Documente Academic
Documente Profesional
Documente Cultură
Internet
Privacy
P
rivacy was a sensitive issue to address it. We present four
long before the advent of articles that describe technology tools that
computers. Concerns have address various aspect of online privacy, one
been magnified, however, article that describes a self-regulatory program
by the existence and wide- to enforce privacy claims made by Web sites,
spread use of large com- and one article that describes past regulatory
puter databases that make it and self-regulatory approaches and suggests
easy to compile a dossier approaches that should be taken in the future.
about an individual from The figure on the next page denotes how
many different data sources. various technology tools and regulatory
Privacy issues are further exacerbated and self-regulatory frameworks can
now that the World-Wide Web makes work together to help protect privacy.
it easy for new data to be automatically As illustrated, a variety of technology
collected and added to databases [1]. tools help users protect their privacy
Today, data entered into forms or con- during interactions with Web sites and
tained in existing databases can be combined other Internet services. Furthermore, users
almost effortlessly with transaction records as may receive additional privacy protections
well as records of an individual’s every click from laws and industry guidelines that may
through cyberspace. As data mining tools and apply in their jurisdiction and/or the jurisdic-
services become more widely available, privacy tion of the service. Because the Internet is
concerns will likely increase further. global, different regulatory and self-regulatory
In this special section we examine Internet frameworks may be in effect for the user and
privacy and discuss some of the tools now used the service.
e present two anonymity with only the IP address of the last onion-router
W
tools in this section that do on the path.
not require users to trust a While Internet users may often wish to remain
single third-party to maintain unidentified, they may sometimes wish to estab-
anonymity. Reiter and Rubin lish persistent—albeit anonymous—relationships
discuss Crowds—an anonymity with Web sites, for example to take advantage of
agent based on the idea that peo- customized services. Gabber et al. present the
ple can be anonymous when they blend into a Lucent Personalized Web Assistant (LPWA), a
crowd. Rather than submitting HTTP requests pseudonym agent that helps users build such per-
through a single third-party, Crowds users submit sistent anonymous relationships. LPWA can be
their requests through a crowd, that is, a group of used to insert pseudonyms into Web forms that
Web surfers running the Crowds software. Crowds request a user’s name or email address. It is
users forward HTTP requests to a randomly designed to use the same pseudonyms consis-
selected member of their crowd. Neither the end tently every time a particular user returns to the
server nor any of the crowd members can deter- same site, but use a different pseudonym at each
mine where the request originated. Syverson, site. It works in conjunction with an anonymiz-
Goldschlag, and Reed discuss an anonymity agent ing proxy server, but it could also be used with
called Onion Routing, in which users submit other anonymity agents such as Crowds or Onion
encrypted HTTP requests using an onion, that is, Routing.
a layered data structure that specifies symmetric Anonymity agents and pseudonym agents are
cryptographic algorithms and keys to be used as useful for Web surfing in which users have no need
data is transported to the intended recipient. As or desire to be identified. However, when users
the data passes through each onion-router along wish to make online credit card purchases and
the way, one layer of encryption is removed have merchandise delivered to their doorsteps,
according to the recipe contained in the onion. they need to provide some identifying informa-
The request arrives at the recipient in plain text, tion. Negotiation agents and trust engines can
assist users in reviewing a service’s request and
1www.anonymizer.com determining whether or not to provide the
decisions about when to release their data. But ified in the 1980 OECD Guidelines in order to
P3P does not protect data in and of itself. Users cope with the last quarter-century’s dramatic
must be assured that when they release their data, enhancements to the capabilities and capacity of
services will use it only as they have promised. information technology.
Regulatory and self-regulatory frameworks can Finally, it is important to note that for online
help provide such assurances. privacy initiatives to be successful, they must be
Benassi describes TRUSTe, a self-regulatory accompanied by tools and procedures to provide
privacy initiative dedicated to building con- strong security. Whenever sensitive information is
sumers’ trust and confidence on the Internet exchanged, it should be transmitted over a secure
through a program in which Web sites can be channel and stored securely. Encryption technol-
licensed to display a privacy seal or “trustmark” ogy such as SSL can protect data as it is transmit-
on their sites. Trustmarks provide consumers ted during Web interactions. File encryption,
with up-front assurance that a Web site’s policies firewalls, and access control systems can protect
accurately reflect their practices and that there stored data. A general discussion of encryption or
will be a means of recourse if the site does not security is beyond the scope of this issue. Inter-
abide by its stated policies. Other organizations ested readers might review recent survey articles on
are developing similar privacy assurance seal pro- Web security [2, 3]. c
grams that place a variety of requirements on
licensees including entering into contractual References
agreements, undergoing third-party audits, and 1. Cranor, L. Internet privacy: A public concern. netWorker 2, 3
(June/July 1998), 13–18.
agreeing to enter into an arbitration process if a 2. Oppliger, R. Internet security: firewalls and beyond. Commun. ACM
complaint is filed against the licensee. So far 40, 5 (May 1997), 92–102.
3. Rubin, A. and Greer, D. A survey of World Wide Web security. IEEE
these organizations are offering only visual seals Computer 31, 9 (Sept. 1998), 34–41.
that licensees can place on their Web sites. How-
ever, these seals could also come in the form of
digitally signed certificates that could be © 1999 ACM 0002-0782/99/0200 $5.00