1 / 0

Protecting Privacy in Global Networks

Protecting Privacy in Global Networks. Andrew Cormack Chief Regulatory Adviser, JANET(UK) Andrew.Cormack@ja.net. ?. What is Privacy, anyway?. Secret. Dog. Lassie. Same Dog. ?. Secret. Attribute. Identification. Recognition. Real-world privacy leaks!. “Dog” + “Alsatian”.

fonda
Download Presentation

Protecting Privacy in Global Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Protecting Privacyin Global Networks

    Andrew Cormack Chief Regulatory Adviser, JANET(UK) Andrew.Cormack@ja.net
  2. ? What is Privacy, anyway? Secret Dog Lassie Same Dog
  3. ? Secret Attribute Identification Recognition
  4. Real-world privacy leaks! “Dog” + “Alsatian”
  5. Real-world privacy leaks! “Can pay” + Name + Affiliation
  6. Real-world privacy leaks! “Can drive” + Name + Date of Birth + Where born + Where living + Signature = Theft kit = Identity theft kit
  7. On-line: can do better Give me access Save stuff formy next visit cfa1 2e0b Bill me? Punish me? Find me inother systems js56
  8. How to use privacy tools? Real world experience is a poor guide Don’t import “leak and label” Law may say how to use technology “how fast can I drive in Denmark?” “which side of the road?”
  9. Lots of Privacy Law, but... Is amount of tax paid private data? NO! YES!
  10. Lots of Privacy Law, but... Is a web server log private data? YES! NO!
  11. Lots of Privacy Law, but... Who owns your private data? ME! YOU!
  12. Doing Privacy Right Privacy = “subject-controlled use” So, from that definition Don’t cause of loss of control Either deliberately or accidentally Data/use minimisation => risk minimisation Tell subject what you will do What uses they control and what they don’t Build privacy into systems Identification as last (exceptional) resort
  13. Separation of Roles Separating identification is good Maybe separate credential issue too? First get a (generic) on-line credential Then use it to enrol with a particular service As in PGP, sort of Result: SSO with better privacy No “central database” of attributes or links Services choose own enrolment standard Up to limit set by credential issue/use
More Related