1. The Strategy of Using Security to Protect Privacy Peter P. Swire Ohio State University Consultant, Morrison & Foerster, LLP Data Protection Commissioner Conference Montreux, September 14, 2005

2. A Shift In This Talk I provided different materials to the conference last month I provided different materials to the conference last month Today is my 4 th privacy or security conference in Europe in past two weeks Today is my 4 th privacy or security conference in Europe in past two weeks Todays talk focuses on the most important theme from this experience Todays talk focuses on the most important theme from this experience

3. Theme for Today Political challenge to data protection after 9/11 Political challenge to data protection after 9/11 Security often trumps privacy Security often trumps privacy Burkert, Cavoukian & need for strategy and allies Burkert, Cavoukian & need for strategy and allies Theme: need effective, critical examination of proposed security measures Theme: need effective, critical examination of proposed security measures Show when they are bad for security Show when they are bad for security Often an effective way also to protect privacy Often an effective way also to protect privacy Examples here for government access to commercial data Examples here for government access to commercial data

4. Overview My background My background Data retention and its security flaws Data retention and its security flaws Security critiques of other government access to data Security critiques of other government access to data Conclusions Conclusions

5. My Background Now law professor, Ohio State University Now law professor, Ohio State University 1998, None of Your Business book on EU-US data protection & e-commerce 1998, None of Your Business book on EU-US data protection & e-commerce 1999-early 2001, Chief Counselor for Privacy for the Clinton Administration 1999-early 2001, Chief Counselor for Privacy for the Clinton Administration Much work since on many privacy & security issues Much work since on many privacy & security issues www.peterswire.net www.peterswire.net

6. Data Retention Strategy Overall, in addition to privacy, stress Overall, in addition to privacy, stress Cost Cost Security Security Data preservation is likely the best policy outcome Data preservation is likely the best policy outcome Save records where have individualized suspicion Save records where have individualized suspicion Is strict enough for the US Is strict enough for the US Complies with Cybercrime Convention, etc. Complies with Cybercrime Convention, etc.

7. Critiques of Data Retention Data protection argument Data protection argument Data retention is bad, not proportionate Data retention is bad, not proportionate Will lead to many secondary uses Will lead to many secondary uses Familiar cost argument Familiar cost argument High costs to ISPs, etc. High costs to ISPs, etc. Familiar data security argument: Familiar data security argument: Huge databases become targets for future attacks Huge databases become targets for future attacks Security measures for the databases are hard Security measures for the databases are hard

8. Other Threats to Security Security threats to the intelligence & police agencies Security threats to the intelligence & police agencies Risks for all government agencies Risks for all government agencies Their web & email activity will be retained as well! Their web & email activity will be retained as well! Unknown outsiders, in ISP and government agencies elsewhere, can see this data Unknown outsiders, in ISP and government agencies elsewhere, can see this data Invite their CIOs to testify Invite their CIOs to testify Undercover cops & other confidential activity Undercover cops & other confidential activity Data retention of contacts between undercover operatives & their agencies Data retention of contacts between undercover operatives & their agencies Invite these cops to testify Invite these cops to testify

9. A Double Bind If police & intel actions are retained: If police & intel actions are retained: Risk that terrorists, organized crime will target ISPs Risk that terrorists, organized crime will target ISPs New burden of background checks at ISPs New burden of background checks at ISPs Including universities, small ISPsIncluding universities, small ISPs Costs and risks at ISPs go up Costs and risks at ISPs go up If police & intel are not retained: If police & intel are not retained: Would need complex & expensive system to shield these activities from the system Would need complex & expensive system to shield these activities from the system The hole for police would be a hole for others to exploit The hole for police would be a hole for others to exploit Either way, have costs & security risks Either way, have costs & security risks Put burden of persuasion on the other side to explain Put burden of persuasion on the other side to explain

10. Solution on Data Retention Better to use the U.S. approach of data preservation than a data retention regime Better to use the U.S. approach of data preservation than a data retention regime These individualized searches will not expose the police and intel agencies to surveillance by terrorists & organized crime These individualized searches will not expose the police and intel agencies to surveillance by terrorists & organized crime Better for privacy, cost, & security Better for privacy, cost, & security That has been a winning coalition in U.S. That has been a winning coalition in U.S.

11. Security & Other Issues Other current data protection debates Other current data protection debates Biometrics Biometrics RFIDs & other pervasive computing issues RFIDs & other pervasive computing issues Identity theft Identity theft Technical security critiques will reduce the risk of bad systems in these areas Technical security critiques will reduce the risk of bad systems in these areas

12. Conclusion Information Security is clearly part of Data Protection Information Security is clearly part of Data Protection Effective critiques on security are part of the core mission of DPAs Effective critiques on security are part of the core mission of DPAs Pragmatic politics Pragmatic politics Gain allies to critique badly-designed systems Gain allies to critique badly-designed systems Staff within DPAs Staff within DPAs Participation in cybersecurity conferences & activities Participation in cybersecurity conferences & activities

13. Conclusion The critique of security as part of DPA efforts The critique of security as part of DPA efforts No need to abandon traditional efforts No need to abandon traditional efforts The results will be better legal and technical decisions The results will be better legal and technical decisions More secure & efficient systems More secure & efficient systems Better protection of human rights Better protection of human rights A pragmatic strategy to achieve high moral goals A pragmatic strategy to achieve high moral goals

14. Contact Information Professor Peter P. Swire Professor Peter P. Swire Phone: (240) 994-4142 Phone: (240) 994-4142 Email: peter@peterswire.net Email: peter@peterswire.netpeter@peterswire.net Web: www.peterswire.net Web: www.peterswire.netwww.peterswire.net