01 - Lecture 1-Introduction - EV - Privacy
01 - Lecture 1-Introduction - EV - Privacy
• Syllabus
• Semester Schedule
• Terminology
• Key Concepts
MATERIALS
• Textbook:
• Sherali Zeadally, and Mohamad Badra. Privacy in a Digital, Networked World:
Technologies, Implications and Solutions (Computer Communications and
Networks), Springer; 1st edition (October 14, 2015). ISBN-10: 3319084690.
• References:
• Bruce Schneier. Secrets and Lies: Digital Security in a Networked World,
Wiley; 15th Anniversary edition (March 23, 2015). ISBN-10: 1119092434
COURSE LEARNING OUTCOMES (CLOS):
• 3 dimensions of privacy:
1) Personal privacy
Protecting a person against undue interference (such as physical searches) and
information that violates his/her moral sense
2) Territorial privacy
Protecting a physical area surrounding a person that may not be violated
without the acquiescence of the person
• Safeguards: laws referring to trespassers search warrants
3) Informational privacy
Deals with the gathering, compilation and selective dissemination of
information
INTRODUCTION
2) Sectoral Laws
• Idea: Avoid general laws, focus on specific sectors instead
• Advantage: enforcement through a range of mechanisms
• Disadvantage: each new technology requires new legislation
4.2. LEGAL PRIVACY CONTROLS (5) -- B) INTERNATIONAL PRIVACY LAWS
COMPREHENSIVE LAWS - EUROPEAN UNION
• European Union Council adopted the new Privacy Electronic Communications Directive
[cf. A.M. Green, Yale, 2004]
• An evaluation conducted to assess how the adoption of new information policies, the procurement of new
computer systems, or the initiation of new data collection programs will affect individual privacy
• The premise: Considering privacy issues at the early stages of a project cycle will reduce potential adverse
impacts on privacy after it has been implemented
• Requirements:
• PIA process should be independent
• PIA performed by an independent entity (office and/or commissioner) not linked to the project under review
• Participating countries: US, EU, Canada, etc.
4.2. LEGAL PRIVACY CONTROLS (11)
• Observation 1: At present too many mechanisms seem to operate on a national or regional, rather than global
level
• E.g., by OECD
• Observation 2: Use of self-regulatory mechanisms for the protection of online activities seems somewhat
haphazard and is concentrated in a few member countries
• Observation 3: Technological solutions to protect privacy are implemented to a limited extent only
• Observation 4: Not enough being done to encourage the implementation of technical solutions for privacy
compliance and enforcement
• Only a few member countries reported much activity in this area
4.2. LEGAL PRIVACY CONTROLS (12)
E) OBSERVATIONS AND CONCLUSIONS
• Conclusions
• Still work to be done to ensure the security of personal information for all individuals in
all countries
Outline
• Problem
• How to determine that certain degree of data privacy is
provided?
• Challenges
• Different privacy-preserving techniques or systems
claim different degrees of data privacy
• Metrics are usually ad hoc and customized
• Customized for a user model
• Customized for a specific technique/system