COLLABORATION & COMPLIANCE Identity Management meets Risk Management Policy Physics meets Unintended Consequences Terry Gray, PhD Chief Technology Architect.

Slides:

Advertisements

Similar presentations

TECHNO-TONOMY Privacy & Autonomy in a Networked World Learning Module 2: Legislating Privacy: Your Rights.

Advertisements

Background Credit reporting agencies are a key player, helping facilitate modern commerce Credit records help predict the risk of a transaction Credit.

Red Flag Rules: What they are? & What you need to do

Quick Quiz Identity Theft Protection and Your Law Firm.

A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.

Monroe vs. Pape Argued: November 8, Decided: February 20, 1961 Kelly Sass.

The Future of Social Collaboration Randy Williams Enterprise Trainer and Evangelist AvePoint.

Computers, Freedom and Privacy April 23, 2004 Identity Theft: Addressing the Problem in California Joanne McNabb, Chief CA Office of Privacy Protection.

Identity Management In A Federated Environment Identity Protection and Management Conference Presented by Samuel P. Jenkins, Director Defense Privacy and.

Section 6.3 Protecting Your Credit. Billing Errors and Disputes Notify your creditor in writing Notify your creditor in writing Pay the portion of the.

Privacy No matter how exemplary your life is, there are things you want to keep to yourself © 2004, Lawrence Snyder.

Chief Information Officer Branch Gestion du dirigeant principal de l’information “We will have a world class public key infrastructure in place” Prime.

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

Alice E. Marwick New York University PhD Candidate Department of Culture and Communication Selling Your Self: Examining Values in Identity 2.0 September.

Chapter 14 Social and Legal Issues. Chapter Outline A gift of fire A gift of fire Here, there, everywhere Here, there, everywhere Privacy Privacy The.

Data Security At Cornell Steve Schuster. Questions I’d like to Answer ► Why do we care about data security? ► What are our biggest challenges at Cornell?

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

New Faculty Orientation to Privacy and Security at UF Susan Blair, Chief Privacy Officer Kathy Bergsma, Information Security.

Edward Snowden vs The U.S. Government By Nicholas Pace.

IT Security Challenges In Higher Education Steve Schuster Cornell University.

Cloud Computing and Information Policy: Computing in a Policy Cloud? Jimmy Lin The iSchool University of Maryland Thursday, April 2, 2009 This work is.

Cloud Usability Framework

Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.

The Business of Identity Management Barry R. Ribbeck Director Systems Architecture & Infrastructure Rice University

Cloud Computing Stuart Dillon-Roberts. “In the simplest terms, cloud computing means storing & accessing data & programs over the Internet instead of.

LegalTech Asia DATA PRIVACY LAWS UPDATE Edward Chatterton 4 March 2013.

Information Security Training for Management Complying with the HIPAA Security Law.

2015 ANNUAL TRAINING By: Denise Goff

Anonymity, Security, Privacy and Civil Liberties

Understanding the Fair and Accurate Credit Transaction Act, the “Red Flag” Regulations, and their impact on Health Care Providers Raising a “Red Flag”

Andrew Nash Senior Director of Identity Services Topics in Identity and Payments.

For colleges and universities using these slides: If you have any questions regarding the content in these slides, please contact: Clery Center for Security.

Institutional Research Compliance Juliann Tenney, JD Research Compliance and Privacy Officer Director, Institutional Research Compliance Program.

1 Identity and Transparency ( Bridging the GAPS of Governance Bridging the GAPS of Governance in eGov Initiatives in eGov Initiatives )‏ Badri Sriraman.

FTC RED FLAG RULE As many as nine million Americans have their identities stolen each year. Identity thieves may drain their accounts, damage their credit,

AUGUST 25, 2015 Cyber Insurance:

Security considerations for mobile devices in GoRTT

HIT Standards Committee Privacy and Security Workgroup: Initial Reactions Dixie Baker, SAIC Steven Findlay, Consumers Union June 23, 2009.

Computer and Internet privacy (2) University of Palestine University of Palestine Eng. Wisam Zaqoot Eng. Wisam Zaqoot Feb 2011 Feb 2011 ITSS 4201 Internet.

Federated or Not: Secure Identity Management Janemarie Duh Identity Management Systems Architect Chair, Security Working Group ITS, Lafayette College.

HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.

By: Justin Cruz Engl Ms. Deezy. Government?  Government is supposed to protect us but who protects us from the government?  How much control should.

Location, Location, Location: The Emerging Crisis in Wireless Data Privacy Ari Schwartz & Alan Davidson Center for Democracy and Technology

A PRACTICAL GUIDE TO RESPONDING TO A HEALTHCARE DATA SECURITY BREACH May 19, 2011 | State College, PA Matthew H. Meade Stephanie Winer-Schreiber.

Author(s) David A. Wallace and Margaret Hedstrom, 2009 License: Unless otherwise noted, this material is made available under the terms of the Creative.

SIMPLIFYING THE CLOUD – the case for federation Dr. Terry Gray Assoc VP, Technology Strategy University.

Privacy and Free Speech: It's Good for Business Nicole A. Ozer, Esq. Technology and Civil Liberties Policy Director ACLU of Northern California Online.

CIBC Global Services © 2006, Echoworx Corporation Ubiquity of Security Compliance and Content Management Stephen Dodd Director – Enterprise Accounts.

Chapter 8: Search, Privacy, Government, and Evil By: Marissa Gittelman Tuesday, March CPS 49:Google, the Computer Science within and its Impact.

CALENDAR INTEROP UW's View on Objectives, Status & Obstacles 03 June 2010 Terry Gray.

Privacy Act United States Army (Managerial Training)

University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.

A Tale of two Clouds Terry Gray.

Legal, Regulations, Investigations, and Compliance Chapter 9 Part 2 Pages 1006 to 1022.

Facing the challenge of relevance Erwin Bleumink 4 June 2013 TNC13.

Collaborative Working & Best Practice A Seminar by the Public Services Ombudsman for Wales.

Privacy, anonymity and other confusing words Przemek Jaroszewski CERT Polska/NASK.

Welcome to the ICT Department Unit 3_5 Security Policies.

Information Security Program

Cloud Security– an overview Keke Chen

Privacy principles Individual written policies

ETHICAL & SOCIAL IMPACT OF INFORMATION SYSTEMS

Federated Identity Management for Scientific Collaborations

Who Uses Encryption? Module 7 Section 3.

Chapter 1: Information Security Fundamentals

Appropriate Access InCommon Identity Assurance Profiles

HIPAA Privacy and Security Update - 5 Years After Implementation

Getting the Green Light on the Red Flags Rule

Presentation transcript:

COLLABORATION & COMPLIANCE Identity Management meets Risk Management Policy Physics meets Unintended Consequences Terry Gray, PhD Chief Technology Architect & Therapist University of Washington NAAG Identity Panel 15 June 2010

2 WHO, ME ? Rap singer arrested in slaying "Terry Gray did not murder anyone," Alexander said. "They arrested the wrong man. Terry wasn't even in the building when it happened." Accused killer to use an insanity defense Citing a family history of bipolarity and murder, the attorney for accused killer Terry Gray says Gray will rely on an insanity defense.

3 MISTAKEN ID?

Technology Policy

5 CONTEXT: Research Universities Mission: discovery & innovation Means: extreme collaboration – Globally, at scale, crossing many boundaries – Seamless and simple resource sharing Culture: decentralized; diffuse authority – Collections of many independent businesses – A microcosm of “the Internet” “Industry turns ideas into money; Universities turn money into ideas.” --Craig Hogan

IDENTITY ISSUES IN COLLABORATION Multiple Account Madness and role of Federated access – How many credentials? – Single ID: convenience vs. “Single Point of Failure” – Institutional vs. consumer identities Role of identity providers & trust fabrics – Reputational risk – Transitive trust, e.g. Zoho via Google: bug or feature? Contradictions – Access control complexity leads to no access control – The role of anonymity and pseudonyms – Jurisdictions: data location, prevailing law; sunshine states

7 WHAT DO WE FEAR ? “Stolen identities used to buy furniture and tummy tuck, police allege”

WHAT DO WE FEAR ? Individuals - Identity theft and identity errors - Privacy invasion (direct or via correlation and inference) - Undesired disclosure or modification of identity or content - Loss of civil liberties: Unreasonable or incorrect search / seizure - Crippling complexity Institutions - Compliance violations and costs (financial or reputational) - Compliance and opportunity costs / complexity / backlash - Identity or access control errors and their consequences - Undermining the effectiveness of our faculty/staff/students

WHO DO WE FEAR?

Study Shows Targeted Ads Make Users Uneasy * By Terrence Russell * April 10, 2008 “TOTAL INFORMATION AWARENESS” Even without ads, many are worried!

GETTING ON LISTS IS SO EASY… Sen. Kennedy Flagged by No-Fly List By Sara Kehaulani Goo Washington Post Staff Writer Friday, August 20, 2004 U.S. Sen. Edward M. "Ted" Kennedy said yesterday that he was stopped and questioned at airports on the East Coast five times in March because his name appeared on the government's secret "no-fly" list. Computer Glitch caused NY Police to raid wrong house By: Justin McGuire | March 20th, 2010 Here is a shocking incident of insensitivity, an octogenarian couple Walt and Rose Martin who are 83 and 82 respectively, had their house raided an incredible 50 times in the last 8 years leaving them scared and wary of the police. New York Police Department claims that this was caused due to a glitch in the computer.

12 THE ROLE OF FEDERATION & SSO - Helps with “Multiple Account Madness” - Can reduce collaboration friction - Can convey attributes - e.g. OverLegalAge, or first-responder skills - Can reduce data correlation risks - Brings “transitive trust” risks - Crossing organizational policy boundaries - Crossing legal jurisdiction boundaries

WHAT DO WE NEED ? Updated laws for privacy protection HIPAA plus EU “Fair Information Practices” Fundamental right to correct the record 4th Amendment applied to data held by 3rd parties Role for anonymity (whistle-blower, stalker victim, dissident, secret agent) No single points of (identity) failure, nor very high-value targets (cf. RealID) No security theater; unintended consequences (cf. Pre-paid cell registration) Improved identity infrastructure Privacy-preserving (non-correlatable) federated identities Pervasive trust fabrics (e.g. InCommon) IT + Government Partnership

DISCUSSION