Privacy, Social Networks, Trust, and Terrorism
Date: Tue, January 13, 2009
Time: 11:00 - 12:00
Location: Holmes Hall 389
Speaker: Lance J. Hoffman, The George Washington University-Computer Science Department lanceh@gwu.edu
After a snapshot of the privacy topics likely to attract legislative activity in the new year, we'll take a look at social networking web sites, where participants often live in a "panopticon-like" environment, since social networking sites and third party applications on them often have default settings that encourage sharing. However, "The Internet is a cruel historian." and a professional individual who networks with potential employers generally prefers not to be confused with a person with the same name who is portrayed as a party animal.
If an attacker uses a social networking site to gather enough personal information to make a good guess at a user's password or other authentication mechanism, he can change the user's settings and personal history and (allow many others to) track the user's comings and goings (as well as those of her "friends"). In one notable demonstration of this, (real) friends even created an account and a persona for a real person, a computer security expert, using information publicly available from the Internet that was good enough to fool a sister of the victim. An unvetted malicious third party application that a naïve user allows to run with social networking programs could do the same thing. We'll show some examples of social networking privacy issues.
Various trust-enhancing measures can be used to design privacy into new systems from the start, and we'll discuss these and a number of guidelines that have been developed and are in use by large software firms to help design products with privacy and security built in, rather than bolted on.
We will conclude by discussing a recent National Research Council report on privacy in the struggle against terrorists, its framework for program assessment, and its conclusions about privacy, data mining, and related issues.