© and privacy “by design”

Dr Ian Brown, U. of Oxford

@IanBrownOII

Early DRM systems

“Trusted” architectures

DRM a hard problem

More recent efforts

Web blocking – Newzbin injunction, Digital Economy Act s.18

PROTECT-IP Act/Stop Online Piracy Act

Anti-Counterfeiting Trade Agreement, Trans-Pacific Partnership

Effectiveness of blocking

Ease of masking P2P traffic using encryption

Ease of site and content transfers and replication

Sneakernets and WiFi/Bluetooth sharing

Ease of changing DNS servers, and building alternate directory systems

“I agree with counsel for the Studios that the order would be justified even if it only prevented access to Newzbin2 by a minority of users.” [2011] EWHC 1981 (Ch) §198

[2011] EWHC 1021 (Admin) § 232

“Experts can seek to establish a profile of those who engage in P2P file sharing, and their various reasons for doing so, and may then attempt to predict how these users may be likely to respond if confronted with the kind of regime that the DEA enacts. In theory, some may cease or substantially curtail their unlawful activities, substituting or not, for example, lawful downloading of music; others may simply seek other means to continue their unlawful activities, using whatever technical means are open. The final outcome is uncertain because it is notoriously difficult accurately to predict human behaviour”

GDPR Art. 23 Data protection by design and by default

1. Having regard to the state of the art and the cost of implementation, the controller shall, both at the time of the determination of the means for processing and at the time of the processing itself, implement appropriate technical and organisational measures and procedures in such a way that the processing will meet the requirements of this Regulation and ensure the protection of the rights of the data subject.

2. The controller shall implement mechanisms for ensuring that, by default, only those personal data are processed which are necessary for each specific purpose of the processing and are especially not collected or retained beyond the minimum necessary for those purposes, both in terms of the amount of the data and the time of their storage. In particular, those mechanisms shall ensure that by default personal data are not made accessible to an indefinite number of individuals.

Designing for privacy

Data minimisation key: is your personal data really necessary? Limit personal data collection, storage, access and usage – enforced using cryptography Protects against hackers, corrupt

insiders, data loss, as well as function creep

Users must also be notified and consent to the processing of data – easy-to-use interfaces are critical. What are defaults?

Jedrzejczyk et al. (2010)

Mobile data

Is communication uni- or bi-directional or broadcast? Oblivious transfer

Does sensor, user agent or network carry out triangulation and processing? What resolution data can network access?

How long-lived and linkable are identifiers? IMSIs, TMSIs and location patterns

Location-Based Services

Can we use features of mobile phone networks to supply anonymous, targeted adverts?

Haddadi, Hui, Henderson and Brown (2011)

Transport pricing

Monitor all traffic centrally (London), at kerbside (W London) or deduct payment from pay-as-you-go toll cards (Singapore)? On-board unit (Balasch et al. 2010)? Or tax parking spaces?

Link all payment card usage (Oyster) or use unlinkable RFID tokens (Shenzen)?

MIT Technology Review (2006)

Privacy-friendly smart grids

Personal data should almost always remain at customer premises under their direct control

Network broadcasts tariff data to meters, which control appliances

Heavily aggregated information used for billing and price comparison

PETs can further reduce information leakage to third parties

Rial and Danezis (2011)