Semester 4 / Operating Systems Security /Privacy

Privacy

7 min read Last updated Tue Jun 02 2026 13:21:49 GMT+0000 (Coordinated Universal Time)
Open in ChatGPT Open in Claude

The right to be let alone; freedom from interference or intrusion. A fundamental right. Part of confidentiality. An important aspect of computer security.

Extent of Privacy

No universal standard. Disagreement is legitimate and has cultural, historical, or personal roots. Laws and ethics set baseline expectations for privacy, varying by region.

Privacy-focused infrastructure costs money and time. An organization’s economy constrains how much privacy can be provided. Users often prefer giving up their information for free services rather than paying for alternatives (e.g., Google and Facebook).

Conflicts

Privacy is part of confidentiality. Confidentiality can conflict with availability.

Examples:

  • Unlisted telephone number
    Some callers cannot reach you.
  • Withholding data from a shop
    Loss of loyalty discount.
  • Not signing up for popular social media platforms
    Fear of missing out.

Information Privacy

The right to control how personal information is collected and used. Computers enable data collection, correlation, and storage at unprecedented scale.

Sensitive Data

What constitutes sensitive data is subject-dependent. No objective universal standard exists. Context (who is affected, social norms) determines sensitivity.

  • Identity
    Name, identifying info, control over private data disclosure.
  • Finances
    Credit rating, bank details, tax info.
  • Legal
    Criminal records, civil suits, marriage history.
  • Health
    Medical conditions, DNA, genetic predispositions.
  • Opinions/preferences/membership
    Voting records, religion, political party, browsing habits.
  • Biometrics
    Fingerprints, polygraph results, physical characteristics.
  • Documentary evidence
    Mail, diaries, correspondence.
  • Privileged communications
    Lawyer, doctor, clergy.
  • Academic/employment
    Grades, performance ratings.
  • Location data
    Current location, travel patterns.
  • Digital footprint
    Email, social media, web searches, call logs.

Affected Parties

Who is involved with the data.

  • Subject
    Person or entity described by the data.
  • Owner
    Person or entity that holds the data.

Controlled Disclosure

Subject’s right to decide who receives specific personal information, under what conditions, and for how long.

Once disclosed, control is lost from the subject. Recipient is trusted to comply with subject’s wishes.

Organizational Privacy

Companies, schools, hospitals, and governments all hold sensitive data. They care far more about privacy than individual users.

  • Companies
    Product plans, profit margins, customer lists.
  • Schools
    Students, teachers, and grades.
  • Hospitals
    Patients, doctors, and donor records.
  • Governments
    Military, diplomatic, and citizen tax data.

Issues

  • Data collection
    Massive storage and processing enables collection at scale; users often unaware.
  • Notice and consent
    Often impossible to know what is collected.
  • Control and ownership
    Once data is given, control is largely ceded; data may be held indefinitely or resold.
  • Hidden or excessive data collection.
  • Weak or unclear consent.
  • Unknown storage, reuse, or resale.
  • Discrimination
    Merchants may use tracking data to charge different prices to different users.

Spyware

Code designed to collect user data secretly.

Types:

  • General spyware
    Advertising, identity theft.
  • Hijackers
    Repurpose existing programs (e.g., file-sharing software) to exfiltrate data.
  • Adware
    Displays ads in pop-up or browser windows, typically bundled with other software.

Cross-site Tracking

Websites use cookies for authentication. Websites may also include third-party links or images (website bugs). These enable the third-party site to track users across different websites.

Solutions

Individual Solutions

  • Anonymity
    No identity.
  • Pseudonymity
    Fake identity.
  • Multiple identities
    Separation of contexts.

Industrial Solutions

  • Privacy-focused laws.
  • Anonymization of user data.
  • Collecting only the required information.

Privacy Policy

A document of formal statements governing how an organization collects, uses, retains, discloses, and protects personal data.

8 elements of a good privacy policy:

  • Information collection
    Collected only with knowledge and explicit consent.
  • Information usage
    Used only for specified purposes.
  • Information retention
    Retained only for a set period.
  • Information disclosure
    Disclosed only to an authorized set.
  • Information security
    Appropriate protection mechanisms applied.
  • Access control
    All access modes to all collected data are controlled.
  • Monitoring
    Logs maintained for all data accesses.
  • Policy changes
    Less restrictive policies never applied retroactively.

Fair Practices

  • Data obtained lawfully and fairly.
  • Data relevant, accurate, complete, and up to date.
  • Purpose identified; data destroyed when no longer needed.
  • Secondary use requires consent or legal authority.
  • Safeguards against loss, corruption, misuse.
  • Subjects have right to access and challenge their data.
  • A designated data controller accountable for compliance.

U.S. Privacy Laws

  • 1974 Privacy Act
    Applies to U.S. government data collection.
  • HIPAA
    Healthcare data.
  • GLBA
    Financial data.
  • COPPA
    Children’s web access.
  • FERPA
    Student records.

State laws vary widely.

European Privacy Directive

Applies Fair Information Practices to governments and businesses. Introduced in 1995. Adds:

  • Extra protection for sensitive data.
  • Strong limits on cross-border data transfers.
  • Independent oversight body for compliance.

Data Access Risks

Recognized risks when government acquires third-party data:

  • Data error
    Transcription or analytical errors.
  • Inaccurate linking
    Correct data items incorrectly joined.
  • Difference of form/content
    Precision, format, or semantic mismatch.
  • Purposely wrong
    Data from intentionally falsified sources.
  • False accusation
    Incorrect or outdated conclusions, unverifiable.
  • Mission creep
    Data acquired for one purpose repurposed for another.
  • Poorly protected
    Integrity undermined by poor data management.

Steps to Protect Against Privacy Loss

  • Data minimization
    Collect only the minimum required.
  • Data anonymization
    Replace identifiers with untraceable codes.
  • Auditing
    Log all data accesses; identify responsible parties after a breach.
  • Security and controlled access
    Protect and restrict access to sensitive data.
  • Training
    Ensure handlers understand what and how to protect.
  • Quality
    Assess data fitness by purpose, age, and storage method.
  • Restricted usage
    Review all uses for consistency with collection purpose.
  • Data left in place
    Leave data with original owner/collector where possible.
  • Policy
    Establish and enforce clear data privacy policies.

Breach Notification

When a breach occurs, affected parties must be notified.

  • GDPR
    Notification required within 72 hours.
  • California law
    Requires notification to affected residents; delay permitted only if law enforcement determines it would impede a criminal investigation.

Authentication and Privacy

Individual Authentication Chain

Birth certificate → school ID → passport/national ID → multiple numbered credentials throughout life. Each credential links to others. The chain can be traced.

Connecting Identities

Multiple identities (credit card, toll device, hotel keycard, meal plan) may or may not be linkable.

  • Credit card links to card payer, not necessarily the user.
  • Toll device links to registered owner, not necessarily the driver.
  • Phone call authentication links to account holder.

Disassociating Actions from Identity

Techniques to break linkage:

  • Use public phone or internet café for anonymous reporting.
  • Register under a pseudonym.
  • Use temporary or disposable email addresses.
  • Provide false telephone numbers when not legally required to give real ones.

Anonymized Records

Records with identifying information removed. Used in research to preserve privacy.

  • Individual data points may be non-sensitive; the linkage is what becomes sensitive.
  • Re-identification is often possible from remaining quasi-identifiers (e.g., phone number, zip code, birthdate).

Most people can be uniquely identified by the combination of birthdate, gender, and 5-digit zip code.

Privacy on the Internet

Apps and SDKs

A Software Development Kit (SDK) is third-party code for data transmission, embedded in apps. SDK developers receive data in exchange for providing the code.

  • Data extraction via SDK may occur before explicit user permission is granted.
  • No regulations govern what SDK developers can do with collected data.

Site Registrations

  • Sites collect demographics in exchange for access.
  • Email-as-username becomes a cross-site identity key, enabling identity merging across services.
  • Stated purpose (enhancing user experience) masks real purpose (selling demographic data to marketers).

Payments on the Internet

  • Credit card
    Exposes number, CVV, expiry, and billing address to merchant; once given, reusable by that merchant.
  • Online payment schemes (PayPal, Google Pay, Zelle)
    Intermediary reduces direct card exposure.
  • Cryptocurrency (e.g., Bitcoin)
    Higher anonymity. Pseudonymous by design.
Was this helpful?
PreviousDatabases
NextData Mining