1. CABA Forum: Privacy and Trust Wednesday, April 2, 2014 Washington DC CONNECTED HOME TRACK - HOW WILL ORGANIZATIONS MEET CONSUMER DEMANDS FOR PRIVACY AND TRUST?

2. Session Overview Learn from industry leaders what action organizations should take when it comes to consumer privacy and trust. Organizations that understand the real and perceived consumer concerns over cybersecurity will be better positioned to develop the right products and services. Hear about strategies to deal with negative media and publicity. Most importantly attendees will learn about developing the right messaging and marketing to increase consumer trust and sales.

3. Panel Moderator: Michelle Chibba, Director, Policy and Special Projects, Office of the Information and Privacy Commissioner of Ontario Canada (IPC) – Panelists: Sumanth Channabasappa, Director of Innovation, Network Technologies Team, CableLabs Jonathan Cluts, Director of the Consumer Prototyping and Strategy Team, Microsoft Christopher Martin, Senior Manager, Bosch Charles McParland, Computer Scientist, Lawrence Berkeley National Lab

4. Information privacy refers to the right or ability of individuals to exercise control over the collection, use and disclosure by others of their personal information Personally-identifiable information (“PII”) can be biographical, biological, genealogical, historical, transactional, locational, relational, computational, vocational or reputational, and is the stuff that makes up our modern identity Privacy is contextual Where there is no reasonable possibility of identifying a specific individual, either directly, indirectly, through manipulation or linkage of information, there is no privacy issue. Privacy 101

5. Privacy requires Security but Security ≠ Privacy

6. Data Assets = Data Risks and Liabilities Threats to Privacy. misuse of data. function creep. unauthorized data linkage. false positives. inaccurate data. unauthorized disclosure

7. Privacy in an Interconnected Home The Supreme Court has repeatedly held that people have heightened privacy interests in what happens within their home—even over information that is technologically observable by others. We have “Peeping Tom” laws for the same reason— just because someone has a means to watch what you’re doing in the home doesn’t mean they should. Smart devices have the potential to do amazing things for consumers—smart, automated cars cannot get here fast enough—but it’s paternalistic to assert that those smart devices must be allowed to secretly surveil consumers without understanding them or contrary to their wishes. Justin Brookman, Director of Consumer Privacy, Center for Democracy & Technology (CDT) (in IAPP Newsletter, November 2013.)

8. Smart TVs The key problem was "incompetence“ -- "Somebody thought it was a good idea to build these TVs with all these features and nobody ever said 'maybe we need some security people on the design team to make sure we don’t have a problem', much less 'maybe all this data flowing from the TV to us constitutes a massive violation of our customers’ privacy that will land us in legal hot water'. The deep issue here is that it’s relatively easy to build something that works, but it’s significantly harder to build something that’s secure and respects privacy.“ Dan Wallach, Princeton University Centre for Information Technology Policy (The Guardian, November 2013)

9. Personal information must be managed responsibly. When it is not, accountability is undermined and confidence/trust in the enterprise is eroded. 43% do not trust companies with their personal information 89% avoid doing business with companies where they have privacy concerns 94% of U.S. consumers want control over who can collect their personal information and who can track them online Source: 2013 U.S. Consumer Privacy Confidence Privacy Report, Truste

10. The Golden Rules Fair Information Practices Why are you asking? -Collection, purpose specification How will the information be used? -Primary purpose, use limitation Any additional secondary uses? -Notice and consent, prohibition against unauthorized disclosure Who will be able to see my information? -Restricted access from unauthorized third parties FTC Privacy Framework: 3 Pillars -Privacy by Design -Simplified Consumer Choice -Transparency

11. Resources Guidelines for Security Considerations that applies in general to architecture http://www.ietf.org/rfc/rfc3552.txt http://www.ietf.org/rfc/rfc3552.txt Privacy Considerations for Internet Protocols http://tools.ietf.org/html/rfc6973 http://tools.ietf.org/html/rfc6973 CableLabs SMA Specification, now archived, as an example http://cablelabs.com/specification/packetcable-security-monitoring-and- automation-signaling-specification/ http://cablelabs.com/specification/packetcable-security-monitoring-and- automation-signaling-specification/ FTC. Protecting Consumer Privacy in an Era of Rapid Change (http://www.ftc.gov/sites/default/files/documents/reports/federal-trade- commission-report-protecting-consumer-privacy-era-rapid-change- recommendations/120326privacyreport.pdf )http://www.ftc.gov/sites/default/files/documents/reports/federal-trade- commission-report-protecting-consumer-privacy-era-rapid-change- recommendations/120326privacyreport.pdf PbD principles ( 7 Foundational Principles of Privacy by Design ) 7 Foundational Principles of Privacy by Design PbD: Achieving the Gold Standard in Data Protection for the Smart Grid (http://www.ipc.on.ca/images/Resources/achieve-goldstnd.pdf)http://www.ipc.on.ca/images/Resources/achieve-goldstnd.pdf Security by Design: An Enterprise Architecture Approach (http://www.ipc.on.ca/images/Resources/pbd-privacy-and-security-by- design-oracle.pdf)http://www.ipc.on.ca/images/Resources/pbd-privacy-and-security-by- design-oracle.pdf

12. Building Privacy into Mobile location analytics (MLA) Through Privacy by Design (http://www.ipc.on.ca/images/Resources/pbd-mla.pdf)http://www.ipc.on.ca/images/Resources/pbd-mla.pdf Sensors and In-home Collectionof Health Data http://www.ipc.on.ca/images/Resources/pbd-sensor-in-home.pdf http://www.ipc.on.ca/images/Resources/pbd-sensor-in-home.pdf Wi-Fi Positioning Systems: Beware of Unintended Consequences (http://www.ipc.on.ca/images/Resources/wi-fi.pdf)http://www.ipc.on.ca/images/Resources/wi-fi.pdf Mobile Near Field Communications (NFC) “Tap ‘n Go Keep it Secure and Private (http://www.ipc.on.ca/English/Resources/Discussion- Papers/Discussion-Papers-Summary/?id=1136)http://www.ipc.on.ca/English/Resources/Discussion- Papers/Discussion-Papers-Summary/?id=1136 Wireless communications fact sheet (http://www.ipc.on.ca/English/Resources/Educational- Material/Educational-Material-Summary/?id=645)http://www.ipc.on.ca/English/Resources/Educational- Material/Educational-Material-Summary/?id=645 Resources (cont’d)