pri

Published on May 2016 | Categories: Documents | Downloads: 38 | Comments: 0 | Views: 293
of 33
Download PDF   Embed   Report
alb3rtlin
Subscribe 0

pri

Comments

Content


1

Online Privacy

May 19, 2014

Janine L. Spears, Ph.D.
DePaul University
CNS 477

2
1. Announcements
2. The concept of PII
3. Online behavioral tracking


Agenda
3
 Reading assignment for next week
– Case: Online Advertising, Behavioral Targeting, and Privacy,
CACM, 2011
– The ‘Nothing to Hide’ case and the case assigned for next week
will both be part of a role-playing exercise next week


Announcements
4
 The meaning of privacy is perceived as:
a) The right to be left alone
b) The right to be free from unreasonable personal intrusion
c) The right to determine what personal information can be
communicated and to whom
Privacy
5

 Amazing mind reader reveals his secret:
– http://9gag.com/gag/5450071




An Introduction to Consumer Privacy …
6
Consumer Information Privacy
Source: “Protecting Consumer Privacy in an Era of Rapid Change,” U.S. Federal Trade Commission (FTC) Report, 2012, p. B-2
7
 In the context of privacy in a digital world, much is made
about personally identifiable information (PII): those
data attributes that identify a specific individual
 PII (within the US) has been limited to a short list of data
attributes
 When PII has been shared with “unauthorized” parties,
it is considered to be a data breach
– Otherwise, there is no data breach, and therefore, no legal
protection


PII as the ‘trigger’ for what is a data breach
8
 Depending on the regulation and/or perspective, PII (in
the US) may include name + any one of the following:
– Address
– E-mail address
– Driver’s license number
– Financial account numbers
– Phone number
– Social security number
Personally Identifiable Information (PII)
9
 Two categories of personal information the FTC has
defined in its complaints against companies:

– account-level information (e.g., financial account #)
– identity-level information (e.g., SSN)

 Breaches to identity-level personal information has a
higher penalty than account-level. Why?
Personally Identifiable Information (PII)
Hanson, J of LTC, Washington Univ, 2008
10
 At the core of privacy laws is the concept of PII

 The basic assumption of privacy laws is that in absence
of PII, no harm is done

 Privacy regulation focuses on the collection, use, and
disclosure of PII and leaves non-PII largely unregulated

The Current State of U.S. Privacy Laws and PII
Schwartz & Solove, NY University Law Review 2011
11
1. US privacy laws lack a uniform definition of PII:

 Three approaches to defining PII:
a. Tautological: any info that identifies a person
b. Non-public: any info not in public domain
c. Specific types of information: list of data types
– No need to ‘memorize’ these 3 approaches; the key point
is that there is no uniform definition of PII

Issues with PII (1 of 2)
Schwartz & Solove, NY University Law Review 2011
12
2. Non-PII can be transformed into PII.
 Consequently, privacy laws do not cover:
a) Data mining
b) Online behavioral advertising (online tracking)
c) Data aggregation and re-identification
 Whether information is identifiable to a person
depends upon context and cannot be pre-
determined a priori.

Issues with PII (2 of 2)
Schwartz & Solove, NY University Law Review 2011
13

 What companies know about Joel Stein @ Time mag: (2:33)
– http://www.time.com/time/video/player/0,32068,821500876
001_2058396,00.html



Introduction to Online Behavioral Tracking
14
 Online behavioral advertising refers to the tracking of a
consumer’s activities online – including the searches the
consumer has conducted, the web pages visited, and the
content viewed – in order to deliver advertising targeted
to the individual consumer’s interests.

Online Behavioral Advertising defined …
http://www.ftc.gov/os/2007/12/P859900stmt.pdf
15
 Upon visiting a web site, at least the following info may
be sent to the web server:
– Your IP address
– The referring page (i.e., page last visited)
– Your web browser type and configuration
– Operating system type/version
– The time of visit



Type of Information that is Collected & Shared/Sold
16

 How Advertisers Use Internet Cookies to Track
You, WSJ video (7:14):
• http://live.wsj.com/video/how-advertisers-use-internet-cookies-to-track-
you/92E525EB-9E4A-4399-817D-8C4E6EF68F93.html#!92E525EB-9E4A-4399-
817D-8C4E6EF68F93



Introduction to Cookies and Online Behavioral Tracking
17
 Advances in cookie technologies
– 1
st
party vs. 3
rd
party cookies
– Cookie size larger, detection harder
• HTTP (4kb), Flash (100kb), HTML5 (5MB)
– Cookie respawning
• Original study: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1446862
• Technology explained: http://ashkansoltani.org/docs/respawn_redux.html




Methods of Online Behavioral Tracking
18
 Browser fingerprinting
– A researcher developed Panopticlick as a tool to test your
browser to see how unique it is based on the information it will
share with sites it visits.
– http://panopticlick.eff.org/ (see uniqueness of your browser)
– A fingerprint that carries no more than 15-20 bits of identifying
information will in almost all cases be sufficient to uniquely
identify a particular browser
– Consequently, a browser (i.e., user) can be tracked without the
use of cookies
Non-Cookie Methods of Online Behavioral Tracking
Source: Peter Eckerley 2010

19
 Web beacons (aka web bugs)
– Are typically a 1x1 image that is invisible to the user and is
embedded in the HTML code on a web page or in an email for
the purpose of tracking a user’s site and page visits.
– A web bug viewed by a user may transmit to a server (e.g., of
an advertising entity) the user’s IP address, web page visited,
time, and value of previously set cookies
– One study found that all 50 of the top sites contained at least 1
web bug


Non-Cookie Methods of Online Behavioral Tracking
Source: Gomez et al., KnowPrivacy.org 2009
20

 Mobile device apps

– Video: (4:17)
http://online.wsj.com/article/SB10001424052748704694004576
020083703574602.html#articleTabs%3Dvideo

– Article:
http://online.wsj.com/article/SB10001424052748704694004576
020083703574602.html#articleTabs%3Darticle






Online behavioral tracking not limited to desktop PCs…
21
Online Tracking Ecosystem
Source: Wall Street Journal, http://graphicsweb.wsj.com/documents/divSlider/ecosystems100730.html
22
 The WSJ conducted a major study and published a series
of articles in 2010 on online tracking. Findings included:
– the nation's 50 top websites on average installed 64 pieces of
tracking technology onto the computers of visitors, usually
with no warning.
– the Journal identified more than 100 middlemen—tracking
companies, data brokers and advertising networks
– the top 50 sites placed 3,180 tracking files in total on the
Journal's test computer.
• Nearly a third of these were innocuous
• Over two-thirds—2,224—were installed by 131 companies, many of
which are in the business of tracking Web users to create rich
databases of consumer profiles that can be sold
How Pervasive is Online Tracking?
S
o
u
r
c
e
:

h
t
t
p
:
/
/
o
n
l
i
n
e
.
w
s
j
.
c
o
m
/
a
r
t
i
c
l
e
/
S
B
1
0
0
0
1
4
2
4
0
5
2
7
4
8
7
0
3
9
4
0
9
0
4
5
7
5
3
9
5
0
7
3
5
1
2
9
8
9
4
0
4
.
h
t
m
l
#
a
r
t
i
c
l
e
T
a
b
s
%
3
D
a
r
t
i
c
l
e

23
1. Joel Stein, Times columnist:
– http://www.time.com/time/printout/0,8816,2058205,00.html
– What were the economics?
– What are the threats?
2. One example of massive consumer profiles assembled
per individual:

What do the trackers know about you?
24

 “Online Anonymity? Don't Bet On It:” (6:44)
– http://online.wsj.com/article/SB100014241278873247844045
78143144132736214.html
– Note comments on: (a) online forms, (b) “Like” and similar
buttons for major social networking sites


But PII is not collected during normal web surfing ...
25
 Massive consumer profiles assembled per individual
– Name not included in profile
– Profiles sold for 1/10 to 2/3 of a cent
– Targeted ads and pricing, based on income-level & interests
• E.g., shopping bots
 One example of behavioral target advertising:

Some Effects of Online Tracking….Innocuous or Not?
26
 Another example of online behavioral advertising:

Is anything off limits? Who decides?
27
 “A Big Interview with Sir Martin Sorrell,” CEO of WPP
Group, Wall Street Journal’s What They Know Series:
– Video: (23:50)
– http://online.wsj.com/article/SB100014240527487039409045
75395073512989404.html#articleTabs%3Dvideo
– This video gives an advertising executive’s perspective of
online behavioral advertising
– The WPP Group is the world’s largest advertising company,
according to Wikipedia.



An interview from an advertising exec….this one is for at home
28
 The perspective of online behavioral advertising exec:

Are direct-marketing campaigns by postal mail comparable to OL beh adverts?
29
“It matters little if your name is John Smith, Yesh Mispar,
or 3211466. The persistence of information about you will
lead firms to act based on what they know *…+.” (bold added, p. 7)


from Joseph Turow’s book, The Daily You: How the New Advertising Industry is
Defining Your Identity and Your Worth” (2011)
(Turow is a Chaired Communications Professor at Univ of Penn with extensive
knowledge of the media industry.)



What if a person’s name is not collected?
30
 Customize browser settings
– Do Not Track (voluntary compliance)
– InPrivate browsing (MS Internet Explorer)
 Cookie deletion
– Flash cookies require use of another tool to delete them
 Clear browser history and cache:
– http://www.piriform.com/ccleaner
 Opt out:
– http://www.networkadvertising.org/choices/
– http://www.lotame.com/privacy/



Examples of Safeguards to Reduce Online Tracking
31
 Browse anonymously
– VPN, Tor browsers, use of proxies  not providing your IP address
 Browser add-ons:
– NoScript
• Prohibits JavaScript execution unless user permission given
– Ghostery
• Alerts users about the web bugs, ad networks and widgets on
visited web pages
– BetterPrivacy
• Alerts users of hidden, never expiring Local Shared Objects (Flash
cookies) and provides a means to view and manage them since
browsers are unable to do that for you.



Examples of Safeguards to Reduce Online Tracking
32
 Lightbeam for Mozilla Firefox
– An add-on that allows you see the trackers that are tracking
you as you move from site to site.
– Formerly called “Collusion”
– Video: http://www.youtube.com/watch?v=PvqGy9wz_wA
– About: http://www.mozilla.org/en-US/lightbeam/about/
– Download: http://www.mozilla.org/en-US/lightbeam/


Examples of Safeguards to Reduce Online Tracking
33
 The problem with the ‘nothing to hide’ view is that it
“myopically views privacy as a form of secrecy,” not
taking into account other threats beyond the potential
disclosure of ‘bad’ things. (Daniel Solove 2011)
 What are some other threats that Solove describes?
 A key point Solove makes is that we (e.g., public policy
debaters, and I would add, researchers) need to move
beyond discussions on data ‘collection’ and explore
further information ‘processing’ and ‘use’



Case: Nothing to Hide

Sponsor Documents

Recommended

PRI

pri

Pri

PRI

PRI

pri

PRI Installation

PRI Sample

PRI Line

PRI Config

ADVERTISMENT PRI

MitelKnowledgeBaseArticles PRI

Ingles Pri Maria

Ingles Pri Maria

Asterisk Pstn E1 Pri

PRI 2012 Tax Return

PRI and BRI1

Aspire PRI Manual

Configuring ISDN PRI

BAB III mas pri

View All
Or use your account on DocShare.tips

Hide

Forgot your password?

Or register your new account on DocShare.tips

Hide

Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in

Close