Digital privacy

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

Digital Privacy is a collective definition that encompasses three sub-related categories; information privacy, communication privacy, and individual privacy.[1] It is often used in contexts that promote advocacy on behalf of individual and consumer privacy rights in digital spheres, and is typically used in opposition to the business practices of many e-marketers/businesses/companies to collect and use such information and data.[2]

We are told our data is exposed and that we lack complete privacy. While our data is exposed through digital mediums, such as social media, we also more sensitized to privacy issues.

The evolution between 2005 and 2011 of the level of disclosure for different profile items on Facebook shows that over the years, people want to keep more information private.[3] Social networks have done the opposite: if we share more information, we expose more and Facebook can sell more to advertisers. Every 8 or 10 months, some social networks face privacy incidents which lead users to regroup and contest, however the networks usually apologize and continue on with the same information-mining tactics.

When we share information with friends, their data are exposed and privacy decreases. This is a consequence of bridging social capital: as we create new and diverse ties on social networks, data becomes linked. This decrease of privacy continues until bundling appears (when the ties become strong and the network more homogenous). Privacy then increases through stagnation, creating a community where privacy can be reattained through mass. However, Facebook and other social media outlets find other ways for us to share information, for instance through games, top 10, quizz, etc. It makes what we can call "cycles of privacy".[4]

Privacy Types[edit]

Information Privacy[edit]

In the context of digital privacy, information privacy is the notion that individuals should have the freedom, or right, to determine how their digital information, mainly that pertaining to personally identifiable information, is collected and used. The EU has various laws that dictate how information may be collected and used by companies. Some of those laws are written to give agency to the preferences of individuals/consumers in how their data is used. In other places, like in the United States, privacy law is argued by some to be less developed in this regard.[5] By example, some legislation, or lack of, allows companies to self-regulate their collection and dissemination practices of consumer information.

Communication Privacy[edit]

In the context of digital privacy, communication privacy is the notion that individuals should have the freedom, or right, to communicate information digitally with the expectation that their communications are secure; meaning that messages and communications will only be accessible to the sender's original intended recipient.[1] However, communications can be intercepted or delivered to other recipients without the sender's knowledge, in a multitude of ways. Communications can be intercepted directly through various hacking methods,[6] this is expanded upon further below. Communications can also be delivered to recipients unbeknownst to the sender due to false assumptions made regarding the platform or medium which was used to send information. An example of this is failure to read a company's privacy policy regarding communications on their platform could lead one to assume their communication is protected when it is in fact not.[7] Additionally, companies frequently have been known to lack transparency in how they use information, this can be both intentional and unintentional.[8] Discussion of communication privacy necessarily requires consideration of technological methods of protecting information/communication in digital mediums, the effectiveness and ineffectiveness of such methods/systems, and the development/advancement of new and current technologies.

Individual Privacy[edit]

In the context of digital privacy, individual privacy is the notion that individuals have a right to exist freely on the internet, in that they can choose what types of information they are exposed to, and more importantly that unwanted information should not interrupt them.[1] An example of a digital breach of individual privacy would be an internet user receiving unwanted ads and emails/spam, or a computer virus that forces the user to take actions they otherwise wouldn't. In such cases the individual, during that moment, doesn't exist digitally without interruption from unwanted information; thus their individual privacy has been infringed upon.

Individual Privacy[edit]

Some internet users proactively work to ensure that their information can not be collected, this is the practice of attempting to remain anonymous.

Information Anonymity[edit]

The following examples are systems that allow a user to remain anonymous when accessing the web, and by extension the use of which better ensures the protection of their personally identifiable information.

Onion Routing was originally developed by the U.S. Naval Research Lab and was intended to anonymize web traffic.[9] The system created a path to any TCP/IP server by creating a pathway of onion routers. Once a pathway has been established, all information that is sent through it is anonymously delivered.[10] When the user has finished utilizing the pathway it was essentially deleted which freed the resources to be used for a new pathway within Onion Routing. The Onion Routing project developed into what is today known as Tor, a completely open-sourced and free software. Unlike its predecessor, Onion Routing, Tor is able to protect both the anonymity of individuals as well as web providers. This allows people to set up anonymous web servers which in effect provides a censorship-resistant publishing service.[9]

Communication Anonymity[edit]

The previously mentioned information anonymity systems can also potentially protect the contents of communications between two people, but there are other systems that directly function to guarantee a communication remains between only two people; they function to accomplish that only the intended recipient of a communication will receive it.[11]

One of these systems, PGP (which is an acronym for Pretty Good Privacy), has existed in various forms for many years. It functions to protect email messages by encrypting and decrypting them. It originally existed as a command-line-only program, but in recent years it has evolved to have its own full interface and a multitude of email providers offer built-in PGP support. Users can also install PGP-compatible software and manually configure it to encrypt emails on nearly any platform.[12]

SSL (acronym for Secure Sockets Layer) and TLS (acronym for Transport Layer Security) are measures to secure payments online. While these systems are not immune from breaches or failure, many users benefit greatly from their use as every major browser program has support for it built in.[9]

Additional Services[edit]

There are additional methods that work to provide anonymity and by extension protect their data. Amongst these include services like IP address changers, in which an internet user typically pays a fee to utilize. Since IP addresses can frequently be traced back to a specific physical location,[13] and likewise by extension can identify someone, the service helps users remain anonymous by providing access to a multitude of servers in various geographic locations around the world which allows the user to appear as if they are physically located in a selected area, even when they are not. This is an example of a method/service that works to allow for information and communication anonymity.[14]

The Virtual Private Network (VPN) is also a specific example. It is a technology that provides users secured connection over a non-secure public network such as the Internet through several VPN tunneling protocols, handling, and encapsulating traffic at different levels to ensure communication security.[15] VPN is also effective in securing data and privacy over the cloud and data-center environments because it is capable of protecting IPs from exposure to different kinds of attacks. This technology can be categorized into SSL VPN and IPSec VPN, which are methods of data communication from a user device to a VPN gateway using a secure tunnel.[16] There is also the case of the VHSP mechanism, which protects the exposure of an IP address by assigning a temporal IP for the VPN gateway and its services.[16]

The use of Network Address Translation or NAT allows users to hide connections passing through a gateway behind the gateway through the use of a sensible hiding IP address that is routable to the issuing gateway.[17]

The (no) harm principle[edit]

One rule emitted by John Stuart Mill is the (no) harm principle. It explains that private references must be respected: one can do whatever he/she wants as long as the others don't suffer from the consequences of it. In our private space, alone, we are free to do whatever we want.

Since media came up with photojournalism, the invasion of celebrities’ private lives started and the right to privacy arose. In 1890, Samuel Warren & Louis Brandeis named it “the right to be left alone”. Today's “privacy incidents” don't exclusively concern celebrities and politicians since most of us are connected and share data: we are not online to be left alone.

The economic value of data[edit]

According to Alessandro Acquisti, Curtins Taylor and Liad Wagman in The Economics of Privacy,[18] the individual data can be seen having two different types of value: a commercial value and a private value. The fact that data are collected can have both positive and negative effects: indeed, it can cause a violation of privacy and a monetary cost. Still according to those three researchers, the data analysis is becoming increasingly efficient, that is why there are more and more concerns about the progress of collecting data. Regulations are appearing, such as the EU data protection directive or the US children's online privacy protection act, but the industry is always evolving, so that it seems important to continue keeping an eye on the economics of privacy.

Privacy and Information Breaches[edit]

Methods can be purposely crafted to obtain one's personal information illegally. These directed attacks are commonly referred to as hacking, though that term refers to the general practice and doesn't address specific hacking methods and implementation. Various hacking methods as it pertains to the invasion of one's digital privacy are outlined below. As it pertains to intent, within hacking there are two categories of invasion: 1) Directed attacks against someone individually, and 2) Directed attacks against groups.[19] With the latter category, however, a hacker could effectively obtain a specified/particular individual's information through first targeting a larger group.[20] An example of this possibility could be as follows: If a hacker, named individual-A, wishes to obtain a particular person's information, individual-B, he/she could first target a platform or group that has individual-B's information already, such as a credit agency, or they could likewise target a group that individual-B has previously relinquished/provided their data to, like a social media network or a cloud based data service. Through targeting one of those groups, individual-A could effectively obtain individual-B's information by first hacking all data the group has, including the data of other individuals. Once obtained, the hacker could simply identify individual-B's information within the data and disregard the rest.

Example of an Individual Attack: Phishing[edit]

Phishing is a common method of obtaining someone's private information.[21] This generally consists of an individual (often referred in this context as a hacker), developing a website that looks similar to other major websites that a target person commonly uses. The phishing website may look identical to the legitimate site, but its URL could be a variation in spelling or a different domain such as .org instead of .com.[22] The target person can be directed to the site through a link in a 'fake' email that is designed to look like it came from the website he/she commonly uses. The user then clicks on the URL, proceeds to sign in, or provide other personal information, and as opposed to the information being submitted to the website that the user thought they were on, it is actually sent directly to the hacker.[23] Phishing attacks commonly obtain bank and financial data as well as social networking website information.[22]

There are tools that can help users protect their information from phishing attacks and these include the Web browser extensions, which are capable of flagging suspicious websites and links.[24]

Development and Controversy[edit]

Digital privacy is a trending social concern. For example, the TED talk by Eric Berlow and Sean Gourley subsequent to the 2013 mass surveillance disclosures cast a shadow over the privacy of cloud storage and social media.[25] While digital privacy is concerned with the privacy of digital information in general, in many contexts it specifically refers to information concerning personal identity shared over public networks.[26]

Before the Edward Snowden disclosures concerning the extent of the NSA PRISM program were revealed in 2013, the public debate on digital privacy mainly centered on privacy concerns with social networking services, as viewed from within these services.

As the secrecy of the American Foreign Intelligence Surveillance Act becomes widely disclosed,[27] digital privacy is increasingly recognized as an issue in the context of mass surveillance.

The use of cryptographic software to evade prosecution and harassment while sending and receiving information over computer networks is associated with crypto-anarchism, a movement intending to protect individuals from mass surveillance by the government.

See also[edit]

References[edit]

  1. ^ a b c Hung, Humphry; Wong, Y.H. (2009-05-22). "Information transparency and digital privacy protection: are they mutually exclusive in the provision of e‐services?". Journal of Services Marketing. 23 (3): 154–164. doi:10.1108/08876040910955161. ISSN 0887-6045.
  2. ^ TEDx Talks (2016-01-21), Privacy in the Digital Age | Nicholas Martino | TEDxFSCJ, retrieved 2018-11-28
  3. ^ Stutzman, Fred; Gross, Ralph; Acquisti, Alessandro (2013-03-01). "Silent Listeners: The Evolution of Privacy and Disclosure on Facebook". Journal of Privacy and Confidentiality. 4 (2). doi:10.29012/jpc.v4i2.620. ISSN 2575-8527.
  4. ^ Tubaro, Paola; Casilli, Antonio A; Sarabi, Yasaman (2014). "Against the Hypothesis of the End of Privacy". SpringerBriefs in Digital Spaces. doi:10.1007/978-3-319-02456-1. ISBN 978-3-319-02455-4. ISSN 2193-5890.
  5. ^ "Privacy Law in the United States, the EU and Canada: The Allure of the Middle Ground 2 University of Ottawa Law & Technology Journal 2005". heinonline.org. Retrieved 2018-11-28.
  6. ^ Sushmitha, R. "HACKING METHODS, TECHNIQUES AND THEIR PREVENTION". International Journal of Computer SCience and INformation Technology Research. 2 (2): 183–189.
  7. ^ Kemp, Katharine. "94% of Australians do not read all privacy policies that apply to them – and that's rational behaviour". The Conversation. Retrieved 2018-11-28.
  8. ^ Meijer, Ronald; Conradie, Peter; Choenni, Sunil (2014). "Reconciling Contradictions of Open Data Regarding Transparency, Privacy, Security and Trust". Journal of Theoretical and Applied Electronic Commerce Research. 9 (3): 32–44. doi:10.4067/S0718-18762014000300004. hdl:1854/LU-5671907. ISSN 0718-1876.
  9. ^ a b c Acquisti, Alessandro; Gritzalis, Stefanos; Lambrinoudakis, Costos; Vimercati, Sabrina di (2007-12-22). Digital Privacy: Theory, Technologies, and Practices. CRC Press. ISBN 9781420052183.
  10. ^ "Anonymous connections and onion routing - IEEE Journals & Magazine". ieeexplore.ieee.org. Retrieved 2018-12-12.
  11. ^ Edman, M. and Yener, B. 2009. On anonymity in an electronic society: A survey of anonymous communication systems. ACM Comput. Surv. 42, 1, Article 5 (December 2009), 35 pages. DOI = 10.1145/1592451.1592456, http://doi.acm.org/10.1145/1592451.1592456
  12. ^ Zimmermann, Philip R. (1999). "Why I Wrote PGP". Essays on PGP. Philip Zimmermann.
  13. ^ "Survey and taxonomy of IP address lookup algorithms - IEEE Journals & Magazine". ieeexplore.ieee.org. Retrieved 2018-12-12.
  14. ^ Technology Analysis Branch of the Office Privacy Commissioner of Canada (May 2013). "What an IP Address Can Reveal About You" (PDF). Office Privacy Commissioner of Canada. Cite journal requires |journal= (help)
  15. ^ Doss, Robin; Piramuthu, Selwyn; Zhou, Wei (2016). Future Network Systems and Security: Second International Conference, FNSS 2016, Paris, France, November 23-25, 2016, Proceedings. Cham: Springer. p. 3. ISBN 9783319480206.
  16. ^ a b Kim, Kuinam (2015). Information Science and Applications. Berlin: Springer. p. 1053. ISBN 9783662465776.
  17. ^ Simonis, Drew; Pincock, Corey; Kligerman, Daniel; Maxwell, Doug; Amon, Cherie; Keele, Allen (2002). Checkpoint Next Generation Security Administration. Rockland, MA: Elsevier. p. 498. ISBN 978-1928994749.
  18. ^ Acquisti, Alessandro; Taylor, Curtis R.; Wagman, Liad (2015). "The Economics of Privacy". doi:10.2139/ssrn.2580411. ISSN 1556-5068. Cite journal requires |journal= (help)
  19. ^ Koumourou, Xenophon. Hacking analysis and protection: Hacking analysis and protection methods. CreateSpace Independent Publishing Platform. ISBN 978-1463764944.
  20. ^ Dubovitskaya, Maria, Take back control of your personal data, retrieved 2018-12-12
  21. ^ Chiew, Kang Leng; Yong, Kelvin Sheng Chek; Tan, Choon Lin (2018-09-15). "A survey of phishing attacks: Their types, vectors and technical approaches". Expert Systems with Applications. 106: 1–20. doi:10.1016/j.eswa.2018.03.050. ISSN 0957-4174.
  22. ^ a b Hassan, Nihad; Hijazi, Rami (2017). Digital Privacy and Security Using Windows: A Practical Guide. New York: Apress. p. 69. ISBN 9781484227985.
  23. ^ Lacey, David; Salmon, Paul; Glancy, Patrick (2015-01-01). "Taking the Bait: A Systems Analysis of Phishing Attacks". Procedia Manufacturing. 3: 1109–1116. doi:10.1016/j.promfg.2015.07.185. ISSN 2351-9789.
  24. ^ Acquisti, Alessandro; Gritzalis, Stefano; Lambrinoudakis, Costos; di Vimercati, Sabrina (2007). Digital Privacy: Theory, Technologies, and Practices. Boca Raton, FL: Auerbach Publications. p. 14. ISBN 9781420052176.
  25. ^ Gourley, Eric Berlow and Sean, Mapping ideas worth spreading, retrieved 2018-11-27
  26. ^ "Privacy". Electronic Frontier Foundation (in Spanish). Retrieved 2018-11-27.
  27. ^ Roberts, Jeff (2013-08-22). "Google and Microsoft's plea on NSA requests moves slowly in secret court". gigaom.com. Retrieved 2018-11-27.