Chapter 4: What Did You Do Today?
Record-keeping is easy: data shadow
Personally stored email records
Note: hard to delete server-based email
Businesses often learn its a bad idea to keep this
Records generated by routine actions note inferences base
Privacy and Anonymity
Steven M Bellovin
Steven M. Bellovin January 19, 2005
Legal framework (US and European)
Data mining and databases
Anonymous commerce (digital cash)
Anonymous use of the Internet (onion routing, anonymous browsing
U.S. Judicial Principles
The written Constitution is the fundamental and paramount law of the
nation, and consequently, the theory of every such government must
be, that an act of the legislature, repugnant to the constitution, is void
Marbury v Madison,
Way to maintain state for http
Necessary because each page and each image may be separate http
Sent by a site; returned to that site
Can hold arbitrary state data, with arbitrary expiration time
Steven M. Bellovin February 9, 2005
Everyone should be prepared to present each paper
Email me your presentation or notes by the start of each class.
You dont need to use slides, Powerpoint, etc. You do need to turn in
something to me
Email assignments to hw-anon-priv at the ob
Introduction to Security
Prof. Steven M. Bellovin
Steven M. Bellovin
September 7, 2005
What is this Course?
How to think about secu
Privacy Issues in the News
ChoicePoint: untrustworthy customers
Paris Hilton/T-Mobile: Poor security practices and/or design: Web site
hacked; guessable backup authentication; reliance on callerID
Bank of America: backup tape stolen from airline
Is it real? Do people and Web sites actually use it?
Is it usable by ordinary people?
Who certies P3P policies?
Is a P3P-enabled search engine necessary? Useful?
Steven M. Bellovin February 16, 2005
LPWA vs. Crowds
What are the essential differ
Midterm date change new date is October 24
TA for the class: Peter Lin ([email protected])
There will probably be a second TA
Steven M. Bellovin
September 12, 2005
Notes on the Final Presentation
Remember the time limit12 minutesand be sure you stick to it.
Dont put too much detail in your presentation; people cant absorb
complex information in a short time.
Cover the high points; make sure the essential informat