Online Privacy
Cookies
- Widely used on the Internet to enable someone other than the user to link a computing device to previous web actions by the same device - enable a range of functions - ongoing privacy debates - should info contained in cookies be considered personal info?
Transport layer security (TLS)
- a protocol that ensures privacy between client-server applications and Internet users of the applications - when a server and client communicate, TLS secures the connection to ensure that no third party can eavesdrop on or corrupt the message - a successor to SSL
Cross-site scripting (XSS)
- a technical, but common threat to online privacy - code injected by malicious web users into web pages viewed by other users - often, the unauthorized content resulting from XSS appears on a web page and looks official, so users are tricked into thinking the site is legitimate and uncorrupted - the basis for many convincing phishing attacks and browser exploits
Layered notice
A response to problems with a single long notice - basic idea: offer "layers" that provide the key points on top in a short notice, but give users the option to read a detailed notice or click through to greater detail on particular parts - short notice - top layer - full notice - bottom layer
Hypertext transfer protocol - secure (HTTPS)
A secure form of HTTP A SSL application used in password exchanges or e-commerce
Active vs. passive data collection
Active: - when the end user deliberately provides info to the website through web forms or other input mechanism Passive: - when info is gathered automatically - often without end user's knowledge - as the user navigates from page to page - via web cookies or other identification mechanisms
Self-regulatory frameworks
Network Advertising Initiative US Direct Marketing Organization Japan Information Processing Development Center EuroPriSe Health Information Trust Alliance American Institute of CPAs
Online social media
Privacy control mechanisms for social media networks are not consistent and are still evolving. Vulnerabilities: - transmittance of personal info to unwanted third parties (e.g., potential employers, law enforcement, strangers) - info can potentially be passed on or sold to advertisers - intruders may steal passwords or other unencrypted data
Internet proxies and cache
Proxy server: - an intermediary server that provides a gateway to the web - employee access to the web usually goes through a proxy server - typically masks what is happening behind the organization's firewall - generally logs each user interaction, filters out malicious software downloads and improves performance by caching popular, regularly-fetched content Caching: - when web browsers and proxy servers save a local copy of the downloaded content, reducing the need to download it again - to protect privacy, pages that display personal information should be set to prohibit caching
Web beacons
- also known as a web bug, pixel tag or clear GIF - a clear graphic image of a 1x1 pixel that is delivered through a web browser or HTML-compliant email client application to an end user's computer - usually as part of a web page request or in an HTML email message - operates as a tag that records an end user's visit to a particular web page - provide ability to produce specific profiles of user behavior in combination with web server logs - used for: online ad impression counting, file download monitoring, ad campaign performance management, report to the sender which emails are read by recipients - privacy considerations are similar to those for cookies - some sort of notice is important, since the clear pixel of a web beacon is literally invisible to the end user
Common use cases for cookies
- authentication of web visitors - personalization of content - delivery of targeted ads
Search engine marketing (SEM)
- issues similar to those for cookies - more specific issues: the content of the search may give clues about a searcher's identity - major search engines have adopted measures to anonymize searches after a definite period
Web forms
- most common mechanism for capturing end user info - a portion of a web page that contains blank fields, tex boxes, check boxes or other input areas that end users complete by providing data - should have limits to capture just the info genuinely needed (e.g., first name limited to 14 characters) - should have a link to the privacy statement (notice at the point of collection) - should be protected by SSL - auto-complete function of most web form submission processes should be disabled (or at least masked) - passwords should not be repopulated in the web form
Best practices and standards for privacy protection of email
- no false or misleading header info - no deceptive subject lines - opt-out mechanism in each message - notification that the message contains an ad or promo info - info about the sending organization
Web server logs
- sometimes created automatically when a visitor requests a web page - ex: IP address of visitor, date and time of the web page request, URL of requested filed, URL of visitor immediately prior to the web page request, visitor's web browser type and computer OS - possible for usernames to appear in web server logs - IP addresses and thus, web server logs containing them, are considered personal information by some regulators but not others
Internet protocol (IP)
- specifies the format of data packets that travel over the Internet - also provides the appropriate addressing protocol IP address: - a unique number assigned to each connected device (similar to a phone #) - dynamic - an Internet service provider often assigns a new IP address on a session-by session basis - static - IP address remains the same over time *The next generation of Internet protocol, IPv6, has additional privacy concerns because the address of the computing device is by default based on hardware characteristics of the device's networking interface, allowing for easier tracking of computing devices as they move between networks
Secure sockets layer (SSL)
- the protocol for establishing a secure connection for transmission - facilitates much of the online commerce that occurs on the Internet today - primary goal: to provide privacy and reliability between two communicating applications - 3 properties: 1) the connection is private 2) the peer's identity can be authenticated using asymmetric, or public key, cryptography 3) the connection is reliable - SSL/TLS does not rise to the level of PKI or other encryption - widely used for handling sensitive data transmission (e.g., passwords or bank account numbers)
Threats to online privacy
- unauthorized access - malware - phishing - social engineering - cross-site scripting - ordinary course of org's use of personal info
Instant messaging
...
Internet searches
...
Sample language
...
XML
Extensible markup language - another language that facilitates the transport, creation, retrieval and storage of documents - different from HTML - describes the content of a web page in terms of the data that is being produced, creating automatic processing of data in ways that may require attention for privacy issues
Hypertext transfer protocol (HTTP)
An application protocol that manages data communications over the Internet. - defines how messages are formatted and transmitted over a TCP/IP network for websites - defines what actions web servers and web browsers take in response to various commands
Online privacy notices and menthols for communications
An effective online privacy notice provides consumers with easy-to-follow guidance about how their info is being accessed, used and protected. - vary in form and length - often used together with other indices of certified privacy protection - often treated as enforceable promises by a company, so should be drafted carefully
First-party and third-party
First-party: - set and read by the web server hosting the website the user is visiting Third-party: - set and read by or on behalf of a party other than the web server that is providing the service - online ad networks or widgets set these (second-party - the person surfing the web)
Location at/link from all points of data collection
Many websites choose to provide a link on every page to cover passive information collection - best choice: easy to find location, in a font no less prominent than other links on the page
Mobile online privacy
Complexity of issues will continue to grow Particular issue - geo-location data Presenting effective notice can be more difficult Best practices need sot develop for individual choice Challenge - it is difficult to anonymize location data (people return often to their homes and workplaces, allowing linkage of location data with identity)
Children's online privacy
Concerns: - kids don't understand what data is being collected about them and how its used - they cannot give meaningful consent - they can easily fall victim to criminal behavior online - COPPA passed specifically to protect kids' use of the Internet - Parents should become engaged in their kids' online activities
Unsolicited commercial email ("spam")
Concerns: - sheer volume - can contain software viruses and other malicious code Spam filters: - configurable to different levels of strictness - can be trained CAN-SPAM: - requires a commercial e-mail to have a clear and conspicuous way for the user to unsubscribe from future emails EU: - opt-in consent system is used
Industry best practices for cookies
Cookies should: - not store unencrypted personal info - provide adequate notice of their usage - use a persistent variation only if the need justifies it - not set long expiration dates - disclose the involvement of a third-party cookies provider (if applicable) as well as an opt-out (or in Europe, an opt-in) mechanism for delivery from that third party * session cookies (vs persistent cookies) usually not the subject of privacy debates, since they expire when the browser closes
HTML
Hypertext markup language - a content-authoring language used to create web pages
Data subject access and redress
Important considerations: awareness of: - who has access to web-based info - when they can access it - for what reasons A web privacy notice should lay out what sort of notice a customer will receive and when and how they can access their records Keep in mind the possibility that an access request may be made by an unauthorized person (e.g., identity fraud) Methods for triggering access: - requiring same info as the account - requiring more info - sending info to the account or a one-time access code Global variations - EU - fundamental right to access Redress: - US - no general legal right for individuals to access or correct personal info held about them (rights do exist via HIPAA for health info and Fair Credit Reporting Act for credit/employment info)
Online behavioral marketing (OBM)
Pop-up ads: - ad messages that appear to the end user in a separate browser window in response to browsing behavior or viewing of a site. - blocked by default most of the time now Adware: - software that is installed on a user's computer, often bundled with freeware - monitor's user's online behavior so that additional ads can be targeted to the user based on his/her specific interests and behaviors - may be considered spyware by privacy enforcement agencies unless there is clear consent by users to the monitoring
Online identification mechanisms
Single sign-on service: - allows one universal service to confirm user authentication - risky practice if the user is on a public computer - session should be set to time out automatically Mechanisms: - Cookies - Web beacons - Digital fingerprinting
Website privacy statement
Standard mechanism for organizations to communicate their various information practices to the public. Covers: - effective date - scope of notice - types of personal info collected (both actively and passively) - info uses and disclosures - choices available to the end user - methods for accessing, correcting or modifying personal info or preferences - methods for contacting the org or registering a dispute - processes for how any policy changes will be communicated to the public Best practices: - say what you do; do what you say - tailor disclosures to your business operations model - don't treat privacy statements as disclaimers - revisit your privacy statement frequently to ensure it reflects your current business and data collection practices - communicate your privacy practices to your entire company
Online marketing and advertising
Targeted ads: - argued to benefit the users by seeing more relevant content and free content - privacy concerns - unclear notices, unaware that browsing habits tracked FTC has suggested a "Do Not Track" approach - would allow individuals to make a single choice not to be subjected to targeted online ads Self-regulatory effort: - Digital Advertising Alliance - a coalition of media and advertising organizations - developed an icon program that users click to obtain info on how to exercise choice Europe: - Cookie Directive requiring user's consent before having cookies placed on computer (opt in)
Standard Web protocols
The Web historically functioned based on two key technologies: - HTTP and HTML Protocols: Internet protocol (IP) Hypertext transfer protocol (HTTP) Hypertext transfer protocol - secure (HTTPS) Internet proxies and cache Web server logs Transport layer security (TLS) Secure sockets layer (SSL)
Website user authentication
The more sensitive the website, the stronger the website authentication should be. Breadth and depth to withstand sophisticated attacks Cookies are an imprecise means of authentication Use web forms that use "password field" in HTML (masks the actual characters) SSL/TLS used widely for transmission of passwords
The Web as a Platform
The open and dynamic nature of the Internet enables its speed, functionality and continued growth. It also exposes it to certain information privacy vulnerabilities. The World Wide Web is an information-sharing model that is built on top of the Internet.
Cloud computing
The storage, processing and access to data and applications on remote servers accessible by the Internet, rather than a single computer or network. Users have on-demand access to their data or applications wherever they can access the Internet. Characteristics: - on-demand self-service - broad network access - resource pooling - rapid elasticity - measured service Service models: - SaaS - software as a service - PaaS - platform as a service - IaaS - infrastructure as a service Development models: - private - public - community - hybrid Privacy and security concerns: - data held in one location, so one breach can have a large effect - some providers encrypt and others leave data in plain text - providers may disclose user data to third parties for marketing/ads Security may be increased through more comprehensive data protection mechanisms that cover all data stored in the cloud
Online security
Tools used to identify vulnerabilities "Arms race" between: - Security admin - "white hats" - Hackers and exploit artists - "black hats" Need to use proper precautions
Trust seal and dispute resolution programs
Trustmarks - images or logos that are displayed on websites to indicate that a business is a member of a professional organization or to show that it has passed security and privacy tests - designed to give consumers confidence that they can safely engage in e-commerce transactions - ex: TRUSTe, VeriSign, Better Business Bureau - evaluate activities and grant certification where compliance exists - provide an independent dispute resolution process in the event of a privacy abuse alleged by an online consumer
Privacy considerations for sensitive online information
When individuals provide info about themselves through the Internet, they reasonably expect it to be protected. - global nature of networked technologies today inherently places the info at risk of unauthorized access and use