Privacy Seminar - Social Networks Robert Kleinpenning & Judith van Stegeren 5th June 2015
Defining social networks What is a social network anyway?
Defining social networks What is a social network anyway?
Defining social networks What is a social network anyway?
Defining social networks What is a social network anyway?
Issues surrounding social networks Sharing is caring If it s free, you re the product. Many different adversaries....and many others.
Issues surrounding social networks Metadata & manipulation
Issues surrounding social networks Metadata & manipulation
Issues surrounding social networks Some social networks provide privacy controls. But are these effective?
Issues surrounding social networks Some data brokers anonymize the data before sharing it with third parties. Is this enough?
Issues surrounding social networks Some social networks have a business model based on selling user data. Is this legal?
Legal aspects: NL Recap of privacy legislation in The Netherlands Wet Bescherming Persoonsgegevens (WPB) implementation of Data Protection Directive (95/46/EG) College Bescherming Persoonsgegevens (CBP)
Legal aspects: NL Contents of Dutch privacy law Specification of purpose collected for the fulfillment of the purpose only relevant data ground for processing (consent, contract, public task,...) report to CBP
Legal aspects: EU Recap of privacy legislation in The European Union European Convention on Human Rights (ECHR) Charter of Fundamental Rights of the European Union Data Protection Directive (95/46/EG) eprivacy Directive (2002/58/EC) Cookie Directive (2009/136/EC)
Legal aspects: EU Article 8 from Charter of Fundamental Rights of the European Union Everyone has the right to the protection of personal data concerning him or her. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified.
Legal aspects: EU Definitions from the Data Protection Directive Article 2a: personal data Any information relating to an identified or identifiable natural person (one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity) Article 2b: processing Any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.
Legal aspects: EU European Court of Justice Lindqvist case processing without reporting to DPA transborder flow processing sensitive personal data without consent Advice of European Court is binding
Legal aspects: EU Article 29 working party Representatives of member state Data Protection Authorities Opinion on Social Networks (2009) Influential on European and national level
Legal aspects: EU Highlights from Opinion on Social Networks Sometimes the user is also data controller SNS should provide clear information regarding purpose of data collection, prior to processing. SNS should provide privacy-friendly settings by default. SNS must set maximum periods to retain data on inactive users. Abandoned accounts must be deleted. Users should, in general, be allowed to adopt a pseudonym. The Data Protection Directive generally applies to the processing of personal data by SNS, even when their headquarters are outside of the EEA.
Legal aspects: EU
Legal aspects: EU Highlights from Opinion on Social Networks Sometimes the user is also data controller SNS should provide clear information regarding purpose of data collection, prior to processing. SNS should provide privacy-friendly settings by default. SNS must set maximum periods to retain data on inactive users. Abandoned accounts must be deleted. Users should, in general, be allowed to adopt a pseudonym. The Data Protection Directive generally applies to the processing of personal data by SNS, even when their headquarters are outside of the EEA.
Legal aspects: EU Transborder flow of personal data Distinction: EU and non-eu EU and EEA: Data Protection Directive implementations Non-EU: guarantee adequacy of data protection
Legal aspects: EU Safe Harbor Principles USA: no adequate protection Department of Commerce made Safe Harbor list Facebook promises to adhere to the rules of the European countries.
Legal aspects: EU Does Facebook follow the European/Dutch legislation? Investigations into Safe Harbor Framework Investigations into compliance with WBP
Break
Privacy Enhancing Technologies Diaspora* ShadowCrypt Multi-Party Privacy
Diaspora* servers not owned by a single company but by multiple ordinary people this changes applicability of certain laws no (big) data mining remain data owner
Diaspora* allow users to post to their other social networks (cross posting) you can just select a random pod, and sign up it has basic features of social networks aspects deleted = deleted no tampering with the stream no business model
Diaspora*
Diaspora* a pod can be difficult to setup facebook makes it difficult to give your pod access. slow development lacks features has bugs
Diaspora* your friends are probably not there
Diaspora* no big data mining decentralized no business model
ShadowCrypt https://github.com/sunblaze-ucb/shadowcrypt browser plugin prototype
ShadowCrypt
ShadowCrypt
ShadowCrypt
ShadowCrypt
ShadowCrypt symmetric key encryption manually share key with friends using export string uses a Shadow DOM
Shadow DOM upcoming w3c standard a second DOM outside the normal DOM original DOM and javascript cannot access the Shadow DOM ShadowCrypt stops keystroke event propagation supports multiple keys for the same domain for decryption users can only select 1 key for encryption
Multi-Party Privacy different modes of sharing My facebook is completely closed off! audiances privacy conflicts friendship wallposts and tagging group membership fan pages event attendance
Example case Alice uploads a picture of (Alice and) Bob on her own timeline and Eve tags Bob Both the audiances of Alice and Bob can now see the image Bob doesn t want this What are his options?
Formalizing Privacy Conflicts
Formalizing Privacy Conflicts Privacy conflicts
Formalizing Privacy Conflicts Mutual privacy policy
Formalizing Privacy Conflicts Unreleased prototype hides posts names friendships
Questions?