Privacy Enhancing Technologies (PETs) & Privacy Threatening Technologies
I'm doing research while working on the 2nd edition of my book, "Managing an Information Security and Privacy Awareness and Training Program"...
In one section I provide 60 different topics for which training should be provided for targeted groups. One of these topics is about privacy enhancing technologies (PETs) and privacy threatening technologies. Business leaders and IT folks implementing the technologies must understand the privacy impacts to the organization of using such technologies.
Here are the lists I have for each; I am not going to provide specific vendor products, but categories of technologies:
- PETs (Privacy Enhancing Technologies)
§ Encryption
§ Steganography
§ P3P (Platform for Privacy Preferences Project)
§ Access control systems
§ Privacy seals for Web sites
§ Blind signatures
§ Digital signatures
§ Biometrics
§ Firewalls
§ Spam filters
§ Cookie cutters and bug zappers
§ HTML filters
§ Pseudonymous and anonymous systems, such as communication anonymizers
§ Trusted sender stamps
§ EPAL (enterprise privacy authorization language)
§ Cookies
§ Log files
§ Web bugs/web gifs/web beacons/clear gifs
§ Filtering and monitoring
§ Spyware
§ Spam and phishing
§ "Always online" Web-phones with audio and video capabilities
§ Grid networks and cloud computing
§ Blogs and micro-blogs (such as Twitter)
§ Instant messaging
§ Peer to peer
§ Active content and client-based scripting
§ Photo-enabled smart phones
§ Surveillance technologies
§ Trojans
Am I missing any technology in either of these lists? Let me know!
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
Comments
I'm concerned that you are trying to create a binary, mutually-exclusive list. The same technology can often be used to be protect or threaten one's privacy.
Consider how the Targeted Advertising Cookie Opt-Out (TACO) plugin uses cookies to prevent advertising networks from collecting information about you, thereby protecting one's privacy.
Or, think about how biometics can be used to track people's access and movements, thereby threatening one's privacy.
Posted by: Michael Zimmer | June 10, 2009 2:15 PM
Thanks for your comments, Michael.
No, I am not at all trying to create such a list. As I indicated in the post, this is an excerpt from the 2nd edition of my book, within which I expand upon the issues. This is simply a listing of training topics for what are commonly considered as PETs and privacy threatening technologies.
An important part of training and awareness is to start with a focus on specific topics, and then within the actual training content, or awareness communication or activity, dig into the facts and issues revolving around the topics. In this case, I'm starting with the list of topics that would be a skeleton around which the content is created. Not apparent when looking just at the list, I realize.
I wholeheartedly agree that almost any type of technology can be used for privacy invasion or privacy protection. You gave a couple of good examples. And there are many more. Indeed, the lists I provided show how historically and commonly people think of, and often use, these technologies. That is why it is so important to provide effective training for these topics to help people understand the many different ways in which they can be used! In fact, a good exercise within such training would be to include discussion of the ways in which each can be used for protecting privacy and also how each can be used to breach privacy. These lists would be fascinating to see from one type of training group to another (e.g., marketing, IT, legal, HR, sales, etc.). The devil's in the details.
Rebecca
Posted by: Rebecca Herold
|
June 10, 2009 4:26 PM