Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 The interplay of stopping computer crime while protecting privacy Svein Yngvar Willassen Department of Telematics, Norwegian University of Science and.

Published byGabriel Gregory Modified over 9 years ago

Similar presentations

Presentation on theme: "1 The interplay of stopping computer crime while protecting privacy Svein Yngvar Willassen Department of Telematics, Norwegian University of Science and."— Presentation transcript:

1 1 The interplay of stopping computer crime while protecting privacy Svein Yngvar Willassen Department of Telematics, Norwegian University of Science and Technology

2 2 It is already far too late to prevent the invasion of cameras and databases. The djinn cannot be crammed back into its bottle. No matter how many laws are passed, it will prove quite impossible to legislate away the new surveillance tools and databases. They are here to stay. Accountability is the one fundamental ingredient on which liberty thrives. Without the accountability that derives from openness -- enforceable upon even the mightiest individuals and institutions -- how can freedom survive? D. Brin, The transparent society, 1998

3 3 Definitions: Privacy Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others. A. Westin, Privacy and Freedom, 1967

4 4 Definitions: Computer Crime A crime in which a computer was directly and significantly instrumental J. Taber, One Computer Crime, Computer Law Journal, 1979 Action directed against the confidentiality, integrity and availability of computer systems, networks and computer data as well as misuse of such systems, network and data Preamble, Council of Europe Cybercrime Convention, Budapest 2001

5 5 Consequence of Definitions Computer crime is a threat against computers and the information stored therein. The rightful owners of information are thereby deprived of their ability to decide for themselves how this information is spread to others. Computer crime is harmful to privacy. Stopping Computer Crime is Preserving Privacy! 3

6 6 Protecting Privacy from Computer Crime, Options - Protect - Protect, detect and stop - Protect, detect, stop and investigate - Don’t use computers - Protect, detect, stop, investigate and prosecute 4

7 7 Event Data Stored Retained Presented Seized Investigated Reported Relied on Information flow Detection and investigation of Computer Crime must be based on information about the occurred events. Detection, investigation and prosecution relies on information (evidence) distilled from the pool of data that has been recorded about the events that occured.

8 8 Event Data Stored Retained Presented Seized Investigated Reported Relied on Information flow

9 9 Event Data Stored Retained Presented Seized Investigated Reported Relied on Information flow The amount of information available in each step is determined by various considerations, among them privacy: - by regulations (statutory requirements, recommendations, standards) - by policy This affects the outcome of the investigation and prosecution. Terminology from [Breaux, Anton et.al 2007]

10 10 Event Data Stored Retained Presented Seized Investigated Reported Relied on Event Data generation Data about occurring events is generated on computers involved in the occurring events. End users may use Privacy Enhancing Technologies to control the visibility of the event information to others.

11 11 Event Data Stored Retained Presented Seized Investigated Reported Relied on Event Data generation Anonymization: - Decouples the event data from an individual, so attribution becomes impossible. - Enhances privacy but reduces the investigative value of the data - Examples of statutory provisions outlawing anonymization.

12 12 Event Data Stored Retained Presented Seized Investigated Reported Relied on Event Data generation Encryption: - Hides data content from anyone not in possession of a key. - Enhances privacy but reduces the investigative value of the data - Examples of government efforts to prevent effective encryption for investigative reasons

13 13 Event Data Stored Retained Presented Seized Investigated Reported Relied on Storage/Retention Storage and retention of event data is to a very little extent determined by users themselves: - Local storage/retention determined by applications and operating systems - Event data is retained on computers controlled by others than the end user

14 14 Event Data Stored Retained Presented Seized Investigated Reported Relied on Storage/Retention Privacy provisions: - Provisions that do not allow data processors to store data without “informed consent” from the data owner. (Directive 95/46/EC) - Example: Logs of internet usage shall not be stored or retained unless needed for invoicing. (Effectively anonymization)

15 15 Event Data Stored Retained Presented Seized Investigated Reported Relied on Storage/Retention Storage/retention requirements: - Provisions that require the storage and retention of specific types of data. - Example: Financial accounts - Example: EU Directive on Data Retention 4

16 16 Event Data Stored Retained Presented Seized Investigated Reported Relied on Seizure - Seizure of data for investigation purposes is in most jurisdictions restricted to crimes of a certain seriousness - Must be decided by an independent party (court) after having reviewed the information that leads to the seizure request. - Protect the privacy of third parties as well as the accused in cases where the suspicion is too weak. 5

17 17 Event Data Stored Retained Presented Seized Investigated Reported Relied on Investigation Investigation aims at extracting the information of interest in the case from the seized data. (Evidence) Provisions may disallow investigation of certain material for privacy reasons: - Records from certain professions such as lawyers, physicians - Trade secrets 6

18 18 Event Data Stored Retained Presented Seized Investigated Reported Relied on Reporting/Presentation The investigator includes in his report what he finds relevant to the case. The results may be presented in public hearings. Thus, details never meant for the public will be publicly disclosed. This has privacy implications for those involved in the case.

19 19 Event Data Stored Retained Presented Seized Investigated Reported Relied on Evidence relied on by fact finder A fact finder (court) is obliged to comply with statutory requirements. - Evidence admissibility - Unlawfully acquired evidence 7

20 20 Event Data Stored Retained Presented Seized Investigated Reported Relied on Investigation / Privacy The investigation process is harmful for privacy - Details about individuals will be publicly revealed without consent - The process is to a large extent outside of control by the individual

21 21 Event Data Stored Retained Presented Seized Investigated Reported Relied on Investigation / Privacy Computer crime is even more harmful for privacy - Investigating and prosecuting crimes prevents crime harmful to privacy. - Legal protection should limit the privacy harm done by investigations, at least to third persons. - Do perpetrators have an expectation of privacy?

22 22 The interplay of stopping computer crime while protecting privacy Svein Yngvar Willassen Department of Telematics, Norwegian University of Science and Technology

23 23 A proposed middle ground - Separate knowledge of behavior from knowledge of identity - Privacy is only compromised by knowledge of both behavior and identity - Proposed default rule: knowledge of behavior is visible but knowledge of identify is concealed, and will only be revealed under legal procedures. - Correspond to the Internet (with data retention) C. Demchak, K. Fenstermacher, Balancing Security and Privacy in the 21st century, 2004

Download ppt "1 The interplay of stopping computer crime while protecting privacy Svein Yngvar Willassen Department of Telematics, Norwegian University of Science and."

Similar presentations

TECHNO-TONOMY Privacy & Autonomy in a Networked World Learning Module 2: Legislating Privacy: Your Rights.

TECHNO-TONOMY Privacy & Autonomy in a Networked World Learning Module 2: Legislating Privacy: Your Rights.
Institutional Telecomms and Computer Network Monitoring Andrew Charlesworth University of Bristol 10 June 2002.

Institutional Telecomms and Computer Network Monitoring Andrew Charlesworth University of Bristol 10 June 2002.
ISRCL- Young Lawyers Anthony Gett Barrister & Senior Legal Officer Commonwealth Director of Public Prosecutions (Australia)

ISRCL- Young Lawyers Anthony Gett Barrister & Senior Legal Officer Commonwealth Director of Public Prosecutions (Australia)
I.D. Theft Alaska’s New Protection of Personal Information Act Ed Sniffen Senior Assistant Attorney General Alaska Department of Law.

I.D. Theft Alaska’s New Protection of Personal Information Act Ed Sniffen Senior Assistant Attorney General Alaska Department of Law.
CIPA Update. FOR SCHOOLS – By July 1, 2012, amend your existing Internet safety policy (if you have not already done so) to provide for the education.

CIPA Update. FOR SCHOOLS – By July 1, 2012, amend your existing Internet safety policy (if you have not already done so) to provide for the education.
Workshop on Harmonizing Cyberlaw in the ECOWAS region ( Procedural Law in the Budapest Convention ) Ghana, Accra 17 – 21 March 2014, Kofi Annan International.

Workshop on Harmonizing Cyberlaw in the ECOWAS region ( Procedural Law in the Budapest Convention ) Ghana, Accra 17 – 21 March 2014, Kofi Annan International.
Jurisdictional issues and international co-operation in combating cybercrime Anne Flanagan Institute for Computer and Communications Law Centre for Commercial.

Jurisdictional issues and international co-operation in combating cybercrime Anne Flanagan Institute for Computer and Communications Law Centre for Commercial.
EXAMINING CYBER/COMPUTER LAW BUSINESS LAW. EXPLAIN CYBER LAW AND THE VARIOUS TYPES OF CYBER CRIMES.

EXAMINING CYBER/COMPUTER LAW BUSINESS LAW. EXPLAIN CYBER LAW AND THE VARIOUS TYPES OF CYBER CRIMES.
BC Freedom of Information and Protection of Privacy Act

BC Freedom of Information and Protection of Privacy Act
Data Protection and Records Management

Data Protection and Records Management
Data Retention LIS 550 Winter 2010 Unsworth Tuesday, March 02, 2010.

Data Retention LIS 550 Winter 2010 Unsworth Tuesday, March 02, 2010.
Developing a Records & Information Retention & Disposition Program:

Developing a Records & Information Retention & Disposition Program:
EU: Bilateral Agreements of Member States

EU: Bilateral Agreements of Member States
Privacy and Sensor Networks: Do Sensor Networks fit with Fair Information Practices Deirdre K. Mulligan Acting Clinical Professor of Law Director, Samuelson.

Privacy and Sensor Networks: Do Sensor Networks fit with Fair Information Practices Deirdre K. Mulligan Acting Clinical Professor of Law Director, Samuelson.
Privacy and security: Is Europe going banana? Jean-Marc Van Gyseghem Head of Unit « Liberties in the information society » CRID – University.

Privacy and security: Is Europe going banana? Jean-Marc Van Gyseghem Head of Unit « Liberties in the information society » CRID – University.
EU: Bilateral Agreements of Member States. Formerly concluded international agreements of Member States with third countries Article 351 TFEU The rights.

EU: Bilateral Agreements of Member States. Formerly concluded international agreements of Member States with third countries Article 351 TFEU The rights.
Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.

Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.
Text Privacy and Data Protection in Sweden Christine Kirchberger.

Text Privacy and Data Protection in Sweden Christine Kirchberger.
The Growth of Dual-Use Bioethics Lecture No.13 Further Inf. For further information and video link please click on the right buttons in the following slides.

The Growth of Dual-Use Bioethics Lecture No.13 Further Inf. For further information and video link please click on the right buttons in the following slides.
Transparency in Public Administration – FOI and EIR

Transparency in Public Administration – FOI and EIR

Similar presentations

Ads by Google