Privacy in the Next Generation Internet

Data Protection in the Context of European Union Policy

Alberto Escudero-Pascual <aep@it.kth.se>

Royal Institute of Technology -KTH Sweden

Privacy in mobile internet

Who?

PhD researcher and privacy advocate

Where?

IT University in the swedish mobile valley

What?

Location Privacy - Data Protection Policy

Location Privacy in a nutshell

Someone is somewhere doing something<identity> <time> <place> <content>

Someone Identity Management

Somewhere Location Privacy

Something Content Confidentiality

Reinventing the wheel?

UnobservabilityAnonymity

Untraceability

Identity ManagementProtection of Personal Identifiable Information

Location PrivacyTrust and unlinkability

Corporate vs policy survival

Corporate survival in the information age hinges on the ability of non-technical executives to decipher,

understand and harness constant advances in information technology.

This century's biggest, boldest players will be those who can change and adapt for survival.

Darwin Observer mission

Data ProtectionTechnology Neutral Policy

• Replace old Directives (97/66/EC)

• No intended to create major changes

• Adapt and update the existing provisions to “new” and “forseeable” developments in the e-communications services and technologies

Data ProtectionTechnology Neutral Policy

• Not to impose, nor discriminate in favour of, the use of a particular type of technology

• Ensure that the service is regulated in the same manner

Same level of protection regardless of the technology used to deliver a service

EU Data Protection Background

• Written with scenarios in mind.

• Based on telecommunication services

• Traditional policies refers to ‘Calls ID’ and ‘Content’

• The data is classified in traffic and content

Different protectionsfor different type of data

DefinitionsFrom call to communication

CallIs any connection established by means of a publicly available telephone service allowing two-way communication in real time.

CommunicationAny information exchanged or transmitted between a finite number of parties by means of a publicly available electronic communications service

DefinitionsExtending traffic and location data

Location dataAny data processed in an electronic communication network, indicating the geographical position if the terminal equipment of a user of a publicly available electronic communication service.

Traffic dataAny data generated and processed in the course of or for the purpose of the transmission of a communication over an electronic communication network.

Darwin Observer mission

Keep in mind...

• Technology neutral: The Directive is not talking about Internet

• Replace 97/66/EC: Definitions and changed or updated to “adapt” a Directive written with scenarios in mind (POTS)

• Traffic, location and content data: Different protections for different types of data

MobileIPv6

• Allows a device (mobile node) to move from one place (link) to another without changing the Internet address (IP)

• Allows a device (mobile node) to inform the home network (home agent) and other devices (correspondents) about the new associated address when roaming (care of address)

MobileIPv6

Capability of being always addressable via a static identifier by informing the home agent about the binding between the dynamic and static identifier (HoA - CoA(t))

Correspondent Node

Foreign Networks

Home Network

Mobile Node

CoA(t1)

CoA(t2)HoA

CoA(t3)

MobileIPv6

Capability of being addressable via the dynamic identifier by informing the correspondent node of the CoA(t)

Correspondent Node

Foreign Networks

Home Network

Mobile Node

CoA(t1)

CoA(t2)HoA

CoA(t3)

Mobility/Location Informationin IPv6 headers

Ethernet IPv6 Header ESP TCP | HTTP

SOURCE ADDRESSCare-of-address(t)

Destination Option

Correspondent Node

http://www.isoc.org

Mobile Node (t1)

DEST. ADDRESSwww.isoc.org

HOME ADDRESS

“Content Data”- Care of address (t1) sent as part of the IPv6 Header Source Address

- Home address sent as part of the MobileIP Destination Option

Mobility/Location Informationin IPv6 headers

SOURCE ADDRESSCare-of-address(t)

Correspondent Node

http://www.isoc.org

Mobile Node (t1)

Mobile Node (t2)

DEST. ADDRESSwww.isoc.org

Ethernet IPv6 Header Mobility Header

HOME ADDRESS

Care-of-address(t2)

SPI

“Traffic Data”- Home address sent as part of the MobileIP Destination Option

-Care of address (t2) and Home Address sent as part of the IPv6 Mobilty Header

Traffic/Content Channels?

Ethernet IPv6 Header ESP TCP | HTTP

SOURCE ADDRESSCare-of-address(t)

Destination Option

Correspondent Node

http://www.isoc.org

Mobile Node (t1)

Mobile Node (t2)

DEST. ADDRESSwww.isoc.org

HOME ADDRESS

Ethernet IPv6 Header Mobility Header

HOME ADDRESS

Care-of-address(t2)

SPI

Open issues in mobile privacyFrom traffic data to content data

• Content data is considered to be more sensitive than traffic data higher level of protection

• Content and traffic data in Internet can only be clearly distinguised when given:

- concrete context

- item of interest

- level of observation• Difficult distinction a multi-layered architecture

Open issues in mobile privacyFrom traffic data to content data

Scenario MobileIPv6

• The application always use the mobile home address (always at home)

• Bindings (signaling) can be:– Hidden to the application

– Rich content information to make location aware decisions

Open issues in mobile privacy

From traffic data to geographical position

• Does an IP address indicate the position of a device?

• What is the Geographic Information Reference System for the Internet?

• What is the legal definition of geographical position?• Is relative position of two devices geographical

position?

Open issues in mobile privacy

From traffic data to geographical position

• Changes of CoA(t) can reveal geopraphical proximity of two devices

• POTS: The calling user has the right to prevent the presentation of Calling-line identification on a per-call basis (EU Data Protection Directive)

• Are Call IDs geographical position?

Conclusions

• Traditional legal, regulatory and technical provisions were established with traditional technological environments in mind.

• Traditional classification of data based on the functional channel is no longer valid.

• Data Protection policies should consider the sensibility of the amount of personal identifiable information of a ’data set’ and not insist in applying traditional powers to new infrastructures.

Thanks!

http://www.it.kth.se/~aep/publications

<aep@it.kth.se>