Privacy and Security Study Guide

What is Privacy?

  • Definition of Privacy: Privacy pertains to Personally Identifiable Information (PII). The term "sensitive information" may also be used in discussions of privacy.

  • Policy Aspect of Privacy:

    • Privacy is primarily a policy issue.

    • Policy as a System Issue: Specifies what the system should allow regarding data.

    • Public Policy: Less precise than a system policy; must be mapped to specific data contexts.

Privacy and Security

  • Privacy as a Security Issue:

    • Security measures are necessary to implement privacy policies.

    • A breach of security concerning sensitive information results in a compromise of privacy.

  • Trade-off Between Privacy and Security:

    • Benjamin Franklin's Quote: "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither."

    • Security relies on privacy and can be enhanced by reducing privacy.

    • The core question revolves around privacy from whom?

    • Current security inadequacies can be attributed to the inability to technically resolve the policy problem.

Security vs. Privacy

  • Conflict:

    • Many security technologies necessitate identification, while several privacy approaches require hiding one’s identity.

  • Supportive Relationship:

    • Privacy hinges on the protection of personally identifiable information (PII).

    • Poor security impedes the protection of PII.

Privacy Debate in the News

  • Focus on ongoing discussions regarding security and privacy issues in the context of technology and law enforcement.

Case Example: New York State's Anti-Encryption Bill (2016)

  • Proposal Details:

    • Would mandate smartphone manufacturers to provide law enforcement backdoor access to decrypt devices.

    • Manufacturers would be fined $2,500 for non-compliance.

  • Rationale Provided:

    • Advocates claim it serves public safety interests by facilitating law enforcement's ability to investigate crimes.

  • Criticism:

    • Concerns that such legal mandates compromise user privacy, making devices less secure.

Case Example: California's Phone Crypto Backdoor Bill (2016)

  • Overview:

    • Introduced after New York's bill, enforcing similar requirements for smartphone manufacturers.

    • Focuses on addressing human trafficking, as law enforcement claims investigations often utilize smartphones for illicit activities.

  • Cost and Enforcement:

    • Like New York’s proposal, would impose a $2,500 fine for non-compliance.

Broader Implications of Encryption Debates

  • Past Statements:

    • Attorney General Barr highlighted encryption allowing devices to become “law-free zones.”

  • Bipartisan Issues: U.S. lawmakers demonstrated a common stance against orders (like the U.K.'s) forcing tech firms to create encryption backdoors, highlighting data safety concerns.

Ethical and Policy Considerations

  • International Pressure on Data Privacy:

    • Discussion on global data practices raises concerns about U.S. regulations versus international demands.

  • Investigative Procedures:

    • Possibilities of exploitation of backdoors by criminals and the threat from insider threats.

Recent Data Breaches and Privacy Issues

  • Notable breaches illustrating the vulnerability of systems include incidents with Sony, Equifax, and others, stressing the importance of stringent privacy controls.

Public Records and Privacy Concerns

  • Voter Data Exposure:

    • Instances, like a database exposure of 191 million U.S. voters, exemplify the risks of database misconfiguration.

  • California DMV Privacy Policies:

    • Discusses the privacy rights concerning personal information submission and its safeguarding methods.

Legal Protections for Sensitive Data

  • Regulatory Landscape:

    • Variability in privacy legislation from state to state and implications of GDPR protections.

  • California's Consumer Privacy Act:

    • Grants rights to consumers concerning their personal information, including disclosure, opt-out options, and rights to delete information.

Future Considerations for Privacy Legislation

  • Proposed Changes:

    • Potential shifts in privacy regulation as consumer awareness grows regarding data usage.

  • Privacy as Toxic Waste:

    • Ethical concerns regarding the collection and retention of sensitive data should drive privacy initiatives.

Cloud Computing and Privacy

  • Overview of Cloud Services:

    • Discusses the rise of services like Google Drive and the implications for data security.

  • Implications of Cloud Storage:

    • Considerations around data protection, accessibility, and responsibilities before using these services.

Observations on Data Tracking

  • Identification Techniques:

    • Discusses identifiers including IP addresses, cookies, and other unique IDs that enable tracking.

  • Anonymization Limitations:

    • Questions about the safety of releasing anonymized data and vulnerabilities in perceived anonymity.

Legislative Movements Regarding Privacy

  • California's Proposition Initiatives:

    • Exploring efforts to increase consumer control over personal information.

  • Technological Solutions for Privacy:

    • Innovations like anonymizers and onion routing to protect user identity online.

Homework Assignment

  • Task Overview:

    • Students must investigate sensitive information concerning their own data across various technologies, exploring aspects like storage and sharing protocols.