Title: Workshop on the Relationship between Privacy and Security Marc Wilikens Joint Research Centre Instit
1Workshop on the Relationship between Privacy
and Security Marc WilikensJoint Research
Centre Institute for the Protection and Security
of the CitizenCybersecurity Carnegie Mellon
University 29-30 May, 2002
2Joint Research Centre
- EU-funded multi-disciplinary RD
- Institute for the Protection and Security of the
Citizen (One of the 8 Institutes of the JRC) - To provide research-based, systems-oriented
support to EU policies for the protection of the
citizen against economic and technological
risk. - Cyber-security is a principal concern
- Better understanding of vulnerabilities and
technological challenges - Provide facilities for cross-border
collaboration, specific testing and RD projects.
- Close collaboration with EU departments DGs
Infso, Jai, Markt, Sanco European Parliament
3JRC P3P Reference Implementation
4A cybersecurity perspective
Redress, trust seals EEJNET, FINNET Data
Protection Directives EU cyber-crime
forum Network security, early warning,
RD, Test Beds and Demonstration platforms
Cyber-crime
Privacy
Protection against cyber-abuse
Identity theft
Fraud
Profiling
Attacks
Intrusions
Information Infrastructure Security
Systemic risks and interdependencies
5Relationship between privacy and security
- The right balance between privacy and security.
- A balance of what?
- Issues
- Combating (cyber)-crime formal and informal
social control - Minimise privacy threats for law abiding citizens
- Proportionality concept tension between
individual and public interest. - Accountability
- Holistic approach
ICT as driver, threat and solution
6Privacy/security attributes
Anonymity
Pseudonymity
Privacy
Unlinkability
Unobservability
Attributes
Accountability
Non-repudiation
Integrity
Confidentiality
Security
Availability
7Cyber Crime
- All forms of cyber crime are increasing rapidly
- Old crimes criminals changing the pattern of
their operations by using ICT - New crimes using ICT e-commerce fraud, forgery,
etc.. - Attacks against the information systems
technical infrastructure - New policy issues ref CoE cybercrime
convention, EC communication - What constitutes a cybercrime? Hacking, etc.
- Tools and powers to investigate computer data
preservation, real-time collection of traffic
data, interception of content data, duties of
third-parties - Cross-border co-operation
- Safeguards limitation of scope and duration
8Cyber Crime Interactions
Support
Technical Tools
RD
Cyber Crime operations
Prevention
Response/Evidence
Early Warning
Information Sharing
Detection
Life-cycle
9Information privacy
- Privacy (human right) informational
self-determination - Data protection (EU legal framework) principles
for information management (fairness, consent,
transparency, purpose specification, data
retention, security, access). - Enabler for trust and confidence in the
Information Society - Law is not self-acting
- Personal data is disclosed by default, online
anonymity does not have same status as physical,
identification is considered critical for
combating crime - Also technology is required to assist in
compliance and enforcement.
10Drivers PITs and PETs
- ICT play a vital role in the information society
but also creates threats. Online activities of an
individual can be tracked (what people do),
profiled (who people are), localised (where
people are). - PIT Privacy Invasive Technologies
- Service provider Customised services to
consumers needs personal data - Mobile and downloadable code and data files
(cookies), Interactive Digital Television viewing
tracking, IPR protection based on credential
checking of customers, intelligence in the
network, location tracking in mobile systems. - Governments Combating cybercrime evidence
collection, data retention. - PET Privacy Enhancing Technologies
- Personalised services but whilst keeping personal
data collection to a minimum. - Soft version guidelines, policies, privacy seals
- Hard version access control, encryption, smart
cards, identity protectors, anonymisers, P3P, etc
11Holistic approach
Personal Data Platform
Business Process Interdependencies
Information Infrastructure
Credit card/ smart cards
Risk Analysis
Untrusted 3rd Parties
Banks
Mobile Phone /PDAs
Research
INTERNET/ Portals/ ASPs
Hospitals
Home PC/ Smart Home
Web Bugs
Insurance
Public Authorities
Intelligent Car
Data Marketing
Employers
Commerce
Wearable Devices/ Ambient IT
Caching
Law Enforcement
Click Streams
Utilities
Billing
Access control Biometrics
Logistics
Logging
Digital Health Record
Uncontrolled Distribution
Profiling
Tracking
Invasion
12Privacy enhancing infrastructure
- Drivers
- IPv6, unique identifiers (e.g. MAC), mobility
support, extensive deployment of devices,
intelligence in the infrastructure (caching,
roaming). - EU data protection commissioners unique IP
address considered as personal data (risk of
profiling) - Minimum privacy invasive network infrastructure
- Anonymity e.g. IETF RFC 3041 (privacy
extension) pseudo-random IP addresses what
should be the default? - Unobservability two aspects
- Do not disclose your privacy preference privacy
extension to be used by all nodes if to be
effective - Location confidentiality encryption of home
address while roaming - A. Escudero Location Privacy in IPv6
internetworking. Pseudo-random interface
identifiers
13Privacy enhancing infrastructure (2)
- Authorisation and accountability schemes
- Trust units authentication, certificates,
credentials - Reveal identity in case of abuse chaining of
trust units, secret sharing schemes. - Dis-intermediation no unit can accumulate
personal info. - Right to security confidentiality, integrity of
payload - Excludes the headers in IPv6!
14Business processes
- Processes and Architectures
- Enable interoperability of different
stakeholders PETs - Facilitate B2B and B2C activities across complex
interdependent business processes and multi-party
scenarios - Compliant with legal principles Data
minimisation, depersonalisation, customer privacy
services, disclosure control. - Security/Privacy policies
- For complex intra- or inter-enterprise data
transfers or access by refining and extending
standard access control and authorisation methods
(e.g. RBAC). - Transitivity properties for transferring data
between enterprises.
15Individual - Identity management
- Pseudonym generator management
- User chooses different pseudonyms or roles
- Configuration of rules, profiles, context
- Bilateral negotiation (e.g. P3P), non-repudiation
- Powerful vocabulary to express user rights
- Secure devices off line biometrics to protect
against identity theft (local authentication).
16Partial Identities Marit Köhntopp, EU
privacy workshop, October 2001
Identities Management
17Criminal abuse
- Example Identity theft
- Consumer Sentinel (US FTC) 100000 consumer
complaints received in 2000 of which Identity
theft accounts for 23 - IDs linked to mobile devices, tokens, smart
cards - High integrity, quality, powerfull attracts
attackers - Problem of repudiation in case of theft restore
credibility - Preventive security measures are needed example
of common goals between privacy, security and
combating cybercrime
18RAPID
- Roadmap for Advanced Research in Privacy and
IDentity Management Technologies - Project sponsored by EU IST programme
19RAPID Objectives
- To identify the key actors and form a critical
mass of industrial and academic research players
required to lead and conduct future RD. - To identify the technology challenges and RTD
needs for PET and Identity Management
technologies in the next 5 years. - To identify wider community of stakeholders
- Also identify socio/economic research needs
including legal issues, education/awareness - To set basis for a RD in FWP6 Network of
Excellence - To foster international cooperation (W3C, )
20Information sources
- Privacy workshops in 2001/2002
- Privacy and Identity in the IS Emerging
Technological challenges 4-5 October 2001 - Digital Identity 10-11 December 2001 Focus on
wider socio-economic, legal issues - Privacy and Identity in the IS Systemic Risks
5-6 February 2002 - Privacy related projects in current RTD
programmes - FP5 / IST (PISA, GUIDES, DRIVE, MAFTIA, PRIDEH,
..) - Other programmes in Europe (national
international) P3P - RTD programmes in other countries world-wide (US,
Canada, .) - Standard initiatives reports
- Data Protection Commissioners technical reports
21RD challenges
- Understanding privacy vulnerabilities of new
computing paradigms Ambient Intelligence,
virtual identities, complex interactions of
agents and systems, intelligence in
infrastructure - Multiple and dependable identity management
- PETs for Enterprise
- PETs in infrastructure
- Socio-economic-legal economics of privacy, crime
prevention (identity theft), new legal entities
for identities. - Role of Open Source
22The right balance between privacy and security?
- The right question?
- How can we have some privacy in a world where
anonymity is impossible or unacceptable? - OR
- How can we have accountability in a world where
privacy is default? - How can accountability be configured
organisationally and technically to ensure
repeatable reconciliation of legal rules? Role of
standards? - Duties and rights of key organisations in
multi-party infrastructures and services
(Telecom, ISP, ASP, etc) and adherence to
business values and technology policy. - Stephan Engberg EU privacy workshop,
February 5-6, 2002
23Contact
- Marc.Wilikens_at_jrc.it
- http//cybersecurity.jrc.it