CS 492/692 - Spring 2020 - Week 3 Readings Summary

Here are some notes to remind you of the Readings of the Week, on Privacy. Feel free to skim some papers.

Canadian government PIPEDA, right to privacy, European GDPR: - PIPEDA: 10 key items for organizations to respect: identify purpose, obtain consent, limit collection, limit disclosure, be accurate, use safegaurds, give access, etc.: were you aware of these? do you think this is respected? -- recourse is: inform Privacy Commissioner of Canada if unhappy: does this work? - GDPR: recent European effort, suddenly causing US firms and such to be more careful: why did this cause greater change? - mandatory reporting of data breaches: is this happening? - Supreme Court ruled that we do have a right to privacy at work: scrutiny at times required in order to protect assets and increase productivity

Google knows about you: - Google StreetView: some complaints about being more open to thieves - if you use gmail all your mail messages are viewed: are you ever careful? - the problem is that you never know to what purpose that may be put - tracking your online behaviour - your location being tracked? - are privacy policies clear enough?

US and Canadian government info gathering: - justifying surveillance due to need to counter terrorism: standard tension between privacy and security - are you willing to allow? - NSA scrutinizing US citizens - CSIS keeping data

NSA and Snowden: - major news story in 2013: leaked documents about NSA activity (Snowden) - tech companies later revealing how many requests for information they had - PRISM: private communications on servers requested: when registering we agree to some privacy loss

Cambridge Analytica and Data Breaches: - Facebook knew personal info of Canadians was in third party hands but did nothing - huge breach of trust - Facebook threatening to pull out of Canada if we demanded too much of them - public hearings - stories of data breaches at organizations appear to be increasing (Capital One is just one example): poor security and hackers? insider efforts? social security numbers, credit card info

Our nature to share and ioT Privacy: - tendency to be very open on social media - just the perception of being watched may lead to low self-esteem - we are afraid to be left out - is attitude really: I have nothing to hide? - instinct should be not to reveal unless truly required to: are we required to reveal too much? - access to our private information through household devices (e.g. baby monitors) - true lack of awareness from consumers - a market for our personal data: do we benefit?

ANNOUNCEMENTS: - there is Homework for Week 5 when we discuss productivity:: select one 24 hour period between now and then and track the number of hours you are attached to a computer and then estimate the number of hours you feel you were productive; be prepared to reveal your responses in class June 8 or Jun 10 - A2 is due 10am May 28 - A3 is due on Jun 11; it requires references and research and is a longer essay - RPEs begin Jun 1 and everyone who is not presenting becomes the audience for the day, asking questions: a post will come in the Prof. Cohen on RPE process - when A1 grading is done, general feedback will be posted in Prof. Cohen folder (aim is for early June)