Student Projects:Privacy Internet:Project Description Final

Title

Privacy and the Internet

Team Members

• John Peterson, UW, User:John
• Jim Jantos, UW, User:Jantos
• Ted Zuvich, UW, User:TedZ
• Ryan Kaneshiro, UW, User:Ryank

Topic Description

This report will explore privacy laws in this country and abroad, will discuss their limitations in the face of new threats to privacy made possible in the Internet era, and will examine solutions to maintain and enhance privacy rights related to the Internet.

In this report, we will present a brief synopsis of the current state of the patchwork set of privacy laws in the US, along with an examination of how the current state came to be. We will examine the specific impact of the Internet on privacy in the US and survey several Internet-related privacy threats. We will highlight several flaws in US privacy laws that are not adequately addressing Internet issues. We will then compare US policy to the EU's omnibus privacy laws and consider alternative approaches that may be followed to maintain the integrity of personal information. The approaches considered will include an examination of further legislative solutions and self-regulation through privacy enhancing technologies. In conclusion, we hope to present a series of recommendations to address and “fix” current privacy concerns as they relate to the Internet.

Subtopics

Privacy Laws in the US (John, Jantos)

The civil right of privacy is a composite of federal and state statutory law, administrative rulings, constitutional innuendo, common law traditions, and activist judicial case rulings. Traditionally, Americans have been concerned with the power of governments, and as those powers grow, so does the individual citizen's need for privacy. The explosion of the Internet provides the unscrupulous and the fearful with vast opportunities to invade the individual citizen's privacy.

This subtopic will explore the unperpinnings of privacy rights in the US and the current status of US law. The subtopic will emphasize how US privacy law either (i) applies to issues created by the internet, or (ii) fails to address the privacy concerns of the Internet.

Privacy Laws Abroad (John, Jantos)

This subtopic will survey privacy laws abroad with a special emphasis on EU privacy laws. The subtopic will examine how other countries have attempted to deal with privacy concerns related to the Internet.

Internet Specific Privacy Threats (Ted Zuvich)

While other subtopics will focus on defense, this subtopic will focus on how privacy comes under attack through the Internet. It will cover the technical means by which privacy is or could be compromised on the Internet. This will include a discussion of:

• Cookies
• Data mining (as enhanced by the internet)
• Increased opportunities for deception
• Sneaky tricks (scams, hustles, duping, phishing, and some of the myriad other ways to dupe people into handing over the keys)
• Ease of data gathering
• Government "spyware," with emphasis on the post-9/11 era
• Technological failings -- shortfalls in IE and other internet software
• Summary of the Notification/Opt-in (etc.) process that is the ideal

Privacy through self-regulation (Ryank)

Privacy through technology, not through legislation

Policy makers struggle to pass legislation fast enough to keep up with the pace of technological progress. This subtopic will look at the viability of industry self-regulation as a means of maintaining privacy. A survey of current and future privacy enhancing technologies designed to empower the consumer will be examined. This chapter will also cover the limitations of self-regulation such as consumer education and the difficulties of enforcement.

• Privacy enhancing tools
  • Tech solutions
    • Web anonymizers (anonymizer2004, SafeWeb), P3P
    • Anti-spyware tools (Adaware, Spybot S&D, etc.)
  • Seal Programs
    • TrustE, BBBOnline, etc.
• Limitations of self-regulation
  • Difficulty in using/deploying tech solutions (eg, [1])

Privacy through Legislation (John, Jantos)

This subtopic will examine legislative attempts to maintain and/or enhance privacy as related to the Internet. The subtopic will examine whether legislative solutions are viable and appropriate.

Team Conclusions And Recommendations to Protect Privacy (All)

    1. Technological
    2. Legal

Sources

• [Privacy on the Internet: http://reason.com/bipriv.shtml]
• [Privacy and the Internet http://www.bc.edu/bc_org/avp/law/st_org/iptf/commentary/content/2000041901.html]
• [[Who Goes There?: Authentication Through the Lens of Privacy]|[2]]
• [Privacy-enhancing technologies for the Internet http://www.cs.berkeley.edu/~daw/papers/privacy-compcon97-www/privacy-html.html] A bit dated.
• [Measurement and Analysis of Spyware in a University Environment http://www.cs.washington.edu/homes/gribble/papers/spyware.pdf]
• Aspray, Ch. 6
• [Deanonymizing Users of the SafeWeb Anonymizing Service http://www.cs.bu.edu/techreports/pdf/2002-003-deanonymizing-safeweb.pdf]

Repositories

• [Electronic Privacy Information Center http://www.epic.org]
• [AIM Association for Automatic Identification and Mobility: http://www.aimglobal.org/technologies/rfid]
• [Electronic Frontier Foundation: http://www.eff.org/]
• http://petworkshop.org

Team Organization

Each subtopic will be authored independently by the team member indicated in parenthesis. Collaborative work on final recomendations and transitional paragraphs will be done via the Wiki discussion page.

Team members will review the finished paper to ensure continuity of style and flow.