PRIVACY VIOLATIONS
last updated 2006 June 01
 
. This page used in the following courses taught by Prof. Richardson
.
BIT 801
.
INTRODUCTION b In many countries, people do not own the information which is collected about them, that is to say, their personal data.

This information is considered the property of whatever credit card company, insurance firm, educational institution that collected the information.

As a consequence of some outrageous violations of collecting and disseminating personal information, Canada, New Zealand and other countries have enacted tough laws which are binding on the companies that collect and pass on personal profile information (which we noted in Section 1 of this course when we presented the federal and provincial legislation dealing with this).

Privacy violations are not, strictly speaking, criminal activity, but, depending on what is done with the information, it can be used for criminal purposes - such as assuming an identity for the purposes of obtaining credit, which could then be used to fraudulently buy products and services.

As a person studying IT security, it would be your responsibility to understand that protecting the private personal information of people that have data held within your firm's IT systems, is critical to conduct effectively and without risk.

WTGR
.

Chpt 3

Types of
Attacks

- Privacy Violations

 Privacy Violations

Schneier, page 29
"There are two types of privacy violations 

  • Targeted Attacks, and
  • Data Harvesting"
Targeted Attacks
If the attacker wants to know everything about 
  • a person, 
    • it is called stalking
  • a company, 
    • it is called industrial espionage and corporate intelligence
  • a country, 
    • it is called national intelligence gathering, or spying
Data Harvesting
As Schneier says, "this attack harnesses the power of correlation"

Data harvesting is only worthwhile doing if it can be automated, and computers allow the automation process to be done very effectively. Using good cryptography will thwart harvesters since they will not be easily able to identify if what they are looking for is in the target they are attacking. 
.

Chpt 3

Types of
Attacks

- Privacy Violations
  • Privacy Violations
    • traffic analysis
"Traffic analysis is the study of communication patterns. Not the content of the messages themselves, but characteristics about them"
 
KEY
POINTS		 Explanation:

If Joe sends a long message to Bill, then Bill sends a short reply back to Joe, and additionally a long message to Sue, Kevin, Greg and Alice, then we can assume there is some degree of hiearchy in this structure and regardless of the content, there must be some directions coming from Big Joe, which need to be passed on. If you wanted to spend time hacking these messages, the most effective thing to do is hack the single message from Joe to Bill since the information in that would probably tell you what Sue, Kevin, Greg and Alice received from Bill.

The purpose of this explanation is to show that sometimes the patterns of communication are just as important to understanding as the actual text of the message sent.
. 
.

Chpt 3

Traffic 
analysis

 Schneier gives an amusing example noting that in the hours leading up to the 1991 bombing of Iraq, pizza deliveries to the Pentagon increased one hundredfold - even if you did not know what the generals and admirals were talking about, it had to be something important from which there would be some serious time spent on decision making.
     
    KEY
    POINTS    		 Although it is wise to encrypt your communications, we also have to mention that sometimes people can figure out what you are doing anyway because even if the message is encrypted, people could know the volume of traffic and this might be an indicator of something important - depending on the context.

    Therefore: not only do you prevent people knowing the content of your messages, you should endeavour to let people know the messages even exist !!!
    . 
.
 
 
witiger.com
   CONTACT I MAIN PAGE I NEWS GALLERY I E-BIZ SHORTCUTS I INT'L BIZ SHORTCUTS I MKTG&BUSINESS SHORTCUTS I TEACHING SCHEDULE
.
  MISTAKES ITEXTS USED I IMAGES I RANK IDISCLAIMER I STUDENT CONTRIBUTORS I FORMER STUDENTS I
.
.
  Prof. W. Tim G. Richardson © www.witiger.com