Privacy-Aware Design for Physical Infrastructure Prof. Stephen Wicker Cornell University.

Slides:

Advertisements

Similar presentations

Electronic Surveillance, Security, and Privacy Professor Peter P. Swire Ohio State University InSITes -- Carnegie Mellon February 7, 2002.

Advertisements

IETF ECRIT SDO Emergency Services Coordination Workshop 5 & 6 Oct 2006 – New York Alain Van Gaever DG Information Society & Media European Commission.

CC4100 Active Cellular Intercept Technologies

TRUST Fall Meeting November , 2010 │Stanford, California A Privacy-Aware Architecture For Demand Response Systems Steve Wicker, Bob Thomas School.

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group

Criminal Procedure for the Criminal Justice Professional 11 th Edition John N. Ferdico Henry F. Fradella Christopher Totten Prepared by Tony Wolusky Searches.

The Patriot Act And computing. /criminal/cybercrime/PatriotAct.htm US Department of Justice.

1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,

Responding to Cybercrime in the Post-9/11 World Scott Eltringham Computer Crime and Intellectual Property Section U.S. Department of Justice (202)

Policing the Internet: Higher Education Law and Policy Rodney Petersen, Policy Analyst Wendy Wigen, Policy Analyst EDUCAUSE.

We’ve got what it takes to take what you got! NETWORK FORENSICS.

Legal Issues Computer Forensics COEN 252 Drama in Soviet Court. Post-Stalin (1955). Painted by Solodovnikov. Oil on Canvas, 110 x 130 cm.

1 Book Cover Here Copyright © 2014, Elsevier Inc. All Rights Reserved PART C FOLLOW-UP MEASURES: REAPING INFORMATION Criminal Investigation: A Method for.

EDiscovery and Records Management. Records Management- Historical Perspective- Paper Historically- Paper was the “Corporate Memory” – a physical entity.

Data Retention LIS 550 Winter 2010 Unsworth Tuesday, March 02, 2010.

Jan. 28, 2004UCB Sensor Nets Day1 TOWARD A LEGAL FRAMEWORK FOR SENSOR NETWORKS Pamela Samuelson, Law/SIMS UCB Sensor Nets Day January 28, 2004.

Privacy and Sensor Networks: Do Sensor Networks fit with Fair Information Practices Deirdre K. Mulligan Acting Clinical Professor of Law Director, Samuelson.

Slides prepared by Cyndi Chie and Sarah Frye A Gift of Fire Third edition Sara Baase Chapter 2: Privacy.

The Pieces and the Puzzle of IT Policy University Computer Policy and Law Program April 7, 2004.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Electronic Banking BY Bahaa Abas Noor abo han. Definition * e-banking is defined as: …the automated delivery of new and traditional banking products and.

“Internet” and “Operator” (COPPA Statute) InternetOperator Collectively the myriad of computer and telecommunications facilities, including equipment.

Slides prepared by Cyndi Chie and Sarah Frye A Gift of Fire Third edition Sara Baase Chapter 2: Privacy.

IOT5_ GISFI # 05, June 20 – 22, 2011, Hyderabad, India 1 Privacy Requirements of User Data in Smart Grids Jaydip Sen Tata Consultancy Services Ltd.

Lessons Learned in Smart Grid Cyber Security

© 2007 The MITRE Corporation. MITRE Privacy Practice W3C Government Linked Data Working Group Michael Aisenberg, Esq. 29 June 2011 Predicate for Privacy.

Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.

The Patriot Act Protecting the US or Violating People’s Freedoms.

Forum IIIB Group 7 Open Access to Personal Information Introduction- Steve Ayers Pros- Michelle Peterson Cons- Christie Christman Conclusion- Audrey Clausen.

Slides prepared by Cyndi Chie and Sarah Frye1 A Gift of Fire Third edition Sara Baase Chapter 2: Privacy.

Slides prepared by Cyndi Chie and Sarah Frye1 A Gift of Fire Third edition Sara Baase Chapter 2: Privacy.

Computer and Internet privacy (2) University of Palestine University of Palestine Eng. Wisam Zaqoot Eng. Wisam Zaqoot Feb 2011 Feb 2011 ITSS 4201 Internet.

Steve Wicker Cornell University 1 TRUST Autumn 2011 Conference.

Toward a Culture of Cybersecurity Research Aaron Burstein TRUST & ACCURATE Research Fellow Samuelson Clinic & BCLT, Boalt Hall UC Berkeley.

CONDUCTING CYBERSECURITY RESEARCH LEGALLY AND ETHICALLY By Aaron J. Burstein; Presented by David Muchene.

“Technology Solutions” Full-Pipe Surveillance EDUCAUSE CSG - Blacksburg January 9, 2008 Lee Smith, Attorney.

Location, Location, Location: The Emerging Crisis in Wireless Data Privacy Ari Schwartz & Alan Davidson Center for Democracy and Technology

1 Ethical Issues in Computer Science CSCI 328, Fall 2013 Session 15 Privacy as a Value.

CALEA Discussion Institute for Computer Policy and Law June 28, 2006 Doug Carlson Executive Director, Communications & Computing Services New York University.

Protecting Privacy “Most people have figured out by now you can’t do anything on the Web without leaving a record” - Holman W. Jenkins, Jr

A Gift of Fire Third edition Sara Baase Chapter 2: Privacy.

2002 Symantec Corporation, All Rights Reserved The EU Regulations and IT security An industry perspective Ilias Chantzos, Government Relations EMEA Terena.

Chapter 18 - The Fourth Amendment and National Security.

The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.

1 Policy Types l Program l Issue Specific l System l Overall l Most Generic User Policies should be publicized l Internal Operations Policies should be.

1 The Challenges of Globalization of Criminal Investigations Countries need to: Enact sufficient laws to criminalize computer abuses; Commit adequate personnel.

1 The Broader Picture Laws Governing Hacking and Other Computer Crimes Consumer Privacy Employee Workplace Monitoring Government Surveillance Cyberwar.

What Can Go Wrong During a Pen-test? Effectively Engaging and Managing a Pen-test.

DIGITAL SIGNATURE.

October 10, 2007 Fenwick & West Conference Center EFF 2007 Bootcamp 2.0 Best Practices for OSPs: Law Enforcement Information Requests Kurt Opsahl, Senior.

PROTECTION OF PERSONAL DATA. OECD GUIDELINES: BASIC PRINCIPLES OF NATIONAL APPLICATION Collection Limitation Principle There should be limits to the collection.

May 11, 2009 Golden Gate University EFF 2009 Bootcamp 2.0 Best Practices for OSPs: Law Enforcement Information Requests Kurt Opsahl, Senior Staff Attorney.

The U.S. Securities and Exchange Commission (SEC).

UNSW CLE 19 July Privacy and Law enforcement in the on-line world – the bigger picture. Nigel Waters Convenor, Australian Privacy Charter Council.

PHDSC Privacy, Security, and Data Sharing Committee Letter to Governors.

A Gift of Fire Third edition Sara Baase Chapter 2: Privacy Slides prepared by Cyndi Chie and Sarah Frye.

INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.

Regulation models addressing data protection issues in the EU concerning RFID technology Ioannis Iglezakis Assistant Professor in Computers & Law Faculty.

VI. CRIMINAL PROCESS FROM ARREST TO CONCLUSION PRESENTED BY: JUDGE MARK A. SPEISER.

Surveillance around the world

Courts System Search Warrants.

Networking 2002 USA-Patriot Act Tracy Mitrano Cornell University

How Does Electronic Surveillance Work Legally?

Other Sources of Information

A New Technology for Video Surveillance Cameron Serles

HIPAA Privacy and Security Update - 5 Years After Implementation

Office of Research Integrity and Protections

Presentation transcript:

Privacy-Aware Design for Physical Infrastructure Prof. Stephen Wicker Cornell University

Sensor Networks for Infrastructure Protection Protecting Infrastructure ◦ Opportunities for embedding sensor networks  Power Grid/SCADA  Transportation  Water and Fuel ◦ Driven by development of supporting technology for randomly distributed, wireless sensors Buildings ◦ Combine surveillance with energy control ◦ Integrate into building materials Open Spaces (parks, plazas, etc.) ◦ Combine surveillance with environmental monitoring ◦ Line-of-sight surveillance technologies

Privacy Issues Sensor networks collect data. Privacy issues follow. Standard Problems: Data Security and Integrity ◦ Protection against hackers, etc. Evolving Problem: Data Presence ◦ We need protection against those who collect the data.  Cellular Service Providers  ISPs  …

A Moral Hazard: The Market for Information The goal of information collection is discrimination Oscar Gandy, The Panoptic Sort Highly-focused marketing strategies make money ◦ Telemarketing is a $662 billion a year industry in 2003

The Impact of Pervasive Surveillance Big Brother Syndrome – passive behavior in response to surveillance (epistemic impact) Kafka Syndrome - an extreme imbalance between the individual and private and public bureaucracies “A new mode of obtaining power of mind over mind, in a quantity hitherto without example.” Jeremy Bentham, The Panopticon Writings “Hence the major effect of the Panopticon: to induce in the inmate a state of conscious and permanent visibility that assures the automatic functioning of power. ” Michel Foucault, Discipline and Punish

Mitigation: Electronic Communications Privacy Act of 1986 Amendment to Title III of Omnibus Crime Control Bill (1968 Wire Tap Statute) ◦ Title I: Electronic Communications in Transit  Content of communication  Strictest standards for warrants ◦ Title II: Stored Electronic Communication  Weaker standards  Where does fit in? ◦ Title III: Pen Register/Trap and Trace Devices  Context of communication  Information obtained must be relevant and material to an ongoing investigation Weakened by PATRIOT Act “National Security Letters”

Obtaining Cellular Records Prior to 2005, law enforcement agencies routinely granted access to location data without judicial oversight “Relevant and material” is pretty weak… August 2005 – Federal District Court in NY turns down request for cellular data ◦ Required evidence of probable cause. Undeniable good can be done ◦ Thief stole a woman’s car with phone and child inside. Location data used to find and stop car within 30 minutes ◦ Uncountable E911 calls But… ◦ People should have a choice ◦ The presence of the data remains a threat.  Money too attractive  Potential for governmental abuse too great

A General Solution: Privacy-Aware Design Design systems so as to minimize privacy threat. Such design practices are a moral obligation given the potential harm to the individual. ◦ Argument for another day:  Kantian emphasis on individual vs. Benthamite stress on greatest good for the greatest number.

Privacy-Aware Design Practices 1. Provide full disclosure of data collection 2. Require consent to data collection 3. Minimize collection of personal data 4. Minimize identification of data with individuals 5. Minimize and secure retained data. Analogous to 1973 U.S. Fair Information Practices and 1980 OECD Guidelines.

Provide Full Disclosure of Data Collection ◦ Description requirement ◦ Enforceability requirement  FTC – privacy statements ◦ Irrevocability requirement ◦ Intelligibility requirement Require Consent to Data Collection ◦ Acknowledgement requirement ◦ Opt-in requirement  See U. S. West v. Federal Communications Commission (182 F. 3d 1224, 10 th Circuit 1999)

Minimize Collection of Personal Data (1) Establish functional requirement for collection ◦ Match data to the mission  Type, resolution ◦ Collection must be necessary to the functionality of the communication system  Not just an easier or cost-effective alternative  Collection of data for “testing” is a grey area

Minimize Collection of Personal Data (2) Distributed processing requirement ◦ Process data as close to the source as possible  Functional/destructive processing  Aggregation prior to centralized collection ◦ Limits potential for re-use and hacking

Technical Problem! Demand-Response without centralized data collection ◦ Develop architecture that supports demand-response without collecting fine-grained power consumption data. ◦ Secure local processing loop

Minimize Identification with Individuals Does the technology require association of data with individual or with his/her equipment? Non-Attribution Requirement ◦ Track equipment, not the user Separate Storage Requirement ◦ Authentication/billing records should be separate from “functional” records. ◦ Isolation of records should be cryptographically secure.

Technical Problem! Private use of public service. ◦ Assume a pool of valid users. ◦ How does a user show that they are in the pool without identifying his or herself? ◦ Cryptographic primitives?

Minimize and Secure Data Retention Functional Requirement for Retention ◦ Retention should be directly connected to functionality ◦ Otherwise, opt-in required (at a minimum) Basic Security Requirement ◦ Inadvertent disclosure should be difficult to impossible. Non-Reusability Requirement ◦ Use of data in an undisclosed manner is difficult to impossible

Example: Privacy-Aware Cellular Registration What is required for registration? ◦ HLR/home MSC needs to know how to route incoming calls ◦ VLR/gateway MSC needs to authenticate user MS Registration - Data minimal solution ◦ Token identifies MS’s associated HLR ◦ Provide sufficient info to HLR for authentication  Public-key encrypted ID  Zero-knowledge proof HLR Operation ◦ Return authentication to VLR/GMSC ◦ Associate current GMSC and registration number with user phone number  No way around this – needed for incoming calls  No need for further location resolution  No need for long-term retention after user moves on.

Conclusion Sensor networks offer a powerful means for securing and monitoring critical infrastructure. Data collection creates a clear problem for the individual and the collecting authority. ◦ Seemingly impersonal data can still be a problem. Particular issue in the EU, where extensive regulations protect the individual against corporate abuse. Privacy-aware design rules provide an important tool as sensors are deployed to protect critical infrastructure.