Embed Size (px)
DESCRIPTION
With thanks to Bob Kummerfeld. Privacy and pervasive computing. Overview. Overview of privacy concepts Summary of principles and laws examples. Textbook: “ the right to control who knows certain aspects about you, your communications, and your activities ” - PowerPoint PPT Presentation
Citation preview
Privacy and pervasive computing
With thanks to Bob Kummerfeld
2
Overview
Overview of privacy conceptsSummary of principles and lawsexamples
What is Privacy?
Textbook: “the right to control who knows certain aspects about you, your communications, and your activities”
Privacy is not the same as confidentiality or secrecyPrivate information relates to a person or
entity
3
What is Privacy?
Textbook: “the right to control who knows certain aspects about you, your communications, and your activities”
Privacy is not the same as confidentiality or secrecyPrivate information relates to a person or entity
Over to you:What is Privacy?
4
What is Privacy?
The Office of the Australian Information Commissioner (Australian Federal Government) considers privacy of personal information, which may “include privacy issues associated with information about your location, your health and body and your communications with others.”
5
6
What is Privacy?A piece of information that one person considers
private may not be private for another personDepends on the person and the informationEg A might consider their age to be private information,
while B may not.
Privacy is multi-faceted:Some information I may not want anyone to knowSome information I’m happy to tell immediate familySome information I don’t mind telling friendsContext is important
Trust is a key factorIf I release information to another individual and they
make it public my privacy has been breached
7
What is Privacy?
As well as individuals, information can be private toGroupsOrganisationsCompaniesGovernments
In some cases information is private to prevent competitors getting an advantage (eg companies, governments)
Privacy is controlled disclosure: the subject chooses what personal data to give out and to whom
Privacy is controlled disclosure: the subject chooses what personal data to give out and to whom
Computers and Privacy
9
• Privacy was an issue long before we had computers• But, computers change the way we collect and use
information about people and entities.• Single data centres can now hold petabytes of
information (1015 or 1,000,000,000,000,000)• If we collect 1000 bytes of data about a person every
second, and do this for 100 years, it is ~3.1TBytes. This storage can be attached to an average PC today. In 100 years……
• We are rapidly approaching a time when we never delete data.
Life Logging
We are close to a time when ALL our interaction with the world can be captured
This can have many good uses but is a major privacy riskHealth tracking
Alzheimer's treatment
http://www.kickstarter.com/projects/martinkallstrom/memoto-lifelogging-camera
10
11
PermissionSome information is given knowingly and with
permission to use it elsewhere.However, a lot of data is now acquired about people
without their (informed) consent.People leave digital footprints wherever they go:
Phone callsSmart phone trackingPurchases with a credit cardATM useTransport card useInternet use (cookies etc)Sensors in buildings, on streetsSensors people carry (phones, Sensecam-like devices)
12
Data OwnershipInformation collected about people by one
organisation is sometimes sold to another organisationEg your browsing habits might be sold
Information about you can now easily be passed from one organisation to another
Information about you now persists, potentially forever!
Facebook comments or photos you posted when you were a teenager may be found by a potential employer when you are 21
Video capture that is made publicOnce you release information into the “wild” it is
almost impossible to retract it.Weiser’s vision of Sal’s house and all the personal
data stored there
13
Privacy PrinciplesData should be obtained lawfully and fairlyData should be relevant to the purpose, accurate, complete
and up-to-dateThe purpose for data collection should be identified
Data should be destroyed after useData should not be used for other purposes without permission
(eg medical uses: Henrietta Lacks)Security of data against loss, corruption, theft
Confidentiality, Integrity, AnonymityOpenness: users are able to access information about the
collection, storage and use of the data, as well as the data itself.
The data acquirer is accountable.Only necessary data is acquired
14
Privacy LawsIn general, privacy laws have covered the privacy principles In some countries (eg USA) the privacy laws do not have complete
coverage: they only apply to some types of data or some user groups (eg children) or some industries
Europe has the most comprehensive privacy lawsExtra requirements for “sensitive” data (eg health)Controls on data transferIndependent oversightThe right to be “forgotten”
Laws in different countries overlap and may clashWhich law applies to an internet transaction?Example: Europe vs USA for airline passenger data
Laws are evolving as understanding of pervasive and ubiquitous computing and its implications develop
Identity and Anonymity
15
Anonymity: without a name or namelessNot the same as false or multiple identitiesPseudonymity: how do we establish a long-term
relationship with another entity, without disclosing identity?
What is identity?information that uniquely designates a single personEg drivers licence, tax file number, social security
number in USA, ….A name may designate more than one person
Identification and Authentication
Authentication = Verification of identityI claim I am John Smith and I can prove it since I know the
username and password linked to John Smith in the database
Pseudonymity: multiple identitiesEg multiple email addressesAuthenticate each identity with different credentials
Ubicomp identification and authenticationHow to do at tabletop?
16
Identity Theft
17
If you know enough information about a person, including account numbers/names and passwords, then you can pretend to be them
Authenticating as someone else is identity theft
Assuming another person’s identity allows an attacker access to private information about the person
Privacy Issues Background to surveillance in Australia
http://www.theage.com.au/technology/technology-news/be-careful-she-might-hear-you-20120924-26h6r.html
Proposal to store two years of internet log data for all users and allow access by many authoritieshttp://www.theage.com.au/technology/technology-news/turnbulls-doubts-on-storing-digital-data-20121008-279q4.html
Biometric scanners in pubs:http://www.theage.com.au/it-pro/security-it/id-scans-raise-privacy-fears-20120930-26tv3.html
Public transport cards:http://www.theage.com.au/it-pro/government-it/police-handed-data-on-myki-users-20120917-262v8.html
18
19
Coming soon?The ultimate biometric is DNA
The easy capture and analysis of this has worrying implications for privacy:http://www.reuters.com/article/2012/10/11/us-usa-geneticprivacy-idUSBRE89A06H20121011
http://youtu.be/dGCA7FWF1pk
20
Overview
Overview of privacy conceptsSummary of principles and lawsexamples
21
Overview
Overview of privacy conceptsSummary of principles and lawsexamples
22
Overview
Overview of privacy conceptsSummary of principles and lawsexamples
