DRM and Googles threat to Privacy Presented by
DRM and Google’s threat to Privacy Presented by: Aqila Dissanayake
What is Privacy? l Privacy “is the ability of an individual or group to keep their lives and personal affairs out of public view or to control the flow of information about themselves” [1]. l Internet Privacy “is the ability to control what information one reveals about oneself over the Internet, and to control who can access that information” [2].
Digital Rights Management (DRM) l DRM is a technology that attempts to control the use of digital media by preventing access, copying or conversion to other formats [3].
Why DRM? l Even before the arrival of digital media copyright holders opposed the copying technologies l Ex-: audio/video tape recording l Beta. Max Case l With the invention of digital media their concerns skyrocketed. l Not only is digital media easier to replicate it is much cheaper as well. l Unlike copying from analog media, a computer can be used to copy digital media without any data loss. l DRM was invented to prevent this from taking place.
Why is DRM bad? l To be effective, DRM methods have evolved into tracking personal information and the usage of the media that they protect, as well as enforce usage rules [4]. l When trying to enforce usage rules, these technologies may restrict legally permitted use of that content as allowed by copyright law [4]. l This is evident in some music CD’s that contain DRM which prevent the CD from playing in computers.
l Also, certain CD’s prevent the user from ripping it to the computer or even if it supports ripping the ripped music won’t transfer to a personal music player. l This kind of behavior conflicts with a user’s privacy known as personal autonomy. l After all the user pays for the CD he or she buys, which should give them the right to play it on any player they want. l Also, if they want to transfer the music to a digital music player such as the Ipod, it should be allowed.
l Unfortunately DRM does not stop at that; certain DRM software go further and monitor user’s activity on the computer. l This is done mainly for market research, advertising or simply because the architecture allows such activity. l DRM can record things such as the music played and their time of use, IP/MAC address of the computer, how frequently a file is played. l This kind of behavior by DRM can be used for user profiling l l Ex-: Apple i. Tunes 6. 0. 2 Mini. Store makes recommendations on similar music available for purchase from i. Tunes based on the songs initiated with a “double-click” [2]. Furthermore the Apple ID is linked to your credit card, address, and your purchasing habits with Apple.
Music with DRM l Apple i. Tunes – a track costs $0. 99 US which includes Apple’s Fair. Play DRM system [3]. l With the use of i. Tunes plus, a user can download DRMfree music for extra 30 cents a track [3]. l Napster music store offers a subscription-based approach to DRM alongside permanent purchases. Users of the subscription service can download and stream an unlimited amount of music [3]. l But as soon as the user misses a payment, the service renders all of the downloaded music unusable [3].
l Napster also charges users who wish to use the music on their portable device an additional $5 per month [3]. l Furthermore, Napster requires users to pay an additional $0. 99 per track to burn it to CD or listen to it after the subscription expires [3]. l Songs bought through Napster can be played on players carrying the Microsoft Plays. For. Sure logo (which, notably, do not include i. Pod’s or even Microsoft's own Zune) [3]. l Wal-Mart Music Downloads, another online music download store, also uses DRM. It charges $0. 88 per track for all non-sale downloads. All Wal-Mart Music Downloads are able to be played on any Windows Plays. For. Sure marked product [3]. l The music does play on the San. Disk's Sansa mp 3 player, but must be copied to the player's internal memory. It can not be played through the player's Micro SD card slot, which is a problem that many users of the mp 3 player experience [3].
Google l Google is the search engine with the world’s largest user base. l Google states that their user base “is in the millions” and a recent media report estimates that they receive 380 million visitors each month [5]. l Today, it is thought that Google is capable of keeping the entire internet in RAM [5]. l With the ever decreasing cost of the storage devices it is highly likely that the information we provide will be never thrown away.
l Even though Google is concerned about providing long-term value for their end users, they do have to act in the best interests of their shareholders to maximize profits [5]. l Therefore Google has adopted a business model that uses customized advertising which makes it necessary to track and store each user’s activity while using its search engine. l “When aggregated individual and organizational data is combined with Google’s top tier intellectual talent and world class information processing resources it arguably gives them the information resources of a nation-state and constitutes a significant threat if not properly managed” [5].
l “Google already knows more about you than the National Security Agency ever will. And don’t assume for a minute it can keep a secret” [6]. l In many years of operation Google has collected a monumental amount of data and the company admits that it has never knowingly erased a single search query [6]. l It already attracts hackers, crackers, online thieves and many other evil doers. But most worrisome of all it attracts governments intent on finding convenient ways to spy on its own citizenry [6]. l With Google’s unquenchable thirst for personal data, it has become the “greatest threat to privacy ever known” [6].
l The US government has already asked Google to turn over every query typed into its search engine over the course of one week without providing personally identifying information about the people who conducted searches. l Even though Google refused to comply with the US government, it is entirely possible that they may do so in the future.
l The 4 th amendment of the US constitution states that l “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized” [8]. l What saved Google this time was that the government did not explain exactly what they are going to do with this much information and they did not state exactly why they need it for? l After all, Google does stack up more than a billion queries a week. So, if the government were able to come up with a good enough reason to subpoena Google, they will do so and Google will not be so lucky next time. l Ironically the same Google that refused to turn in data to the US government complied with a Brazilian court's orders to turn over data that could help identify users accused of taking part in online communities that encourage racism, pedophilia and homophobia [9].
The Fingerprinting threat l Another threat posed by Google is their ability to fingerprint users. l It is theoretically possible to fingerprint users who over a period of time use Google or tools offered by Google to do their work. l It won’t be long before Google can uniquely identify most of its users depending on what services they use and what searches they conduct.
l Given that they already have saved everything since 1998, most probably they have already fingerprinted some of its users and by all probability deliver targeted advertisements. l Sure they need to make money but is it at the cost of people’s privacy? I don’t think so! l I think the governments should toughen the privacy laws in order to accommodate the peoples right to not to be fingerprinted unless there is a valid reason to the contrary. l The problem is today’s governments are as much addicted to Google’s jaw dropping amount of data as much as Google is.
Google and Double. Click l In 2007 April, Google announced that it would pay 3. 1 billion dollars to acquire the online advertising giant Double. Click. l Double. Click Coordinates targeted Internet advertising campaigns for advertisers, and provides ad management services, software, and sales for publishers. l So, what’s so dangerous about this acquisition? l Google has a vast database of data it has acquired over the years about its customers. l Double. Click has a huge database of its own that contains a huge amount of data. By acquiring Double. Click, Google will merge its database with Double. Click’s database.
l This will result in analyzing of personal search and surf behavior. l Double. Click tracks a whole lot of web traffic l Google tracks a lot of web traffic using sites running its Ad. Sense service, combine this and you will have most of the web covered. l Furthermore, Google is Double. Clicks most significant competitor. l Google is the dominant player in the online search advertisements. l Double. Click is the dominant player in non-search based online advertisements. l If Google and Double. Click are allowed to merge it could potentially kill off any other advertising based companies raising anti-trust issues.
Countermeasures l It’s quite possible that people’s behavior is altered by knowing that they are being monitored. l “Countermeasures seek to disrupt our online signature and reduce the likelihood that such fingerprinting will occur” [5]. l “If properly executed, countermeasures will deny certain key elements required for fingerprinting and increase the adversary’s fingerprinting threshold. ” [5].
l Instead of downloading music with DRM, people can choose to download music from DRM free stores like l Amazon MP 3 l e. Music, l Live. Downloads, l Audio Lunchbox
l Users can choose to distribute data disclosure across multiple accounts [5]. l This includes using multiple e-mail addresses and other online accounts to spoof the real identity of the user. l However this is not a very effective solution to the problem since maintaining and managing multiple addresses and accounts could prove to be cumbersome and it is quite possible the fingerprinting can still be effective because of the small number of accounts a user will use. l Also, this is not a practical solution since most users will be reluctant to switch between various accounts.
Network Proxies l Users can also choose to use Network anonymization proxies [5]. l Proxies can mask network addresses and make web browsing appear to come from random locations. l There are many online websites that allow your IP address to be hidden when browsing the web. l l l Unblocked. org Cantbustme. com Proxymafia. net Borat. Proxy. com Invisiblesurfing. com Anonymizer. com l The user need only visit the site to hide their IP address. l A full list of these proxies can be obtained from “http: //www. privax. us/”.
l The adoption of these techniques still seems to be low simply because users are not aware of the threat posed by Google and DRM. l As far as avoiding fingerprinting goes, proxies bear the greatest promise. [5] l Cryptography can be used to encrypt the contents of e-mails which would prevent Google from reading your e-mail. l Currently cryptography does not provide many uses when it comes to counter attacking the fingerprinting threat since security mechanism such as SSL consider Google to be a trusted party in our communication.
l l l l l [1] Privacy, Wikipedia. com, http: //en. wikipedia. org/wiki/Privacy [2] Internet Privacy, Wikipedia. com http: //en. wikipedia. org/wiki/Internet_privacy [3) Digital Rights Management, Wikipedia. com http: //en. wikipedia. org/wiki/Digital_rights_management [4] Janice Y. Tsai, Lorrie Faith Cranor, Scott Craver, “Vicarious Infringement Creates a Privacy Ceiling”, Proceedings of the ACM workshop on Digital rights management DRM, 2006 [5] Gregory Conti, "Recipes for disaster: Googling considered harmful, " Proceedings of the 2006 workshop on New security paradigms NSPW, 2006. [6] Is Google Evil? Mother. Jones. com October 10, 2006 “http: //www. motherjones. com/news/feature/2006/11/google. html” [7] Google to Give Data To Brazilian Court, Washington. Post. com , September 2, 2006 http: //www. washingtonpost. com/wpdyn/content/article/2006/09/01/AR 2006090100608. html [8]The United States Constitution, Bill of Rights [9] Google censors itself for China. BBC News, January 25 2006. http: //news. bbc. co. uk/2/hi/technology/4645596. stm.
- Slides: 25