Building in Privacy from the Bottom up: How to Preserve Privacy in a Security-Centric World - PowerPoint PPT Presentation

1 / 27
About This Presentation

Building in Privacy from the Bottom up: How to Preserve Privacy in a Security-Centric World


Building in Privacy from the Bottom up: How to Preserve Privacy in a Security-Centric World Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario – PowerPoint PPT presentation

Number of Views:273
Avg rating:3.0/5.0
Slides: 28
Provided by: ipc12


Transcript and Presenter's Notes

Title: Building in Privacy from the Bottom up: How to Preserve Privacy in a Security-Centric World

Building in Privacy from the Bottom up How to
Preserve Privacy in a Security-Centric World
  • Ann Cavoukian, Ph.D.
  • Information Privacy Commissioner/Ontario
  • Carnegie Melon University Lecture
  • Pittsburg, PA
  • November 4, 2004

Impetus for Change
  • Growth of Privacy as a Global Issue
  • EU Directive on Data Protection
  • Increasing amounts of personal data collected,
    consolidated, aggregated
  • Consumer Backlash heightened consumer

Importance of Consumer Trust
  • In the post-9/11 world
  • Consumers either as concerned or more concerned
    about online privacy
  • Concerns focused on the business use of personal
    information, not new government surveillance
  • If consumers have confidence in a companys
    privacy practices, consumers are more likely to
  • Increase volume of business with
    company.... 91
  • Increase frequency of business.... 90
  • Stop doing business with company if PI
  • Harris/Westin Poll, Nov. 2001 Feb. 2002

How The Public Divides on Privacy
The Privacy Dynamic - Battle Dr. Alan
Westin for the minds of the pragmatists
Information Privacy Defined
  • Information Privacy Data Protection
  • Freedom of choice control informational
  • Personal control over the collection, use and
    disclosure of any recorded information about an
    identifiable individual

What Privacy is Not
  • Security ? Privacy

The Privacy/Security Relationship
  • Privacy relates to personal control over ones
    personal information
  • Security relates to organizational control over
  • These represent two overlapping, but distinct

Privacy and Security The Difference
  • Authentication
  • Data Integrity
  • Confidentiality
  • Non-repudiation
  • Privacy Data Protection
  • Fair Information Practices
  • Security
  • Organizational control of information
    through information systems

The Perils of Not Protecting Privacy
  • Privacy disasters
  • Intel Pentium III
  • RealNetworks
  • Microsoft HotMail
  • Amazon/Alexa
  • CD Universe
  • Look Communications
  • It was skin searing experience. We cant take
    another hit like that.
  • MS Senior Executive

Technology Can Help
  • The most effective means to counter technologys
    erosion of privacy is technology itself.
  • Alan Greenspan, Federal Reserve Chairman
  • A technology should reveal no more information
    than is necessaryit should be built to be the
    least revealing system possible.
  • Dr. Lawrence Lessig, Harvard,
    September 1999

Privacy By Design Build It In
  • Build in privacy up front, right in the design
  • Minimize the collection and routine use of
    personally identifiable information use
    aggregate or coded information if possible
  • Wherever possible, encrypt personal information
  • Think about anonymity and pseudonymity
  • Assess the risks to privacy conduct a privacy
    impact assessment privacy audit

Privacy by DesignTechnology
  • Architectures of Identification
  • PKI confidentiality or surveillance
  • Biometrics privacy or social control
  • Business/government drivers for designing trust
    into systems and programs
  • Wireless technology m-commerce
  • convergence, convenience, control

Biometrics The Myth of Accuracy
  • The problem with large databases containing
    thousands (or millions) of biometric templates
  • False positives
  • False negatives

Biometric Identification False Positive
  • Even if you have a 1 in 10,000 error rate per
    fingerprint, then a person being scanned against
    a million-record data set will be flagged as
    positive 100 times. And thats every person. A
    system like that would be useless because
    everyone would be a false positive.
  • Bruce Schneier, quoted in Ann Cavoukians
    Submission to the Standing
  • Committee on Citizenship and Immigration,
    November 4, 2003
  • http//

Facial Recognition the Reality
  • Test results less than stellar
  • - Logan Airport pilot had a 50 error rate in
    real world conditions
  • - U.S. State Department has stated that facial
    recognition has unacceptably high error rates
  • - U of Ottawa tests this summer resulted in
    accuracy rates between 75 to more than 90
  • - National Institute for Standards and
    Technology, under ideal lighting and controlled
    environment conditions reported 90 accuracy
  • Superbowl facial recognition no longer considered
    useful by subsequent organizers
  • Biometrics Benched for Super Bowl  By Randy
    Dotinga, Wired Magazine

STEPS The Context
  • Terrorist attacks 9/11
  • Government concerns over public safety
  • U.S. Patriot and anti-terrorist legislation
  • Polarized debate for Security/Privacy

Change the Paradigm
  • Old Paradigm Zero Sum Game
  • New Paradigm (win-win)
  • Security Privacy Freedom
  • Expand the discourse Privacy and Security are
    not polar opposites but essential components
  • http//

The Challenge for Solution Developers
  • Introduce privacy into the concept, design and
    implementation of technology solutions
  • Promote existing STEPs
  • 3-D Holographic Scanner respecting physical
    privacy while enhancing security
  • Biometric encryption better security plus
    ironclad privacy

Fair Information PracticesA Brief History
  • OECD Guidelines on the Protection of Privacy and
    Transborder Flows of Personal Data
  • EU Directive on Data Protection
  • CSA Model Code for the Protection of Personal
  • Canada Personal Information Protection and
    Electronic Documents Act (PIPEDA)

Summary of Fair Information Practices
  • Accountability
  • Identifying Purposes
  • Consent
  • Limiting Collection
  • Limiting Use, Disclosure, Retention
  • Accuracy
  • Safeguards
  • Openness
  • Individual Access
  • Challenging Compliance

Privacy Diagnostic Tool
  • Simple, plain-language tool (paper and
  • Free self-administered
  • CSA model code to examine an organizations
    privacy management practices

Privacy Enhancing Technologies
  • What are PETs?
  • Anonymisers, pseudonomisers, intermediaries
  • Their Strengths
  • tools to protect personal information
  • Their Limitations
  • usually individual responses to an existing
  • sometimes someone still has your personal

  • Privacy Enhancing Technologies Testing and
    Evaluation Project
  • How does one determine whether a technology can
    deliver on its privacy promises?
  • PETTEP is intended to test the claims of various
    technologies regarding their ability to perform
    in a privacy protective manner

PETTEP (contd)
  • Modeled on the Common Criteria an international
    standard used to test the security components of
  • For privacy, Fair Information Practices (FIP)
    would form the basis of the testing
  • The challenge is to translate FIPs into the
    functional requirements of the Common Criteria
    to find the design correlates of FIPs

PETTEP Status Update
  • EDS has partnered with the IPC and PETTEP to
    develop an enhancement of the Privacy Chapter in
    the Common Criteria
  • EDS is also committed to developing the necessary
    privacy profiles that will form the basis of
    testing and evaluating the privacy claims of
    various technologies
  • PETTEP, the IPC and EDS plan to pilot several
    technologies/systems to refine the enhanced
    Privacy Chapter.

Final Thought

Anyone today who thinks the privacy issue has
peaked is greatly mistakenwe are in the early
stages of a sweeping change in attitudes that
will fuel political battles and put once-routine
business practices under the microscope. Forreste
r Research, March 5, 2001
How to Contact Us
  • Commissioner Ann Cavoukian
  • Information Privacy Commissioner/Ontario
  • 2 Bloor Street East, Suite 1400
  • Toronto, Ontario M4W 1A8
  • Phone (416) 326-3333
  • Web
  • E-mail
Write a Comment
User Comments (0)