Privacy and Technology Week 12 November 14 16

Privacy and Technology Week 12 - November 14, 16 Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http: //lorrie. cranor. org/courses/fa 05/ 1

Announcements n Be very careful about avoiding plagiarism see week 1 notes for details and ask if you have questions! n Guest speaker, Mike Shamos, next Monday n No class next Wednesday - Thanksgiving Break n Any requests for what we should talk about the following week? Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http: //lorrie. cranor. org/courses/fa 05/ 2

Finishing up government surveillance n Examples of government surveillance that violated civil liberties in the US? n Watch part of DVD “Unconstitutional: The War on Our Civil Liberties” http: //www. aclu. org/unconstitutional/ Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http: //lorrie. cranor. org/courses/fa 05/ 3

Preparing a short presentation Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http: //lorrie. cranor. org/courses/fa 05/ 4

Research and Communication Skills Plan your talk n Make an outline of what you want to talk about n No need to present every detail of your paper • Your presentation should motivate people who find it interesting to read your paper n Consider the background of your audience • If they are experts, focus on the details of your research and results • If they are not experts, spend time on background and motivating the problem n Consider how much time you have (10 minutes MAXIMUM + 5 minutes for questions) Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http: //lorrie. cranor. org/courses/fa 05/ 5

Research and Communication Skills Structure your talk n Outline • Optional for short talks n Background and motivation • Sometimes you may want to lead with this n Research methodology • Or system design + evaluation n Results • You may not have them if this is a work in progress n Related work • Could also go after background or at end, optional for short talks n Contributions • Useful in job talk, probably no time in 10 -minute talk n Future work • Optional for short talks Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http: //lorrie. cranor. org/courses/fa 05/ 6

Research and Communication Skills Making slides n Use easy-to-read fonts n Avoid text < 20 pt font n Use a simple slide design, no distracting background images n Use a color scheme with high contrast n Avoid animation unless it helps illustrate your point n Clipart can help make your points more clear and/or memorable, but don’t let it distract n Make figures and tables readable n Don’t make too many slides (1 -3 minutes/slide) Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http: //lorrie. cranor. org/courses/fa 05/ 7

Research and Communication Skills Slide content n Are slides lecture notes/handouts? • For a class or tutorial, slides may double as lecture notes more content on slides • For a research presentation, your paper is usually the “handout” less content on slides n Don’t try to put everything on the slide n Don’t include text unless you want people to read it n If people are reading your slides they are not listening to you n Keep text short n Don’t put too much math on a slide n Just include key points, examples, etc. n A figure may be worth 1000 words Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http: //lorrie. cranor. org/courses/fa 05/ 8

Research and Communication Skills If you use overhead projector n White background usually best n Don’t use a paper to cover up part of your slide and uncover as you go n If you have to skip slides, don’t put them up and take them down real fast, just skip them Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http: //lorrie. cranor. org/courses/fa 05/ 9

Research and Communication Skills Prepare n Make your slides in advance n Practice • Time yourself • Get feedback from others • Watch yourself on video n Make sure you know how to hook your laptop up to the projector, change screen resolution, advance your slides, etc. (Mac users, bring your adaptor!) n If you need to point to parts of your slides, decide if you will use, mouse, stick, laser pointer, etc. and bring it with you Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http: //lorrie. cranor. org/courses/fa 05/ 10

Research and Communication Skills Giving your talk n Dress neatly n Stand up straight, hands out of pockets n Don’t hide behind the podium n Move around, but not too much n Keep track of time • Put your watch on podium, note clock in room, watch moderator with time cards, etc. n Face the audience, look at your audience, not just one person n Project your voice n Don’t talk too fast n Finish on time (or early!) Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http: //lorrie. cranor. org/courses/fa 05/ 11

Research and Communication Skills Keeping your audience engaged n Convey enthusiasm n Inject humor n Tell a story n Ask the audience questions n Modulate your voice n Speak slowly n Try to prevent your audience from getting lost • Provide ample background • Define important terms up front • Don’t get into highly technical details unless that’s what your audience expects Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http: //lorrie. cranor. org/courses/fa 05/ 12

Research and Communication Skills Handling questions n If you have a strict time limit, leave time for questions or avoid taking them n Answer clarification questions quickly n Suggest that questions that will require lengthy answers be taken off line n Don’t get flustered by critics or questions you don’t know the answer to • Stay calm, diffuse the question, keep going Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http: //lorrie. cranor. org/courses/fa 05/ 13

Privacy invasive technologies n Location tracking (cell phones, GPS devices that phone home, etc. ) n RFID n Transit cards n Computer software that phones home n Devices that phone home n Video cameras (hidden cameras, cell phones) n Personalized ecommerce sites n Automobile data recorders n Face recognition Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http: //lorrie. cranor. org/courses/fa 05/ 14

The Global Positioning System (GPS) n Radio-navigation system operated by US Do. D n Comprised of 24 satellites and 5 ground stations n Uses satellites like “man-made stars” to triangulate and calculate 3 D position from 4 satellite signals n Receivers listen for radio beacons and triangulate their position n Typical accuracy in meters, cm accuracy possible • Do. D intentionally degraded accuracy until May 2000 n One-way system • If receivers are to report their location back they must use another system, for example cellular phone network n Does not work indoors Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http: //lorrie. cranor. org/courses/fa 05/ 15

Radio-frequency identification (RFID) n Tags • Antenna bonded to small silicon chip encapsulated in glass or plastic (as small as grain of rice) • Unpowered (passive) tags and powered (active) tags n Readers • Broadcast energy to tags, causing tags to broadcast data • Energy from readers can also power onboard sensors or cause tag to write new data to memory • Read ranges currently a few centimeters up to a few meters Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http: //lorrie. cranor. org/courses/fa 05/ 16

Current and near term uses of RFID n Automobile immobilizers n Animal tracking n Building proximity cards n Payment systems n Automatic toll collection n Inventory management (mostly at pallet level) • Prevent drug counterfeiting n Passports Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http: //lorrie. cranor. org/courses/fa 05/ 17

Electronic Product Code n Standard managed by EPCglobal n Relatively small tags • • Inexpensive No encryption, limited security Kill feature Password feature n Designed to replace UPC bar codes n 96 -bit+ serial number n Object Name Service (ONS) database operated by EPCglobal Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http: //lorrie. cranor. org/courses/fa 05/ 18

Post-sale uses n Read product labels to blind people n Sort packaging for recycling n Provide laundry instructions to washer, dry cleaner n Allow smart refrigerator to automatically generate shopping lists and warn about expired items and recalls n Allow smart closet to suggest outfits n Simplify product returns Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http: //lorrie. cranor. org/courses/fa 05/ 19

Privacy concerns with EPCs? n What are the privacy risks? n What are possible solutions? n What are the limitations of these solutions? Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http: //lorrie. cranor. org/courses/fa 05/ 20

Building proximity cards n Used for access control to buildings n Many prox cards have no security features • Easily clonable, even remotely • Can be read through someone’s pocket or from longer distances while card is being read by legitimate reader n Solutions involve adding crypto to cards Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http: //lorrie. cranor. org/courses/fa 05/ 21

RFID payment systems n Gas station keyfobs n Coming soon to the major credit cards in your wallet • Chase “Blink” card already issued in Philadelphia and NYC • Can be read from about 20 cm n In some countries integrated into watches and cell phones n Main advantage is to save time • Don’t have to swipe machine • Don’t need signature n Supposedly crypto is used to prevent cloning, but JHU researchers demonstrated how to break Speed. Pass Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http: //lorrie. cranor. org/courses/fa 05/ 22

RFIDs in passports cause concerns n State Department announced plan in 2004 • Lots of privacy concerns • 2, 335 comments, 98. 5% negative n Concerns • People could scan and get your identity info § Identity theft (including fake passports) § Tracking people § Selecting victims Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http: //lorrie. cranor. org/courses/fa 05/ 23

Revised passport plan n Revised plan in October 2005 addressed some, but not all concerns • Improvements § Screen in cover prevents reading RFID except when passport is open § Visual encryption key prevents decrypting content of passport • Problems § People can still be tracked due to anti-collision field § This can be do from distances much further than official read distance of chip n What problem does RFID in passports solve and what other solutions are there? n http: //www. schneier. com/crypto-gram 0511. html#1 Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http: //lorrie. cranor. org/courses/fa 05/ 24