Original def in US law: right to be left alone
- lost when info divulged to anyone
- exception: search warrant, subpoenas
Common definition: right to control how personal info about you is used
US Law
- recognized right to be left alone
- narrow exceptions (video rental records, airplanes, hotel reservations)
Threats to privacy
- commercial (non-govt)
- governmental
- commercial gathering for govt use
Technology as a driver
- cheap surveillance tech
- as devices get cheaper and smaller, get built into more things
- networking: aggregation of data
- data mining
What can we do technically to protect privacy?
- prevent initial disclosure
- prevent info flows or use after first disclosure (not really feasible)
Def: acting in the world without revealing identity or identifying information.
Web surfing: anonymity tools
- tough for subscription sites
- "Anonymizer": web proxy that re-writes traffic as it goes back and forth to suppress private info
- drawbacks
- anonymizer knows everything
- doesn't sanitize form submissions
- can be pierced by java, javascript
- rewriting is not perfect
Anonymous remailer
- simplest: route outgoing msg to it, and it strips off identifying headers
- Forwards msg to destination
- Add pseudonyms
- user gets a fiction email addr at remailer
- remailer replaces "From" line with pseudonym
- routes return mail appropriately
- problem: there's a way to trick you into revealing your pseudonym
- psuedonym servers?
Mix-based remailer
- forward msg through multiple remailers
- sender chooses path
- decrypt at each step -- use public key crypto, so each remailer will decrypt with its own private key
Example
Forward MSG to destination Keep adding forwarding info... sent
Encrypt for remailer 10 to remailer after remailer. Each
Forward to remailer 10 remailer knows just a little info;
Encrypt for R9 doesn't know about the whole chain
Forward to R9
Encrypt for R8
...
Even if one remailer is dishonest, it doesn't hurt you. It's secure as long as one of the remailers in the chain is honest.
