Date post: | 28-Mar-2015 |
Category: |
Documents |
Upload: | karlie-biddison |
View: | 220 times |
Download: | 3 times |
www.ipc.on.ca
Building in Privacy from the Building in Privacy from the Bottom up: How to Preserve Bottom up: How to Preserve Privacy in a Security-Centric Privacy in a Security-Centric
WorldWorld
Ann Cavoukian, Ph.D.Ann Cavoukian, Ph.D.Information & Privacy Commissioner/Ontario
Carnegie Melon University Lecture
Pittsburg, PA
November 4, 2004
www.ipc.on.cawww.ipc.on.ca Slide 2
Impetus for Change
Growth of Privacy as a Global Issue
EU Directive on Data Protection
Increasing amounts of personal data collected, consolidated, aggregated
Consumer Backlash; heightened consumer expectations
www.ipc.on.cawww.ipc.on.ca Slide 3
Importance of Consumer Trust
In the post-9/11 world:• Consumers either as concerned or more concerned about online
privacy• Concerns focused on the business use of personal information, not
new government surveillance powers
If consumers have confidence in a company’s privacy practices, consumers are more likely to:• Increase volume of business with company…….... 91%• Increase frequency of business……………….…... 90%• Stop doing business with company if PI misused…83%
Harris/Westin Poll, Nov. 2001 & Feb. 2002
www.ipc.on.cawww.ipc.on.ca Slide 4
How The Public Divides on Privacy
The “Privacy Dynamic” - Battle Dr. Alan Westinfor the minds of the pragmatists
2554
2225
6312
3458
826
6410
0 20 40 60 80
1999
2000
2001
2003
UnconcernedPragmatistsFundamentalists
www.ipc.on.cawww.ipc.on.ca Slide 5
Information Privacy Defined
Information Privacy: Data Protection
• Freedom of choice; control; informational self-determination
• Personal control over the collection, use and disclosure of any recorded information about an identifiable individual
www.ipc.on.cawww.ipc.on.ca Slide 6
What Privacy is Not
Security Privacy
www.ipc.on.cawww.ipc.on.ca Slide 7
The Privacy/Security Relationship
Privacy relates to personal control over one’s personal information
Security relates to organizational control over information
These represent two overlapping, but distinct activities
www.ipc.on.cawww.ipc.on.ca Slide 8
AuthenticationData IntegrityConfidentialityNon-repudiation
Privacy; Data ProtectionFair Information Practices
Privacy and Security: The Difference
Security: Organizational control
of information through information systems
www.ipc.on.cawww.ipc.on.ca Slide 9
The Perils of Not Protecting Privacy…
Privacy “disasters” – Intel Pentium III– RealNetworks– Microsoft HotMail – Amazon/Alexa– CD Universe– Look Communications
“ It was skin searing experience. We can’t take another hit like that.”
MS Senior Executive
www.ipc.on.cawww.ipc.on.ca Slide 10
Technology Can Help
“The most effective means to counter technology’s erosion of privacy is technology itself.”
Alan Greenspan, Federal Reserve Chairman
“A technology should reveal no more information than is necessary…it should be built to be the least revealing system possible.”
Dr. Lawrence Lessig, Harvard, September 1999
www.ipc.on.cawww.ipc.on.ca Slide 11
Privacy By Design: Build It In
Build in privacy – up front, right in the design specifications
Minimize the collection and routine use of personally identifiable information – use aggregate or coded information if possible
Wherever possible, encrypt personal information
Think about anonymity and pseudonymity Assess the risks to privacy: conduct a privacy
impact assessment; privacy audit
www.ipc.on.cawww.ipc.on.ca Slide 12
Privacy by Design:Technology
Architectures of Identification• PKI: confidentiality or surveillance• Biometrics: privacy or social control
Business/government drivers for designing trust into systems and programs
Wireless technology: m-commerce• convergence, convenience, control
www.ipc.on.cawww.ipc.on.ca Slide 13
Biometrics: The Myth of Accuracy
The problem with large databases containing thousands (or millions) of biometric templates:
• False positives
• False negatives
www.ipc.on.cawww.ipc.on.ca Slide 14
Biometric Identification: False Positive Challenge
Even if you have a 1 in 10,000 error rate per fingerprint, then a person being scanned against a million-record data set will be flagged as positive 100 times. And that’s every person. A system like that would be useless because everyone would be a false positive.
Bruce Schneier, quoted in Ann Cavoukian’s Submission to the Standing Committee on Citizenship and Immigration, November 4, 2003
http://www.ipc.on.ca/docs/110403ac-e.pdf
www.ipc.on.cawww.ipc.on.ca Slide 15
Facial Recognition: the Reality
Test results less than stellar- Logan Airport pilot had a 50% error rate in real world
conditions- U.S. State Department has stated that facial recognition has
“unacceptably high error rates”- U of Ottawa tests this summer resulted in accuracy rates
between 75% to more than 90%- National Institute for Standards and Technology, under ‘ideal
lighting and controlled environment conditions’ reported 90% accuracy
- Superbowl facial recognition no longer considered ‘useful’ by subsequent organizers
“Biometrics Benched for Super Bowl” By Randy Dotinga, Wired Magazine
www.ipc.on.cawww.ipc.on.ca Slide 16
STEPS: The Context
Terrorist attacks 9/11
Government concerns over public safety
U.S. Patriot and anti-terrorist legislation
Polarized debate for Security/Privacy
www.ipc.on.cawww.ipc.on.ca Slide 17
Change the Paradigm
Old Paradigm: Zero Sum GameNew Paradigm: (win-win)
Security + Privacy = FreedomExpand the discourse: Privacy and Security
are not polar opposites but essential components
http://www.ipc.on.ca/docs/steps.pdf
www.ipc.on.cawww.ipc.on.ca Slide 18
The Challenge for Solution Developers
Introduce privacy into the concept, design and implementation of technology solutions
Promote existing STEPs: 3-D Holographic Scanner: respecting physical
privacy while enhancing security Biometric encryption: better security plus
ironclad privacy
www.ipc.on.cawww.ipc.on.ca Slide 19
Fair Information Practices:A Brief History
OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data
EU Directive on Data Protection
CSA Model Code for the Protection of Personal Information
Canada Personal Information Protection and Electronic Documents Act (PIPEDA)
www.ipc.on.cawww.ipc.on.ca Slide 20
Summary of Fair Information Practices
AccountabilityIdentifying PurposesConsentLimiting CollectionLimiting Use,
Disclosure, RetentionAccuracy
SafeguardsOpennessIndividual AccessChallenging
Compliance
www.ipc.on.cawww.ipc.on.ca Slide 21
Privacy Diagnostic Tool
Simple, plain-language tool (paper and e-versions)
Free & self-administered
CSA model code to examine an organization’s privacy management practices
www.ipc.on.ca/PDT
www.ipc.on.cawww.ipc.on.ca Slide 22
Privacy Enhancing Technologies
What are PETs?
• Anonymisers, pseudonomisers, intermediaries
Their Strengths
• tools to protect personal information
Their Limitations
• usually individual responses to an existing architecture
• sometimes someone still has your personal information
www.ipc.on.cawww.ipc.on.ca Slide 23
PETTEP
Privacy Enhancing Technologies Testing and Evaluation Project
How does one determine whether a technology can deliver on its privacy promises?
PETTEP is intended to test the claims of various technologies regarding their ability to perform in a privacy protective manner
www.ipc.on.cawww.ipc.on.ca Slide 24
PETTEP (cont’d)
Modeled on the Common Criteria – an international standard used to test the security components of technologies
For privacy, Fair Information Practices (FIP) would form the basis of the testing
The challenge is to translate FIPs into the functional requirements of the Common Criteria – to find the design correlates of FIPs
www.ipc.on.cawww.ipc.on.ca Slide 25
PETTEP Status Update
EDS has partnered with the IPC and PETTEP to develop an enhancement of the Privacy Chapter in the Common Criteria;
EDS is also committed to developing the necessary privacy profiles that will form the basis of testing and evaluating the privacy claims of various technologies;
PETTEP, the IPC and EDS plan to pilot several technologies/systems to refine the enhanced Privacy Chapter.
www.ipc.on.cawww.ipc.on.ca Slide 26
Final Thought
“Anyone today who thinks the privacy issue has peaked is greatly mistaken…we are in the early stages of a sweeping change in attitudes that will fuel political battles and put once-routine business practices under the microscope.”
Forrester Research, March 5, 2001
www.ipc.on.ca
How to Contact UsHow to Contact Us
Commissioner Ann CavoukianCommissioner Ann CavoukianInformation & Privacy Commissioner/Ontario
2 Bloor Street East, Suite 1400
Toronto, Ontario M4W 1A8
Phone: (416) 326-3333
Web: www.ipc.on.ca
E-mail: [email protected]