1 / 34

PRIVACY 12212012

PRIVACY 12212012. JOHN BORKING. THE BEGINNING OF A BIG REVOLUTION?. WHAT DO HAVE NEW YORK, DJERBA, BALI, MOMBASSA, ISTANBUL, DJAKARTA, MOSCOW, MADRID, BESLAN, LONDON IN COMMON? SERIOUS THREATS FROM CRIMINALS AND TERRORISTS THE THIRD COUNTRIES HAVENOTS CLAIMING THEIR SHARE

Download Presentation

PRIVACY 12212012

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. PRIVACY 12212012 JOHN BORKING

  2. THE BEGINNING OF A BIG REVOLUTION? • WHAT DO HAVE NEW YORK, DJERBA, BALI, MOMBASSA, ISTANBUL, DJAKARTA, MOSCOW, MADRID, BESLAN, LONDON IN COMMON? • SERIOUS THREATS FROM CRIMINALS AND TERRORISTS • THE THIRD COUNTRIES HAVENOTS CLAIMING THEIR SHARE • WESTERN CITIZENS TROUBLED AND FEELING VULNERABLE

  3. REACTION + • CHANGING SECURITY AND PRIVACY ENVIRONMENT • Zero sum game Privacy vs. Security • Public accepts less privacy ( I have nothing to hide) • Public safety vs. privacy • Citizens: I trust the government attitude • ANTI-TERRORIST LEGISLATION • US Patriot Act, Bill about Lawful Access, EU Retention of Traffic Data, PNR-data, Council of Europe Convention on Cyber-Crime etc. etc. • MORE POLICIES MANDATING INDIVIDUALS’ PERSONAL INFORMATION

  4. + OUR SOCIETY NOW • KEY DRIVER: CONNECTIVITY • IN A URBANIZED, CONSUMERIST AND WIRED WORLD • LEADING TO: CONTINUOUS RECORD KEEPING OF INDIVIDUALS BY PUBLIC AND PRIVATE SECTOR • EGALITARIAN AND DEMOCRATIC PRESSURES TO DISCLOSE

  5. WILL ORWELL’S PROPHECY COME TRUE?

  6. PRIVACY INVASIVE TECHNOLOGIES Spielberg: • IDENTIFICATION THROUGH BIOMETRIC CHARACTERISTICS • SURVEILLANCE TOOLS But already much more: • DATA MINING, WEB TRACKING, VIDEO CAMERAS IN THE STREET, RFIDs • THREATS: MANIPULATION AND MISUSE OF POWER

  7. IS PRIVACY UNDER SIEGE?

  8. BACKGROUND:PRIVACY & PERSONAL DATA • THE CLAIM OF INDIVIDUALS TO DETERMINE WHAT INFORMATION ABOUT THEMSELVES IS KNOWN TO OTHERS, WHEN AND HOW USED (WESTIN 2005) • A BLOCKING POWER

  9. PERSONAL DATA • PERSONAL DATA : ANY INFORMATION RELATING TO AN IDENTIFIED OR IDENTIFIABLE NATURAL PERSON • AN IDENTIFIABLE PERSON IS ONE WHO CAN BE IDENTIFIED, DIRECTLY OR INDIRECTLY, IN PARTICULAR BY REFERENCE TO AN IDENTIFICATION NUMBER OR TO ONE OR MORE FACTORS SPECIFIC TO HIS PHYSICAL, PHYSIOLOGICAL, MENTAL, ECONOMIC, CULTURAL OR SOCIAL IDENTITY (95/46/EC Article 2 - Recital 26 Disproportionate time, effort and labour)

  10. YES, PRIVACY IS AT RISK IN THE NAME OF SECURITY 1 • THE NEED TO IDENTIFY INDIVIDUALS FASTER, MORE ACCURATELY, AND MORE RELIABLY; • THE NEED TO AUTHENTICATE THE IDENTITIES OF INDIVIDUALS, TO VERIFY THEIR CREDENTIALS AND AUTHORIZATIONS; • THE NEED TO CHECK BACKGROUNDS AND HISTORIES, PATTERNS OF ASSOCIATION, TO CHECK NAMES AGAINST WATCH LISTS AND NO-FLY LISTS; • THE NEED TO ACCESS DATA QUICKLY FROM MANY SOURCES, BOTH PUBLIC & PRIVATE, AND ACROSS NUMEROUS JURISDICTIONS

  11. YES, PRIVACY IS AT RISK IN THE NAME OF SECURITY 2 • THE NEED TO INTERCEPT COMMUNICATIONS AND MONITOR TRAFFIC PATTERNS OF ACTIVITY; • THE NEED TO LINK, CORRELATE, AND SIFT THROUGH MASSIVE AMOUNTS OF PERSONAL DATA, LOOKING FOR PATTERNS UNKNOWN; • THE NEED TO SHARE DATA AND INTELLIGENCE ACROSS DIFFERENT JURISDICTIONS AND DOMAINS – ALL IN REAL TIME; • THE NEED TO MAKE ASSESSMENTS AND JUDGEMENTS ABOUT PEOPLE, THAT MAY BE QUESTIONABLE AT BEST, AGAIN IN REAL OR NEAR-REAL TIME. (COMMISSIONER CAVOUKIAN 2005)

  12. SCENARIOS (1996 NLDPA) • THE STATE AS BIG BROTHER • STRONG GOVERNMENT • ADVANCED ICT • SEPARATION OF POWERS FADING AWAY • NO PRIVACY BUT CONFORMITY • THE STATE AS LITTLE SISTER • WEAK GOVERNMENT • COMMERCE AND INDUSTRY TAKING OVER TASKS OF GOVERNMENT • NO PRIVACY: PSYCHOGRAFIC PROFILES

  13. EU PIM SCENARIOS (2001) WATCH THE SIGNS + scenario Privacy & Identity Management Today = scenario - scenario Time

  14. SCENARIOS • “Positive”: Identity Management integrated with Privacy Protection add value for users, business and government. PIM are becoming more and more important, policy makers address PIM in new regulations, users need new PIM products to meet their needs, etc. • “ Steady state”: Identity Management and Privacy Protection are two different worlds. Privacy Protection is for niche markets with a strong battle between Legal Enforcement and Privacy Protection. PIM will grow slowly in special markets and delivers only a baseline protection. • “ Negative”: Users are not interested in Identity Management and Privacy Protection, but more in active use of there profiles by business and government for added value and cheaper services. PIM is becoming less important, PIM regulation will be stripped, users lose interest PET companies go bankrupt, etc.

  15. ARE WE TOO PESSIMISTIC?

  16. RAPID CHANGE FOMENTS UNCERTAINTY AND CONFUSION • THERE ARE KNOWN KNOWNS. THERE ARE THINGS WE KNOW WE KNOW. WE ALSO KNOW. • THERE ARE KNOWN UNKNOWNS.THAT IS TO SAY WE KNOW THERE ARE SOME THINGS, WE DO NOT KNOW • BUT THERE ARE ARE ALSO UNKNOWN UNKNOWNS, THE ONES WE DON’T KNOW, WE DON’T KNOW. Donald Rumsfeld 12-02-2002

  17. 1994 WHERE WE THOUGHT WE WERE GOING • THE WORLD WAS ON A ROAD TO PEACE • GLOBALIZATION WAS RAMPING UP • CORPORATE INNOVATION WAS CREATING VALUE AND WEALTH • WE WERE CONNECTED BY WWW • AND TEN YEARS LATER?

  18. 2004 DID WE EXPECT THIS DEVELOPMENT ? • BUSH DOCTRINE: US WAGING WAR ON IRAQ AND TERRORISM • THE RISE OF CHINA AS ECONOMIC SUPER POWER • EUROPEAN UNION 25 MEMBERS + • STRONG EURO • ERA OF OFFSHORING AND OUTSOURCING

  19. PRIVACY: A WESTERN LUXURY? GLOBALIZATION • THE URGENT NEED FOR A WORLDWIDE PRIVACY PROTECTION BECAUSE OF ASYMMETRIES IN INFORMATION DISTRIBUTION • BY INTERNATIONAL LAW? • DATA PROTECTION HAS REACHED THE STATUS OF A UNIVERSALLY ACCEPTED CONCEPT, EVEN IF IT STILL FALLS SHORT OF A UNIVERSALLY ENFORCEABLE RIGHT. (BURKERT 2005) • OR BY PRIVACY ENHANCING TECHNOLOGIES AND PRIVACY STANDARDIZATION ?

  20. PROTECTION BY INTERNATIONAL LAW? • UNITED NATIONS PRIVACY TREATY? • United Nations Guidelines Concerning Computerized Personal Data Files which were adopted by the General Assembly on 14 December 1990 • FOUR DIFFERENT LEGAL SYSTEMS • ROMAN/FRENCH/GERMAN CONTINENTAL SYSTEM • ANGLO SAXIAN COMMON LAW SYSTEM • ISLAM RELIGIOUS (SHARIA) LAW SYSTEM • TUNESIA AND PAKISTAN • SOCIALIST LEGAL SYSTEM • CHINA

  21. CULTURAL DIVIDE EU &. US • FUNDAMENTAL HUMAN RIGHT VS COMMODITY • PRIVACY ISN’T AN ABSOLUTE GOOD AS IT IMPOSES REAL COSTS ON SOCIETY (West vs. FCC 1999 - US Court of Appeal 10th Circuit) • FASTER DECLINE OF ANONYMITY • MANY COMSUMER PRIVACY BREACHES • OPTING-OUT VS OPTING-IN • SELF REGULATION OR CONTRACT VS STATE SUPERVISON • NO PRIVACY COMMISSIONER • US SAFE HARBOR SYSTEM • BINDING CORPORATE RULES • NO INFORMATION WALLS (Senator McGovern) • SPAM LOBBY / NO CALL LISTS

  22. 10 YEARS OF EU PRIVACY DIRECTIVES • GLOBAL SATISFACTION BUT A LACK OF HARMONIZATION (EU REPORT MAY 2003) • NO AWARENESS OF CITIZENS ABOUT • PRIVACY RIGHTS: 68% • DPA/PRIVACY COMMISSIONER: 68% • PETS: 72% • COMPLAINTS: 67% • VERY FEW COURT CASES (SOURCE EUROBAROMETER) • OUTDATED CONCEPTS? REVISION OF 95/46/EC: 2015

  23. IN THE MEAN TIME :EU PRIME RESEARCH INCREASING PET TOOLS BOX OBJECTIVE: EMPOWERING THE INDIVIDUAL, BUIDING-IN PRIVACY PROTECTION, KEEPING BIG BROTHER OUT

  24. WHAT IS PET? Technologies & information architectures that ENHANCE, thus improve or increase the protection of the Privacy of the citizen. BORKING CONSULTANCY

  25. RESEARCH TOPICS SOCIO-ECONOMIC (2005) • BUSINESS CASE MODELS  PET & IM COSTS, REVENUE-MODELS, ECONOMIC INCENTIVES, CITIZENS AS COUNTERVAILING POWER? • PRIVACY EXPERIENCE OF THE CITIZENS. IS A PRIVACY A LUXURY GOOD? • ANALYSIS OF DIGITAL IDENTITY SERVICES, E.G. CONDITIONS FOR RELIABLE SYSTEMS • WHAT ARE BEST APPROACHES/CONDITIONS TO STIMULATE PET & IM PRODUCERS/VENDORS?

  26. ECONOMIC IMPACT OF THE CONSUMER/CITIZEN? • ON CONSUMER ATTITUDES MANY MODELS MAPPING STIMULI & THE ATTITUDE OF THE INDIVIDUAL DURING THE BUYING PROCESS OF GOODS AND SERVICES. ALSO APPLICABLE TO PRIVACY NEEDS? • HAVE CONSUMERS ECONOMIC POWER AND COULD THEY FORCE PROVIDERS TO COMPLY WITH THEIR PRIVACY NEEDS? OPERATING AS ONE GROUP? • WOULD CONSUMERS DISCOVERING AN UNSATISFYING LEVEL OF PRIVACY PROTECTION DIVERT TO A COMPETITOR THAT WOULD DO BETTER? ASYMMETRY OF INFORMATION BETWEEN THE CONSUMERS AND SUPPLIERS?

  27. RESEARCH TOPICS • END TO END IDENTITY MANAGEMENT SYSTEMS • PRIVACY SAFE RFIDS • IDENTITY MANAGEMENT POLICIES AND ONTOLOGY • IDENTITIES LIFE CYCLE MANAGEMENT • PRIVACY MANAGEMENT SYSTEMS • AUTOMATIC ENFORCEMENT • CONTROLLED DISSEMINATION OF AUTHENTICATED INFORMATION

  28. WORLDWIDE PROTECTION BY PRIVACY STANDARDIZATION

  29. DEVELOPMENTS • THE WROCLAW RESOLUTION 2004 • THE EXISTING INTERNATIONAL STANDARD ISO/IEC IS 15408-1, -2, AND –3 COMMON CRITERIA (CC) • A GROWING NEED FOR EVALUATING CLAIMS FOR PRODUCTS THAT THESE PROVIDE OR ENHANCE “PRIVACY”

  30. THE CONSEQUENCES OF THE WROCLAW RESOLUTION : THE NECESSITY TO: 1. DEVELOP MODEL PRIVACY TECHNOLOGY STANDARD THAT ENFORCE PRIVACY LEGISLATION AS “CHECKLIST” FOR EVERY STANDARD & 2. ENABLE PRIVACY AND DATA PROTECTION COMMISSIONERS TO HAVE A MEANINGFUL AND SUBSTANTIAL ROLE IN THE WRITING AND APPROVAL OF PRIVACY STANDARDS TO PREVENT PRIVACY INVASIVE STANDARDS *As a first step and as catalyst : The Wroclaw Foundation*

  31. LINE OF DEVELOPMENT FROM PRIVACY LAW TO PRIVACY STANDARDS • 2006 • Harmonized set of Fair Information Practices • Working draft of a Global Privacy Standard Framework (Pre-PAS submission) • Develop working relationships with ISO, other partners • 2007/8 • A streamlined cost effective PET evaluation methodology to be used by public and private sector for designing & deploying personal data processing systems • 2008/9/10 • ISO Comprehensive set of privacy standards • Comprehensive, global accreditation authority, model and process based on the set of privacy standards

  32. CONCLUSION 1 • DAILY PRIVACY CONSCIOUSNESS IS LOW • INFORMATION PRIVACY IS AT RISK • STAMINA IS NECESSARY IF WE WANT TO KEEP PRIVACY AS A HUMAN RIGHT • THE SOLUTION IS THERE TOO. TECHNOLOGY DEVELOPERS HAVE THE POWER TO IMPLEMENT PRIVACY PROTECTING TECHNOLOGIES. THE IMPLEMENTATION OF PRIVACY LEGISLATION IN TECHNOLOGY IS ACHIEVABLE, HOWEVER WE NEED PRIVACY STANDARDS

  33. CONCLUSION 2 • IF POSITIVE SCENARIO, THEN • NEW TECHNO-LEGAL GLOBAL DATA PROTECTION • BUILT-IN PREVENTIVE PERSONAL DATA PROTECTION • INTEGRATION: USER-INFRASTRUCTURE-ENTERPRISE • PRIVACY PRODUCTS AND SERVICES THAT WORK • USER CENTRIC APPROACH (HCI AND DEPLOYMENT OF PRIVACY ICONS) • ENFORCEMENT ARCHITECTURE ( PRIVACY MANAGEMENT SYSTEMS) • A MODEL PRIVACY STANDARD AND A PET EVALUATION STANDARD

  34. FOR MORE INFORMATION: ON PRIME: http://istresults.cordis.lu/index.cfm/section/news/tpl/article/BrowsingType/Features/ID/70244 Thank you

More Related