25
1 Version: 19 August 2016
1
Version:19August2016
2
ContentsContents...................................................................................................................................................2ExecutiveSummary..................................................................................................................................3Introduction:IEEEInternetInitiativeandIEEEETAPForumSeries..........................................................4InvitedSpeakers.......................................................................................................................................5KeynotePresentation:IddoMoed........................................................................................................5KeynotePresentation:DeepakMaheshwari........................................................................................6PanelDiscussion...................................................................................................................................8LimorShmerlingMagazanik..............................................................................................................8ShaharBelkin.....................................................................................................................................9JonathanKlinger..............................................................................................................................10YuvalElovici.....................................................................................................................................11BoazLandsberger............................................................................................................................11
KeynotePresentation:DoritDor........................................................................................................12KeynotePresentation:ProfessorIsaacBen-Israel..............................................................................13
BreakoutSession....................................................................................................................................15NextStepsandWrapup........................................................................................................................17AppendixI:Program...............................................................................................................................18AppendixII:Participants........................................................................................................................23AppendixIII:CombinedIssuesList,AllIEEEETAPForums.....................................................................25
3
ExecutiveSummaryTheIEEEExpertsinTechnologyandPolicy(ETAP)ForumonInternetGovernance,Cybersecurity,andPrivacyreturnedtoTelAviv,Israel,on22June2016forasessionemphasizingbiometricsandaccesscontrol.Theinvitation-onlyeventatTelAvivUniversityinIsraelattractedabout50expertsfromtheglobaltechnologyandpolicycommunities.ItwasthesixthinaseriesofregionallyorientedIEEEETAPForumgatheringshostedbytheIEEEInternetInitiativeoverthelast13monthsandthesecondheldinTelAviv.Keynotepresentationsandapaneldiscussionilluminatedtrends,challenges,andopportunitiesintechnologyandpolicy;attendeesvoicedtheirownparticularconcernsintheseareas;andthenabreakoutsessionconcentratedonthequestion,whatbiometricdataisappropriateforwhatcircumstances?
4
Introduction:IEEEInternetInitiativeandIEEEETAPForumSeriesThegapisgrowingbetweenthefastadvanceoftechnologyandthepolicythatisbeingcreatedtoregulateit,IEEEETAPForumco-moderatorOlegLogvinovsaidinopeningthe22June2016eventinTelAviv.Thepurposeofthegatheringwastopursuewaystobridgethatgap,hesaid.OrganizedbytheIEEEInternetInitiative,theIEEEETAPForumsonInternetGovernance,Cybersecurity,andPrivacybringtogethertechnologydevelopersseekingabetterunderstandingoftheInternetpublic-policylandscapetohelpdriveproactivetechnologydesignandpolicyexpertsseekingreliabletechnicalguidancetomakeinformedInternetpublic-policydecisions.IfthetremendouspromiseofongoingInternetinnovationandexpansioninaccessforsustainabledevelopment,economicgrowth,enhancedpublicsafety,andsecurity,etc.istoberealized,itwillrequireunprecedentedcollaborationacrossthetraditionally“silo-ed”worldsoftechnologyandpolicy.WiththeInternetofThings(IoT)becomingmoreofareality,informationisbeingincreasinglysharedamongmachines,inwaysthatmightnotbepredictable.Inadditiontothetechnologicalcomplexitiesintroducedbythisinnovation,thereareethicalandlegalimplicationsasmachinesmorefrequentlyshareoursensitiveinformationwithothermachinesintheIoT.AsMr.LogvinovsaidattheTelAvivevent,suchimplicationsmustbetakenintoaccountastechnologyandpolicyisdeveloped.TheIEEEInternetInitiativewasfoundedtofacilitatepreciselythecruciallyneededtwo-waydialogueacrossthetechnologyandpolicyworlds.OngoingInternetinnovation,sustainability,andmarketgrowthdependonsound,informedInternetpolicy,andeffectiveInternetpublicpolicydependsonunbiased,currenttechnicalguidance.TheIEEEInternetInitiativeprovidesaneutralenvironmentforcollaborationamongpolicymakers,engineers,scientists,industryleaders,andothersgloballyonemergingissuesincybersecurity,privacy,andInternetgovernance—allwithinthecontextofadvancingtechnologyforthebenefitofhumanity.IEEEETAPForumeventshavetakenplaceinSanJose,California,intheUnitedStatesinMay2015(http://sites.ieee.org/etap-sanjose/);inTelAvivinAugust2015(http://sites.ieee.org/etap-israel1/);inWashington,D.C.,USA,inFebruary2016(http://internetinitiative.ieee.org/events/etap/etap-forum-in-washington-dc);inDelhi,India,inMarch2016(http://internetinitiative.ieee.org/events/etap/etap-forum-in-delhi-india);andinBeijing,China,inMay2016(http://internetinitiative.ieee.org/events/etap/etap-forum-in-beijing-china).TheJune2016IEEEETAPForuminTelAvivcontinuedtheconversation,withafocusonquestionsarisingfromtheincreasingusageofbiometricsandaccesscontrol.
5
InvitedSpeakersTheJune2016IEEEETAPForuminTelAvivfeaturedkeynotepresentationsfromfourspeakers:
• IddoMoed,cybersecuritycoordinator,MinistryofForeignAffairs,Israel
• DeepakMaheshwari,directorofgovernmentaffairsacrossIndiaandASEANregion,Symantec,andco-moderatorofthisIEEEETAPForuminTelAviv
• Dr.DoritDor,vicepresident,products,CheckPointSoftwareTechnologies
• ProfessorIsaacBen-Israel,directoroftheInterdisciplinaryCyberResearchCenter(ICRC),Tel
AvivUniversityAlso,fivespeakersparticipatedinapaneldiscussionaddressingenablingcomponentsforclosingthegapbetweenpolicyandtechnology:
• LimorShmerlingMagazanik,directoroflicensingandinspectionattheIsraeliLaw,Information&TechnologyAuthority(ILITA)
• ShaharBelkin,co-founder,FSTBiometrics
• JonathanKlinger,Israelicyberlawattorneyandblogger
• YuvalElovici,director,DeutscheTelekomLaboratoriesatBen-GurionUniversity
• BoazLandsberger,IsraelElectricCompany
KeynotePresentation:IddoMoedManyglobalforumsdealwithcoordinatingcybersecuritypolicy,butthereisstillalotofworktobedonetobringtechnologyexpertisetobear,accordingtoIddoMoedofIsrael’sMinistryofForeignAffairs.It’snotthatpolicymakersrequiresothoroughanunderstandingoftechnologysoastolearncodinglanguage;rather,hesaid,theremustbeenoughunderstandingoftechnologytobeabletoidentifyitsinternationalcontextandtheprocessesthatareunfoldingarounditsdevelopment.CybersecurityisatopicofterrificattentioninglobalforumsincludingtheUnitedNations(UN)andOrganizationforEconomicCooperationandDevelopment(OECD),hesaid.AseriesofseminarsinGenevaaddressedhowagreementsneedtobeappliedonexportarrangements.InIsrael,specifically,therehasbeendebatearoundarecentexportcontroldirective.Similarconversationsaregoingonaroundtheworld.
6
“Itcanonlyworkintherealworldwiththetechnologists,theeconomistsandthepoliticianssittingaroundthesametable,”Mr.Moedsaid.“Andthatisverycomplicatedprocess,becausewespeakverydifferentlanguages.”Theword“stability,”forexample,couldmeandifferentthingsindifferentenvironments,hesaid.Thelanguagebeingusedtoshapepolicyispoliticallanguage,nottechnologicallanguage,andhesaidthat’snotnecessarilythecorrectapproach.Languageforpolicyaroundcybersecurityandothertechnologicalissuesmustbemoreconcretethanisoftenthecaseinstrictlypoliticalrealms.Forexample,theWassenaarArrangement,aColdWar-eraarmscontrolexportrestrictiondeal,isnotuptothetaskofdealingwiththeissue,hesaid.Mr.MoedsaidthereexistsaUNgroupofexpertsfrom25countries,dealingwitharmscontrol,thatsincethelate1990shasdiscussedinternationallawandhowitappliestomoralissues,privacy,hownormsapply,theneedfornewnorms,howconfidencecanbeencouraged,etc.Forexample,governmentsagreenottoattackcomputeremergencyresponseteams(CERTs)andtopublishcybersecuritypolicyforinformationsharing,andthese,hesaid,areconfidence-buildingmeasures.Thediscussionsaredirectedbydiplomatsbutalsoengagetechnologicalexperts.Thisworkisvaluable,Mr.Moedsaid,but“peopleintechnologydon’tliketoworkwithgovernment—it’snotexciting,formostpeople.That’safactoflife,sowehavetofindallkindsofschemesandprogramstokeeptechnologistsonboard.”
KeynotePresentation:DeepakMaheshwariIEEEETAPForumco-moderatorDeepakMaheshwariwithSymantecdiscussedhisownpersonalviewsofIndia’s“Aadhaar”biometricidentificationprogram,whichaimstohelppeoplereceivegovernmentbenefitsandcarryoutfinancialtransactions.Mr.Maheshwarifirstofferedasocio-economicandpoliticalsnapshotofIndia,asecular,democraticrepublicwith1.2billionpeople.HalfofIndia’spopulationderivestheirlivelihoodfromagriculture,hesaid,butthatrepresentsonly14percentoftheeconomy.“Soit’saserviceeconomybutanagriculturalsociety,”Mr.Maheshwarisaid.Therearelotsofprogramstoaddresspovertyandprovidesubsidies.Delays,denials,andduplicationareamongtheproblemswiththeseprograms.Delaysmeanthatsubsidiesandbenefitscantakealongtimetobedelivered,hesaid;duplicationanddenialmeanthat,iftwopeoplearemeanttoreceiveabenefit,onemaynotgetit,whiletheothermaygetittwice.“Leakagerate”intheprogramsisestimatedat85percent,Mr.Maheshwarisaid,“andthat’sahugeamount.”
7
At7.6percentgrossdomesticproduct(GDP)growth,however,India’seconomyisabrightspot.Internetgrowthishappeningviamobile,hesaid,thankstoproliferationoflow-costsmartphones,prepaidmobilephones,inexpensiverechargingandnewsubscriberidentificationmodule(SIM)cardsavailableforlessthanhalfadollar.Mr.MaheshwarisaidIndiahasaslewofgovernmentidentification:passports,licenses,voterIDs,incometaxnumbers,etc.Butnoteveryonehasthem,andmanypeoplehavenone.Consequently,peoplehaveachallengeinprovingtheiridentity—especiallyiftheymovevillagesandnoonecanvouchforthemintheirnewenvirons.AadhaarisaprogramintendedtogiveauniqueIDtoeachresidentofIndia(includingrefugeesandnon-citizenswhoareinthecountry).Everyresidentisentitledtoa12-digitrandomnumber.Atthispoint,gettinganumberrequiresanapplicationtoprovidedemographicinformationandbioemetricinformation(10fingers,iris,andface),pluse-mailandmobilenumber.Aadhaarwasvoluntarybuthasemergedasadefactomandate,Mr.Maheshwarisaid.TheAadhaarnumberinitselfdoesnotrevealanythingaboutitsuser.Forexample,genderorregioncannotbegeneratedfromthenumberalone.Usingthenumber,Mr.Maheshwarisaid,someonewhowantstocheckaperson’sidentitywouldentertheperson’sbiometricinformationandnumberintotheAadhaarsystemandgetabinaryresponseinreturn—eitherayesorno,confirmingorrejectingamatch.Theprogram,hesaid,operatesbyfirstregisteringpeopleandtheirbiometricinformation,andthenallowsanyentitytoverifytheirIDtechnology.Aadhaareitherconfirmsordeniesthattheperson’sbiometricinfomatchestheIDnumber.That,Mr.Maheshwarisaid,canhelpaleakyandinefficientgovernmentbenefitsprograms,whichhavedifficultygettingbenefitstotherightpeople.WhenAadhaariscombinedwiththeJan-DhanprogramforFinancialInclusionandmobileaccess(JAMs),thebreadthofoptionsopens,headded.TherearealreadynearlyabillionJAMsregistered.“YouhavepeoplewhocouldbeanywherewithanonlineauthenticatingID,mobilephone,andbankaccount,”hesaid“Havingthesethreethingsyoucandoquitealot.”Government,forexample,canputmoneyintoauser’sbankaccount.Andpeoplecanalsodoexchangeofmoney,low-valuecashtransactions.
8
Buttheprogramalsofaceschallenges,Mr.Maheshwarisaid,suchaslimitingwhatbiometricdatacanbesharedwithwhom,andevenwhetherthebiometricdataisbeingcollectedproperlywiththebestequipment.Hesaidkeyissuesaroundsecurityandprivacyhavearisen:
• Whatinformationissharedamongagencies?
• WhileIndianlawisexplicitwhenitcomestodemographicdata,openquestionsremainaroundbiometricinformation.
• Iftheoriginalbiometricdatacollectionisn’tgood,thenin,say,10years,“howdoIprovethatI
amwhoIamorclaimtobe?”
• Fakecredentialscouldresultfrompeoplereplicatingafakeirisscanorliftingfingerprints.
PanelDiscussionApaneldiscussionofenablingcomponentsforclosingthegapbetweenprivacypolicyandtechnologyengagedfiveexpertsoninterrelatedaspectsofthetopic,suchasconsumerunderstandingofprivacyagreements,changesintechniques,enforcementissues,andcorporateapproachestoinformationflow.ThepanelalsoemphasizedtheimportanceofeducatingchildrenfromanearlyageabouttheimplicationsofusingtheInternet,aswellasvariousapps,programs,andsocialnetworks.
LimorShmerlingMagazanik
LimorShmerlingMagazanikwithILITAcalledherself“astrongbelieverinthenecessityofformingpolicyalongsidedevelopingandimplementingtechnology;thisway,wemayenjoytheadvantageswhileconsciouslymanagingtherisks.”Ms.Magazanikcalledprivacybothafoundationofconsumertrustandbasichumanright.Shenoted,forexample,researchshowingthatU.S.consumersaregrowingincreasinglyconcernedaboutcompaniessellingandgovernmentsaccessingpersonallyidentifiableinformation(PII).Shealsocitedvariousgovernmentandcorporateactionsandcounteractionaroundprivacylegislationaroundtheworld.“I’mreallyconvincedthatprivacyisnotdead.Ireallyfeelweshouldnotgiveupthefight,”shesaid.“Wecandothisifweadoptstandardstoself-regulatethecommunity.…Wedoourenforcementasgovernment;wetrytolegislate.Butyouhavetounderstandthatlegislationisverylengthy.It’sliketheturtletryingtocatchupwithtechnology,whichismustfaster…sowereallyrelyonstandards.”
9
Itisdifficultforconsumerstounderstandtheprivacyconditionstheyregularlyagreeto,Ms.Magazaniksaid.Shepresentedfindingsthatitwouldtakeaperson201hoursonaveragetoactuallyreadthroughalltheprivacyagreementsandtermsofservicetowhichheorsheagreeseachyear,atayearlycostof$3,534—atotalof$781billion.Applicationsformachine-automatedprivacymanagementareemergingtohelpusersmoreefficientlyaddresstheproblem.“Thisisawaytogivetheconsumermorecontrolwhenhe’smanaginghisaffairsontheInternet,”shesaid.Ms.MagazaniksaidthatIsraelundertookalarge-scaleprojectonbiometricIDandthatitsoversightcommitteeconsideredseveraloptions:
• Nothavingadatabase• Havingadatabasebutnotincludingbiometricinfoinit• Makingdowithacardthatminimizesrisk• Limitingbiometricsuses• Collectingface-onlybiometricsbutnotfingerprints
Whileit’scompellingtousebiometricinformationforotherpurposes,shesaid,legislationprohibitsitsusageforothermeansinordertopreventmissioncreep.Italsoestablishesanindependentregulatorfortheprogram.Projectorganizersstillareseekingfunctionalitywithbetterriskmanagement,shesaid,addingthattherewasapilotperiodfortestingandregulatingtheprogramandthatitisstillpendingwithIsrael’sinteriorminister.
ShaharBelkin
Peoplehaveproventhemselveswillingtotradeoffprivacyforconvenience,saidShaharBelkinwithFSTBiometrics,butconcernsaboutterror,fraud,crime,andurbanizationaredrivingmarketinterestinnewprivacymeasures,suchasonesusingbiometricdata.“I’mtalkingabouttheproblemofusingbiometricsasasecuritykey,becausetherearerisks,”hesaid.Thereareconcernsoverhowpeoplecanfakebiometricdata,lettingpeoplewhoshouldn’tbeabletogainaccesstoinformationintosupposedlysecuresystems.Whatarethepotentialwaysthatbiometricsystemscanbecompromised?Onesimplemethodiscalleda“presentationattack.”Thisattackcheatsorspoofsasystembypresentingsomethingotherthangenuinebiometricinformationsuchasfingerprintorface(e.g.usingaphotoinsteadoftherealface).“Whatthepresentationattackdoesn’ttakeintoconsideration...isthenextlevelofbehavior,”Mr.Belkinsaid.“Whenpeopleputtheirfingeronafingerprintreader,eachonedoesitinauniqueway.Andbehaviorisnotsomethingthatisgoingtobeabletobespoofedsoon.Wehavethetoolsnow,inwhatiscalled‘deeplearning,’tounderstandwhatisthebehavioroftheperson.Andbehavioralispartofthenewbiometrics.”
10
Themarketismovingtowardabehavioralapproach,hesaid,thattakesintoaccountnotonlydatasuchasfaceorfingerprint,butalsothewaypeoplemove,thewaytheyholdtheirdevices,theamountofpressuretheytendtousewhenpressingdowntheirfingers,etc.
JonathanKlinger
“Thequestionisnothowyouprotecttheinformationyoustore;it’swhetheryouactuallyneedtostoreitinthefirstplace,”saidcyberlawattorneyandbloggerJonathanKlinger.“Becausehavingthebestsecurityandbestprotectionintheworldwon’thelpyouwhenyouhaveaninsidedatabreach.And,ifwe’relookingtoavoidit,we’llbeasking,‘Whywasitnecessarytostorethisspecificinformationbeforehand?’”Peoplehavenoideawhetherorhowtheirdataisbeingstore,used,orsold.“Mostofyouhaveapplicationsonyourphone,”hesaid.“Youinstallthemwithouthesitation,withoutreadingtheprivacypolicy…Theproblemisnotjustthatpeopledon’treadtheagreement,butyoudon’thaveanywaytomonitoryourdata.”Freeappsandmorepopularappstendtorequestmorepermissionsthanpaidandlesspopularones,Mr.Klingersaid—thefreeones,becausethatishowtheymaketheirmoney;thepopularones,becausethedepthoftheiruserbasemakestheirinformationmorevaluable.Notonlyareprivacypoliciesdifficulttounderstand,Mr.Klingersaidtheyarealsoeffectivelyimpossibletoenforce.Ifausersendsaphototoanotheruser,forexample,thereisnowaytomonitorwhetherthatfileissubsequentlyshared.Whileanagreementmightexistthatanorganizationwillnotsellorsharepersonalinformation,“thereisnotechnologybehindthatstatement,”hesaid.“It’sfaithinpeople,andIhavenofaithinpeople—peoplearetheweakestlinkbetweentechnologicalinterfaces.”Mr.Klingerspoketotheneedforastandardthatattachesitselftopersonalinformation,files,callrecords,browsers,etc.,whichwouldcreatemetadataspecifyinghowauser’sinformationcanbeshared,stored,orpassedalong.Thestandard,hesaid,couldallowuserstospecify,“Iallowyoutotrackmylocation,butdon’tstoreitinmydatabase.Or,dostoreit,butdon’tsendittootherpeople.Ordon’tstoreit;don’tsendittootherpeople,andaskmeeverytime.Iwantthispreferencetobesaved,andwhenIsubmitinformation,Ichoosehowthisinformationcouldbepassedalongtheway.”Suchastandardisnecessary,hesaid,because“theonlywaytocontrol(informationprivacy)isnotbyenactinglawsbutbycreatingastandardfortechnologythatpeoplewillfeelprotectediftheyknowthatsoftwareiscompliantwiththatstandard.”
11
YuvalElovici
YuvalEloviciwithDeutscheTelekomLaboratoriessaid,“Ingeneral,attackerslikesecuritytoolsbecausesecuritytoolsgiveusersafalsesenseofprivacyorsecurity.”Withdisclosures,auserdoesn’tknowwhatcanbederivedwiththeinformationthat’sbeingcollected.“Ifyouknewthatyourlifeexpectancycouldbederivedfromtheinformationbeingcollectedaboutyou,youmightnotgivepermissionforit,”Mr.Elovicisaid.Eventhosewhocollectthedatamaynotbeawareofhowitcanbeused,noworinthefuture.AtollroadinIsrael,forexample,billsdriversbasedoncamerasphotographinglicenseplates.“I’malwaysterrifiedwhatwillhappenifthepolicewillcomeandlookatthisinformation,”hesaid.“JustbyanalyzingthetimethatIwasphotographedintwolocations,theycananalyzespeedandmakebillionsimmediatelybyissuingfinesforpeople.Thisdatawascollectedforonepurpose,butcanbeusedforanotherpurpose.”Anotherexampleismobilecompanies’collectionoflocationdataviacellulartower.Thecompaniesaresupposedtokeepthedataforsevenyearsfortaxpurposes,Mr.Elovicisaid.“Ifsomeonestealsthisdata,theywillknowyourlocationforsevenyears,evenifyoudon’tremember.”Henotedthattherearerisksevenwhenpermissionsareblockedbecausetherearesomanywaysforprivateinformationtobeinferred.“DoyouthinkI,asacybersecurityexpert,needstheusertotellmetheirgender?”hesaid.“Icaneventellifthey’renotsureaboutit.”Thenumberofsensorsonmobiledevicesmakemaintaininguserprivacyverychallenging;justmonitoringthewayamobilephoneisphysicallyremovedfromtheuser’spocket,forexample,cansuggesttheuser’sgender.
BoazLandsberger
BoazLandsbergerwiththeIsraelElectricCompany(IEC)discussedtheorganizationalmodelhiscompanyusestokeeptabsofinformationflow,creatingabureaucracytomonitorandevaluatewhatdataiscollected,whereitisflowing,andhowtosecureit.TheIEChasdataonworkers,suppliers,and2millionhouseholds,Mr.Landsbergersaid.Itcanbedeterminedwhenpeoplearehomeornotbasedontheirelectricityusage,because,withsmartmetersbeingimplemented,readingsarebeingtakenmoreoftenthanthetraditionalmonthlyfrequency.Mr.Landsbergersaidthatexecutivebuy-iniscriticaltoanorganizationalmodelfortrackinginformationflowandthatworkforceandmoneymustbeallocatedforthetask.Also,hesaiditisimportantintermsofaccountabilitytohaveasingle,go-topersonresponsiblefordata-leakageprevention.Ownersforeachtypeofsensitivedatamustbeidentified,anditisvaluabletoforma
12
steeringcommitteeofdecisionmakersto,forexample,approvewhatdataisreleased.Inaddition,amappingprocessmustbeestablishedtodefinehowdataistomovefromplacetoplaceacrosstheorganization.“So,”Mr.Landsbergerurged,“takeresponsibility,mapthedata,gathersensitivedatainaspecificlocation,andhavetightmonitoring.”
KeynotePresentation:DoritDorDr.DoritDorwithCheckPointSoftwareTechnologiesdiscussedthetradeoffbetweensecuritythatprotectsconsumersandsecuritythathelpshackersthrive.There’saninherentdebatebetweensecurityandprivacy,shesaid.“Theprivacypeoplewanttoencrypteverything.But,ifIletyouencrypteverything,Ilettheattackersencrypteverything,too…IfIletallthecommunicationgetencrypted,thenIhavenowayofprotectingyoufromwhat’sinit.”Withoutbeingabletomonitorwhatisinafile,itishardertodetectmalware,shesaid.“Applewantstoconvinceusthatourdataissecureandtheyhavenowayofopeningthephone,becausethat’swhatmakesustrustthem…butwhathappensifthephoneendsupbeingusedbyaterrorist?”shesaid,referencingtherecentstand-offbetweenAppleandtheU.S.FederalBureauofInvestigation(FBI)overhackingintoaterrorist’siPhone.Threatsmustbeaddressedquickly,shesaid;phishingsites,forexample,typicallyshutdownwithinafewhours,sotheymustbeaddressedinaveryshortwindow.Also,Dr.Dorsaid,theremustbeswiftactionafterdetection.Sherelatedastoryofanorganizationthatuncoveredabotbuthadfailedtoclearitasoffourweekslater.Whenitcomestoregulation,“therearealotofbuzzwordsthatarebeingthrownabout…butIthinkwe’remissingthebuzzwordofprevention.”Preventionisthebestapproach,shesaid,asstoppinghacksbeforetheystartissomuchlesscostlythanpickingupthepiecesafter.Asalientproblem,shesaid,isthattherearesomanypointsofaccessthatcouldbeweakintheemergingIoT.Networksaregrowingmorecomplicated,Dr.Dorsaid,andpeopleareusingthemforstealing,attacks,wars,politicalmissions,etc.Shecitedresearchthatforecasts,by2020,therewillbe1billionsmartmeters,50percentofcustomerswillhavewearables,and100millionsmartlightbulbs—allofthembeingpotentialpointsthroughwhichtowreakhavoc.Protectionwillhavetobepredicatedontheexpectationoftargetedattacks,shesaid,andallpotentialvectorsandspacesmustbeaccountedfor.
13
UpdatesintheIoTpresentparticularlycriticalchallenges.Sherelatedastoryinwhichacompanymanyyearsagohadcreatedafreewarelibrary,resultingultimatelyincookiesthatintroducedavulnerabilitybeingpassedthroughvendorsandfinallyatelcoandontoabout12millionuserdevices.“It’sdevastatingtohavesomethinglikethis…,”Dr.Dorsaid.“It’saverydifficulttoproblemtosolve.”Acommonarchitecture,shesaid,isnecessarytopreventandmonitorthreats.Standardsareneededininterrelatedareas—sharingformats,interoperability(forautomation,events,monitoring,etc.),expectationsonvendorstosolvesecurityissues,expertise,andlawenforcement—andwillallhavetoplayrolestosufficientlyaddressthethreat,shesaid.Therewillneverbezeroproblems,Dr.Dorsaid,“butwecansolvefundamentalproblemsintheindustry.”
KeynotePresentation:ProfessorIsaacBen-IsraelProfessorIsaacBen-IsraelwithTelAvivUniversitydiscussedthe2010StuxnetvirusattackagainstIraniannuclearcentrifugestodemonstratehowthescopeofinformationsecurityhadchanged.ProfessorBen-Israelidentifiedthreefalsedogmasinthefieldofcybersecurity–thatcyberwarfareisonlyabout,one,stealingoraccessinginformation;two,theInternet;and,three,computers.Until2010,thesewereconsideredtheacceptedwisdombymostoftheexpertsinvolvedininformationsecurity.CollapseofnuclearcentrifugesinIranasaresultoftheStuxnetworm,however,demonstratedfundamentalchanges:
• Stuxnetphysicallydamagedcentrifuges;itdidnotstealoraccessinformation.“Manyorganizationshadalreadyinformation-securityfunctions—westillusethetermtoday‘CISO,’thechiefinfosecurityofficer.But,inthisevent,ithadnothingtodowithinformation…Sowelearnedthat(cyberwarfare)isnotallabouttheinformation.It’salsoabouttheinformation,andwehavetoprotectit,ofcourse,too.But,ifyoujudgebytheintensityofthedamage,it’sevenmoreimportanttoblockphysicaldamagethandamagetothevirtual-worldinformation.”
• StuxnetwasnotdeliveredbytheInternet.TheNatanzsiteinIranwasnotconnectedtothe
Internet,hesaid,and,yet,someonesucceededinhackingintotheisolatedsite.“Idon’thavetotellexpertsthattherearemanywaystohackintoyourcomputer,evenifit’snotconnectedto‘Wi-Fi®’ortheInternetortheoutsideworld…Youneedsomewaytoinjectsomethingintoyourcomputer—maybeadisk,USB,connectionintothewall,something.”
14
• Theworminfectedindustrialequipment,nottraditionalcomputers.Nobodyknowshowthecentrifugeswerehacked,“buteveryonecanguess.”Theyarecontrolledbysupervisorycontrolanddataacquisition(SCADA)technology.“Thecontrollersneedmaintenance.Controllersareproducedsomewhere.Andcontrollersalsohaveversionsofsoftwarethatneedtobeupdatedsometimes.”Potentialvulnerabilitiesareintroducedwitheachprocess,hesaid.
Sowhatiscybersecuritytoday?“EverytwoyearsIchangemyowndefinition,”ProfessorBen-Israelsaid.“Everyonehastheirown.It’snotasobviousasitsounds.ThewayIdefineittoday—Ihopethisexistsmorethanthe18monthsofMoore’sLaw—isthatcybersecurityisreallyaboutthedarksideofcomputing…Computerscanbeusedbybadguys—andtherearealwaysbadguys—toharmthesociety,tocausedamagetothewaywewanttolive.Somydefinitionisthatcybersecurityisreallyaboutthedarkside.Wetrytolimitthedarksideofthistechnology.”ProfessorBen-IsraelgavetheexampleofanewBluetooth-connectedrefrigeratorthathiswifebought,withcommunicationscapabilitiesthataredesignedtoprovidemaintenanceinformation.“I’vestoppedtalkingwithmywifeinthekitchenaboutsensitiveissues,”hesaid.“Thisisthewaywe’regoingtolivefiveyearsfromnow.ThisisthevisionofIoT:Everythingwillhaveachipandsomecommunicationtootherthings.Thisiswhywecallit‘InternetofThings.’Andthiswillmakecyberexponentiallymoreimportant,”hesaid.“Ifwedon’tfindwaystosecureIoT,wewon’thaveIoT,becauseeverybadguythroughhisrefrigeratorwillbeabletoshutdowntheelectricityintotheentirecityorsomekindofthinglikethis…”
15
BreakoutSessionTheJune2016IEEEETAPForuminTelAvivnextmovedontoabreakoutsession,ledbyLimorShmerlingMagazanikofILITA,focusedondiscussingwhatbiometricdataisappropriateforwhatcircumstances.Interrelatedquestionsaroundtheincreasedactivityaroundbiometriccollectionandusagewereexplored:Whatistheleastamountofinformationrequiredtoachievethenecessaryresults?Isthecollectionanduseofthedatabeingcarriedoutwithconsent?HowisthedefinitionofPIIevolving(fromcontactinfotofinancialandmedicalinfo,location,biometrics,genetics,opinions,religions,ethnicbackground,andsocialdemographics)?Aredifferentkindsofbiometricsmoreorlessharmfultoprivacy?Forexample,isfacialrecognitionmoredamagingthanveins?Isthereadifferencebetweenirisesandfingerprints?Outofthediscussion,participantsproposedbasicprinciplesforimplementing/adoptingbiometricsforauthentication:
• Biometricsneednotbethedefaultchoice.Rather,thedecisionofwhatmethodtouseforauthenticationshouldbebasedonthecontextualrealitiesandtheintendedusecase/scenario.
• Minimizationshouldbethemantrawhenitcomestobiometricsateachstage(collection,registration,processing,storage,correlation,etc.)Thedurationofthestorageshouldbeminimized;andunnecessary/redundantdata,deleted.
• Datashouldbesecuredsuitably,includingstrongencryptionatrest,intransit,andduringprocessing.
• Themethodofupdating/modifyingbiometricsdatashouldbeeasyandnotabletoberepudiated(toaccountfor,forexample,changesinfingerprintsinthecaseofinjuries,aging,etc.)Analternativemethodtoauthenticateshouldbeoffered.
• Theenrollment,handling,andcomparisonofbiometricattributesshouldbedoneinaplaceandmannerthatpreservesaperson’sdignityanddoesnotinflictonthemmorethannecessaryforthepurposeofuse.
• Employeesworkingwithbiometricsshouldreceivespecifictrainingintheirhandling.
• Specialconsiderationsofcollectingbiometricattributesfromminors,peoplewithdisabilities,peoplewhoarelegallyincapacitated,andtheelderlyshouldbeaddressed.
• Biometricsshouldbeusedalongwithsomeothermethodformulti-factorauthentication.Choosebiometricsattribute(s)suitableintermsofrisksinvolved,technologicalandinfrastructuralmaturity,usecase,andbusinessmodel.
16
• Humanintelligenceshouldbeusedfordecision-makingoverandabovethebiometrics,where
needed.
ParticipantsproposedthattheprinciplesbesocializedwithISO/IECJTC1SC37/WG6throughtheIEEEliaisoninitsforthcomingmeetinginJuly2016.Optionally,awhitepapercouldbedevelopedtooutlinepolicyscenarios(legislativeprovisionsorlackthereof),technologychoices(e.g.,smartcardversusonlineauthenticationusingjustanumber),usecases,andbusinessmodels.
17
NextStepsandWrapupEventco-moderatorOlegLogvinovsaidthatoneoftheprimarychallengesthattheregionalIEEEETAPForumgatheringsregularlyillustrateisthat,whiletechnologicalchangeremainsaglobalphenomenon,policyisfracturedinlocalizedvariations.ThroughtheIEEEETAPForumeventssuchastheJune2016gatheringinTelAviv,hesaid,“we’retryingtobringthoselocaldiscussionstotheworldwidestageandcreateacommunitythatisglobal.”Mr.LogvinovsaidIEEEETAPForumorganizershopetoshareconclusionsandactionableitemsfromtheregionaleventsduringtheInternetGovernanceForuminGuadalajara,Mexico,on6-9December2016.JointheConversation
TheIEEEInternetInitiativeisacross-organizational,multi-domaincommunitythatconnectstechnologistsandpolicymakersfromaroundtheworldtofosterabetterunderstandingof,andtoimprovedecisionsandadvancesolutionsaffecting,Internetgovernance,cybersecurity,andprivacyissues.TherearemanywaystoengagethroughtheIEEEInternetInitiative.Pleasevisithttp://internetinitiative.ieee.orgoremailinternetinitiative@ieee.orgformoreinformation.
18
AppendixI:ProgramDate:22June2016Location:TelAvivUniversity,BerglasSchoolofEconomicsBuilding,Room012,TelAviv,IsraelTheme:BiometricsandAccessControlModerators:OlegLogvinov,Founder,IoTecha,andDeepakMaheshwari,DirectorofGovernmentAffairsAcrossIndiaandASEANRegion,SymantecStartTime EndTime TentativeProgram
8:15am 9:15am RegistrationandNetworkingbreakfast
9:15am 9:45am Openingremarksandself-introductionbyparticipants
OlegLogvinov,Founder,IoTecha,moderatorOlegisthePresidentandCEOofIoTechaCorporation,anindustrialIoTsolutionsprovider.InMarch2016,Mr.Logvinovco-foundedIoTechaCorporation.PriortojoiningIoTecha,Mr.LogvinovwasadirectorofspecialassignmentsinSTMicroelectronics’Industrial&PowerConversionDivision,wherehewasdeeplyengagedinmarketandtechnologydevelopmentactivitiesintheareaofindustrialIoT,includingtheapplicationsofIEEE1901powerlinecommunicationtechnologyinharshenvironmentsofindustrialIoT.Duringthelast25yearsMr.Logvinovhasheldvariousseniortechnicalandexecutivemanagementpositionsinthetelecommunicationsandsemiconductorindustry.AftergraduatingfromtheTechnicalUniversityofUkraine(KPI)withtheequivalentofamaster’sdegreeinelectricalengineering,Mr.LogvinovbeganhiscarrierasaseniorresearcherattheR&DLaboratoryoftheUkraineDepartmentofEnergyattheKPI.InJanuary2015,Mr.LogvinovwasappointedasthechairoftheIEEEInternetInitiative.TheIEEEInternetInitiativeconnectsengineers,scientists,industryleaders,andothersengagedinanarrayoftechnologyandindustrydomainsgloballywithpolicyexpertstohelpimprovetheunderstandingoftechnologyanditsimplicationsandimpactonInternetgovernanceissues.Inaddition,theInitiativefocusesonraisingawarenessofpublicpolicyissuesandprocessesintheglobaltechnicalcommunity.HeisalsoapastmemberoftheIEEEStandardsAssociation(IEEE-SA)CorporateAdvisoryGroupandtheIEEE-SAStandardsBoard.Mr.LogvinovalsochairstheindustryengagementtrackoftheIEEEIoTInitiativeandhascreatedaseriesofworldwideIoTstartupcompetitionevents.Mr.LogvinovactivelyparticipatesinseveralIEEEstandardsdevelopmentworkinggroupsthatfocusonIoTandcommunicationstechnologies.Mr.LogvinovischairoftheIEEEP2413“StandardforanArchitecturalFrameworkfortheInternetofThings”WorkingGroup.HehelpedfoundtheHomePlugPowerlineAllianceandisthepastpresidentandCTOoftheAlliance.Mr.Logvinovhas24patentstohiscreditandhasbeenaninvitedspeakeronmultipleoccasions.
19
StartTime EndTime TentativeProgram
9:45am 10:05am KeynoteIddoMoed,CybersecurityCoordinator,MinistryofForeignAffairs,IsraelAfterjoiningtheIsraelMinistryofForeignAffairsin1992,IddoMoedwaspostedinseveralmissionsaroundtheworldincludingtheDominicanRepublic,TheHague,Singapore,andBeijing(DCM).PositionsinIsraelhaveincludedassistanttothedirectorgeneral,WaterandMultilateralAffairsattheMiddleEastDivision;MiddleEasternEconomicAffairs;andheadoftheTrainingDepartment.InJune2013,MoedwasappointedasCyberSecurityCoordinatorattheStrategicAffairsDepartment,MFA.InthisroleMoedisresponsibleforcoordinationofpoliciesregardinginternationalcooperationincybersecurity.
10:05am 10:25am Keynote—IndiabiometricsDeepakMaheshwari,DirectorofGovernmentAffairsAcrossIndiaandASEANRegion,SymantecDeepakMaheshwariisdirectorofgovernmentaffairsforSymantecacrossIndiaandASEANregion.Apublicpolicyandregulatoryaffairsprofessional,hehasakeeninterestintheinterplayoftechnologicalinnovationwithsocio-economicdevelopment.Anoft-invitedspeaker,authorandcolumnist,hehasplayedapivotalroleinevolutionanddevelopmentofInternetpolicyanddigitalecosystemasanindustryspokespersonandthoughtleader.HeservedtwoconsecutivetermsaselectedsecretaryofISPAssociationofIndia(ISPAI)andco-foundedtheNationalInterneteXchangeofIndia(NIXI).HeisachartermemberofIEEEExpertsinTechnologyandchairstheBSAAsia-PacificPolicyCommittee.,AnengineeringgraduatefromIndianInstituteofTechnologyaswellasalawgraduate,hehaspreviouslyworkedwithMicrosoft,MasterCard,HCLandSify.
10:25am 10:35am Break
20
StartTime EndTime TentativeProgram
10:35am 11:20am PaneldiscussionShaharBelkin,Co-Founder,FSTBiometricsYuvalElovici,Director,DeutscheTelekomLaboratoriesatBen-GurionUniversityJonathanKlinger,IsraeliCyberlawattorneyandbloggerLimorShmerlingMagazanik,,DirectorofLicensing&InspectionattheIsraeliLaw,Information&TechnologyAuthority(ILITA)BoazLandsberger,IsraelElectricCompanyShaharBelkinIn1995Shaharfoundedhisfirststart-up,calledOzVision.DevelopinglivevideostreamingoverRFradioandtelephonelines,andoneofthefirst,digitalvideorecordersforsecurity,OzVisionachievedaleadingpositionasasupplierofremotevideosolutionsintheUSsecuritymarket.Italsopatentedauniquevideocompressionandstreamingalgorithm.In2006Shaharco-startedanewstartupcalledFSTBiometrics,developinganewconceptandtechnologyofvisualidentificationthatprovidesmotionbiometricIdentification,patentingseveralalgorithmsinbiometricsandinfrauddetection.TodaythecompanyisaglobalmarketleaderinthebiometricphysicalaccesscontrolmarketYuvalEloviciYuvalEloviciisthedirectoroftheTelekomInnovationLaboratoriesatBen-GurionUniversityoftheNegev(BGU),headofBGUCyberSecurityResearchCenter,ResearchDirectorofiTrustatSUTD,andaProfessorintheDepartmentofInformationSystemsEngineeringatBGU.Prof.EloviciholdsB.Sc.andM.Sc.degreesincomputerandelectricalengineeringfromBGUandaPh.D.ininformationsystemsfromTel-AvivUniversity.HeservedastheheadofthesoftwareengineeringprogramatBGUfortwoandahalfyears.Forthepast11yearshehasledthecooperationbetweenBGUandDeutscheTelekom.Prof.Elovicihaspublishedarticlesinleadingpeer-reviewedjournalsandinvariouspeer-reviewedconferences.Inaddition,hehasco-authoredabookonsocialnetworksecurityandabookoninformationleakagedetectionandprevention.Hisprimaryresearchinterestsarecomputerandnetworksecurity,cybersecurity,webintelligence,informationwarfare,socialnetworkanalysis,andmachinelearning.Prof.Elovicialsoconsultsprofessionallyintheareaofcybersecurityandistheco-founderofMorphisec,astartupcompanythatdevelopsinnovativecybersecuritymechanismsrelatedtomovingtargetdefense.JonathanKlingerJonathanKlingerisanIsraeliCyberlawattorneyandblogger,actingasalegalconsultantforseveralhigh-techcompaniesandstart-ups.HeservesasalegalcounselforHamakor,Israel'sOpenSourceSociety,Eshnav,PeopleforIntelligentInternetUse,Israel'sDigitalRightMovement,andothers.JonathantaughtcomputergamedevelopmentlawatBeitBerlCollegeandteachesmedialaw.HevolunteersattheDigitalRightsMovementfreespeechclinic,wherehetakescasesrelatingtostrategiclawsuitsagainstpublicparticipation(SLAPP).LimorShmerlingMagazanikAdv.LimorShmerlingMagazanikisDirectorofLicensing&InspectionattheIsraeliLaw,Information&TechnologyAuthority(ILITA).ILITAistheIsraelidataprotectionauthority,inchargeofenforcingtheIsraeliPrivacyActprovisionsinthedigitalspherewithregardstothefundamentalhumanrighttoprivacy.HerresponsibilitiesinthepasteightyearshaveincludedmanagingILITA’sregulationandenforcementactivitiesoverbothprivateandpublicsectors.Theseincludeinvestigationsandlegalproceedings,incasesofprivacylawinfringements,overissuessuchasconsent,purposelimitation,anddatabreaches.Ms.ShmerlinghasalsomanagedtheregulationofdigitalidentityviadigitalsignaturesinIsrael.SheisafrequentparticipantinpolicyframinginIsraeligovernmentinformationsystemsanddataprojects,promotingcompliancewithprivacyregulation.Shewaspartoftheoversightcommitteesupervisingtheprogramfortheestablishmentofabiometricdatabasealongsidethesmartidentitycardproject.Previouslysheworkedaslegaladvisorinthefieldsofcorporatelaw,propertylaw,andbanking,andshehasheldproductandprojectmanagementpositionsinthehigh-techindustry.Ms.ShmerlingisagraduateofTel-AvivUniversity,holdingbachelor’sandmaster’sdegreesinlawandamaster’sdegreeinliterature.
21
StartTime EndTime TentativeProgram
11:20am 11:40am KeynoteDr.DoritDor,Vice-President,Products,CheckPointSoftwareTechnologies
Dr.DoritDorservesasVicePresident,ProductsforCheckPointSoftwareTechnologies.Shemanagesallproductdefinitionanddevelopmentfunctionsforboththeenterpriseandconsumerdivisionsofthecompany.Dor’scoreresponsibilitiesincludeleadingthecompany’sproductmanagement,researchanddevelopment(R&D),andqualityassurance(QA)initiativesfromconcepttodelivery.DorhasservedinseveralpivotalrolesinCheckPoint’sR&Dorganization.Shehasbeeninstrumentaltotheorganization’sgrowthandmanagedmanysuccessfulproductreleases.Shehasbeenpublishedinseveralinfluentialscientificjournalsforherresearchongraphdecomposition,medianselection,andgeometricpatternmatchingind-dimensionalspace.In1993,shewontheIsraelNationalDefensePrize.DorholdsPhDandMSdegreesincomputersciencefromTelAvivUniversity,inadditiontograduatingcumlaudeforherBachelorofSciencedegree.
11:40am 12:00pm Rapid-FireidentificationofissuesOlegLogvinov
12:00pm 12:20pm KeynoteProfessorIsaacBen-Israel,DirectoroftheInterdisciplinaryCyberResearchCenter(ICRC),TelAvivUniversityMajorGen.(Ret.)ProfessorIsaacBen-IsraelservesasdirectoroftheInterdisciplinaryCyberResearchCenter(ICRC).Additionally,heservesaschairoftheYuvalNe'emanWorkshopforScience,TechnologyandSecurity,chairoftheIsraeliSpaceAgency,andchairoftheNationalCouncilforResearchandDevelopmentintheMinistryofScience.ProfessorBen-Israelstudiedmathematics,physics,andphilosophyatTelAvivUniversity,receivinghisPhDin1988.ProfessorBen-IsraeljoinedtheTelAvivUniversityasaprofessor,teachingatandleadingtheSecurityStudiesProgramandattheCohenInstitutefortheHistory&PhilosophyofSciencesandIdeas.HealsoservesasdeputydirectoroftheHartogSchoolofGovernmentandPolicy.In2011,hewasappointedbythePrimeMinistertoleadataskforcethatformulatedIsraelnationalCyberpolicy.FollowingthathefoundedtheNationalCyberHeadquartersinthePrimeMinister’sOffice.ProfessorBen-Israelhaswrittennumerouspapersonmilitaryandsecurityissues.
12:20pm 1:00pm Lunch
1:00pm 1:20pm ReviewofkeyissuesfrompreviousETAPForumsDeepakMaheshwari
1:20pm 1:45pm Synthesisandselectionofhigh-priorityareasOlegLogvinov
1:45pm 2:00pm Break
22
StartTime EndTime TentativeProgram
2:00pm 3:00pm Breakoutsessions—delvedeeperintohighestpriorityissues
3:00pm 3:30pm ReportfromBreakoutSessionsBreakoutleads
3:30pm 3:45pm NextStepsandWrap-upOlegLogvinov
23
AppendixII:Participants
ThefollowingindividualsattendedthesecondTelAvivIEEEETAPForum:DannyAkerman,TheStandardsInstitutionofIsrael
EddieAronovich,ComputerScienceTel-AvivUniversity
ShaharBelkin,Co-Founder,FSTBiometrics
ProfessorIsaacBen-Israel,DirectoroftheInterdisciplinaryCyberResearchCenter(ICRC),TelAvivUniversity
OrtalBenjamin,B.Benjamin
ChaimCohen,CDOwebIntegrity
TamarCohen
LucianCristache,IOTArchitectLucommTechnologies
JamesDenaro,HypercoPartners
JermyDery,DanHotelTelAviv
Dr.DoritDor,Vice-President,Products,CheckPointSoftwareTechnologies
NivElis,ReporterJerusalemPost
YuvalElovici,Director,DeutscheTelekomLaboratoriesatBen-GurionUniversity
OriFreiman,Bar-IlanUniversity
ChaimGreenberg,Appsec-Labs
AsafHecht,ResearcherCyberark
ArielHochstadt,co-foundervpnmentor.com
NoamIfat
VladimirJotsov,FullProf.ULSIT
GilKeini,FounderCEOFirmitas
JonathanKlinger,IsraeliCyberlawattorneyandblogger
DafnaKovler,ProjectManagerICRC
IlanLamdan,CEONetExpertComputerSystemsLTD
BoazLandsberger,IsraelElectricCompany
YossiLavon,AppsecLabs
GadiLenz,ChiefScientistAGTInternational
InbalLevi,Student
OlegLogvinov,IEEEInternetInitiative,Chair;IEEEP2413InternetofThings(IoT)ArchitectureWorking
24
Group,Chair;IoTechaCorporation,PresidentandCEO
LimorShmerlingMagazanik,DirectorofLicensing&InspectionattheIsraeliLaw,Information&TechnologyAuthority(ILITA)
DeepakMaheshwari,DirectorofGovernmentAffairsAcrossIndiaandASEANRegion,Symantec
SebastianMaier,ManagingPartnerMaier|Schumann|PartnersLLP
ShukiMaman,ArchitectHuawei
SharonMashhadi,BankHapoalim
AvrahamMenachem,ConsultantOCS
IddoMoed,CybersecurityCoordinator,MinistryofForeignAffairs,Israel
IdoNaor,KasperskyLabSeniorResearcher
MaryLynneNielsen,GlobalOperationsandOutreachProgramManagerIEEE
DanielPerez
TomerReuven
RinatRon-Selzer,EmbassyofIsraelWashingtonDC
AdiSagi,BGU
FlorianSchutz,BusinessDevelopmentCyber&IntelligenceRUAGSchweizAG,RUAGDefence
AsafShelly,CEOEngageioT
EvaShelly,COOEngageioT
ShacharSiboni,PhDStudentBGU
RamiTsalka
JamesVoorhees,CyberDefenseAnalystCommonSecuritizationSolutions
AlbertWaldhuber,Manager,GlobalStandardsSolutions&ContentMarketingIEEEStandardsAssociation
DaliaYogev
25
AppendixIII:CombinedIssuesList,AllIEEEETAPForumsTelAviv,22June2016
• Whatbiometricdataisappropriateforwhatcircumstances?Beijing,17May2016
• Cyber-threatstocriticalinfrastructure,includingeGovernment/eCommerce• Transparencyasasourceofobtainingdataforevidence-baseddecisionmaking• BiodiversityintheInternetecosystem
Delhi,4March2016
• ProtectingInternettraffic,managingmeta-dataanalysis,andhowtoimplementbothsecurityandprivacyatscale
• Multi-stakeholderInternetgovernance• Optionsandchallengesinprovidinguniversalaccessforsocialandeconomicinclusion
Washington,5February2016
• Datalocalization• Educationandethics• End-to-endsecurity/privacybydesign• Technology-policydevelopmentprocess
TelAviv,10August2015
• Userassessmentoftrustworthinessofdevices,enterprises,andgovernments• Educatingusersaboutcharacteristicsofinformationsociety• Machine-readableprivacyagreementsandwhoenforcesthem?
SanJose,18May2015
• Threatsandopportunitiesindataanalytics• Multi-stakeholderInternetgovernance• ProtectingInternettraffic,managingmeta-dataanalysis,andhowtoimplementbothsecurity
andprivacyatscale• FragmentationoftheInternetduetolocalpoliciesandhowtoavoidit• Algorithmicdecisionmakingthatexacerbatesexistingpowerbalancesandethicalconcerns• HowtobestengageIEEEasaplatformforcontributingtotheresolutionoftheseandrelated
issues
