Caspar Bowden - PowerPoint PPT Presentation

1 / 17
About This Presentation
Title:

Caspar Bowden

Description:

Open problems in applying PETs to Data Protection Privacy and Security: The Next Wave 07.11.03 12th CACR Information Security Workshop & 4th Annual Privacy and ... – PowerPoint PPT presentation

Number of Views:53
Avg rating:3.0/5.0
Slides: 18
Provided by: Microso77
Category:

less

Transcript and Presenter's Notes

Title: Caspar Bowden


1
Open problems in applying PETs to Data
ProtectionPrivacy and Security The Next Wave
07.11.0312th CACR Information Security Workshop
4th Annual Privacy and Security Workshop
  • Caspar Bowden
  • Senior Privacy Strategist
  • Trustworthy Computing Group
  • Microsoft EMEA

2
Trustworthy Computing
Business Integrity
Reliability
Privacy
Security
3
  • WS-Privacy
  • NGSCB
  • Identity Management

Evolution Of Privacy
Privacy Technology
  • Privacy offerings
  • Privacy leads
  • Privacy settings
  • Prominent Disclosure
  • DRM
  • Office 2003
  • MSN 8
  • WMP 9
  • Managed Papers
  • Successes
  • Privacy statements
  • P3P integration of IE6
  • Missed Opportunities
  • Windows XP
  • WMP 8

Microsoft Product
2001 First steps
2003 Getting religion
2004 True integration
2002 The awakening
4
Privacy Enhancing Technologies
  • TwC initiative privacy means the ability of
    individuals to control data about themselves, and
    adherence to fair information principles.
  • Privacy can be infringed when (without informed
    consent)
  • records are disclosed or behaviour is profiled
  • Whenever individuals use computer services, logs
    may be kept indicating who they are, where they
    are, and what they do.
  • Privacy Enhancing Technologies can allow the user
    to control how much they can be profiled
  • Consumer and citizen concern increasing
  • Nothing to hide, nothing to fear ?
  • Is there something you would legitimately prefer
    someone not to know ?
  • Privacy Engineering integrating privacy by
    design
  • identifiable data at network vs. application
    layer
  • minimisation for purpose
  • advanced PETs for privacy with security

5
EU Data Protection principles
  • Personal Data (identified/identifiable)
  • processed fairly and lawfully
  • collected and used for declared purposes
  • relevant and not excessive in relation to purpose
  • accurate and up to date
  • rectified if found incorrect
  • not retained longer than necessary
  • protected with appropriate security measures
  • transfers outside EU are controlled
  • Sensitive data
  • Ethnicity, politics, religion, sexuality, health,
    trade union membership
  • explicit freely-given consent
  • Data subjects
  • require controllers to provide snapshot of all
    personal data
  • Data controllers
  • register purposes
  • respond to Subject Access Requests within fixed
    time for nominal fee

6
Types of PETs
  • Infrastructure network layer
  • Onion-routing, MIXes, Crowds, PIR
  • Credentials application layer
  • authentication without identification
  • control linkability of transactions
  • conditional anonymity
  • derived from e-cash double-spending ideas
  • Privacy Rights Management Languages
  • towards enforceable privacy preferences?

7
Privacy Risks - data controllers
  • Liability Sanctions, Reputation, Damages
  • Unnecessary collection
  • Improper use or disclosure
  • Excessive retention type or time
  • Insufficient organisational or technical security
  • Incomplete or incorrect SAR fulfilment
  • negligent authentication or delivery
  • civil litigation

8
Privacy Risks data subjects
  • Incomplete access
  • lack of forseeability, self-determination
  • Obscure or ambiguous notices
  • definitions of identifiable vs. anonymous
  • time cost of scrutiny exceeds marginal value
  • unappreciated consequences
  • Declared policy not observed/enforced
  • unrecognised data flows
  • ineffective controls on data processors

9
Subject Access
  • Transparency
  • Data Protection as a Human Right
  • Authentication
  • Who is the data subject ?
  • Identity Management
  • Privacy risk of making scattered data easier to
    collate vs. benefit of making SAR easier to
    fulfill
  • Fulfilment
  • Where is the data ?
  • Redaction of references to other persons
  • Secure delivery online what will suffice ?

10
Subject Access Requests
  • Authentication
  • is the requester the data subject?
  • risk of improper disclosure
  • Privacy threat models
  • Users point-of-view that matters
  • Wide spectrum of user sensitivities, individual
    threat models
  • social engineering, authorised insiders
  • Where is the data?
  • Archives (e-mail, server, database, offline)
  • Scattered over different desktops, caching

11
Disproportionate effort exemption for Subject
Access?
  • UK DPA 1998 need not provide data in permanent
    form if would require disproportionate effort
  • 2002 UK consultation It is important to note
    that the personal data must always be provided.
    The disproportionate effort test applies only
    to the way in which access is given.
  • Lord Chancellor's Department Consultation Paper,
    Data Protection Act 1998 Subject Access, October
    2002
  • Permanent form hard copy
  • often data controllers interpret in practice as a
    general exemption
  • Enterprise ID Management systems could have the
    effect of broadening regulator expectations of
    reasonable fulfilment of access requests

12
Data lifecycle in the Enterprise
  • Conflicts between retention/deletion rules
  • DP minimisation/deletion principles still apply
    to sectoral retention requirements
  • typically context dependent and ill-defined
  • too complex/unclear/expensive to automate?
  • When are identifiable audit trails justifiable?
  • Minimally intrusive for necessary effectiveness
  • weigh security needs against privacy risks
  • deterrence of abuse needs visible policing
  • logs of usage data are personal data too!

13
Pseudonymous Subject Access?
  • Data controller may only know subject
    pseudonymously (are they a controller ?)
  • 1995 EU DP Directive defines personal data as
  • any information relating to an identified or
    identifiable natural person ('data subject') an
    identifiable person is one who can be identified,
    directly or indirectly, in particular by
    reference to an identification number or to one
    or more factors specific to his physical,
    physiological, mental, economic, cultural or
    social identity
  • Is data related to the pseudonym eligible for
    subject access?
  • Should the data subject be required to disclose
    real-world identity to access?
  • Example handle in a newsgroup/chatroom -
    traceable via IP/cookie?

14
Potential privacy platforms
  • Windows Server 2003 Rights Management Services
  • Information Rights Management in Office 2003
  • APIs for policy engines based on content
  • http//www.microsoft.com/windowsserver2003/techinf
    o/overview/rmspartners.mspx
  • Trusted Computing
  • Next Generation Secure Computing Base
  • Privacy White Paper now available
  • http//www.microsoft.com/resources/ngscb/productin
    fo.mspx
  • Comments requested - priv_wp_at_microsoft.com
  • by Jan. 30, 2004
  • Enforceable user privacy preferences?
  • DRM-in-reverse
  • Requires
  • Privacy policy enforcement engine environment
    remote-side
  • Privacy Rights Management Language
  • Consistent binding between personal data and
    authentication identifier

15
Competitive Advantage
PET virtuous circle
PET stagflation
16
QA
  • Caspar Bowden - casparb_at_microsoft.com
  • http//www.microsoft.com/twc
  • Senior Privacy Strategist
  • Trustworthy Computing Group
  • Microsoft EMEA HQ

17
US Privacy EU Data Protection
  • all personal data regulated
  • private and public sector
  • data protection principles
  • minimum data for purpose
  • legal right of subject access
  • Data Protection Authorities
  • independent of Executive
  • enforce DP principles
  • transfers outside EU prohibited unless adequate
    protection
  • exemption with consent
  • or
  • no general regulation
  • of private sector
  • sectoral legislation
  • HIPAA (health), GLB (financial), video, cable,
    telephone, credit,
  • Federal Trade Commission
  • Privacy Statements
  • unfair practice and deceptive claims
  • Fair Information Principles

Safe Harbor Agreement (SHA)
Write a Comment
User Comments (0)
About PowerShow.com