Posts Tagged ‘privacy’

Privacy and the law

Sunday, May 3rd, 2009

The ABA Journal news blog has an post, Fordham Law Class Collects Personal Info About Scalia; Supreme Ct. Justice Is Steamed, on privacy and the law — or at least one very famous lawyer: U.S. Supreme Court Justice Antonin Scalia. Joel Reidenberg teaches a course on information privacy law at Fordham University and illustrates the scale of the problem empirically.

“Last year, when law professor Joel Reidenberg wanted to show his Fordham University class how readily private information is available on the Internet, he assigned a group project. It was collecting personal information from the Web about himself. This year, after U.S. Supreme Court Justice Antonin Scalia made public comments that seemingly may have questioned the need for more protection of private information, Reidenberg assigned the same project. Except this time Scalia was the subject, the prof explains to the ABA Journal in a telephone interview.

His class turned in a 15-page dossier that included not only Scalia’s home address, home phone number and home value, but his food and movie preferences, his wife’s personal e-mail address and photos of his grandchildren, reports Above the Law.

And, as Scalia himself made clear in a statement to Above the Law, he isn’t happy about the invasion of his privacy: “Professor Reidenberg’s exercise is an example of perfectly legal, abominably poor judgment. Since he was not teaching a course in judgment, I presume he felt no responsibility to display any,” the justice says, among other comments.

NRC raises issued with datamining for counterterrorism

Tuesday, October 7th, 2008

The National Research Council released a report on the effectiveness of collecting and mining personal data, such as such as phone, medical, and travel records or Web sites visited, as a tool for combating terrorism. The report, titled Protecting Individual Privacy in the Struggle Against Terrorists: A Framework for Program Assessment, was produced by a multi-year study was carried out at the request of DHS and NSF.

The NRC’s press release on the study notes that routine datamining can help in “expanding and speeding traditional investigative work”, it questions the effectiveness of automated datamining and behavioral surveillance.

“Far more problematic are automated data-mining techniques that search databases for unusual patterns of activity not already known to be associated with terrorists, the report says. Although these methods have been useful in the private sector for spotting consumer fraud, they are less helpful for counterterrorism precisely because so little is known about what patterns indicate terrorist activity; as a result, they are likely to generate huge numbers of false leads. Such techniques might, however, have some value as secondary components of a counterterrorism system to assist human analysts. Actions such as arrest, search, or denial of rights should never be taken solely on the basis of an automated data-mining result, the report adds.
    The committee also examined behavioral surveillance techniques, which try to identify terrorists by observing behavior or measuring physiological states. There is no scientific consensus on whether these techniques are ready for use at all in counterterrorism, the report says; at most they should be used for preliminary screening, to identify those who merit follow-up investigation. Further, they have enormous potential for privacy violations because they will inevitably force targeted individuals to explain and justify their mental and emotional states.”

The report suggested criteria and questions addressing both the technical effectiveness as well as impact on privacy to help policymakers assess data-based counterterrorism programs. It also calls for oversight and both technical and policy safeguards to protect privacy and prevent “mission creep”. Declan McCullagh has a good summary of the key recommendations.

The 352 page report can be downloaded from the National Accademies Press site for $37.00.

Chris Clifton gives keynote at ACM workshop on AI and security

Sunday, September 28th, 2008

AISL researcher Chris Clifton of Purdue University will give a keynote talk at the The First ACM Workshop on AISec. This workshop is focused on bringing the AI and security research communities together to explore how AI tools and techniques can be applied to problems in information security.

Chris’ talk is titled Opportunities for Private and Secure Machine Learning and has the following abstract.

While the interplay of Artificial Intelligence and Security covers a wide variety of topics, the 2008 AISec program largely focuses on use of artificial intelligence techniques to aid with traditional security concerns: intrusion detection, security policy management, malware detection, etc. This talk will address the flip side of the issue: Using machine learning on sensitive data.

The privacy-preserving data mining literature provides numerous solutions to machine learning on sensitive data, while protecting the data from disclosure. Unfortunately, privacy has yet to provide the economic incentives for commercial development of this technology.

This talk will survey this work (and open challenges) in light of problems that may have greater incentives for development: collaborative machine learning by parties that do not fully trust each other. Opportunities include job brokerage (assigning jobs in ways that most efficiently utilize resources of competing companies), supply chain optimization, inter-agency data sharing, etc. Techniques similar to those in privacy-preserving data mining can enable such applications without the degree of information disclosure and trust currently required, providing a business model for development of the technology (and as a by-product, reducing the number of trusted systems that need to be secured.)

Feel paranoid that Google Chrome is spying on you? Apply UnChrome!

Monday, September 15th, 2008

I’ve seen the following attributed to Woody Allen:

    Question: what’s a three syllable word beginning with ‘P’ that means you think that everybody’s against you?
    Answer: perceptive.

unchromeIt’s fashionable in some circles to be paranoid about Google. If they ever do abandon their Don’t be evil informal motto then we are all in trouble. Search engines can gather a lot of information about a person’s interests. While Google is not the only search engine available, they have assembled quite an array of Web systems, including gmail, Google reader, Google groups, DoubleClick, Feedburner and many more. They would be in a good position to integrate a lot of information about a person’s behavior on the Web.

Enter Google Chrome.

If you own the browser, you can get the full range of a person’s Web activities. What worries some is that each Google Chrome installation contains a unique ID, which could be used to identify its user. The German company Abelssoft has released UnChrome as an application that effectively makes your copy of Google Chrome anonymous.

“Regarding to Google, “Google Chrome is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier”. Unfortunately, each Google Chrome installation contains a unique ID that allowing identifying its user. Google doesn’t make it an easy job to remove this ID.

UnChrome helps you with this task. It replaces your unique ID with Null values so that your browser cannot be identified any longer. The functionality of Google Chrome is not influenced by this. You only need to apply UnChrome once.”

I think this is paranoia rather than being perceptive, but just because you’re paranoid doesn’t mean they aren’t out to get you.