Date post: | 28-Nov-2014 |
Category: |
Technology |
Upload: | ian-brown |
View: | 1,093 times |
Download: | 0 times |
© and privacy “by design”
Dr Ian Brown, U. of Oxford
@IanBrownOII
Early DRM systems
“Trusted” architectures
DRM a hard problem
More recent efforts
Web blocking – Newzbin injunction, Digital Economy Act s.18
PROTECT-IP Act/Stop Online Piracy Act
Anti-Counterfeiting Trade Agreement, Trans-Pacific Partnership
Effectiveness of blocking
Ease of masking P2P traffic using encryption
Ease of site and content transfers and replication
Sneakernets and WiFi/Bluetooth sharing
Ease of changing DNS servers, and building alternate directory systems
“I agree with counsel for the Studios that the order would be justified even if it only prevented access to Newzbin2 by a minority of users.” [2011] EWHC 1981 (Ch) §198
[2011] EWHC 1021 (Admin) § 232
“Experts can seek to establish a profile of those who engage in P2P file sharing, and their various reasons for doing so, and may then attempt to predict how these users may be likely to respond if confronted with the kind of regime that the DEA enacts. In theory, some may cease or substantially curtail their unlawful activities, substituting or not, for example, lawful downloading of music; others may simply seek other means to continue their unlawful activities, using whatever technical means are open. The final outcome is uncertain because it is notoriously difficult accurately to predict human behaviour”
GDPR Art. 23 Data protection by design and by default
1. Having regard to the state of the art and the cost of implementation, the controller shall, both at the time of the determination of the means for processing and at the time of the processing itself, implement appropriate technical and organisational measures and procedures in such a way that the processing will meet the requirements of this Regulation and ensure the protection of the rights of the data subject.
2. The controller shall implement mechanisms for ensuring that, by default, only those personal data are processed which are necessary for each specific purpose of the processing and are especially not collected or retained beyond the minimum necessary for those purposes, both in terms of the amount of the data and the time of their storage. In particular, those mechanisms shall ensure that by default personal data are not made accessible to an indefinite number of individuals.
Designing for privacy
Data minimisation key: is your personal data really necessary? Limit personal data collection, storage, access and usage – enforced using cryptography Protects against hackers, corrupt
insiders, data loss, as well as function creep
Users must also be notified and consent to the processing of data – easy-to-use interfaces are critical. What are defaults?
Jedrzejczyk et al. (2010)
Mobile data
Is communication uni- or bi-directional or broadcast? Oblivious transfer
Does sensor, user agent or network carry out triangulation and processing? What resolution data can network access?
How long-lived and linkable are identifiers? IMSIs, TMSIs and location patterns
Location-Based Services
Can we use features of mobile phone networks to supply anonymous, targeted adverts?
Haddadi, Hui, Henderson and Brown (2011)
Transport pricing
Monitor all traffic centrally (London), at kerbside (W London) or deduct payment from pay-as-you-go toll cards (Singapore)? On-board unit (Balasch et al. 2010)? Or tax parking spaces?
Link all payment card usage (Oyster) or use unlinkable RFID tokens (Shenzen)?
MIT Technology Review (2006)
Privacy-friendly smart grids
Personal data should almost always remain at customer premises under their direct control
Network broadcasts tariff data to meters, which control appliances
Heavily aggregated information used for billing and price comparison
PETs can further reduce information leakage to third parties
Rial and Danezis (2011)