advertisement

Privacy invasions

25 %
75 %
advertisement
Information about Privacy invasions
Education

Published on February 6, 2008

Author: Quintilliano

Source: authorstream.com

advertisement

Violations of Consumer Privacy IRE / May 31, 2002: Violations ofConsumer Privacy IRE / May 31, 2002 Jeff Fox, moderator Senior Projects Editor Consumer Reports E-mail: jf@pipeline.com Dana Hawkins Senior Editor U.S. News E-mail: dhawkins@usnews.com Lee Tien Senior Staff Attorney Electronic Frontier Foundation E-mail: tien@eff.org Privacy? What’s that?: Privacy? What’s that? The right “to be let alone” ---- Samuel Warren and Louis Brandeis Harvard Law Review 1890 Some privacy facts:: Some privacy facts: An explicit “right to privacy” isn’t in the Bill of Rights 4th Amendment protects against unreasonable government searches - but not against invasions by business or individuals 5th Amendment prohibits forced testimony against yourself The term privacy itself isn’t even mentioned in the entire U.S. Constitution Any Constitutional protection that does exist only applies to invasions by government More on privacy: More on privacy So, the only protections provided against invasions by businesses (including the press) are from specific laws that get passed. While there are lots of federal and state privacy laws on the books, bills often die in legislatures because vested business interests outgun privacy groups. Despite industry resistance, a privacy bill can sail through after somebody “important” has been offended: Example: U.S. Video Privacy Protection Act (1988) a.k.a. “The Bork Bill,” protects video rental records. Passed after Supreme Court nominee Robert Bork’s video rental records were exposed. Meanwhile Internet privacy bills have languished in Congress for years. Who invades privacy?: Who invades privacy? The government (Federal, state, local) Companies you do business with Online, catalogs, retail stores, airlines, NFL (Super bowl) Companies you don’t do business with Employers Spouses Anyone else who wants to know about you Types of privacy invasions: Types of privacy invasions Medical (hospitals, doctors, insurance, drug companies) Financial (banks, credit cards) Political (law enforcement, profiling) Online (Web sites, spammers, software companies) Children’s privacy (Web sites, entertainment media, game makers, candy companies) Other: Appliance makers (e.g. Studios and broadcasters recently tried to force SonicBlue to collect viewing habits of its ReplayTV users) Possible consequences of privacy invasion: Possible consequences ofprivacy invasion Get fired or turned down for job Lose credit, mortgage Denied insurance Arrest Redlining and discrimination Social stigma / embarrassment Feel personally violated Difficulties reporting on privacy: Difficulties reportingon privacy Invasions often aren’t obvious - even victims may not know Victims can be hard to find, reluctant to go on the record Some invasions seem victimless (e.g. Web cookies) Records can be hard to locate/obtain - databases held by corporations & gov’t What you need for a report on business invasions : What you need for a report on business invasions 1. Tips 2. Victims 3. Victim-substitute (i.e. smoking gun) 4. Privacy advocates 5. Government officials 6. Trade and self-regulatory assns. Where to get ideas & tips: Where to get ideas & tips Privacy advocates and hotshots: Electronic Privacy Information Center (www.epic.org) Center for Democracy and Technology (www.cdt.org) Electronic Frontier Foundation (www.eff.org) Privacy International (www.privacyinternational.org and www.privacy.org) Junkbusters (www.junkbusters.com) Richard M. Smith (www.computerbytesman.com) Privacy Forum (www.vortex.com/privacy) - A moderated e-mail digest. Beth Givens (www.privacyrights.org) Other advocates: The “privacy press”: Other advocates: The “privacy press” Robert Ellis Smith (www.privacyjournal.net) Evan Hendricks (www.privacytimes.com) The Privacy Industry: The Privacy Industry Companies that sell privacy protection products and provide privacy-related services to consumers or business Zero Knowledge Systems (www.zeroknowledge.com)- “Freedom” Anonymizer.com (anonymous Web surfing) Platform for Privacy Preferences (P3P) www.w3.org/P3P/ More privacy industry: More privacy industry Lavasoft (www.lavasoft.nu) - Ad-Aware, free spyware removal tool Gibson Research Corporation (www.grc.com) - OptOut (discontinued) to be replaced by GRC Netfilter Privacy.net list of privacy software (http://privacy.net/software/) More sources for ideas (and contacts): More sources for ideas (and contacts) Conferences: Federal Trade Commission workshops - held periodically (www.ftc.gov/privacy/index.html) Computers Freedom and Privacy - every Spring (www.cfp.org) Internation Assn. Of Privacy Officers (www.privacyassociation.org) - next annual Privacy Summit is 2/26/03 in D.C. In the midwest: Privacy2002 (www.privacy2000.org) next is in Cleveland, 9/24/02 Where to find victims & smoking guns: Where to find victims & smoking guns Privacy Rights Clearinghouse (www.privacyrights.org) San Diego based; accepts complaints from victims of privacy invasion National Assn. Of Attorneys General (www.naag.org) National Assn. Of Consumer Advocates (www.naca.net) - 600 attorneys and consumer advocates Government officials: Government officials Federal Trade Commission: The key Federal agency for privacy issues Who to work with: Bureau of Consumer Protection Current focus is on enforcing of existing privacy protections Recent privacy actions: January 2002: Eli Lilly settled FTC charges it violated privacy of visitors to prozac.com February 2002: American Pop corn Company paid $10,000 fine for collecting info from kids on the Web FTC’s privacy Wed page: (www.ftc.gov/privacy/index.html) - News releases, laws, FTC reports Trade Associations and other creatures of industry: Trade Associations and other creatures of industry Marketers: Direct Marketing Association (www.the-dma.org) - the folks who send you junk snail mail Network Advertising Initiative (www.networkadvertising.org) - the folks who plant Web browser “cookies” on your hard drive Self-regulation: Keep in mind: These are not consumer protection agencies, but industry inventions designed to bolster consumer confidence. TrustE - Privacy seals on Web sites (www.trustE.org) Its sponsors include major corporations like AOL & Microsoft Better business bureau - Privacy seals (www.bbbonline.org) Experts who do privacy surveys paid for by industry: Privacy and American Business / Alan Westin (www.pandab.org) Conducted 1999 poll sponsored by online marketer DoubleClick Online privacy investigations: Tools I use: Online privacy investigations: Tools I use Screen image Grabber: SnagIt E-mail investigations - “Catch all” Wiretap your own browser - Junkbuster Screen image grabber: Screen image grabber SnagIt 6.1 (MS Windows only) $39.95 Why do you need it? To document Web findings for sourcing To produce hi-res images suitable for publication What it does Will capture entire screen, just one window, scroll thru a long window with/without cursor. SnagIt (continued): SnagIt (continued) Can output to printer, file, clipboard Can set high-resolution (in dpi) for publishing - JPG, GIF, TIF formats Can capture when running dedicated programs like such as AOL, MSN, AIM Using SnagIt: Using SnagIt Using SnagIt to Document date/time: Using SnagIt toDocument date/time In Windows, put cursor over “time” in lower right hand corner. Date will appear for about 5 seconds. Quickly CTRL-Shift-P to capture entire screen, including date/time. E-mail investigations: E-mail investigations Problem: How to track the way your e-mail address gets used by Web sites Reason to do it: If a company uses your info in a way that violates its own privacy policy, it has violated the law Another reason: Track/document the unexpected uses to which sites put your address E-mail tracking: Overview: E-mail tracking: Overview Most flexible method: Set up a “catch all” e-mail account. This will forward to you all e-mail sent to that domain: e.g: A@xyz.com, B@xyz.com, etc. For each e-commerce site you register at, use a unique e-mail address that you never use anywhere else. E.g: A@xyz.com at Amazon E@xyz.com at EBay, etc. E-mail tracking (continued): E-mail tracking(continued) Also consider registering other addresses with online newsletters, health sites, finance sites Set up e-mail filters in your e-mail client to sort the incoming mail by address. Allow to simmer for a few weeks, maybe months, while checking your e-mail. What you need to do it: What you need to do it You can register your own domain for about $20. Example: xyz.com Set up a Web-hosting account that includes “catch all” e-mail. Where I do it: http://tabnet.net/products/hosting/web/plans I use “Bronze plan” for $24.95/month Total cost for 3 mos: $20+$75 = $95 Setting up your e-mail client: Setting upyour e-mail client Setting up a Eudora “filter” for mail from address used at Amazon: E-mail (continued) : E-mail (continued) Setting up Eudora “filter” for mail from address used at eBay: Wiretapping your own browser: Wiretapping your own browser Why? To monitor what information your computer actually sends to Web sites. How? Using something called a proxy-server, a software wiretap that logs every byte sent to and from the Web. Note: Setting up isn’t hard. But interpreting data requires expertise in “HTTP” protocols. Steps: Steps Download the “Junkbuster” from www.junkbuster.com (MS Windows only) UnZip and run it in a DOS window Configure Junkbuster’s “ini” file so that entire dialog will be written to a “log” file Configure your browser to use Junkbuster Surf Web Configuring your browser: Configuring your browser Here’s an example using the Opera browser. It’s essentially the same for Internet Explorer and Netscape: Here’s the dialog between my PC and the Web: Here’s the dialog between my PC and the Web scan: Referer: http://altavista.com/ crunch! scan: Cookie: id=80000012d836ae5 crunch! scan: Cookie2: $Version="1" junkbstr: GPC ad.doubleclick.net/ad/avpopunders.com/homepage;sz=1x1;kw=;lang=XX;cat=stext;tan=0;ord=10875262? junkbstr: connect to: ad.doubleclick.net ... scan: HTTP/1.0 200 OK scan: Date: Sat, 25 May 2002 02:43:47 GMT scan: Server: DCLK Creative scan: Last-Modified: Wed, 30 Jan 2002 18:02:14 GMT scan: Content-Length: 9993 scan: Content-Type: image/gif scan: Date: Sat, 25 May 2002 02:43:47 GMT scan: Location: http://m2.doubleclick.net/viewad/817-grey.gif scan: Cache-Control: private, max-age=0, no-cache scan: Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sat, 25 May 2002 02:58:47 GMT crunch! scan: P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" junkbstr: accept connection ... scan: GET /viewad/817-grey.gif HTTP/1.0 scan: User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows XP) Opera 6.01 [en] default scan: Host: m2.doubleclick.net What real story have I used this for?: What real story have I used this for? My June, 2000 report in Consumer Reports: “Big Browser is Watching You:” “Companies with an interest in knowing who's curious about them can use cookies to find out. For example, when we entered the term "Chrysler" in the search engine at web portal AltaVista, the site transmitted our information request to the automaker's computer, not just to the usual ad network. Thus, if we wanted to investigate whether a Chrysler product was subject to a class-action lawsuit, the company would be tipped off to the time and date of visits by anyone searching for related key words such as a vehicle model name, say, or a product recall.” The above finding was obtained and documented via the Junkbuster. Why this is a good time to investigate privacy: Why this is a good time to investigate privacy Zig while everyone else zags - security is now getting more play than privacy Consumers may feel more tolerance for government surveillance right now. But commercial surveillance has nothing to do with national security - it’s just for private profit. Online investigative ideas : Online investigative ideas Checking “leakage” by commercial Web sites (and e-newsletters) of personal info, including e-mail address. How much “spyware” gets planted on your PC when you download shareware? Which children’s sites are violating COPPA (the Children’s Online Privacy Protection Act of 1998) How to Contact Me: How to Contact Me Jeff Fox, Consumer Reports E-mail: jf@pipeline.com This entire PowerPoint presentation can be viewed or downloaded from my site: www.jeffreyfox.net Scroll to bottom of the page and use the link to “IRE Privacy Presentation”

Add a comment

Related presentations

Related pages

dict.cc | invasion of privacy | Wörterbuch Englisch-Deutsch

Übersetzung für invasion of privacy im Englisch-Deutsch-Wörterbuch dict.cc.
Read more

Privacy Invasions - Watch Dogs Wiki Guide - IGN

Privacy Invasions - Watch Dogs: There are 30 different Privacy Invasions in Watch Dogs. Privacy Invasions are when Aiden starts getting a little curious ...
Read more

Privacy law - Wikipedia, the free encyclopedia

The current state of privacy law in Australia includes Federal and state information privacy legislation, some sector-specific privacy legislation at state ...
Read more

Privacy laws of the United States - Wikipedia, the free ...

The privacy laws of the United States deal with several different legal concepts. One is the invasion of privacy, a tort based in common law allowing an ...
Read more

Invasion of privacy legal definition of invasion of privacy

invasion of privacy. n. the intrusion into the personal life of another, without just cause, which can give the person whose privacy has been invaded a ...
Read more

Invasion of Privacy Law & Legal Definition - USLegal, Inc

Invasion of privacy is the intrusion into the personal life of another, without just cause, which can give the person whose privacy has been invaded a ...
Read more

Privacy International

Privacy International. Email . ... Global Privacy Network; What We Do; News. Analysis; Press Releases; Two minute reads; Explainers; Reports. State of ...
Read more

Online privacy fears are real | NBC News

Online privacy fears are real More people are tracking you than you think Below: x Jump to discuss comments below discuss
Read more

Privacy | Electronic Frontier Foundation

New technologies are radically advancing our freedoms but they are also enabling unparalleled invasions of privacy. Your cell phone helps you keep in touch ...
Read more

Privacy | Stanford Encyclopedia of Philosophy

The term “privacy” is used frequently in ordinary ... demand had led to general acceptance of these four types of privacy invasions.
Read more