Advertisement

A Future for Privacy

Chapter
Part of the SpringerBriefs in Cybersecurity book series (BRIEFSCYBER)

Abstract

We discuss how the personal privacy that we are used to as a way of life is continuously being threatened by modern technology. We divide these threats into different categories based on who the perpetrator is, and the extent to which the privacy invasion was intended by the system designer. We discuss in detail how some technologies, like the web, compromise privacy. We explain why privacy is important and describe the conflict between privacy and law enforcement. Finally, we explain our ideas for the future, which include a system for verifiable accountability to allow citizens to see what and how much information is collected and used. We give some examples of how such technology could be used in the future.

Keywords

Certificate Authority Trusted Platform Module Transport Layer Security Tracking User Deep Packet Inspection 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Monkey brains control robot arms. (2003). BBC. http://news.bbc.co.uk/1/hi/health/3186850.stm.
  2. 2.
    Sony recalls copy-protected CDs. (2005). BBC. http://news.bbc.co.uk/1/hi/technology/4441928.stm.
  3. 3.
    Chaos computer club analyzes government malware. (2011). http://www.ccc.de/en/updates/2011/staatstrojaner.
  4. 4.
    Facebook sorry over face tagging launch. (2011). BBC. http://www.bbc.co.uk/news/technology-13693791.
  5. 5.
    Germany spyware: Minister calls for probe of state use. (2011). BBC. http://www.bbc.co.uk/news/world-europe-15253259.
  6. 6.
    NSA slides explain the PRISM data-collection program. (2013). The Washington Post. http://www.washingtonpost.com/wp-srv/special/politics/prism-collection-documents/.
  7. 7.
    Live Q&A with Edward Snowden. (2014). http://www.freesnowden.is/asksnowden.html.
  8. 8.
    The NSA files. (2014). The guardian. http://www.theguardian.com/world/the-nsa-files.
  9. 9.
    Abelson, H., Anderson, R., Bellovin, S. M., Benaloh, J., Blaze, M., Diffie, W., Gilmore, J., Neumann, P. G., Rivest, R. L., Schiller, J. I., & Schneier B. (1998). The risks of key recovery, key escrow, and trusted third-party encryption. http://www.schneier.com/paper-key-escrow.html.
  10. 10.
    Acquisti, A., Gross, R., & Stutzman, F. (2011). Faces of Facebook: Privacy in the age of augmented reality. BlackHat USA. http://www.heinz.cmu.edu/acquisti/face-recognition-study-FAQ/acquisti-faces-BLACKHAT-draft.pdf.
  11. 11.
    Arapinis, M, Borgaonkar, R., Golde, N., Mancini, L., Redon, K., Ritter, E., & Ryan, M. (2012). New privacy issues in mobile telephony: fix and verification. In ACM Conference on Computer and Communications Security (pp. 205–216). http://www.cs.bham.ac.uk/mdr/research/papers/pdf/12-UMTS.pdf.
  12. 12.
    Bamford, J. (2012). The NSA is building the country’s biggest spy center. Wired magazine. http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/all/1.
  13. 13.
    Black, J. (2001). Don’t make privacy the next victim of terror. Bloomberg Businessweek. http://www.businessweek.com/bwdaily/dnflash/oct2001/nf2001104_7412.htm, 2001.
  14. 14.
    Blaze, M. (1994). Protocol failure in the escrowed encryption standard. In Proceedings of the Second ACM Conference on Computer and Communications Security (CCS). http://www.crypto.com/papers/.
  15. 15.
    Blaze, M. (2013). Phew, NSA is just collecting metadata. (you should still worry.). Wired magazine. http://www.wired.com/opinion/2013/06/phew-it-was-just-metadata-not-think-again/.
  16. 16.
    Boneh, D., Sahai, A., Waters, B. Functional encryption: Definitions and challenges. In Theory of Cryptography (pp. 253—273). Springer.Google Scholar
  17. 17.
    Bosker, B. (2011). Facebook’s Randi Zuckerberg: Anonymity online “has to go away”. Huffington Post. http://www.huffingtonpost.com/2011/07/27/randi-zuckerberg-anonymity-online_n_910892.html.
  18. 18.
    Britten, N. (2010). Facebook users warned of burglary risk. The Telegraph. http://www.telegraph.co.uk/technology/facebook/8004716/Facebook-users-warned-of-burglary-risk.html.
  19. 19.
    Carrier iQ, Inc. What data is collected? http://www.carrieriq.com/what-data-is-collected/.
  20. 20.
    Chothia, T., & Smirnov, V. (2010). A traceability attack against e-passports. In Proceedings of the 14th International Conference on Financial Cryptography and Data Security. http://www.cs.bham.ac.uk/tpc/Papers/PassportTrace.pdf.
  21. 21.
    Clayton, R. The Phorm “Webwise” system. http://www.cl.cam.ac.uk/rnc1/080518-phorm.pdf.
  22. 22.
    PrimeLife Consortium. (2011). Privacy-enhancing browser extensions. http://www.w3.org/2011/D1.2.3/.
  23. 23.
  24. 24.
    Eckersley, P. (2010). How unique is your web browser? In Proceedings of the Privacy Enhancing Technologies Symposium (PETS 2010), volume 6205 of Lecture Notes in Computer Science. Springer. http://panopticlick.eff.org/browser-uniqueness.pdf.
  25. 25.
  26. 26.
    Espiner, T. (2012). ISPs kept in dark about UK’s plans to intercept Twitter. http://www.zdnet.co.uk/news/security-threats/2012/02/20/isps-kept-in-dark-about-uks-plans-to-intercept-twitter-40095083/.
  27. 27.
    Inc. Facebook. Data use policy. https://www.facebook.com/about/privacy/your-info.
  28. 28.
    Inc. Facebook. (2013). What information does Facebook get when i visit a site with the like button or another social plugin? https://www.facebook.com/help/186325668085084.
  29. 29.
    Felten, E. W., Schneider, M. A. (2000). Timing attacks on web privacy. In ACM Conference on Computer and Communications Security, pp. 25–32.Google Scholar
  30. 30.
    Electronic Frontier Foundation. Sony BMG settlement FAQ. https://w2.eff.org/IP/DRM/Sony-BMG/settlement_faq.php.
  31. 31.
    Gahran, A. (2010). Using Wi-Fi? Firesheep may endanger your security. CNN. http://edition.cnn.com/2010/TECH/mobile/11/01/firesheep.wifi.security/index.html.
  32. 32.
    Gentry, C. (2009). A Fully Homomorphic Encryption Scheme. PhD thesis, Stanford University, Advisor Dan Boneh.Google Scholar
  33. 33.
    Miniwatts Marketing Group. (2012). World internet users and population stats. http://www.internetworldstats.com/stats.htm.
  34. 34.
    Trusted Computing Group. (2007). TPM Main Specification.Google Scholar
  35. 35.
    Hinsliff, G. (2008). MI5 seeks powers to trawl records in new terror hunt. The Observer. http://www.guardian.co.uk/uk/2008/mar/16/uksecurity.terrorism.
  36. 36.
    The White House. (1994). Statement of the press secretary. http://epic.org/crypto/clipper/white_house_statement_2_94.html.
  37. 37.
    Huber, N. (2013). The tax man is watching you: (HMRC) snoops on public 14,000 times in a year. The Independent. http://www.independent.co.uk/news/uk/home-news/the-tax-man-is-watching-you-hmrc-snoops-on-public-14000-times-in-a-year-8449862.html.
  38. 38.
    Adobe Systems Incorporated. What are local shared objects? http://www.adobe.com/products/flashplayer/articles/lso/.
  39. 39.
    Johnson, B. (2010). Privacy no longer a social norm, says Facebook founder. Guardian. http://www.guardian.co.uk/technology/2010/jan/11/facebook-privacy.
  40. 40.
    Kamkar, S. Evercookie—virtually irrevocable persistent cookies. http://samy.pl/evercookie/.
  41. 41.
    Keneally, M. (2013). Yahoo CEO Marissa Mayer feared being sent to jail for treason over NSA scandal. Daily Mail. http://www.dailymail.co.uk/news/article-2419441/Yahoo-CEO-Marissa-Mayer-feared-sent-jail-treason-NSA-scandal.html.
  42. 42.
    LaPlante, M. D. Spies like us: NSA to build huge facility in Utah. The Salt Lake Tribune. http://www.sltrib.com/ci_12735293.
  43. 43.
    Laurie, B., Langley, A., & Kasper, E. (2013). Certificate transparency. http://tools.ietf.org/html/rfc6962.
  44. 44.
    Lewis, P. (2008). Fears over privacy as police expand surveillance project. The Guardian. http://www.guardian.co.uk/uk/2008/sep/15/civilliberties.police.
  45. 45.
    Lewis, P., & Vallée, M. (2009). Revealed: police databank on thousands of protesters. http://www.guardian.co.uk/uk/2009/mar/06/police-surveillance-protesters-journalists-climate-kingsnorth?INTCMP=ILCNETTXT3487.
  46. 46.
    ARM Limited. (2009). ARM TrustZone API Specification, version 3.0.Google Scholar
  47. 47.
    Path Intelligence Ltd. Revolutionary technology for detailed data insights. http://www.pathintelligence.com/technology/.
  48. 48.
    Martin, R. (2005). Mind control. Wired magazine. http://www.wired.com/wired/archive/13.03/brain.html.
  49. 49.
    McKeen, F., Alexandrovich, I., Berenzon, A., Rozas, C., Shafi, H., Shanbhogue, V., & Savagaonkar, U. Innovative instructions and software model for isolated execution. In Second Workshop on Hardware and Architectural Support for Security and Privacy (HASP 2013).Google Scholar
  50. 50.
    Mitchell, S. Anger over mass web surveillance plans. PC Pro magazine. http://www.pcpro.co.uk/news/security/372985/anger-over-mass-web-surveillance-plans.
  51. 51.
    Nightingale, J. (2011). Fraudulent *.google.com certificate. Mozilla Security Blog. https://blog.mozilla.org/security/2011/08/29/fraudulent-google-com-certificate/.
  52. 52.
    The Home Office. (2010). Communications data. http://www.homeoffice.gov.uk/counter-terrorism/communications-data/.
  53. 53.
    Page, L. (2008). Spooks want to go fishing in Oyster database. The Register. http://www.theregister.co.uk/2008/03/17/spooks_want_oyster/.
  54. 54.
    Pegoraro, R. (2011). Google’s Eric Schmidt steps down, depriving web of future quotes. Washington Post. http://www.washingtonpost.com/wp-dyn/content/article/2011/01/20/AR2011012006128.html.
  55. 55.
    Perlroth, N. (2013). NSA able to foil basic safeguards of privacy on web. The New York Times. http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html.
  56. 56.
    Poulsen, K. (2007). FBI’s secret spyware tracks down teen who made bomb threats. Wired magazine. http://www.wired.com/politics/law/news/2007/07/fbi_spyware?currentPage=all.
  57. 57.
    Q-Success. W3Techs web technology surveys. http://w3techs.com/technologies/overview/social_widget/all.
  58. 58.
    Ben Quinn. (2008). Virgin sacks 13 over Facebook “chav” remarks. The Guardian. http://www.guardian.co.uk/business/2008/nov/01/virgin-atlantic-facebook.
  59. 59.
    RIsen, J., Lichtblau, E. (2005). Bush lets U.S. spy on callers without courts. The New York Times. http://www.nytimes.com/2005/12/16/politics/16program.html?pagewanted=1_r=1.
  60. 60.
    Ryan, M. (2014). Enhanced certificate transparency and end-to-end encrypted mail. In Network and Distributed System Security (NDSS). http://www.cs.bham.ac.uk/mdr/research/papers/pdf/14-ndss-cert.pdf.
  61. 61.
    Saunders, L. (2009). Is “friending” in your future? Better pay your taxes first. The Wall Street Journal. http://online.wsj.com/article/SB125132627009861985.html.
  62. 62.
    Schneier, B. (2010). Anonymity and the internet. https://www.schneier.com/blog/archives/2010/02/anonymity_and_t_3.html, 2010.
  63. 63.
  64. 64.
    Story, L. (2008). A company promises the deepest data mining yet. The New York Times. http://www.nytimes.com/2008/03/20/business/media/20adcoside.html.
  65. 65.

Copyright information

© The Author(s) 2014

Authors and Affiliations

  1. 1.School of Computer ScienceUniversity of BirminghamBirminghamUK

Personalised recommendations