1 / 14

Personal Privacy

Personal Privacy. Ross Anderson Professor of Security Engineering Cambridge University. Privacy Engineering. Engineering for privacy, as for security or dependability, involves computer science – for matters like scalability

halia
Download Presentation

Personal Privacy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Personal Privacy Ross Anderson Professor of Security Engineering Cambridge University

  2. Privacy Engineering • Engineering for privacy, as for security or dependability, involves • computer science – for matters like scalability • economics – systems often fail when the people who maintain them have the wrong incentives • psychology – the feeling and the reality are often different • Privacy is particularly hard because all three of these factors are often pushing the wrong way

  3. Privacy and Business • It’s economically efficient to charge different prices to different customers • The falling costs of collecting and processing data make this easier • The move if businesses online makes them more like the software business (with low marginal costs, network effects and lock-in) which makes price discrimination more profitable • However price discrimination annoys people – especially those who end up paying more

  4. Example – Facebook • A newsworthy conflict of interest • Facebook wants to sell user data • Users want feeling of intimacy, small group, social control • Complex access controls – 60+ settings on 7 pages • Privacy almost never salient (deliberately!) • Over 90% of users never change defaults • This lets Facebook blame the customer when things go wrong

  5. How Privacy Scales • Main privacy threat is usually insiders • Traditional GP: 12 staff have access to 10,000 records. Can cope with that! • What happens if we let 45,000 GPs plus 40,000 staff see 50,000,000 records? • Lesson from Scotland • Effect of pervasive malware • What’s done in intelligence agencies

  6. ‘Database State’ • The Joseph Rowntree Reform Trust sponsored a systematic study of all government systems that hold information on at least a substantial minority of us • Authors: me, Ian Brown, Terri Dowty, Philip Ingelsant, William Heath, Angela Sasse • Are these databases legal, and effective? • Which systems should the next Government, scrap, keep or fix?

  7. Database State (2) • Of 46 systems, we found that 11 were almost certainly illegal • Health: SUS, DCR – fall foul of I v Finland judgement • Kids: eCAF, ONSET, ContactPoint • Home Office: NDNAD, NIR, IMP • DWP data sharing, National Fraud Initiative • The EU Prüm framework

  8. Database State (3) • We also found 29 ‘amber’ databases with significant problems including • National Childhood Obesity Database (why?) • NHS Summary Care record (almost useless) • National Pupil Database (mission creep) • Police National Database (federating much stuff that used to be local, like the NHS) • Only 6 of 46 databases got a green light (and one of those was an error)!

  9. Where Are We Now? • Three ‘red’ systems were closed down (NIR, ContactPoint, NAO) • Other red systems being spun/renamed (IMP) • Two new ‘red’ systems – SCR and YJCMS • A number of ‘amber’ systems that harm privacy while providing no benefit are spared (NCOD, NPD, Learner Records Service) • In short: no real change, despite Coalition Agreement and the parties’ pre-election pitches

  10. Statistical Security • The Department of Health wants to keep its databases but protect privacy by stripping out patients’ names and addresses • But this doesn’t in general work! • Example: find the salary of the female professor in the computer lab as (average salary professors) - (average salary male professors) x (number of professors) • With health it’s even harder – especially as researchers want longitudonal records that link up care episodes

  11. Economics of Privacy • Economics of security has been a rapidly growing field since 2001 • The economics of privacy are perplexing! • People say they value privacy, but usually act otherwise • Is this due to ignorance, externalities, social effects, …? • Will people suddenly become militant?

  12. Conclusion • Privacy online is hard! • The economics, psychology and computer science often push in the wrong direction • The private sector is motivated by price discrimination • The public sector is somewhat similar with a drive to ‘personalised service’ or ‘transformation government’ • What sets the boundary? European law? A public reaction against ‘creepy’ organisations? Rational rejection of surveillance by richer citizens?

  13. Europe to the Rescue? • The I v Finland case, 2008 • Ms “I” was a nurse in Helsinki, HIV+ • Her hospital systems let everyone see everything • Her colleagues found out about her HIV and hounded her out of her job • ECHR: she had a right to restrict her health records to clinicians involved directly in her care • Now, so do we all!

More Related