Talk:Student Projects:Privacy Internet

From CSEP590TU
Revision as of 05:50, 5 November 2004 by Tedz (talk | contribs) (Rough Project Outline)

Jump to: navigation, search

Patchwork Laws

[TedZ]: I'm almost done reading the chapter in Asprey re: privacy. One point that I find interesting is that US law is a "piecewise patchwork" (my own interpretation of the text) of laws, and apparently that's ok with everybody in the legal system. Europe appears to have a more unified approach to privacy. Comments?

Ryank The author states that privacy is a nebulous concept and that different people will have different interpretations of what it means. I think the sectoral policy approach in the US is a direct result of this. I'm curious as to how satisfied people are with the EU omnibus legislation.

Interesting links

[Electronic Privacy Information Center http://www.epic.org]: has an article about RFID chips.

[AIM Association for Automatic Identification and Mobility: http://www.aimglobal.org/technologies/rfid]

[Electronic Frontier Foundation: http://www.eff.org/]

[Privacy on the Internet: http://reason.com/bipriv.shtml]

[Privacy and the Internet http://www.bc.edu/bc_org/avp/law/st_org/iptf/commentary/content/2000041901.html]

[[Who Goes There?: Authentication Through the Lens of Privacy]|[1]]

Possible Topics -- random thoughts for outlining

[TedZ]

  • US Privacy Laws (contrast to European law?)
  • European Union Safe Harbor Program
  • Is technology outstripping the law? Witness several recent cases of stalking, where the stalkers utilized high tech equipment such as GPS transmitters, webcams, and spyware to harass victims -- in many cases, the stalkers' actions were "on the edge" of current law. In some cases, the court/lawyers had trouble even describing the technology that the stalker had used.
  • Relevant Internet technologies -- cookies, spyware (including remote-install no-warning versions!), forms and "voluntary" information.
    • Ryank http://www.cs.washington.edu/homes/gribble/papers/spyware.pdf is a first cut at measuring the spread of spyware. The author first created models for 4 different types of spyware. A packet sniffer was then setup on UW's network and used to capture all network traffic for one week. The number of packets matching one of the model's signature was used to to determine the total number of infected machines on the network. The author found that 1,587 clients (5.1%) were infected with 1 or more spyware programs. Considering that there are hundreds of different types of spyware in the wild and only 4 were checked for this is a definite lower bound.
    • Ryank Can technology be used to ensure privacy rather than waiting for laws to be enacted? One of the reasons Firefox is gaining ground on IE is due to the fact that it is not as susceptible to hijacking attempts and spyware. Are self-regulation and grass roots organizations like EFF sufficient?
  • Ryank Carnivore (the FBI Internet 'wiretapping' toolkit)
  • P3P
  • Smart cards
  • Problems/Solutions


Ryank I realize its the name of the topic but did you guys want to focus exclusively on Internet technologies? That would rule out looking into things like smart cards and RFID chips. Then again, maybe its better to narrow the focus some. It looks like we have a mishmash of different subtopics now and I'm not sure how to tie them all together.

Ted Zuvich At this point, I don't have a problem with tossing up lots of ideas for consideration. I'm thinking of this as a sort of whiteboard brainstorming session. Maybe we could go with "IT and Privacy", which would be a little more inclusive of technologies like RFID chips. Here's my goal: by 10 PM PST on Thursday, Nov 04 2004, I want to have a rough outline up on this discussion page. I think I can pull this together for the group, if lots of discussion takes place.

Ryank: Unfortunately, I won't be able to contribute much to this page today as I am at work now and class is tonight.

Ted Zuvich Ryan, could you post a link to some general information about FireFox?

Ryank: Here's a few articles talking about how Firefox's market share is growing due to security issues with IE:

Privacy and the Internet

(User John): The civil right of privacy is a composite of federal and state statutory law, administrative rulings, constitutional innuendo, common law traditions, and activist judicial case rulings. Traditionally, Americans have been concerned with the power of governments, and as those powers grow, so does the individual citizen's need for privacy. Today, the explosion of computer based technology provides the uncrupulous and the fearful with vast opportunities to invade the individual citizen's privacy. As a member of this research team, I would like to see at least four sub-areas of this privacy issue explored: 1) a history of the building of the right to privacy; 2) a study of the flaws in the present patchwork of the right to privacy; 3) a serious look at the technological threats to privacy available for use, today and tomorrow; 4) a proposal for effective options to the present system - perhaps a Constitutional Amendment of Individual Privacy. I have some data on the technological threat, such as Tempest related technologies. Some of our more technically inclined members might enjoy such research. As attorneys, Jim and I should be able to cover items 1 and 2, to a certain extent. After basic research has been completed, all of us could have a good bull session or two, and we should be able to create a serious proposal for item 4. Since the U.S. Constitution was mostly conceived in Taverns, I suggest that we consider similar accoutrements - to enhance the creative mood, of course. Comments? Alternative ideas? We need to get our heads out of the clouds and grind away on something concrete.

Ryank: I think this is a fine idea. Thank you for grounding the discussion. I would like to throw my hat into the technological threats ring. As a counterbalance, I think some examination of privacy enhancing technology would be interesting to look at. Certainly the latter can be a component of whatever proposal we make in subtopic 4. And yes, beer is always a good idea...

Ted Zuvich: Beer would be nice. Unfortunately, I'm out of the Seattle area and will be for the foreseeable future. And I'm in the middle of finalling a project. So no beer for me. I would suggest using IM, but I think its better if we keep discussion on the Wiki, as much as possible.

Jim Jantos: Third on the beer. I see some early narrowing topics as follows: Technology threats and/or technology enhancements to privacy? Internet vs. IT as a whole? EU vs. US patchwork privacy rights?

I thinks a basic outline could be (1) background on privacy and related underpinnings, (ii) an examination of U.S. privacy rights (i.e. basic laws, etc.) (iii) threats/enhancements to privacy related to IT (maybe pick a particular threat from a tech side - spyware, govt. investigation software noted above, etc.); and (iv) possible solutions/proposals (including a possible look at EU law).

Group Roles

Ted Zuvich: I think it would be helpful if we provide a bit of background on each other so that we can see how everyone is going to fit into the project.

Myself, I'm a technical guy. I'm a senior programmer with a background in games development. I also have significant experience with technical writing and editing, which should come in useful.

It sounds like we have two technical people (myself and Ryan) and two attorney/IP people (John and Jim). That should be a good mix.

Ryank: I'm also a tech guy with a background in information retrieval and information extraction. Developments in these areas can definitely be used to create automated systems to monitor user's email, IMs, etc.

Jim Jantos: My basic background is linked with my name on the Wiki somehow. Although I have an engineering background, I am an attorney (now 10+ years - I am somewhat shocked to admit it!) with a strong tax (probably not too useful here) and IP background. John and I are both in the masters IP program at the UW law school on a part-time basis. As far as attorneys are concerned, I am close to the tech side, if that is possible.

Group Roles

(User John, 11/3/2004) Jim and I have patent law backgrounds, so we should be able to keep up with the tech data. I like the idea of bringing in the EU approach somewhere in the project. I have some ideas and data regarding Tempest, Carnivore, and other eavesdropping technology, but I think you tech guys might be better suited to discuss those things. Please be aware that we need an outline to give Ed by Monday. Maybe, we can discuss these things further at class, tonight. What do you all think?

Project Schedule

[TedZ] Given that we've got a deadline and not much time left, here's a proposed schedule for the next few days:

Nov 4, end of day: rough outline up on Wiki for comment. I will provide this.

Nov 5-7: comments, refinement, and arguing.

Nov 8: prepare final draft of outline, submit.

Rough Project Outline

Privacy In/On/And the Internet

Privacy in the US

What it means

A brief history of privacy law

Current state of privacy law

Contrast with EU law

The impact of the internet on privacy


Threats to privacy/new opportunities for invasion

Data Mining

Cookies

Spyware

Government "spyware," with emphasis on the post-9/11 era

Shortfalls and problems because of current privacy law

Technological failings -- shortfalls in IE and other internet software

Sneaky ways around current laws: scams, tricks, and hustles

Solutions

More laws?

Constitutional ammendment

Countermeasures -- a technological solution?

Self regulation

Grass roots organizations

Conclusions/Summary

Retrieved from "http://cubist.cs.washington.edu/CSEP590TU-wiki/index.php?title=Talk:Student_Projects:Privacy_Internet&oldid=1259"