Presentation is loading. Please wait.

Presentation is loading. Please wait.

PRIVACY BY DESIGN FOR PUBLIC / PRIVATE PARTNERSHIPS FOR SECURITY EU FP7 TACTICS CCR Summit 2015, September 30t h 2015.

Similar presentations


Presentation on theme: "PRIVACY BY DESIGN FOR PUBLIC / PRIVATE PARTNERSHIPS FOR SECURITY EU FP7 TACTICS CCR Summit 2015, September 30t h 2015."— Presentation transcript:

1 PRIVACY BY DESIGN FOR PUBLIC / PRIVATE PARTNERSHIPS FOR SECURITY EU FP7 TACTICS CCR Summit 2015, September 30t h 2015

2 2 Changing world From growth to transformation: smart cities and smart hubs Increasing relevance of online private domains Boundless risk Resource sharing with the expectation of lower costs and increased effectiveness (e.g. faster response)

3 3 Participative risk management Cooperation is required for effective and efficient risk management, including resilience E.g. counter terrorism: information about: Threat: secret service Asset: critical infrastructure (public and private) Vulnerability: private security industry Security measures: private owner, private security firm and police force

4 4 Boundless risk Infrastructure becomes global Cascading effects do not stop at country borders Knowledge about vulnerabilities spreads globally instantaneously Security requires cooperation between a number of governance levels Threats are no longer bound to country borders: Epidemics Organised crime Migration Financial crisis Climate Cyber crime Terrorism

5 5 Public private partnerships LiveView SecureLane Criminee Sight International Zone

6 6 However… PNR data from airlines? Google, Apple, Facebook were hacked by NSA? Citizens start to protect themselves from legitimate surveillance The use of a radar detector to detect speed traps is illegal. Should encryption become illegal? Companies are implementing privacy by design (?) and will be obliged to do so in the future

7 7 Privacy invading activities

8 8

9 9 Privacy invading activities in a system-of- systems context

10 10 Privacy invading activities in a system-of- systems context

11 11 Why do private parties do this? They want to stay in business … but they also want to cooperate with the law, and they do see that it is ethical to help protect against serious threats This is what privacy advocates actually mean when they say “hacking of private parties by the NSA leads to an Orwellian society”: how can business operate if there are (secret) laws directly hurting their core business?

12 12 Privacy invading activities in a system-of- systems context

13 13 Chain of trust is a house of cards

14 14 Chain of trust is a house of cards

15 15 Typical levels of “cooperation” for security public private partnerships Voluntary information sharing (company has a business interest in sharing data, typically also in the interest of the data subject) Forced information sharing (company is liable if they do not push relevant data, typically not in the interest of the data subject) Forced information collection (police takes what they need, irrespective of interest of data subject) Spying (NSA hacks, irrespective of interest of data subject)

16 16 The question is … … which framework would allow for effective surveillance to counter crime and terrorist attacks while restoring and upholding trust of the respective data subjects in the owners of critical infrastructure and urban objects?

17 17 Privacy by design for contemporary surveillance The principle of ‘Privacy by Design’ envisions that privacy and data protective measures are operative throughout the entire life cycle of technologies: from the early design stage to their deployment, use and ultimate disposal. This is done by applying a design process that covers all life cycle stages and by applying privacy and data protection design patterns which are well understood and are the known best-practice for the particular purpose they are used for, and domain they are used in. The resulting design documents and systems should limit all the privacy invading activities to the minimum according to the foundational principles of privacy by design. The purpose of applying privacy by design to an engineering process is to build and keep trust from data subjects in the new system with regard to the protection of their privacy

18 18 TACTICS is the least invasive approach  Clear scope and goals;  Transparency where possible;  No duplicates of existing data collection resources;  Additional security measures only when needed, and no longer;  Focus on deviant behaviour means that normal behaviour can continue;  Privacy by Design

19 19 Four offers  High tech research in privacy enhancing technologies (PET)  improve the palette of available options to industrial and (internal public) suppliers of security measures  The development of such technologies with industry and end users into products and services  improve the palette of available options to effectively mitigate privacy risk  Creating the conditions for validation of innovations  proper appreciation on effectiveness, efficiency and other KPI’s  Changing the way government (co)operates  more support for effective security measures

20 20 Consortium TNO (Research) RAND Europe (Research) KLPD (Dutch police) PRIO (Peace institute) ITTI (SME) Lero@TCD (University) ISCA (SME) UPV (University) Fraunhofer (Research) KMar (Ministry of Defense) MPH (company)

21 21 Contact info@fp7-tactics.euhttp://www.fp7-tactics.eu/

22 THANK YOU FOR YOUR ATTENTION QUESTIONS?


Download ppt "PRIVACY BY DESIGN FOR PUBLIC / PRIVATE PARTNERSHIPS FOR SECURITY EU FP7 TACTICS CCR Summit 2015, September 30t h 2015."

Similar presentations


Ads by Google