Privacy vs. Security vs. Anonymity

By: Sasha Romanosky, concurringopinions.com

When I first began my PhD, I was keen to properly sort and define any new terms and reconcile them with my own education and experience. Three terms that always seemed to be intermingled were: Privacy, Security and Anonymity. Certainly they are related, but I wanted to be a little more specific and understand exactly when and how they overlapped.

First, let’s establish some basic definitions. For the purpose of this blog post, the following definitions will suffice (I’ll address alternative definitions later):

• Privacy: having control over one’s personal information or actions
• Security: freedom from risk or danger
• Anonymous: being unidentifiable in one’s actions

Next, create a Venn diagram with three overlapping circles (each circle representing one term). Then, within each area, try to provide examples that reflecte those properties. That is, imagine some situation where you would have security without privacy, or security without anonymity. When can you have all three? When can you be anonymous but lack privacy?

This may not be as easy as it seems. Certainly it helps once the definitions are set, but if nothing else, I think it’s a useful way to separate and identify the essence of these words (at least, as each of us sees them) and the contexts in which they may or may not exist. Before you continue, take a minute, examine the diagram above, and try to think of examples to fit each area.

Here are some of my examples:

• Privacy only: Two students whispering to each other in class.
• Security only: Pope-mobile (he’s completely protected, but everyone knows him and can see him); Bullet-proof vests.
• Anonymity only: Riding the bus during rush-hour (you have little security or privacy but no one knows who you are); Paying with cash.

Privacy and Security

- At home with the shades drawn (neighbors know you live there, though you are protected)

- Paying bills online through your bank (you communicate over an encrypted channel)

Privacy and Anonymity

 - Camping in the woods with a tent (there may be no one around to identify you, but the tent’s walls offer little protection from a bear)

- Using Tor from a kiosk and not revealing any personal information

Readers will notice two things. First, I mix physical and digital (online) examples. Indeed, security, privacy and anonymity obviously apply to both physical and online domains. Next, I deliberately left a few areas blank. I welcome examples to fill the voids, or additional/better examples than I have given.

I’ve been involved with a privacy class here at CMU for a number of years and I find that getting students to think through this process is very helpful – especially those who are new to privacy and data security. Rather than having them recite the different kinds of privacy intrusions or definitions back to me, this exercise helps them internalize each term.

Here’s the next challenge: likely your definitions of privacy, security and anonymity are different than mine. If you substitute in your own definitions, would the diagram or examples change?

Let me know if they do.

Accenture Global Cities Forum

Developed by the Accenture Institute for Health & Public Service Value, the Accenture Global Cities Forum is a series of citizen panels in world cities. The goal: to explore people's perspectives on the role of government. Each Forum includes 60 to 85 local residents randomly selected to represent the city's demographics—providing strong, qualitative insight into what people think about government and public services and how they judge public value.

Executive Overview
City Reports
Download full Toronto Report

Wiki Leaks

Protecting privacy almost lost cause - Comment

-------------------

By: Brian MacLeod, The Winnipeg Sun

There is an old question meant to open a door into the human character: If you found a $100 note on the sidewalk, would you keep it if you felt sure no one saw you, or would you try to track down its owner?

But that question is becoming superfluous, because in our hyper-fast information age, it’s more likely you’ll end up on YouTube through the growing presence of video — especially if you’re in an urban area where security cameras abound. Or perhaps, if you’re one of the 175 million Twitter users or one of the 550 million people on Facebook, you might be inclined to tell the world of your good luck. After all, what’s a bit of good luck if you have no one to share it with? Then you may well find the poor sod who dropped the cash knocking on your door.
That the private musings of kings and diplomats are also no longer concealed thanks to WikiLeaks chief Julian Assange is just the extreme version of what was already happening.
The debate underway is why Facebook founder Mark Zuckerberg is Time magazine’s man of the year for pushing personal information into the public realm, while Assange is a villain for taking the secrets of corporations, politicians, diplomats and the military and making them public.
Who served the greater good? Who is really bad?
That such a debate exists in the pages of the upscale Globe and Mail and in the high-school humour of Saturday Night Live shows that privacy is becoming a lost cause throughout the social spectrum.
WikiLeaks’ Twitter account has almost 583,000 followers. Its slogan is “we open government” and it claims to be “everywhere.” Facebook’s Zuckerberg has more than 2.2 million “likes.” Among his personal interests are “openness ... revolutions” and “information flow.”
They, and others like them, are building a matrix from which there is no escape, not even with a blue pill.
In December 2009, Facebook removed the privacy controls for its news feed, allowing more information about people’s activities to escape their grasp. Facebook backtracked in the face of criticism, but its solution — a complicated series of settings — ensures more information than people intended will get out.

Assange isn’t interested in backtracking. WikiLeaks is said to have 2,000 mirror sites operating. Others are copying the model. That model depends on someone supplying inside information to the Assanges of the world. Are there enough bitter subversives out there to sustain that model? You bet there are.

That means people, corporations and governments will seek ways to protect their information.
That’s the battleground for 2011 and beyond.

That Zuckerberg responds to public pressure, albeit grudgingly, is a positive sign; that Assange is unrepentant for publishing information that potentially stifles anti-terrorism initiatives and puts confidential sources in military zones at risk is disturbing.

There are more of both types out there and it looks like they can’t be stopped. Heck, The New York Times, Der Spiegel, The Guardian and The London Times were part of WikiLeaks’ publication machinery, though their redacted versions were more responsible.

The pursuit of the “new” openness is relentless. Ultimately, it’s ethical centre will lie somewhere between Zuckerberg and Assange — which just means we can’t go back.

The year 2010 will be remembered as the year the doors of privacy blew open and never completely closed.

Keep tabs on Parliament

Great site:

www.openparliament.ca

Enter your postal code, name or a phrase to search what the feds are up to, complete with latest House transcripts.

These are topics discussed April 12:

• Pay Equity Task Force Recommendations Act.
• Jobs and Economic Growth Act
• Denare Beach Winter Festival
• Terry Fox
• Nuclear Security
• Poland
• National Parks and Marine Conservation Areas
• The Holocaust
• Alberta's Lieutenant Governor Designate
• Aluminum Industry
• Leader of the Bloc Québécois
• Battle of Vimy Ridge
• The Economy
• Pensions
• Leader of the Liberal Party of Canada
• Poland
• Ethics
• Nuclear Proliferation
• Ethics
• Democratic Reform
• Employment Insurance
• Fisheries
• Lobbying
• Government Grants
• Haiti
• Afghanistan
• Fisheries
• The Economy
• Trade
• Justice
• The Environment
• Arts and Culture
• Trade
• Taxation
• Health
• Points of Order
• Death of Poland's President and Other Officials
• Business of the House
• Health
• Government Response to Petitions
• Fairness for Military Families (Employment Insurance) Act
• Petitions
• Questions on the Order Paper
• Questions Passed as Orders for Returns
• Privilege
• Jobs and Economic Growth 

There's a new mayor in town

Social media application lets people check in around town and become virtually elected By: Vivian Song, Toronto Star



Meet Chris Tindal, the new "mayor" at City Hall.



He has checked in at 100 Queen St. W. so many times on Foursquare, a new social networking site, that he earned the title the same day he registered to run in the real world for city councillor in Ward 27. He considers it a cosmic cyber sign.


"I thought this bodes very well to register for my candidacy and become mayor of Toronto the same day," says Tindal, 28, a website content manager.


Foursquare is the latest in social media tools to take North America. It is gaining momentum in Toronto, too, but is meeting significant road bumps along the way. While some laud it as a powerful marketing opportunity and claim it's the next big thing to hit the cyber-networking world, others are upset over the privacy and security issues.

Here's how it works: Users download the mobile application on their GPS-enabled device and can choose to connect with friends by "checking in" to different locations.

If they're at a coffee shop, they can check in to the venue using their phone. Foursquare then broadcasts the user's location to his or her network and alerts friends who may be nearby, facilitating spontaneous meetings.

The more you check in, the more badges you unlock. For example, repeat visits to venues tagged as karaoke joints will garner the "Don't Stop Believin'" badge. The application also rewards loyalty and bestows the title of Mayor to users who've frequented a venue more than anyone else – until someone steals that title.

Tindal, a 28-year-old website content manager, has since earned the title "Super Mayor" after holding down 10 mayoral titles at venues like The Annex Live, The Ben Wicks pub and Rosedale United Church.

He sees Foursquare as another way to communicate and be more accessible to the public. Politicians could use it to let constituents know when they're in their campaign office, for instance, or when they've checked in to community events, he says.

Meanwhile, Ryan Taylor is pretty chuffed about being Mayor of Cabbagetown, where he lives and works. The application allows users to leave tips about venues visited. When Taylor, 33, went out for drinks in the city's west end, he received a random tip from a friend who recommended the mac and cheese at a restaurant across the street. A few days later, Taylor went back to the restaurant to take up his friend's suggestion.

It's precisely this type of consumer-driven city guide that Taylor hopes to tap into as the owner of a recently opened small business, Fair Trade Jewellery Co. By engaging in his community and telling his Foursquare friends about his favourite neighbourhood hangouts, he hopes to bring people to the area.

"Checking in to the local pub broadcasts to the broader community that these are places Ryan eats and drinks and engages locally," he says while sipping on a coffee in his cafe-kingdom, JetFuel Coffee Shop, where he's the reigning mayor. "It's about being able to interact at street level."

Dave Fleet, head of social media practice at Thornley Fallis Communications, is also an early adopter of online networking tools. He agrees forward-thinking businesses could benefit from location-based applications that can pitch directly to customers who are on their doorstep in real time.

"Instead of targeting everyone in the city by advertising in the paper, targeting people who are outside their door right now is very powerful."

Pizza franchise Magic Oven, for instance, is set to advertise on Foursquare. But instead of randomly luring people in the area, founder Tony Sabherwal wants to attract customers who share the same values in health, wellness and sustainability.

That includes targeting attendees of major events in the city like The Green Living Show, the Toronto International Film Festival or the upcoming G20 Summit.

Common marketing strategies include offering discounts or free drinks to customers in the area or special incentives to mayors. But therein lies a glitch. Users can cheat by checking in to nearby venues from the comfort of their sofa, and still rack up enough points to become mayor.

Tindal assures his visits to city hall were legitimately on-site, mostly to observe council meetings. More than cheating to score a free muffin, former user Erin Bury, 24, was worried about her safety. Bury had linked her Twitter account with Foursquare and was getting friend requests from cyber acquaintances – people she had met once or followers she had never met.

At her boyfriend's urging, considering the potential for stalkers, she deleted her account.

"I'm a young girl living in the city and I didn't want to advertise my whereabouts to quasi-strangers. Knowing where I am is a privilege I only want to extend to my friends, family and boyfriend."

Privacy and security threats from geo-locating software are also what inspired the recently launched site pleaserobme.com, which warns that by publicly declaring your whereabouts, you also announce to the world the one place you're not –home.

To prove its point, the Dutch site gleaned status updates from Twitter, which is linked to Foursquare accounts, to list "recent empty homes" complete with a timeline of when users left their residences.

But even Bury is considering rejoining Foursquare. She had been an early adopter and says she would be more selective about her network the second time around.

Avner Levin, director of the Privacy and Cyber Crime Institute at Ryerson University, says Foursquare is similar to the latest thieving strategy to strike car and homeowners in the GTA.

Car thieves know many drivers program their home addresses into their GPS. The system leads them to the owner's home and provides the crook with the perfect chance to break and enter.
"The more information you post out there, the more opportunities (there are) to exploit you," he says. "All this shows us is the unexpected ways our personal information can be used."

Unauthorized access to health information

Interesting wire......

TORONTO, Jan. 14 /CNW/ - Ontario Information and Privacy Commissioner, Dr. Ann Cavoukian, today ordered Durham Region's Medical Officer of Health to ensure that all personal health information stored on mobile devices is strongly encrypted. A health order issued by the Commissioner addresses a recent privacy breach in Durham Region, but also goes beyond to focus on the province-wide issue of protecting personal health information stored on mobile devices.

Commissioner Cavoukian's Office conducted an in-depth investigation following the loss of a USB key, reported to her office on December 21, containing the personal information of nearly 84,000 people who had attended H1N1 immunization clinics in Durham Region.

As the "health information custodian" ultimately responsible for the unencrypted memory stick that was lost, Dr. Robert Kyle, Durham's Medical Officer of Health, was ordered to immediately implement procedures to ensure that any personal health information stored on any mobile devices (laptops, memory sticks, etc.) is strongly encrypted.

Commissioner Cavoukian also made it very clear that she expects all personal health information stored on any type of mobile device in Ontario to be protected with strong encryption.

"While I accept that custodians may not be able to totally eliminate the loss or theft of mobile devices, what I cannot accept is that the information contained therein is not encrypted," the Commissioner stated in the Order. "Unauthorized access to health information stored on these devices that happen to be lost or stolen may clearly be prevented through the use of encryption technology. However, despite strong incentives to avoid privacy breaches and the availability of encryption to prevent such breaches, unencrypted mobile devices continued to be used. This is both distressing and completely unacceptable."

Commissioner Cavoukian reminded health information custodians of their obligations under Ontario's Personal Health Information Protection Act (PHIPA), with specific focus on the issues raised three years ago in HO-004, a health order the Commissioner issued in 2007, and more recently, HO-007. Both of these Orders deal with the loss of unencrypted personal health information, of thousands of people.

The Commissioner also ordered that Durham Health cease the collection of specific types of information at Durham H1N1 immunization clinics, namely health card numbers and (unless it becomes pertinent in the future), personal health information pertaining to priority group status.

To ensure that practices at public health units across the province comply with PHIPA, Commissioner Cavoukian also directed recommendations to the Ministry of Health and Long-Term Care, including:

- that each of the 36 health units in Ontario conduct a review of its practices and procedures with regard to the encryption of mobile devices in order to ensure that any personal health information on those devices is strongly encrypted;
- that the ministry receives an attestation from each medical officer of health in the province that no unencrypted personal health information is being transported on mobile devices, and that the ministry conducts audits of a representative sample of public health units, to verify the information; and
- that training materials be developed to ensure that all public health unit staff are aware of the need for proper safeguards for personal health information stored on mobile devices.

"I believe that in light of the proliferation of new information and communication technology, the future of privacy requires a comprehensive and proactive Privacy by Design approach, whereby both privacy and security are effectively built into the information eco-system, from end-to-end, and throughout the entire data lifecycle, from collection through to disposal," said the Commissioner.

Durham Region is already moving quickly to address the Commissioner's concerns, after meetings held during her office's investigation into the incident. "My office has met with the Durham Health Unit and confirmed that there will be no further storage or transportation of patients' information on USB sticks that are not encrypted," said the Commissioner. "We have also confirmed that Durham Region has taken decisive steps to implement privacy-protective solutions for all mobile devices (beginning with its health unit) in the form of strong encryption technology from CryptoMill Technologies, an Ontario company that specializes in protecting the privacy and security of data on laptops, desktops and all mobile storage devices."

For a copy of the Order, visit http://www.ipc.on.ca/

The Trouble with Twitter

Globe and Mail published this article by Russell Smith on October 22

First everyone is excited about Twitter; it's going to be the future of news, of social life, of communication itself. Now suddenly, it turns out it's dangerous; it's terrifying, in fact. Twitter can topple celebrities – they go down like statues of Saddam.

Don't agree with a columnist? Mount a Twitter campaign to force her to apologize for something she said: It takes a few hundred thousand protests, which only takes about 24 hours for Twitter to propagate, like one of those viruses spreading across a map in movies. Unknown children of the famous make a single lewd posting and make instant global asses of themselves. They become known only for their idiocy, and not only known, but superstars, megastars of idiocy.

Movie companies and sports teams are writing, as we speak, new contracts for their stars that forbid them from using this particularly massive megaphone. They see its crazy power. They can tell that you just have to touch Twitter to get in trouble: It's a kind of online crystal meth, a virus not of the computer but of the social sphere, of the collective consciousness. Not even in my most paranoid anti-social-media rantings could I have overestimated the toxicity of this particular mode of communication.

Exhibit one: sexy Meghan McCain, daughter of former U.S. presidential candidate John McCain, who innocently posts a picture of her gigantic breasts in a skimpy tank top and gets laughed at around the world, by hundreds of thousands of people, for her obvious exhibitionism. I didn't even know McCain had a daughter before that. Now I only know her for her fantastic boobs. Hey, she says in her defence, I was just posting a picture of me lounging in my jammies, just as every other pretty girl does on Facebook and Twitter, what's wrong with that, why do I get singled out? And this is the thing: She's right; it is utterly common and unremarkable for young women in the United States to post pictures of their barely covered breasts on these sites, especially if they have great breasts, everybody does do it. And what happened to McCain could happen to anyone else who is tempted to strip for the cosmic camera of the Internet and thinks she's not important enough for anyone but her friends to see it.

But do you think McCain's humiliation will be a warning for every other 24-year-old who is proud of her breasts? Quite the opposite, I would guess.

It might only underline the amazing power of breasts.

And had you ever heard of a British celebrity columnist called Jan Moir before she awoke the great sleeping Twitter monster and was lifted aloft in its giant gnashing jaws, torn apart and thrown to the ground before the cowed world? No, you hadn't, because you probably didn't read the celebrity gossip page in the trashy tabloid The Daily Mail. But now you know Jan Moir only as a poor idiot who wrote an unthinkingly nasty column about a boy-band singer's death. The band was called Boyzone – and if you are like me, you had never even heard of the band, let alone the singer or the columnist, before the Twitter storm occurred. The singer had come out as gay a few months before; he died mysteriously on holiday in Spain; the columnist suggested that because he and his boyfriend had picked up another guy and brought him to their hotel room on the same night, some gruesome and no doubt immoral “lifestyle” had led him to this death. Simple-minded and redneck, yes (the lifestyle she is referring to is clearly homosexuality), but okay, a celebrity columnist making nasty slurs and vague, unsubstantiated allegations of sleazy activity is pretty ho-hum in the world of tabloid gossip.

Until the thousands of people following the actor and writer Stephen Fry's Twitter stream read about it. They then tweeted about it themselves, and a campaign was under way to lodge complaints with the British Press Complaints Commission. Far more people read these tweets and Facebook posts than would have read the original column, and a record 22,000 complaints were received by the Complaints Commission in a single weekend, more than it has had over the entire past five years. Then Marks and Spencer asked that its advertising be removed from the Web page where the original column was posted. That kind of thing is more damaging to a newspaper than a controversy over a columnist.

Which is why, as you have read in The Globe and Mail this past week, movie studios and sports teams are demanding that their stars sign agreements that prevent them from tweeting about whatever they are involved with: Mike Myers can't spread any rumours about the content of the new Shrek . Some news sources are claiming that his contract actually forbids him from tweeting at all, about anything. And after a half-time tweet from Charlie Villanueva, the NBA has forbidden players the use of any electronic communication device from 45 minutes before the start of a game.

There is nothing really new about confidentiality agreements: The new thing is that Twitter has to be singled out in these agreements as the swiftest and least controllable form of dissemination since the invention of coffee shops. Managers realize that it's too powerful for actors and athletes, who are not trained in diplomacy, tact or public relations; it's like giving them a giant erratic laser gun with no sights and a capacity to boomerang back on the user.

So far, this power has affected only the world of entertainment.