Date post: | 18-Dec-2015 |
Category: |
Documents |
View: | 212 times |
Download: | 0 times |
Privacy in the Next Generation Internet
Data Protection in the Context of European Union Policy
Alberto Escudero-Pascual <[email protected]>
Royal Institute of Technology -KTH Sweden
Privacy in mobile internet
Who?
PhD researcher and privacy advocate
Where?
IT University in the swedish mobile valley
What?
Location Privacy - Data Protection Policy
Location Privacy in a nutshell
Someone is somewhere doing something<identity> <time> <place> <content>
Someone Identity Management
Somewhere Location Privacy
Something Content Confidentiality
Reinventing the wheel?
UnobservabilityAnonymity
Untraceability
Identity ManagementProtection of Personal Identifiable Information
Location PrivacyTrust and unlinkability
Corporate vs policy survival
Corporate survival in the information age hinges on the ability of non-technical executives to decipher,
understand and harness constant advances in information technology.
This century's biggest, boldest players will be those who can change and adapt for survival.
Darwin Observer mission
Data ProtectionTechnology Neutral Policy
• Replace old Directives (97/66/EC)
• No intended to create major changes
• Adapt and update the existing provisions to “new” and “forseeable” developments in the e-communications services and technologies
Data ProtectionTechnology Neutral Policy
• Not to impose, nor discriminate in favour of, the use of a particular type of technology
• Ensure that the service is regulated in the same manner
Same level of protection regardless of the technology used to deliver a service
EU Data Protection Background
• Written with scenarios in mind.
• Based on telecommunication services
• Traditional policies refers to ‘Calls ID’ and ‘Content’
• The data is classified in traffic and content
Different protectionsfor different type of data
DefinitionsFrom call to communication
CallIs any connection established by means of a publicly available telephone service allowing two-way communication in real time.
CommunicationAny information exchanged or transmitted between a finite number of parties by means of a publicly available electronic communications service
DefinitionsExtending traffic and location data
Location dataAny data processed in an electronic communication network, indicating the geographical position if the terminal equipment of a user of a publicly available electronic communication service.
Traffic dataAny data generated and processed in the course of or for the purpose of the transmission of a communication over an electronic communication network.
Darwin Observer mission
Keep in mind...
• Technology neutral: The Directive is not talking about Internet
• Replace 97/66/EC: Definitions and changed or updated to “adapt” a Directive written with scenarios in mind (POTS)
• Traffic, location and content data: Different protections for different types of data
MobileIPv6
• Allows a device (mobile node) to move from one place (link) to another without changing the Internet address (IP)
• Allows a device (mobile node) to inform the home network (home agent) and other devices (correspondents) about the new associated address when roaming (care of address)
MobileIPv6
Capability of being always addressable via a static identifier by informing the home agent about the binding between the dynamic and static identifier (HoA - CoA(t))
Correspondent Node
Foreign Networks
Home Network
Mobile Node
CoA(t1)
CoA(t2)HoA
CoA(t3)
MobileIPv6
Capability of being addressable via the dynamic identifier by informing the correspondent node of the CoA(t)
Correspondent Node
Foreign Networks
Home Network
Mobile Node
CoA(t1)
CoA(t2)HoA
CoA(t3)
Mobility/Location Informationin IPv6 headers
Ethernet IPv6 Header ESP TCP | HTTP
SOURCE ADDRESSCare-of-address(t)
Destination Option
Correspondent Node
http://www.isoc.org
Mobile Node (t1)
DEST. ADDRESSwww.isoc.org
HOME ADDRESS
“Content Data”- Care of address (t1) sent as part of the IPv6 Header Source Address
- Home address sent as part of the MobileIP Destination Option
Mobility/Location Informationin IPv6 headers
SOURCE ADDRESSCare-of-address(t)
Correspondent Node
http://www.isoc.org
Mobile Node (t1)
Mobile Node (t2)
DEST. ADDRESSwww.isoc.org
Ethernet IPv6 Header Mobility Header
HOME ADDRESS
Care-of-address(t2)
SPI
“Traffic Data”- Home address sent as part of the MobileIP Destination Option
-Care of address (t2) and Home Address sent as part of the IPv6 Mobilty Header
Traffic/Content Channels?
Ethernet IPv6 Header ESP TCP | HTTP
SOURCE ADDRESSCare-of-address(t)
Destination Option
Correspondent Node
http://www.isoc.org
Mobile Node (t1)
Mobile Node (t2)
DEST. ADDRESSwww.isoc.org
HOME ADDRESS
Ethernet IPv6 Header Mobility Header
HOME ADDRESS
Care-of-address(t2)
SPI
Open issues in mobile privacyFrom traffic data to content data
• Content data is considered to be more sensitive than traffic data higher level of protection
• Content and traffic data in Internet can only be clearly distinguised when given:
- concrete context
- item of interest
- level of observation• Difficult distinction a multi-layered architecture
Open issues in mobile privacyFrom traffic data to content data
Scenario MobileIPv6
• The application always use the mobile home address (always at home)
• Bindings (signaling) can be:– Hidden to the application
– Rich content information to make location aware decisions
Open issues in mobile privacy
From traffic data to geographical position
• Does an IP address indicate the position of a device?
• What is the Geographic Information Reference System for the Internet?
• What is the legal definition of geographical position?• Is relative position of two devices geographical
position?
Open issues in mobile privacy
From traffic data to geographical position
• Changes of CoA(t) can reveal geopraphical proximity of two devices
• POTS: The calling user has the right to prevent the presentation of Calling-line identification on a per-call basis (EU Data Protection Directive)
• Are Call IDs geographical position?
Conclusions
• Traditional legal, regulatory and technical provisions were established with traditional technological environments in mind.
• Traditional classification of data based on the functional channel is no longer valid.
• Data Protection policies should consider the sensibility of the amount of personal identifiable information of a ’data set’ and not insist in applying traditional powers to new infrastructures.