate designee to access these items. The extent of the access will be limited to what is essentially necessary to acquire the information.
To the greatest extent possible in a public setting individuals' privacy should be preserved. However, privacy or confidentiality of documents and messages stored on University-owned equipment cannot be guaranteed. Users of electronic mail systems should be aware that, in addition to being subject to authorized access, electronic mail in its present form cannot be secured and is, therefore, vulnerable to unauthorized access and modification by third parties.
[http://www.k-state.edu/policies/ppm/3420.html]

Privacy Regulation

HIPAA: Health Insurance Portability and Accountability Act of 1996:

Prohibits providers from releasing patient information without consent
Patients have the right to obtain and examine their records
Restricts disclosure of information to "minimum necessary"
"Securing patient records containing individually identifiable health information so that they are not readily available to those who do not need them." [hhs.org]

[See also: http://www.hhs.gov/ocr/hipaa/]

European Union Privacy Laws:
According to Spinello:

Traditionally European legislatures have stricter privacy laws than US
"Data Processing" laws: what happens to your data
Data cannot be processed for purposes other than for what it was collected.
Prohibits release of private information to countries that do not afford the same protection as EU (US??)

Personal Information Publicly Available

[Free from: www.ussearch.com]

[Free from: www.anywho.com]

[I had to pay to get this data: www.peopledata.com]

[Free from: terraserver.microsoft.com]

Statistical Information

Suppose that we have the following database table with information on some company.

Staff_Name	Gender	Yearly_Bonus
Ace Adams	M	$20
Bob Brown	M	$19
Carl Chavez	M	$18
Dorothy Doe	F	$18

Now suppose the company was interested in releasing some statistical information about yearly bonuses. The following information is released:

Gender	Avg_Bonus	Employee_Count
M	$19	3
F	$18	1
Total Company Bonus Paid:	$75	4

Does that release any personal information? What if we withhold some information?

Gender	Avg_Bonus	Employee_Count
M	$19	3
F	--	1
Total Company Bonus Paid:	$75	4

Tracking Personal Internet Activity

Doubleclick
Hypothetical Cookie Example: The html code on some page:

This product is great!
<img src='http://www.someadvertiser.com/great/banner/ad.gif?from=www.somesite.com'>

My browser makes the following request to www.someadvertiser.com:

GET /great/banner/ad.gif?from=www.somesite.com HTTP/1.1
Host: www.someadvertiser.com

...

What www.someadvertiser.com returns:

HTTP/1.1 200 OK
Date: Sun, 20 Feb 2005 04:12:59 GMT
Content-Length: 10567
Content-Type: image/gif
Set-Cookie: SomeAdvertiserCookie=YourTrackingNumberIs3141592; path=/

... binary data follows ...

Now, when I visit another page with some html code like:

This product is cool also!
<img src='http://www.someadvertiser.com/another/banner/ad.gif?from=www.anothersite.com'>

My browser sees that I am making another request to www.someadvertiser.com, and it helpfully sends the cookie:

GET /another/banner/ad.gif?from=www.anothersite.com HTTP/1.1
Host: www.someadvertiser.com
Cookie: SomeAdvertiserCookie=YourTrackingNumberIs3141592

...

And at that point, www.someadvertiser.com knows that you (or at least tracking number 3141592) have visited both www.somesite.com and www.anothersite.com, and at exactly what times you visited them. http://wp.netscape.com/newsref/std/cookie_spec.html [http://news.com.com/]

Email "bugs":

The email:
[Source has been edited for brevity.]

From: "Dusty deBoer" <ddeboer@ksu.edu>
To: <ddeboer@ksu.edu>
Subject: This is a Test
Date: Sat, 19 Feb 2005 21:46:00 -0600

<html>
<body>
<p>Testing 1, 2, 3. Do not feed this email to small children. May be toxic to dodo
birds.</p>
<p><img src="http://www.cis.ksu.edu/~ddeboer/cgi-bin/email-bug.cgi?email=ddeboer@ksu.edu"></p>
</body>
</html>

The logging script:

#!/usr/bin/perl
use strict;
use CGI qw(:standard);

# Email "bug" used to log a request from an HTML-handling email client.

# Log the following info to a file:
open(LOGFILE,">>../email-bug.log");
print LOGFILE "Email address is : ".param('email')."\n";
print LOGFILE "Date is : ".scalar(localtime())."\n";
print LOGFILE "IP Address is : ".$ENV{'REMOTE_ADDR'}."\n\n";
close LOGFILE;

# Then return a dummy image to the email client.
print "Content-type: image/gif\n\n";
print pack("H*","47494638396108000800800000000000");
print pack("H*","FFFFFF2C000000000800080000020684");
print pack("H*","8FA9CBED5D003B");

Contents of the log file after viewing the message:
Email address is : ddeboer@ksu.edu
Date is : Sat Feb 19 21:45:36 2005
IP Address is : 68.102.216.214

http://email.about.com/od/staysecureandprivate/a/webbug_privacy.htm