Presentation is loading. Please wait.

Presentation is loading. Please wait.

Starting the debate about privacy Borka Jerman-Blažič EIFFEL TT Meeting, Louvain La Neuve, March 9, 2010.

Published byMoris McBride Modified over 9 years ago

Similar presentations

Presentation on theme: "Starting the debate about privacy Borka Jerman-Blažič EIFFEL TT Meeting, Louvain La Neuve, March 9, 2010."— Presentation transcript:

1 Starting the debate about privacy Borka Jerman-Blažič EIFFEL TT Meeting, Louvain La Neuve, March 9, 2010

2 Privacy in the 21st century What can be considred as a“PRIVACY” in an era of : – pervasive computing – ubiquitous networks and – mobile devices which always know where you are by design?

3 Privacy in the information age …… Social attitudes towards privacy have changed as popular assumption is that privacy has been already irrevocably eroded? The CEO of Sun Microsystems was widely quoted as saying "You have zero privacy anyway. Get over it."

4 In search for definition: some traditional understanding…. “The right to be left alone – the most comprehensive of rights, and the right most valued by – men”, Judge Brandeis, the case Olmstead against the state, U.S in 1928. The definition of privacy according to Ross Anderson: “Ability and/or right to protect our personal secrets, the ability and/or right to prevent invading our personal space“. Is this still applicable? What is personal space in the information age?

5 In search of definition …..some attributes According to Anderson: a person has privacy when two factors are in place: she/he must have ability to control information about her/him/self, She/he must exercise that control consistent with her/his values. Is this possible today at all? Can we practice?

6 ….yet another definition Alan Westin (Columbia University, 1967): “The right of individuals, groups and institutions to determine for themselves, when, how and to what extent information about them is communicated to others“ However, Echelon, Carnivore, web crawlers, iPhones ect. are information age tools that break all known rules for privacy. Have you met some “carnivors”? ? ? ? ? ? ? ?

7 Multiple levels of review relaxed by the 11. September events Source IITRI report

8 Few technical issues Source code of Carnivore has not been released. Commercial code can not be released “Hackers” will discover vulnerabilities (?) Title 18 USC 2512 prohibits possession of devices designed to eavesdrop other people. However, lawful Interception in real time (minimum post-processing and pre-retention) is still difficult.

9 Attempt to list the most known privacy risks  Data disclosure (e.g. personal data)  Identity disclosure and theft  User profiling – Data on the Web is collected silently, data from many sources may be merged (Myface postings, Web discussion contributions, mailing lists, Web server log files, domain ownership records, ISP traces) – Unsolicited marketing, – Price discrimination (offering cheaper stuff according to some criteria) The insider attack or malfunctioning (lack of technical expertise and responsability (e.g medical environment) Monitoring and Surveillance – Address disclosure Location disclosure, Service access disclosure (is an IP personal data?), Authorisation privacy risks (who controls and what is being controlled)

10 PREVENT by ISPs, SP, users, companies … PROSECUTE by law enforcement NETWORK & INFO SECURITY CYBERCRIME & TERRORISM PRIVACY AND DATA PROTECTION Intrusion Data retention Hacking ID theft PROTECT people, companies … The problem is multidimensional who, what and why???

11 …but we may agree on: That privacy provision is a cross-section problem: between technologies that are implemented across the world and the law(s) and directive(s) implemented by regions. It is certainly multi-dimensional Must be treated with a holistic approach and the social attitudes and the regulations are changing with the time. ? ? ? ? ? ? ? ? ? ? ?

12 Some privacy well known concepts Are they in place? Anonymity Pseudonymity Unlinkability Unobservability

13 Privacy and Law Legislation is adopted and applied in particular country or region What privacy provision law will apply to terrestrial/satellite networks? Or to a ship in international waters providing services? In EU we have Directives but no coherent model of sanctions and law enforcement is different in each country

14 Privacy and law:EU EU Directive on Data Protection, 95/46/EC Protection of individuals with regard to the processing of personal data and the free movement of such data outside EU EU Directive on Privacy and Electronic Communications 2002/58/EC Protection of privacy in the electronic communication sector

15 Privacy and law: EU EU Directive 2006/24/EC Data protection and data security Public consultation, EU DG Freedom, Security and Justice (7th July – 31st December, 2009) on Privacy challenges: advanced technologies, effective legal frameworks and active responsibility Madrid resolution, November 2009, - a Draft of International Standard on the Protection of Privacy of processing personal data

16 EU 46: protection of personal data European Directive 1996/46/EC introduced legal rules for processing of personal data 1.data quality 2.lawful purpose 3.stricter rules for special categories of data 4.information 5.minimum security level required 6.export rules (e.g. Safe harbours) 7.Supervision 8.Terms: controler and processor - definition of their roles and tasks

17 EU 58:privacy, security and data European Directive 2002/58/EC introduced new rules on the subject addressing: 1.general security 2.confidentialiy 3.cookies 4.traffic data 5.location data 6.directories 7.unsolicited mail 8.data retention

18 Privacy and law: other countries outside EU Canada: The Personal Information Protection and Electronic Documents Act, 2000 U.S, GLB Act, Gracham,Leach,Bliley –personal data given to financial service providers U.S, HIPAA, Health Insurance Portability and Accountability Act U.S, COPPA, Children on line privacy protection

19 EU Privacy Law: implementation in EU members France, security measures “a must” for data protection, authorization for processing must be given by CNIL – Commission Nationale de L˝Informatique et des libertes Belgium, very complicated, monitoring if the companies are taking measures for data protection during processing ect. Spain, the Data Protection Agency is providing guides for security measures

20 EU Privacy Law: implementation in EU members U.K, - no inforcement of measures on companies when processing personal data, apart from requirement from written processing agreement Slovenia, similar approch, strong protection on personal data (Law and ombdusman) Portugal, Agency set up but no Data Protection ACT Italy, Decree 196 (the code) from June 2003, requires security measures and Security Policy Document

21 Anyhow …. “Now and then an innocent man/woman is sent to the legislature.” – Kin Hubbard

22 ….. but the privacy problem is still on the table: we miss user friendly interface for privacy policy specification (PET are they in place?) automatization and enhanced bilateral (end-to-end) negotiation process relevant for entire privacy (nodes, end systems) user ontology based privacy policy negotiation protection of ID management privacy by design (architecture of FI) trust in processing (credibility, efficiency) – Who controls, what is being controlled and why is being controlled.

23 Funded EU projects with focus on the privacy FIDIS(2004 - 2009), FP6 (The Future of Identity in the Information Society) Shaping the requirements for the future management of identity in the European Information Society Contributing to the technologies and infrastructures needed Link: http://www.calt.insead.edu/Project/Fidis/http://www.calt.insead.edu/Project/Fidis/

24 Privacy relevant EU projects PRIME (Privacy and Identity Management for Europe, http://www.prime-project.eu.org/) FIDIS (Future of Identity in the Information Society, http://www.fidis.net/) DAIDALOS (Designing Advanced network Interfaces for the Delivery and Administration of Location independent, Optimised personal Services, http://www.ist- daidalos.org/) REWERSE (Reasoning on the Web with Rules and Semantics, http://rewerse.net/) PISA (Privacy Incorporated Software Agent, http://www.pet-pisa.nl) RAPID (Roadmap for Advanced Research in Privacy and Identity Management, http://www.ra-pid.org) ELENA (Creating a Smart Space for Learning, http://www.elena-project.org/)

25 Privacy relevant EU projects REWERSE(2004 - 2008), FP6 (Reasoning on the Web with Rules and Semantics) Rule-based Policy specification semantics XACML standard with the aforementioned advanced features Reasoning languages for the Web by networking and structuring a scientific community Link: http://rewerse.net/http://rewerse.net/

26 Privacy relevant EU projects PRIME(2004 – 2008), FP6 (Privacy and Identity Management for Europe) Research issues of digital identity management Research of privacy in the information society Users can act securely and safely in the Information Society while keeping sovereignty of their private sphere Link: http://www.prime-project.eu.org/http://www.prime-project.eu.org/ NOT THE END!!, FP7 not yet included!

Download ppt "Starting the debate about privacy Borka Jerman-Blažič EIFFEL TT Meeting, Louvain La Neuve, March 9, 2010."

Similar presentations

THE EUROPEAN GENERAL PRODUCT SAFETY NETWORK Erik Hansson DG Health and Consumer Protection European Commission.

THE EUROPEAN GENERAL PRODUCT SAFETY NETWORK Erik Hansson DG Health and Consumer Protection European Commission.
1 Enforcement Powers of National Data Protection Authorities and Experience gained of the Data Protection Directive Safe Harbour Conference Washington.

1 Enforcement Powers of National Data Protection Authorities and Experience gained of the Data Protection Directive Safe Harbour Conference Washington.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.

Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.
Eneken Tikk // EST. Importance of Legal Framework  Law takes the principle of territoriality as point of departure;  Cyber security tools and targets.

Eneken Tikk // EST. Importance of Legal Framework  Law takes the principle of territoriality as point of departure;  Cyber security tools and targets.
Policy recommendations for wider implementation of telemedicine Peeter Ross, MD, PhD e-Health expert, Estonian eHealth Foundation, Estonia.

Policy recommendations for wider implementation of telemedicine Peeter Ross, MD, PhD e-Health expert, Estonian eHealth Foundation, Estonia.
Scoping study for Improving Transparency through Citizen Charters in Serbia Transparency Serbia Presentation September 27 th 2010.

Scoping study for Improving Transparency through Citizen Charters in Serbia Transparency Serbia Presentation September 27 th 2010.
1 Reform of the EU regulatory framework for electronic communications What it means for Access to Emergency Services Reform of the EU regulatory framework.

1 Reform of the EU regulatory framework for electronic communications What it means for Access to Emergency Services Reform of the EU regulatory framework.
Privacy and security: Is Europe going banana? Jean-Marc Van Gyseghem Head of Unit « Liberties in the information society » CRID – University.

Privacy and security: Is Europe going banana? Jean-Marc Van Gyseghem Head of Unit « Liberties in the information society » CRID – University.
Lecture to Carleton University, Center for European Studies, December 1, 2010.

Lecture to Carleton University, Center for European Studies, December 1, 2010.
Cloud Usability Framework

Cloud Usability Framework
A European View of Privacy Protection John Woulds Director of Operations UK Data Protection Commissioner National Conference on Privacy, Technology & Criminal.

A European View of Privacy Protection John Woulds Director of Operations UK Data Protection Commissioner National Conference on Privacy, Technology & Criminal.
Network security policy: best practices

Network security policy: best practices
Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Class 13 Internet Privacy Law European Privacy.

Class 13 Internet Privacy Law European Privacy.
April 2, 2013 Longitudinal Data system Governance: Status Report Alan Phillips Deputy Director, Fiscal Affairs, Budgeting and IT Illinois Board of Higher.

April 2, 2013 Longitudinal Data system Governance: Status Report Alan Phillips Deputy Director, Fiscal Affairs, Budgeting and IT Illinois Board of Higher.
Lawyer at the Brussels Bar Lecturer at the University of Strasbourg Assistant at the University of Brussels Data Protection & Electronic Communications.

Lawyer at the Brussels Bar Lecturer at the University of Strasbourg Assistant at the University of Brussels Data Protection & Electronic Communications.
Final Exam Part 1. Internet Regulation Internet regulation according to internet society states that it is about restricting or controlling certain pieces.

Final Exam Part 1. Internet Regulation Internet regulation according to internet society states that it is about restricting or controlling certain pieces.
EU cooperation, EU projects and their implications Simone Fischer-Hübner Karlstad University.

EU cooperation, EU projects and their implications Simone Fischer-Hübner Karlstad University.
The Social Context of Computing Foundation Computing Never underestimate the power of human stupidity.

The Social Context of Computing Foundation Computing Never underestimate the power of human stupidity.

Similar presentations

Ads by Google