New Approaches for Ensuring User Online Privacy

Bian, Kaigui

03 January 2008

With the increase of requesting personal information online, unauthorized disclosure of user privacy is a significant problem faced by today's Internet. As a typical identity theft, phishing usually employs fraudulent emails and spoofed web sites to trick unsuspecting users into divulging their private information. Even legitimate web sites may collect private information from unsophisticated users such as children for commercial purposes without their parents' consent. The Children's Online Privacy Protection Act (COPPA) of 1998 was enacted in reaction to the widespread collection of information from children and subsequent abuses identified by the Federal Trade Commission (FTC). COPPA is aimed at protecting child's privacy by requiring parental consent before collecting information from children under thirteen. In this thesis, we propose two solutions for ensuring user online privacy. By analyzing common characteristics of phishing pages, we propose a client-side tool, Trident, which works as a browser plug-in for filtering phishes. The experiment results show that Trident can identify 98-99% online and valid phishing pages, as well as automatically validate legitimate pages. To protect child's privacy, we introduce the POCKET (parental online consent on kids' electronic privacy) framework, which is a technically feasible and legally sound solution to enforce COPPA. Parents answer a questionnaire on their privacy requirements and the POCKET user agent generates a privacy preferences file. Meantime, the merchants are required to possess a privacy policy that is authenticated by a trusted third party. Only web sites that possess and adhere to their privacy policies are allowed to collect child's information; web sites whose policies do not match the client's preferences are blocked. POCKET framework incorporates a transaction protocol to secure the data exchange between an authenticated client and a POCKET-compliant merchant. / Master of Science

phishing attack

child's online privacy

COPPA

online privacy disclosure

Vie privée des mineurs en ligne : protection des données personnelles. Étude comparée entre le droit canadien, américain et celui de l’Union européenne

Alvarez Bautista, Diana Paola

06 1900

Cette recherche s’intéresse à un sujet d’actualité portant sur la vie privée des mineurs en ligne, plus particulièrement sur la protection des données personnelles. Depuis l’avènement des nouvelles technologies de l’information et des communications (NTIC) et la venue du web 2.0, la protection des données personnelles demeure question d’actualité en plus d’être fort complexe. Cette question demeure encore plus criante lorsqu’il s’agit de mineurs. La présente recherche s’intéresse d’abord à l’utilisation d’Internet par les mineurs, à la notion de vulnérabilité du mineur et de l’insuffisance des règles actuelles. Elle s’intéresse également à la distinction conceptuelle entre « mineur » et « enfant » avant de s’arrêter plus longuement aux principales formes d’infractions qui portent atteinte à la vie privée et à l’intégrité des mineurs. Plus loin dans ce mémoire, on s’intéresse aux dispositions législatives et réglementaires au Canada, aux États-Unis et au sein de l’Union européenne. Dans la dernière partie on montre les différences significatives entre le Canada, les États-Unis et l’Union européenne. Dans la conclusion de ce mémoire, nous revenons sur les faits saillants de cette recherche comparative en insistant sur le fait qu’il est complexe de protéger les données personnelles des mineurs et qu’il existe des différences importantes dans les législations et les règlements en vigueur sur le plan national et international. / This research study addresses a current concern regarding the privacy of minors online, more specifically the protection of personal data. Since the emergence of new information and communication technologies (NICT) and the introduction of Web 2.0, the protection of personal data remains a relevant and very complex issue. This issue is even more critical when it comes to minors. This research study first looks at Internet use by minors, the notion of a minor person’s vulnerability and the limitations of the current rules. It also examines the conceptual distinction between "minor" and "child" before focusing on the main aspect of violation of a minor's privacy and integrity. Later in this master’s thesis, the legislative and regulatory provisions in Canada, the United States and the European Union are examined. The final section highlights the significant differences between Canada, the United States and the European Union. In the conclusion for this dissertation, we will look back at the highlights of this comparative study, emphasizing that the task of protecting the personal data of minors is complex and that there are significant disparities in the laws and regulations in force at the national and international levels.

Enfants

Mineurs

Protection des données personnelles

Consentement du mineur

Consentement parental

Cyberintimidation

Leurre par Internet

Sextage

COPPA

RGPD

LPRPDE

LPRPSP

Minors

Children

Personal data protection

Minor's consent

Parental consent

Cyberbullying

Internet luring

Sexting