1 / 24

National Security in a Post-9/11 World: The Rise of Surveillance, … the Demise of Privacy?

National Security in a Post-9/11 World: The Rise of Surveillance, … the Demise of Privacy?. Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario 2004 Osler Hoskin & Harcourt Lecture Centre for Innovation Law and Policy February 23, 2004. Whither Privacy?. Post September 11 th

taya
Download Presentation

National Security in a Post-9/11 World: The Rise of Surveillance, … the Demise of Privacy?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. National Security in a Post-9/11 World: The Rise of Surveillance, … the Demise of Privacy? Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario 2004 Osler Hoskin & Harcourt Lecture Centre for Innovation Law and Policy February 23, 2004

  2. Whither Privacy? • Post September 11th • Enormous impact on privacy • The Security of Freedom: Essays on Canada's Anti-Terrorism Bill • University of Toronto, 2001 www.utppublishing.com/detail.asp?TitleID=2493

  3. September 11, 2001 “Public safety is paramount but balanced against privacy” • Security measures must be real, not illusory • New powers must be studied and measured to determine effectiveness and utility • Are new security powers truly necessary or are existing powers not fully utilized or effectively deployed? http://www.ipc.on.ca/userfiles/page_attachments/1517136_pub01-e.pdf http://www.cbc.ca/news/indepth/usattacked/essay_privacy.html

  4. Anti-terrorism Laws • Canada • Anti-terrorism Act • Customs Act – Canada Customs & Revenue Agency expanded powers • Bill C-17 Public Safety Act (first reading) • United States • USA PATRIOT Act • Transportation Security Administration: CAPPS II • United Kingdom • Anti-terrorism, Crime and Security Act

  5. Why be Concerned? • Expanded scope of domestic surveillance • Lack of justification • Weakening of judicial controls • Lack of independent oversight

  6. Are These Laws Effective? • Reasons why these laws will not work: • Depend on questionable technology • Too much irrelevant information collected • Create a tempting target • Solving the wrong problem

  7. Importance of Privacy to Liberty • Privacy is a vital social value. “Privacy is at the heart of liberty in the modern state. Grounded in [one's] physical and moral autonomy, privacy is essential for the well-being of the individual. … [I]t also has a profound significance for the public order.” Dr. Alan Westin

  8. Information Privacy Defined • Information Privacy: Data Protection • Freedom of choice; personal control; informational self-determination • Personal control over the collection, use and disclosure of any recorded information about an identifiable individual

  9. Fair Information Practices:A Brief History • OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data • E.U. Directive on Data Protection • CSA Model Code for the Protection of Personal Information • Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA)

  10. The Foundation: Fair Information Practices • Accountability • Identifying Purposes • Consent • Limiting Collection • Limiting Use, Disclosure, Retention • Accuracy • Safeguards • Openness • Individual Access • Challenging Compliance CSAModel Code for the Protection of Personal Information

  11. Submission to the Standing Committee • Submission to the House of Commons Standing Committee on Citizenship and Immigration re: privacy implications of a National Identity Card and Biometric Technology – November 4, 2003 • Interim Committee report questioned the value of introducing a national ID card

  12. National ID Card Issues • No business case justifying ID Cards • Enormous cost of design and roll-out • Security vulnerabilities: high demand for access to associated databases – increased threat

  13. National ID Card • Only one plausible rationale: U.S. requirement for biometric identifiers at border crossings by end of 2004 • Enhanced Border Security and Visa Entry Reform Act of 2002 • Canada currently exempted

  14. Biometrics • Definition: The automated use of physiological or behavioral characteristics to determine or verify identity • Far from foolproof: myths abound (don’t believe the movies)

  15. Biometric Applications Identification: • one-to-many comparison Authentication: • one-to-one comparison

  16. The Myth of Accuracy • The problem with large databases containing thousands (or millions) of biometric templates: • False positives • False negatives

  17. Biometric Identification False Positive Challenge • Even with a 99.99% accuracy rate, everyone will have at least one false positive match • “The false alarm rate would overwhelm the system...” Bruce Schneier, Beyond Fear, p.253

  18. The Fallacy of the Accuracy Re: Biometric Identification If you have a 1 in 10,000 error rate per fingerprint (99.99% accuracy rate), then a person being scanned against a million-record data set will be flagged as positive 100 times. And that’s every person. A system like that would be useless because everyone would be a false positive. Bruce Schneier, quoted in Ann Cavoukian’s Submission to the Standing Committee on Citizenship and Immigration, November 4, 2003 http://www.ipc.on.ca/docs/110403ac-e.pdf

  19. Biometric Identification • False Negative Challenge: • Attackers could fool the system • Pay-offs high for compromising the system • Increased vulnerability to a target once a terrorist succeeds in obtaining a false negative: threat escalates considerably

  20. Biometric Strength: Authentication The strength of one-to-one matches • Authentication/verification does not require the central storage of templates • Biometrics can be stored locally, not centrally – on a smart card, bar code, passport etc.

  21. Designing Privacy Into Biometrics • The Privacy Challenges: • Central template databases • Unacceptable error rates • Secondary uses

  22. Final Thoughts on Biometrics • Current off-the-shelf biometrics will permit the secondary uses of personal information • The Goal: “Technology that allows for informational self-determination and makes good security a by-product of protecting one’s privacy” – George Tomko • Using the biometric to encrypt a PIN or a standard encryption key will meet that goal: Biometric Encryption

  23. “I am not a number, I am a free man” “I am not a number, I am a human being. I will not be filed, stamped, indexed or numbered. My life is my own.” The Prisoner TV series, 1968

  24. How to Contact Us Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario 80 Bloor Street West, Suite 1700 Toronto, Ontario M5S 2V1 Phone:(416) 326-3333 Web: www.ipc.on.ca E-mail:commissioner@ipc.on.ca

More Related