200 likes | 316 Views
Seeking Solutions to the Privacy Challenges of Emerging Technologies. Blair Stewart, Assistant Privacy Commissioner Presentation to NZ Computer Society, Wellington, 24 November 2005. Office of the Privacy Commissioner Technology Team. Origins of Privacy laws bound up with technology.
E N D
Seeking Solutions to the Privacy Challenges of Emerging Technologies Blair Stewart, Assistant Privacy Commissioner Presentation to NZ Computer Society, Wellington, 24 November 2005
Origins of Privacy laws bound up with technology • 1960s/70s – public concerns at computers and networks led to regulation of databases and ‘automatic processing of data’ NZ Example: Wanganui Computer Centre Act 1976
Origins of Privacy laws cont’d • 1980s/90s – risks of inconsistent national privacy laws impeding transborder data flows led to common international principles NZ Example: Privacy Act 1993 repealed prescriptive 1976 Act and implements broad 1980 OECD principles
Origins of Privacy laws cont’d • 1990s/2000s – new & converging technologies give rise to new wave of public concerns • Consumer & citizen ‘trust’ central e.g. consumer mistrust as an inhibitor to e-commerce NZ Example: Government’s 2000 ‘e-vision’ acknowledged concerns that government might ‘know too much about people’ and ‘use that information inappropriately’ (safeguards were promised) NZ Privacy Act also provides data matching safeguards See also OPC UMR survey (September 2001, next slide)
Some current and emerging technology challenges to privacy • Privacy issues can arise wherever personal information is processed, e.g.: • micro-level (e.g. genetic information) • national databases (e.g. the forthcoming ‘e-census’) • global (e.g. GPS, EPC/RFID, WHOIS) • The International Working Group on Data Protection in Telecommunications offers a glimpse of technology and privacy issues
IWGDPT papers (2001/02/03) • Data Protection aspects of digital certificates and public-key infrastructures • Online Voting in Parliamentary and other Elections • Privacy and location information in mobile communications services • Web-based Telemedicine • Use of unique identifiers in telecommunication terminal equipments: the example of Ipv6 • Children’s Privacy On Line: The Role of Parental Consent • Telecommunications surveillance • Intrusion Detection systems (IDS) • Privacy risks associated with introduction of ENUM service
IWGDPT papers (2004) • Cyber Security Curricula Integrating National, Cultural and Jurisdictional (Including Privacy) Imperatives • Means & Procedures to Combat Cyber-Fraud in a Privacy-Friendly Way • Privacy & location information in mobile communications services • Freedom of expression & right to privacy regarding on-line publications • Privacy risks associated with wireless networks • Privacy and processing of images and sounds by multimedia messaging services • A future ISO privacy standard
IWGDPT some current topics (2005) • Web browser caching in multi-user public access environments (cyber cafés) • Speaker recognition and voice analysis technology • Internet governance e.g. WSIS, WGIG, WHOIS • Electronic health records • Web-services • Blogging • Spam, Spy-ware • RFID • IP telephony (Voice over IP) • Satellite technology for everybody’s desktop, geo-location technology
How are privacy commissioners (and others) responding to these challenges? • The privacy commissioner ‘model’ is a multi-functional regulator combining: • Researcher and policy adviser • Educator • Rule maker • Investigator and dispute mediator (complaints ombudsman)
How are commissioners (and others) responding to these challenges? • The elastic character of privacy, dynamic nature of technology and globalisation of information handling, make rigid and prescriptive solutions very difficult (and usually undesirable) • Instead good privacy outcomes in the technology area are fostered by: • Better understanding the issues • Educating those involved • Building in privacy from the start
Understanding the issues • Emerging technologies raise novel issues • Commissioners try to understand the issues as early as possible by: • Keeping abreast of literature • Maintaining networks with technologists (one task of technology team) • Discussing issues, sharing experience (e.g. IWGDPT), using overseas commissioners as an advanced warning system • Promoting or undertaking research e.g. into privacy enhancing technologies (PETs)
Understanding issues, cont’d • Others also researching the issues, and commissioners may collaborate e.g: • With academia e.g. UK ICO links with UMIST; VPC links with RMIT • With industry e.g. UK ICO links with HiSPEC; Ontario IPC work with PETTEP, IBM Privacy Research Institute External Advisory Board, joint projects with PWC
Educating those involved • Privacy commissioners active in training and education e.g. Technology Team runs an occasional lunchtime ‘Technology & Privacy Forum’ (open to the public) and convenes an Information Matching Interest Group (public sector only) • UK Commissioner had UMIST develop ‘Best Practice Guidance on Data Protection for Systems Designers’ (see HiSPEC site)
Privacy by design: building privacy in from the start • Privacy commissioners internationally have called upon hardware and software manufacturers to incorporate privacy enhancing technologies – it is not just an issue for governments
Privacy by design cont’d • Privacy impact assessment is recommended for new systems affecting the handling of personal information
Conclusions • Technology and privacy are closely bound together • We all want to make the most of new technologies • However, we also want to preserve our privacy (some more than others) and protect our personal information • Computer professionals have an important part to play in finding solutions to the new challenges
Some resources • Office of the Privacy Commissioner www.privacy.org.nz • IWGDPT Working Papers www.datenschutz-berlin.de/doc/int/iwgdpt/ • HiSPEC (Human issues in security and privacy in e-commerce) www.hispec.org.uk • Privacy Enhancing Technology Testing & Evaluation Project (PETTEP) www.ipc.on.ca/scripts/index_.asp?action=31&N_ID=1&P_ID=15495&U_ID=0