- Privacy Management - Focusing on the Real Issues: Enforcement and Accountability Marco Casassa Mont marco_casassa-mont@hp.com Trusted Systems Laboratory Hewlett-Packard Labs, Bristol, UK Liberty Alliance Meeting 19 November 2003 Madrid, Spain

Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK Presentation Outline Setting the Context Scenario Key Issues Related Work Our Position Our Work in this Space Conclusions 14 January 2019 Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

Setting the Context Digital Identities and Profiles are relevant to enable transactions and interactions on the web, in many contexts: personal, social, business, government, etc. Privacy Management is a major issue: involves people, organisations, governments, etc. Different reactions by people: ranging from “completely ignoring the privacy issues” to “being so concerned to prevent any web interaction” 14 January 2019 Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

Multiparty Transaction 14/01/2019 What is Important? Multiparty Transaction / Interaction Government Services User Negotiation of Privacy Policy Finance Services Services Policies Provision of Identity & Profile Data Data Services Identity/ Profile Disclosure User Specification Give example here Little has been done so far to directly involve people (or third parties acting on their behalf) in the management of their privacy Users lack control over their personal information after their initial disclosures Organisations, as well, lack control over the confidential information they manage on behalf of their customers, once they disclose it to third parties It is hard to make organisations accountable Privacy Enforcement Accountability of Organizations Involvement of People in the Management of their Personal Data Enterprise Enterprise Accountability Enforcement 14 January 2019 Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK HP_presentation_template

Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK What is Important? Little has been done so far to directly involve people (or third parties acting on their behalf) in the management of their privacy Users lack control over their personal information after their initial disclosures Organisations, as well, lack control over the confidential information they manage on behalf of their customers, once they disclose it to third parties It is hard to make organisations accountable 14 January 2019 Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

Privacy Enforcement Accountability of Organizations Key Issues Privacy Enforcement Accountability of Organizations Involvement of People in the Management of their Personal Data 14 January 2019 Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

Related Work: Legal Frameworks Lot of work done to provide Legislative Frameworks for Privacy: EU Data Protection Laws, US Laws (HIPAA, COPPA, etc.), Safe Harbour, etc. http://www.privacyinternational.org/survey/phr2003/ Different legislative approaches: example US vs. EU Privacy and Data Protection laws are hard to enforce when personal information spreads across boundaries In general users have little understanding or knowledge of privacy laws and their implications 14 January 2019 Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

Related Work: W3C P3P, MS Passport, LA W3C approach on Platform for Privacy Preferences (P3P): simple policies, point-to-point interactions. Little control on the fulfilment of these policies (at least, in the current implementations) Microsoft Passport: Identity and Privacy Management mainly based on closed web of trust and predefined policies. Liberty Alliance: ID-WSF/PPEL 14 January 2019 Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK Related Work: IBM EPAL IBM’s work on Enterprise Privacy Authorization Language (EPAL) and related Privacy Framework Association of fine-grained Privacy Policies (Sticky Policies) to personal data. Enforcement of Privacy Polices by the Enterprise Id data policies Policy Enforcement User Id and Policy Repositories Services Enterprise 14 January 2019 Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

Related Work: EPAL 1.1 Specification http://www.zurich.ibm.com/security/enterprise-privacy/epal/Specification/index.html 14 January 2019 Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

Related Work: EPAL – Open Issues - The “Stickiness” of policies is not enforceable; - Too much trust in the enterprise; - Leakages of personal data can still happen; - Little user’s involvement: the association of policies to Identity Information happens at the enterprise site … - Complexity - Privacy management is not just a matter of Authorization … 14 January 2019 Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK HPL Position … 14 January 2019 Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

Policy Languages that Capture Intent There is increasing attention on languages (like EPAL) that capture intent around notions of privacy and trust How useful are they? Prejudice: Descriptions without enforcement mechanisms aren’t interesting Thesis: by tackling issues around enterprise privacy statements and how we might provide assurance, we can do a much better job of enforcement than we do today 14 January 2019 Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

From HP’s Online Privacy Statement Technology: Some HP Web pages are P3P-enabled, which allows you additional control over your personal information.  Processes: HP is a founding sponsor of the Council of Better Business Bureau’s BBBOnline Privacy Program, the ”gold standard” for privacy certification. Principles: HP has also self-certified its privacy practices as consistent with U.S.-E.U. Safe Harbor principles: Notice, Choice, Onward Transfer, Access and Accuracy, Security, and Oversight/Enforcement. 14 January 2019 Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

So There is Lots of Complexity But is there any real choice? At hpshopping.com, for example, we offer one cookie called "hpshopping." It is a permanent cookie designed to give those customers who choose to register with hpshopping.com a personalized experience, including a greeting and remembering your shopping cart. Customers can browse with cookies turned off, but you can purchase only if you accept the cookie. Most consumers and businesses just want things taken care of – a role for trusted 3rd parties 14 January 2019 Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

Can Technology Help to Build Trust? 14/01/2019 Can Technology Help to Build Trust? What might we like to be able to do? - test whether or not a particular privacy statement holds - who gets to test? - monitor (continuous testing) - enforce (prevent violations) - And we want to do this for more than toy examples … - Should we give up because it’s too hard? - So what do we need to pay attention to? - And what implications does this have for how we describe intent? 14 January 2019 Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK HP_presentation_template

Properties to Pay Attention To [1] Scale - policy doesn't usually sit in one place - is created by multiple individuals often described in terms of defaults and exceptions  we need better data management Federation data does need to cross boundaries between jurisdictions and organisations  need more practical notions of ownership and responsibility 14 January 2019 Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

Properties to Pay Attention To [2] Assurance how do we know everything is as it “should be”? policy needs to carry information that helps to provide assurance hp labs focus Escalation and resolution - inconsistency is resolved by managers - not all violations are equal - lots of people processes  we need support for events and integration with management processes 14 January 2019 Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

Privacy Virtualisation Establishing the abstractions that might help us marry together high level notions with underlying mechanisms policy policy applications applications data tagging OS OS Trusted Computing Group hardware hardware identifier based encryption 3rd party 14 January 2019 Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK How might this all work? Rather than check (P3P) whether a website is going to respect my wishes: I encrypt my personal information (using multiple trusted 3rd parties) with the terms and conditions (events, …) I want the website to comply with, and the encryption string remains as a tag Enterprises accredit applications with 3rd parties, the 3rd parties release decryption keys Data tagging mechanisms ensure only accredited applications get to use the data; if the information is transferred, it is re-encrypted TCG mechanisms ensure platforms will do as they say they will 14 January 2019 Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK What next? We have a good handle on the underlying mechanisms (Amongst) the interesting things to do: a policy language based on assurance and the transfer of responsibility (rather than just a static view of access control): data, tag-as-program, tag-as-terms&conditions, trust-authority policy as specified by the consumer (rather than provider), and perhaps more about the relationship between providers and trust authorities 14 January 2019 Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

More Technical Details ... 14 January 2019 Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

Scenario: Multiparty Interactions Multiparty Transaction / Interaction Services User Negotiation of Privacy Policy Services Enterprise Policies Provision of Identity & Profile Data Data Identity/ Profile Disclosure Services Enterprise Enterprise 14 January 2019 Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK Our Approach Privacy and Accountability Model encompassing: “Sticky” Privacy Policies strongly associated to Identity Information Mechanisms for strong (but not impregnable) enforcement of privacy policies Mechanisms to increase the Accountability of the involved parties Mechanisms to allow people to be more involved in the management of their data (if they want to …) 14 January 2019 Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

Privacy and Accountability Model 14/01/2019 Privacy and Accountability Model User Enterprise User DB P Transaction User Involvement Enforcement “Sticky” Privacy Policies strongly associated to Identity Information Mechanisms for strong (but not impregnable) enforcement of privacy policies Mechanisms to increase the Accountability of the involved parties Mechanisms to allow people to be more involved in the management of their data (if they want to …) Confidentiality of Data: obfuscation of confidential data Strong Association of Privacy Policies to Confidential Data: - “tamper resistant” policies associated to data. - “Stickiness” guaranteed at least till the first disclosure. Policy Compliance Check and Enforcement: by trusted Tracing & Auditing Authorities (TAAs) and Trusted Platforms + OSs Accountability Management: auditing and tracing of disclosures by TAA (used as evidence) User Involvement: policy authoring, notification, authorization Tracing and Audit Authority Accountable? Transparency Evidence Policy Compliance 14 January 2019 Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK HP_presentation_template

Privacy and Accountability Model [1] User Enterprise Multiparty Transaction / Interaction Policies Data Services Negotiation of Privacy Policy 1 Request for Authorization or Notification 5 Obfuscated Data + Sticky Privacy Policies Sticky 2 Obfuscated Data + Sticky Privacy Policies 8 Decryption Key (if Authorised) 6 Request for Disclosure of Data + Sticky Privacy Policies Credentials 3 Checking for Integrity and Trustworthiness of Remote Environment 4 6 ? ? Tracing and Auditing Authorities (TAAs) 7 14 January 2019 Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

Privacy and Accountability Model [2] Once confidential data is disclosed it can still be misused … Risks Mitigation via: Audit trail: Audit logs managed by TAAs can be used as Evidence and for Forensic Analysis (logging at least the first disclosure …) Trusted Platforms and OSs: - checking for the Integrity of the Receivers’ environment - enforcing part of the Privacy Policies directly at the OS level. Research and Work in Progress … 14 January 2019 Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

Privacy Model -- Summary User Centric Specifies Policies Binds with their profile TAA – aids user Manages and records release of data Transparency aids accountability Validates and records enforcement mechanism Enterprise Makes audited promises concerning personal data Allows validation and assessment of enforcement mechanism Can Still Abuse Privacy 14 January 2019 Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

Strong Binding of Policy and Data Enforcement Verifiability 14/01/2019 Realisation Issues Strong Binding of Policy and Data P User User DB Transaction Enforcement Enterprise Tracing and Audit Authority User Involvement Policy Compliance Evidence IBE Enforcement Verifiability Lets go back to the TCG Tagged OS 14 January 2019 Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK HP_presentation_template

Privacy and Accountability Model: Technical Aspects [1] A technical implementation of our Privacy and Accountability Model leverages three key technologies: Identifier-based Encryption (IBE) Trusted Platforms (TCG was TCPA, etc.) Tagged Operating Systems (OSs) 14 January 2019 Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

What is Identifier-based Encryption (IBE)? It is an Emerging Cryptography Technology Based on a Three-Player Model: Sender, Receiver, Trust Authority (Trusted Third Party) Same Strength of RSA Different Approaches: Quadratic Residuosity, Weil Pairing, Tate Pairing … SW Library and Technology available at HP Laboratories 14 January 2019 Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK IBE Core Properties 1st Property: any kind of “string” (or Sequence of Bytes) can be used as an IBE Encryption Key: for example a Role, an e-Mail Address, a Picture, a Disclosure Time, Terms and Conditions, a Privacy Policy … 2nd Property: the generation of IBE Decryption Keys can be postponed in time, even long time after the generation of the correspondent IBE Encryption Key 3rd Property: reliance on at least a Trust Authority (Trusted Third Party) for the generation of IBE Decryption Key 14 January 2019 Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

IBE Three-Player Model Alice Trust Authority Bob 4. Alice Sends the encrypted Message to Bob, along with the Encryption Key 4 2. Alice knows the Trust Authority's published value of Public Detail N It is well known or available from reliable source 2 3. Alice chooses an appropriate Encryption Key. She encrypts the message: Encrypted message = {E(msg, N, encryption key)} 3 5. Bob requests the Decryption Key associated to the Encryption Key to the relevant Trust Authority. 5 6. The Trust Authority issues an IBE Decryption Key corresponding to the supplied Encryption Key only if it is happy with Bob’s entitlement to the Decryption Key. It needs the Secret to perform the computation. 6 1. Trust Authority - Generates and protects a Secret - Publishes a Public Detail N 1 14 January 2019 Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

How Does IBE Fit in Our Model? 14/01/2019 How Does IBE Fit in Our Model? User Enterprise Get decrypt Key,e Choose e Encrypt Encrypted Msg Decrypt Msg Msg Profile Enterprise must Satisfy Policy Privacy Policy Public details TAA – Enforces Policy It is an Emerging Cryptography Technology Based on a Three-Player Model: Sender, Receiver, Trust Authority (Trusted Third Party) Same Strength of RSA Different Approaches: Quadratic Residuosity, Weil Pairing, Tate Pairing … SW Library and Technology available at HP Laboratories 1st Property: any kind of “string” (or Sequence of Bytes) can be used as an IBE Encryption Key: for example a Role, an e-Mail Address, a Picture, a Disclosure Time, Terms and Conditions, a Privacy Policy … 2nd Property: the generation of IBE Decryption Keys can be postponed in time, even long time after the generation of the correspondent IBE Encryption Key 3rd Property: reliance on at least a Trust Authority (Trusted Third Party) for the generation of IBE Decryption Key Compute public details Audit Generate Decryption Key Secrets s 14 January 2019 Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK HP_presentation_template

Privacy and Accountability Model: Technical Aspects [2] A technical implementation of our Privacy and Accountability Model leverages three key Technologies: Identifier-based Encryption (IBE) Trusted Platforms (TCG was TCPA, etc.) Tagged Operating Systems (OSs) 14 January 2019 Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

Trusted Platforms - TCG A trusted platform provides hardware mechanisms (TPM), protected storage and tools to check for the integrity of computer platforms and their installed software (locally and remotely) TCG (was TCPA) and Microsoft NGSCB initiatives: http://www.trustedcomputing.org http://www.microsoft.com/ngscb HP and HP Laboratories are directly involved in the TCG initiative TPM 14 January 2019 Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

Trusted Platforms - TCG Server Root of Trust Apps OS Bios User ID Issuer Query Status Measures Boot, OS and APP loading 14 January 2019 Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

Privacy and Accountability Model: Technical Aspects [3] A technical implementation of our Privacy and Accountability Model leverages three key Technologies: Identifier-based Encryption (IBE) Trusted Platforms (TCG was TCPA, etc.) Tagged Operating Systems (OSs) 14 January 2019 Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

Tagged Operating Systems A tagged Operating System (OS) provides mechanisms and tools to associate low level labels to data and directly enforce and manage them at the OS level. The “stickiness” of a label to the content, not to the content holder (such as a file), ensures that even when the data is copied around the label follows it as well. Labels can be associated (at the OS level) to low level Privacy Policies (rules), directly enforced by the OS. Rules dictate constraints on: copies of data, data transmissions, etc. A working prototype is available at HP Laboratories, Bristol. Policy Creation and Translation System policies created in dflow compiler Policy File in Internal Format Control Enforcement Tagged Data Decision Policy evaluation engine Flow causing operation yes, no, more checks 14 January 2019 Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

Tagged Operating Systems Tagged OS Data Tagged Data followed through memory Tagged Kernel Function PEP Policy – internal allow – external encrypt with policy Policy Tag Operation (Destination) 14 January 2019 Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

Privacy and Accountability Model: Technical Aspects [4] - (High level) Stickiness of Privacy Policies User Involvement Accountability Management - Enforcement of Aspects of Privacy Policy Addressed Problems (Low level) Source of Trust and HW/SW integrity checking - (Low level) Stickiness of Privacy Policies Technologies Trusted Platforms (TCG …) Tagged OSs Our Privacy and Accountability Framework (IBE, TAAs, etc.) GAP GAP 14 January 2019 Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

High-level System Architecture Based on the IBE Model Privacy Policies are represented as “IBE Encryption Keys” Confidential data is encrypted with IBE encryption keys IBE encryption keys “stick” with the encrypted data (at least till the first de-obfuscation of the data …) The “Tracing and Auditing Authority” is an (IBE based) Trust Authority. Leveraging Trusted Platforms and Tagged OS for enforcing aspects of Privacy Policies (Work in Progress…) 14 January 2019 Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

Server Control Flow TAA Enterprise Keys Apps Tagged OS Bios Check Request for IBE decryption Key Keys IBE Encrypt Key = Privacy Policy Apps Tagged OS Bios Context, Id, Purpose Check Policy Dataflow Policies User ID Check Machine Status Record Request (Log) 14 January 2019 Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

Sticky Privacy Policies Example of high-level Sticky Policy (XML format): Reference to TA(s) Constraints/ Obligations Platform Constraint Actions (User Involvement) IBE encryption keys can define any kind of privacy constraints or terms and conditions to be deployed and enforced at different levels of abstractions (application/service, OS, platform) 14 January 2019 Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

Enforcement of Sticky Privacy Policies Enterprise 1 Personal Data Policy Engine Sticky Privacy Policies TCG Tagged OS TCG Enterprise 2 Enforcement via Trust Authority + TCG Tagged OS TCG Policy Engine Enforcement By Trusted Platforms and Tagged OS (Work in Progress) TCG Tagged OS TCG Policy Engine Trust Authority (TA) 14 January 2019 Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK Conclusions Privacy Languages do not solve the Privacy Management problem Privacy is not only a matter of Authorization Need to Focus on Assurance via Enforcement and Accountability Presented a model for accountable management of private identity data User gains more control Aided by (their) third party Audit of legitimate requests Shared with the user Checks on enforcement mechanisms Linked to TAA Enterprise is accountable for use and enforcement Links to policy based enforcement 14 January 2019 Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK Backup Slides RSA and IBE Cryptography Models 14 January 2019 Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK RSA Model Secrets p&q Compute d&e Keep d secret Compute N = p*q encrypt decrypt N and d e and N published Encrypted Msg Msg 14 January 2019 Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK IBE Model [1] Public details E D Encrypt Decrypt Secrets s Compute public Compute Key pairs Encrypted Msg Msg 14 January 2019 Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK IBE Model [2] Public details Encrypt Decrypt Secrets s Compute public Generate Decryption Key Encrypted Msg Choose e Get decrypt Key,e Msg 14 January 2019 Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

Policy Enforcement by Trust Authority “Soft” policy enforcement: TA still relies on the receiver to take care of the data privacy, once data is disclosed … The TA interprets Privacy Policies via a Policy Engine The TA makes sure that the Privacy Policies are satisfied before issuing the IBE decryption key Multiple TAs can be used, each of them specialised in doing specific checks (easy with IBE-based approach …) Users can be notified or asked for authorization, if the Privacy Policies require it (User Involvement) Audit of disclosures, at least the first time … The TA can leverage TCG and Tagged-OS to make sure that part of the policy enforcement is done upfront … Enterprise 1 Privacy Policies Enterprise 2 Privacy Policies Trust Authority (TA) 14 January 2019 Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

Policy Enforcement by Trusted Platforms Stronger Enforcement of part of the privacy policies (low level policies) TCG integrity checking mechanisms checks for platform trustworthiness along with its SW and HW integrity. Cross boundaries integrity checking on the platforms of the involved parties To be effective, a widespread usage of trusted platforms is required. At least all the platforms involved in the task of processing confidential data should be checked. Some of them might not be exposed externally.  Too strong requirements for the time being …  Limits on the kinds of HW and SW checks … Joint usage of Tagged-OS and TCG to create Trust Domains. TCG to check upfront the integrity of the “combined” system. Tagged-OS to enforce privacy policies directly at the OS level: disallow copies data, sending data only to specific IP addresses, etc. Enterprise 1 Trust Domain Privacy Policies Enterprise 2 Tagged OS TCG Tagged OS TCG Tagged OS TCG Tagged OS TCG Tagged OS TCG Tagged OS TCG Trust Authority (TAA) 14 January 2019 Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

Accountability Management Confidential data is encrypted: at least the first time the requestors need to interact with the Tracing and Auditing Authorities (TAAs) Auditing and Logging of data disclosures carried on by TAAs (at least the first time) Multiple TAAs can be used to mitigate trust issues. Users can run their own TAAs Usage of Audit Logs as Evidence and for Forensic Analysis Research in progress at HP Labs on tamper-resistant audit systems Enterprise 1 Privacy Policies Privacy Policies Enterprise 2 Trust Authorities (TAAs) 14 January 2019 Trusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

14/01/2019 HP logo HP_presentation_template