Privacy & Ownership of data

Little Sister vs. Big Brother

Privacy

What is privacy?

A fundamental human right:

The right to have confidential conversations. The ability to select with whom we communicate. Protection against unwarranted monitoring or

searches.

Does privacy extend to the IoT?

Who can communicate with devices around you,and about what?

Do you want uninvited to know: When you’re home? If you’re in the shower? What places you visit? Your health status?

Or be able to: Control your vehicle? Turn off your pacemaker?

Does privacy extend to Social Networks?

Who can access your information?

Do you want uninvited to know: What you think? What you like? Who you know? What you’ve done? Spy on you?

Or be able to: Steal your ideas? Utilize your confidential information?

E.U. privacy legislation (GDPR)

Concerns any data: Directly related to individuals Indirectly related to individuals

(any level of indirection) About any E.U. citizen (globally). Global citizens (systems in E.U.)

Based on consent & information. Severe fines:

20 MEUR up to 4% of global turnover.

Ownership

Who owns the data?

Who is the owner of data? The person/entity generating (inventing) the data? The person/entity storing (controlling) the data? The person about whom the data relates to?

Is it important?

Legislation

Which law is applicable? Copyright? Trade secrets? Intellectual Property? Privacy?

Enforcing ownership through legal means is difficult.

Ownership of things

How is normal ownership enforced?

Protection behind lock & key. Access only to trusted parties. Monitoring. Demonstration of ownership.

Ownership of data

Why treat data differently?

Local storage (decentralization) allows: Protection behind lock & key. Limiting access to trusted parties. Monitoring access. Demonstrating ownership. Enforcing ownership of data.

Added benefit: Intrinsic value of data through access.

New paradigm – “WWW 3.0”

Privacy & Ownership concerns raise awareness that existing architecture paradigms (centralization in the cloud) not suitable.

Centralized storage has become a risk. Decentralized architecture better protect privacy

& ownership. Advances in standards and communication

technologies eliminate need for centralized processing.

Security

Decentralization & security

Decentralization has security implications:

More attack surfaces. But value of each node is small.

Value/Effort ratio small. Easier to protect.

Massive data breaches difficult. You don’t put all your eggs into the same basket.

More resilient. End-to-end encryption.

Anonymization vs. Strong Identities

Anonymization: Protects whistle blower or dissident

(or criminal or terrorist) Makes security decisions difficult.

Strong identities (pseudonyms): Protect information owners. Allows selective responses.

Both protect privacy, in different ways.

Peter WaherFounder of Little Sister®, a standards based distributed social network, based on the principles of privacy & information ownership, for organizations, individuals and machines. Peter also works on standardization for the IoT and the Smart City/Society. Author. Smart City Architect. Internet Philosopher.

peterwaher@hotmail.comTwitter: PeterWaherLinkedIn: http://waher.se/