Why Do You Know So Much About Me

WhyDoYouKnowSoMuchAboutMe?

PrivacyintheDigitalAge

NottalkingaboutsurveillanceNottalkingaboutthegovernment

Butrather

Thevoluntarydisclosureofpersonalinformationtoprivateinstitutions

Wesayonething.Iwantmyprivacy.

Wedosomethingelse.Here’smydata.Takewhatyouwant.

(justgivememystuff)

43%ofonlineusersclaimthattheyarelikelytoreadtheprivacypolicyofawebsitebeforebuyinganything

WhatPrivacyStatementsSay

26%actuallyconsultedtheprivacypolicy

Evenmoreodd,therewasnodifferencebetweenprivacyfundamentalists,pragmatists,ortheunconcerned

71%wanttocontrolwhocanaccesstheirpersonalinformation

75%havesupplied

• Firstname• Lastname• E‐mail• Streetaddress

50%havesupplied

• Phonenumber• Birthday• Creditcardinformation

“Youhavezeroprivacy.Getoverit”

ScottMcNealyFormerCEOSunMicrosystems

“Ifyouhavesomethingyoudon’tanyonetoknow,maybeyoushouldn’tbedoingitinthefirstplace.”

EricSchmidtFormerGoogleCEO

“Peoplehavegottenmorecomfortablenotonlysharingmoreinformation,butmoreopenlyandwithmorepeople.”

MarkZukerbergFacebookCEO

Whatdoyouthinkprivacyis?

Privacyis….? Secrecy,Concealment,Seclusion,Solitude,Confidentiality,Anonymity

PrejudicialInformation PersonallyIdentifiableInformation(PII) Whateveryouwantittobe

Privacyistheclaimofindividuals,groups,orinstitutionstodetermineforthemselveswhen,how,andtowhatextentinformationaboutthemiscommunicatedtoothers.

Viewedintermsoftherelationoftheindividualtosocialparticipation,privacyisthevoluntaryandtemporarywithdrawalofapersonfromageneralsocietyintoaconditionofanonymityorreserve.

Privacyistheabilityofanindividualorgrouptosecludethemselvesorinformationaboutthemselvesandtherebyrevealthemselvesselectively.

PrivacyinColonialAmerica Findanopenfieldtotalk Sneakoffintothewoods Noprivacyindoors Churchesencouragedneighborstosnooponeachother

Privacyinthe1800s Long‐distancecommunicationbytelegraph Letters Concernaboutinvasivepress Snoopingdiscouraged Gossip,WordofMouth

Privacyfrom1900‐1965 Firstbuggingdevice Searchofelectronicconversationsconstitutional Telephonecommunicationsoverwires ColdWarpromptsgovernmenttoincreasesurveillanceofcivilianswithouttheirknowledge

Privacyfrom1965‐1990 WatergateScandal Personalcomputers Public‐keyencryptioninvented Internetemerged Sensationalistjournalism

Privacyfrom1990‐2001 Noprivacyforpublicfigures Wirelesscommunication Cameras Satellites Confusionoverwhoownscontentoncomputernetworks

PrivacyAfterSeptember11th Privatecustomerinformationdivulgedtofederalauthoritieshuntingforterroristsorcriminals

Airportsearches PollsintheUSindicatedthatpeoplethinkthatthe1stamendmentoftheUSConstitutionmightgotoofar

TotalInformationAwareness Post9/11projectto:

[Create]enormouscomputerdatabasestogatherandstorethepersonalinformationintheUnitedStates,includingpersonalemails,socialnetworkanalysis,creditcardrecords,phonecalls,medicalrecords,andnumerousothersources,withoutanyrequirementforasearchwarrant.Additionally,theprogramincludedfundingforabiometricsurveillancetechnologiesthatcouldidentifyandtrackindividualsusingsurveillancecamerasandothermethods.

Television&Privacy 1992broughtthelaunchofRealityTelevisionwhereeveryone’slivesbecamepublicconsumption

Thisbroughtaboutshowsaboutpeople: Livingtogetherinhomesandislands Familiesstrugglingwithpersonalissues Celebritiesprivateissuesmadepublic Peopleshowingofftheirstupiditytowinmoneyandfame

Inshort,RealityTVtooktheprivacydiscussiontoanewlevel

PrivacyToday YouTubehasendedallformsofpersonalprivacy Bloggershavemadetheirpersonal(andtheirfriends/acquaintances)livestopicsofdiscussionoftheentireworld

Andthencamesocialnetworks…. Wearecomfortablesharingourlivesandthoughtsinstantlywiththousandsofpeople–closefriendsandstrangersalike

WaysTechnologyThreatensPrivacy Phishing Malware&Spyware SocialNetworkingsites Photo&VideoSharing WebHistory TargetedAdvertising&Cookies

CloudComputing ElectronicMedicalData PublicWi‐Fi RetailLoyaltyCards WorkplaceComputers CellPhones

WhyPrivacyHasChanged? Curiosity Convenience TheInternetandEvolvingTechnology SocialTrends Desiretorelate&sharewithothers Identity Fame Posterity

Theprimarybusinessmodeloftoday’smostsuccessfulcorporationisthemonetizationinthemasscollection,correlation&analysisofindividualprivatedata

PrivateInfoMonetized Acxiom–750billionpiecesofinformationor1,500factson½billionpeople Correlate“consumer”infofromsignups,surveys,magazine

subscriptions USD1.38billionturnoverforFY2008

Colligent–Actionableconsumerresearchderivedfromsocialnetworks

Rapleaf–450millionsocialnetworkprofiles Submitrequestandaggregatedsocialnetworkprofilesreturned

withinaday Phorm

Uses“behavioralkeywords”–keywordsderivedfromacombinationofsearchterms,URLsandevencontextualpageanalysisovertime–tofindtherightusers

HowItAffectsUs?

White’sTaxonomyofOnlinePrivacyInvasion

Web

Request

CrossSiteTracking

RichBrowserEnvironments

ApplicationData

Aggregation,Correlation&Meta‐Data

Taxonomy–WebRequest Asinglewebrequest

Animageonawebsite

Onewebpageismadeupofmultiplerequests

WhatTheyCanFindOut Location(Latitude,Longitude,

City,Country) Language OperatingSystem&Browser Whatsiteyoucamefrom ISP Haveyoubeenherebefore?

Web

Request

Taxonomy–CrossSiteTracking Usingcookiestotrackacrosscomputersandaffiliatedsites

Cookieisstoredonyourcomputerandsentwitheveryrequest

Cookiesusuallyassociatedwithlogindetails

WhatTheyCanFindOut Whoyouare Whatsitesyouvisit Behavioralprofiles

CrossSiteTracking

Taxonomy–RichBrowserEnvironments RichWeb2.0Technologies

JavaScript/AJAX Flash/Silverlight

WhatTheyCanFindOut Browserhistory Clipboarddata Keypresses Visualstimulus Browserplugins Desktopdisplaypreferences

RichBrowserEnvironments

Taxonomy–ApplicationData RichInformationInputs Structured&UnstructuredData Searchrequests E‐mails Calendaritems InstantMessage

Communications

WhatTheyCanFindOut Whoyouare Whoyourfriendsare Whatyou’redoingonSunday YourInterests

ApplicationData

Taxonomy–Aggregation,Correlation&MetaData Combiningthepreviouslevels

Meta‐Data–Includeinteractionswithapplications

Aggregation–combiningtheinformationfromvarioussources

Correlation–normalizingentitiesacrosssources

Providesinformationyoumaynotbeawareof

Whattheycanfindout Socialnetworks Behavioralprofiles Psychologicalprofiles Deepdatabases

Aggregation,

Correlation&

Meta‐Data

HowDoesInformationGetRevealed?

ByISPs ISPsalwaysknowyourIPaddressandtheIPaddresstowhichyouarecommunicating

ISPsarecapableofobservingunencrypteddatapassingbetweenyouandtheInternetbutnotproperly‐encrypteddata

Theyareusuallypreventedtodosoduetosocialpressureandlaw

ByE‐Mail Maybeinappropriatelyspreadbytheoriginalreceiver Maybeintercepted Maybelegallyviewedordisclosedbyserviceprovidersorauthorities

ByDiscussionGroups Thereisnobarrierforunsolicitedmessagesoremailswithinamailinglistoronlinediscussiongroup

Anymemberofthelistorgroupcouldcollectanddistributeyouremailaddressandinformationyoupost

ByInternetBrowsers Mostwebbrowserscansavesomeformsofpersonaldata,suchasbrowsinghistory,cookies,webformentriesandpassword

Youmayaccidentallyrevealsuchinformationwhenusingabrowseronapubliccomputerorsomeoneelse's

BySearchEngines SearchengineshaveandusetheabilitytotrackeachoneofyoursearchesbyIPaddress,searchtermsandtimeofday

HowDoWeKnow‐AOL Aug7,06‐AOLapologizedforreleasingsearchlogdataonsubscribersthathadbeenintendedforusewiththecompany'snewlylaunchedresearchsite.

Almosttwoweeksbeforethat,AOLhadquietlyreleasedroughlytwentymillionsearchrecordfrom658,000usersontheirnewAOLResearchsite.

Thedataincludesanumberassignedtotheanonymoususer,thesearchterm,thedateandtimeofthesearch,andthewebsite(s)visitedasaresultofthesearch.

NYTimeswasabletoidentifyseveralusersbycross‐referencingwithphonebooks/publicrecords

HowDoWeKnow–DepartmentofJustice Jan06,theUSDeptofJusticeissuedasubpoenaaskingpopularsearchenginestoprovidea"randomsampling"of1millionIPaddressesthatusedthesearchengine,andarandomsamplingof1millionsearchqueriessubmittedoveraone‐weekperiod.

Thegovernmentwantedtheinformationtodefendachildpornographylaw.

Microsoft,YahooandAOLcompliedwiththerequest,whileGooglefoughtthesubpoena.

HowDoWeKnow‐Google Googlecollectsmassiveamountsofuserdata Gmailhasamachinereadingemailtoimprovetherelevanceofadvertisementsdisplayed

GoogleStreetView‐public/privateproperty&peoplecapturedinimages

Searchhistoriesarekeptfortwoyearsandidentifiedviaacookie

ByIndirectMarketing Webbugs‐agraphic(inawebsiteoragraphicenabledemail)thatcanconfirmwhenthemessageorwebpageisviewedandrecordtheIPaddressoftheviewer

Thirdpartycookies‐awebpagemaycontainimagesorothercomponentsstoredonserversinotherdomains.Cookiesthataresetduringretrievalofthesecomponentsarecalledthird‐partycookies.

WhatAreCookies? Cookiesaredatapacketssentbyaservertoawebclientandthensentbackunchangedbytheclienteachtimeitaccessesthatserver

Cookiesareusedforauthenticating,sessiontrackingandmaintainingspecificinformationaboutusers,suchassitepreferencesorthecontentsoftheirelectronicshoppingcarts

Cookiesareonlydata,notprogramsorviruses Therearetwotypesofcookies‐persistentandnon‐persistent

WhyDon’tWeLikeCookies? Cookiescanbehijackedandmodifiedbyattackers Cookiescanbeusedtotrackbrowsingbehaviorsosomethinktheyaretagged

ByDirectMarketing Directmarketingisasalespitchtargetedtoapersonbasedonpreviousconsumerchoices.

Itiscommonthesedays Manycompaniesalsosellorshareyourinformationtoothers.Thissharingwithotherbusinessescanbedonerapidlyandcheaply

ByInstantMessaging YourIMconversationcanbesavedontoacomputerevenifonlyonepersonagrees

WorkplaceIMcanbemonitoredbyyouremployer SPIM‐SpamdistributedinIM

ByEmployers 76%ofemployersmonitoremployeeswebsiteconnections

65%usetechnologytoblockedconnectionstobannedwebsites

55%monitoremail

ByCybercrime Spywaretakesadvantageofsecurityholestoattackthebrowserandforceittobedownloadedandinstalledtogatherinformationwithoutyourknowledge

Phishingoccurswhencriminalslurethevictimintoprovidingfinancialdatatoanunsecurewebsite

Pharmingoccurswhencriminalsplantprogramsinthevictim'scomputerwhichredirectthevictimfromlegitimatewebsitestoscamlook‐alikesites

Facebook“Privacy”

Why Do You Know So Much About Me

Business

Transcript of Why Do You Know So Much About Me