Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy in the Next Generation Internet Data Protection in the Context of European Union Policy Alberto Escudero-Pascual Royal Institute of Technology.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Privacy in the Next Generation Internet Data Protection in the Context of European Union Policy Alberto Escudero-Pascual Royal Institute of Technology."— Presentation transcript:

1 Privacy in the Next Generation Internet Data Protection in the Context of European Union Policy Alberto Escudero-Pascual Royal Institute of Technology -KTH Sweden

2 Privacy in mobile internet Who? PhD researcher and privacy advocate Where? IT University in the swedish mobile valley What? Location Privacy - Data Protection Policy

3 Location Privacy in a nutshell Someone is somewhere doing something Someone  Identity Management Somewhere  Location Privacy Something  Content Confidentiality

4 Reinventing the wheel? Unobservability Anonymity Untraceability  Identity Management Protection of Personal Identifiable Information Location Privacy Trust and unlinkability

5 Corporate vs policy survival Corporate survival in the information age hinges on the ability of non-technical executives to decipher, understand and harness constant advances in information technology. This century's biggest, boldest players will be those who can change and adapt for survival. Darwin Observer mission

6 Data Protection Technology Neutral Policy Replace old Directives (97/66/EC) No intended to create major changes Adapt and update the existing provisions to “new” and “forseeable” developments in the e-communications services and technologies

7 Data Protection Technology Neutral Policy Not to impose, nor discriminate in favour of, the use of a particular type of technology Ensure that the service is regulated in the same manner Same level of protection regardless of the technology used to deliver a service

8 EU Data Protection Background Written with scenarios in mind. Based on telecommunication services Traditional policies refers to ‘Calls ID’ and ‘Content’ The data is classified in traffic and content Different protections for different type of data

9 Definitions From call to communication Call Is any connection established by means of a publicly available telephone service allowing two-way communication in real time. Communication Any information exchanged or transmitted between a finite number of parties by means of a publicly available electronic communications service

10 Definitions Extending traffic and location data Location data Any data processed in an electronic communication network, indicating the geographical position if the terminal equipment of a user of a publicly available electronic communication service. Traffic data Any data generated and processed in the course of or for the purpose of the transmission of a communication over an electronic communication network. Darwin Observer mission

11 Keep in mind... Technology neutral: The Directive is not talking about Internet Replace 97/66/EC: Definitions and changed or updated to “adapt” a Directive written with scenarios in mind (POTS) Traffic, location and content data: Different protections for different types of data

12 MobileIPv6 Allows a device (mobile node) to move from one place (link) to another without changing the Internet address (IP) Allows a device (mobile node) to inform the home network (home agent) and other devices (correspondents) about the new associated address when roaming (care of address)

13 MobileIPv6 Capability of being always addressable via a static identifier by informing the home agent about the binding between the dynamic and static identifier (HoA - CoA(t)) Correspondent Node Foreign Networks Home Network Mobile Node CoA(t1) CoA(t2)HoA CoA(t3)

14 MobileIPv6 Capability of being addressable via the dynamic identifier by informing the correspondent node of the CoA(t) Correspondent Node Foreign Networks Home Network Mobile Node CoA(t1) CoA(t2)HoA CoA(t3)

15 Mobility/Location Information in IPv6 headers EthernetIPv6 Header ESP TCP | HTTP SOURCE ADDRESS Care-of-address(t) Destination Option Correspondent Node http://www.isoc.org Mobile Node (t1) DEST. ADDRESS www.isoc.org HOME ADDRESS “Content Data” - Care of address (t1) sent as part of the IPv6 Header Source Address - Home address sent as part of the MobileIP Destination Option

16 Mobility/Location Information in IPv6 headers SOURCE ADDRESS Care-of-address(t) Correspondent Node http://www.isoc.org Mobile Node (t1) Mobile Node (t2) DEST. ADDRESS www.isoc.org EthernetIPv6 HeaderMobility Header HOME ADDRESS Care-of-address (t2) SPI “Traffic Data” - Home address sent as part of the MobileIP Destination Option -Care of address (t2) and Home Address sent as part of the IPv6 Mobilty Header

17 Traffic/Content Channels? EthernetIPv6 Header ESP TCP | HTTP SOURCE ADDRESS Care-of-address(t) Destination Option Correspondent Node http://www.isoc.org Mobile Node (t1) Mobile Node (t2) DEST. ADDRESS www.isoc.org HOME ADDRESS EthernetIPv6 HeaderMobility Header HOME ADDRESS Care-of-address (t2) SPI

18 Open issues in mobile privacy From traffic data to content data Content data is considered to be more sensitive than traffic data  higher level of protection Content and traffic data in Internet can only be clearly distinguised when given: - concrete context - item of interest - level of observation Difficult distinction a multi-layered architecture

19 Open issues in mobile privacy From traffic data to content data Scenario MobileIPv6 The application always use the mobile home address (always at home) Bindings (signaling) can be: –Hidden to the application –Rich content information to make location aware decisions

20 Open issues in mobile privacy From traffic data to geographical position Does an IP address indicate the position of a device? What is the Geographic Information Reference System for the Internet? What is the legal definition of geographical position? Is relative position of two devices geographical position ?

21 Open issues in mobile privacy From traffic data to geographical position Changes of CoA(t) can reveal geopraphical proximity of two devices POTS: The calling user has the right to prevent the presentation of Calling-line identification on a per- call basis (EU Data Protection Directive) Are Call IDs geographical position?

22 Conclusions Traditional legal, regulatory and technical provisions were established with traditional technological environments in mind. Traditional classification of data based on the functional channel is no longer valid. Data Protection policies should consider the sensibility of the amount of personal identifiable information of a ’data set’ and not insist in applying traditional powers to new infrastructures.

23 Thanks! http://www.it.kth.se/~aep/publications

Download ppt "Privacy in the Next Generation Internet Data Protection in the Context of European Union Policy Alberto Escudero-Pascual Royal Institute of Technology."

Similar presentations

IPv6 Mobility Support Henrik Petander

IPv6 Mobility Support Henrik Petander
Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)

Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
1 Ports and IPv6. 2 Ports Transmission Control Protocol (TCP) or the User Datagram Protocol (UDP), used for communication Generally speaking, a computer.

1 Ports and IPv6. 2 Ports Transmission Control Protocol (TCP) or the User Datagram Protocol (UDP), used for communication Generally speaking, a computer.
1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.

1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.
IPv6 Multihoming Support in the Mobile Internet Presented by Paul Swenson CMSC 681, Fall 2007 Article by M. Bagnulo et. al. and published in the October.

IPv6 Multihoming Support in the Mobile Internet Presented by Paul Swenson CMSC 681, Fall 2007 Article by M. Bagnulo et. al. and published in the October.
1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.

1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.
Chapter 1: Computer Networks IB 300: Advanced Computer Sciences. Professor: Nabil Elmjati.

Chapter 1: Computer Networks IB 300: Advanced Computer Sciences. Professor: Nabil Elmjati.
COM555: Mobile Technologies Location-Identifier Separation.

COM555: Mobile Technologies Location-Identifier Separation.
LANMAN2002 Stockholm. Sweden Privacy Enhanced Architecture for Location Based Services (PE-LBS) Alberto Escudero-Pascual Royal Institute of Technology.

LANMAN2002 Stockholm. Sweden Privacy Enhanced Architecture for Location Based Services (PE-LBS) Alberto Escudero-Pascual Royal Institute of Technology.
NISNet Winter School Finse 2008 1 Internet & Web Security Case Study 2: Mobile IPv6 security Dieter Gollmann Hamburg University of Technology

NISNet Winter School Finse Internet & Web Security Case Study 2: Mobile IPv6 security Dieter Gollmann Hamburg University of Technology
Privacy Extensions for Stateless Address Autoconfiguration in IPv6 Requirements for unobservability Alberto Escudero-Pascual TSLab - IMIT Royal Institute.

Privacy Extensions for Stateless Address Autoconfiguration in IPv6 "Requirements for unobservability" Alberto Escudero-Pascual TSLab - IMIT Royal Institute.
MOBILITY SUPPORT IN IPv6

MOBILITY SUPPORT IN IPv6
Q.Int_speed_test Draft Recommendation Eva Ibarrola SG11 Q15 Acting Rapporteur JCA-CIT meeting (electronic meeting)

Q.Int_speed_test Draft Recommendation Eva Ibarrola SG11 Q15 Acting Rapporteur JCA-CIT meeting (electronic meeting)
IP Mobility Support Basic idea of IP mobility management o understand the issues of network-layer mobility support in IP network o understand the basic.

IP Mobility Support Basic idea of IP mobility management o understand the issues of network-layer mobility support in IP network o understand the basic.
Interconnection and Regulation of IP-Networks Ass. Sven Tschoepe, LL.M 15/5/04 ITS 15th Biennial Conference Berlin, Germany September, 4-7 2004 Internationalisation.

Interconnection and Regulation of IP-Networks Ass. Sven Tschoepe, LL.M 15/5/04 ITS 15th Biennial Conference Berlin, Germany September, Internationalisation.
Institute of Technology, Sligo Dept of Computing Semester 3, version 2.1.3 Semester 3 Chapter 3 VLANs.

Institute of Technology, Sligo Dept of Computing Semester 3, version Semester 3 Chapter 3 VLANs.
IEEE Wireless LAN Standard

IEEE Wireless LAN Standard
Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005

Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005
Lawyer at the Brussels Bar Lecturer at the University of Strasbourg Assistant at the University of Brussels Data Protection & Electronic Communications.

Lawyer at the Brussels Bar Lecturer at the University of Strasbourg Assistant at the University of Brussels Data Protection & Electronic Communications.
Final Exam Part 1. Internet Regulation Internet regulation according to internet society states that it is about restricting or controlling certain pieces.

Final Exam Part 1. Internet Regulation Internet regulation according to internet society states that it is about restricting or controlling certain pieces.

Similar presentations

Ads by Google