Student Projects:Privacy Internet:Project Description

Title

Privacy and the Internet

Team Members

• John Peterson, UW, User:John
• Jim Jantos, UW, User:Jantos
• Ted Zuvich, UW, User:TedZ
• Ryan Kaneshiro, UW, User:Ryank

Topic Description

This paper will explore the current patchwork set of privacy laws in this country and discuss their limitations in the face of new threats made possible in the Internet era. We will compare US policy to the EU's omnibus privacy laws and consider additional legislation that could be enacted to maintain the integrity of personal information. Alternative solutions such as self-regulation and privacy enhancing technologies will also be considered.

[Tedz]: How about this description? I took some of John's language, since it seemed quite exact. I'm assuming that this page will get edited, mangled, and reworked as we head towards Monday's deadline.

The civil right of privacy is a composite of federal and state statutory law, administrative rulings, constitutional innuendo, common law traditions, and activist judicial case rulings. Traditionally, Americans have been concerned with the power of governments, and as those powers grow, so does the individual citizen's need for privacy. Today, the explosion of computer based technology provides the unscrupulous and the fearful with vast opportunities to invade the individual citizen's privacy. In this report, we present a brief synopsis of the current state of privacy laws in the US, along with an examination of how the current state came to be. We will also present a brief contrast with EU privacy laws, and how they affect the US. We next examine the specific impact of the Internet on privacy in the US. We will discuss current efforts and changes in US law that are aimed specifically at Internet privacy, and survey several Internet-specific privacy threats. In this section, we will highlight several flaws in the US privacy laws that are not adequately addressing Internet issues. In the final section, we we will present a series of recommendations for enhancing and “fixing” current privacy laws as they relate to the Internet and the rapidly burgeoning IT technology of this era.

Ryank: I do like John's comment on the discussion page and we should reuse it here. How much detail do you think we should include in the topic description? It seems like a lot of this could be moved into the subtopic section.

Ted Zuvich: I was aiming at "short introductory paragraph similar in style and content to some of the other policy briefs and essays that I've read over the last few weeks." Some of the introductions are 3-4 paragraphs; we don't need that for now. But one good meaty intro is fair, I think.

Subtopics

Privacy through self-regulation (Ryank)

Privacy through technology, not through legislation

Policy makers struggle to pass legislation fast enough to keep up with the pace of technological progress. This subtopic will look at the viability of industry self-regulation as a means of maintaining privacy. A survey of current and future privacy enhancing technologies designed to empower the consumer will be examined. This chapter will also cover the limitations of self-regulation such as consumer education and the difficulties of enforcement.

• Privacy enhancing tools
  • Tech solutions
    • Web anonymizers (anonymizer2004, SafeWeb), P3P
    • Anti-spyware tools (Adaware, Spybot S&D, etc.)
  • Seal Programs
    • TrustE, BBBOnline, etc.
• Limitations of self-regulation
  • Difficulty in using/deploying tech solutions (eg, [1])

Ted Zuvich: This looks good, Ryan. I think this will make a solid subtopic.

Internet Specific Privacy Threats (Ted Zuvich)

While other subtopics will focus on defense, this subtopic will focus on how privacy comes under attack through the Internet. It will cover the technical means by which privacy is or could be compromised on the Internet. This will include a discussion of:

• Cookies
• Data mining (as enhanced by the internet)
• Increased opportunities for deception
• Sneaky tricks (scams, hustles, duping, phishing, and some of the myriad other ways to dupe people into handing over the keys)
• Ease of data gathering
• Government "spyware," with emphasis on the post-9/11 era
• Technological failings -- shortfalls in IE and other internet software
• Summary of the Notification/Opt-in (etc.) process that is the ideal

Sources

• [Privacy on the Internet: http://reason.com/bipriv.shtml]
• [Privacy and the Internet http://www.bc.edu/bc_org/avp/law/st_org/iptf/commentary/content/2000041901.html]
• [[Who Goes There?: Authentication Through the Lens of Privacy]|[2]]
• [Privacy-enhancing technologies for the Internet http://www.cs.berkeley.edu/~daw/papers/privacy-compcon97-www/privacy-html.html] A bit dated.
• [Measurement and Analysis of Spware in a University Environment http://www.cs.washington.edu/homes/gribble/papers/spyware.pdf]
• Aspray, Ch. 6
• [Deanonymizing Users of the SafeWeb Anonymizing Service http://www.cs.bu.edu/techreports/pdf/2002-003-deanonymizing-safeweb.pdf]
• [Phishers Adopt Scam Tricks From Virus Writers http://msn.pcworld.com/news/article/0,aid,118489,00.asp]
• "Internet Privacy: Overview and Pending Legislation", updated February 6th, 2003, Report for Congress, Marcia S. Smith, Congressional Research Service, The Library of Congress.

Repositories

• [Electronic Privacy Information Center http://www.epic.org]
• [AIM Association for Automatic Identification and Mobility: http://www.aimglobal.org/technologies/rfid]
• [Electronic Frontier Foundation: http://www.eff.org/]
• http://petworkshop.org

Team Organization

Each subtopic will be authored independently by the team member indicated in parenthesis. Collaborative work on final recomendations and transitional paragraphs will be done via the Wiki discussion page.

Team members will review the finished paper to ensure continuity of style and flow.