Embed Size (px)
Citation preview
Thomas Myrup KristensenThomas Myrup KristensenEU Internet Policy DirectorEU Internet Policy Director
Microsoft CorporationMicrosoft [email protected]
Copyright © 2005-2008 Microsoft Corporation. All Rights Reserved.Copyright © 2005-2008 Microsoft Corporation. All Rights Reserved.
The Internet was built without a way to The Internet was built without a way to know who and what you are know who and what you are connecting to. connecting to.
People have been trained to accept any People have been trained to accept any information request from any website information request from any website as being the “normal way” to conduct as being the “normal way” to conduct business onlinebusiness online
GoalGoal: to give Internet users : to give Internet users mechanisms to ensure safety, privacy mechanisms to ensure safety, privacy and certainty about who they are and certainty about who they are relating to in cyberspace.relating to in cyberspace. 2
Dubious preconceptions?Dubious preconceptions?““Everybody knows” :Everybody knows” :
to get authorized to access a system to get authorized to access a system a person must disclose their identity ?a person must disclose their identity ?
……but suppose that’s not true but suppose that’s not true
the accepted principles of privacy the accepted principles of privacy protection are technology-neutral protection are technology-neutral
……but perhaps some technologies are but perhaps some technologies are intrinsically better for privacy than others intrinsically better for privacy than others
cyber-security and privacy is a cyber-security and privacy is a tradeofftradeoff
……but perhaps both can be improved but perhaps both can be improved together together
The issue with PKI The issue with PKI (“public-key infrastructure”)(“public-key infrastructure”)
““certificate” contains identity certificate” contains identity attributesattributes
verifiable by a digital signatureverifiable by a digital signature
must disclose entire certificate in must disclose entire certificate in order for verification mechanism to order for verification mechanism to workwork
…….results in disclosure of “excessive” .results in disclosure of “excessive” data for any particular transactiondata for any particular transaction
Cert ID is inescapable persistent Cert ID is inescapable persistent identifieridentifier
““Too bad!” - just the way the math Too bad!” - just the way the math works?works?
Well, no…can do (much) betterWell, no…can do (much) better20 years of research into “multi-party” 20 years of research into “multi-party” security and privacy techniquessecurity and privacy techniques
Name: Alice Smith
Address: 1234 Crypto, Seattle, WA
Status: gold customer
DOB: 03-25-1976
Reputation: high
Gender: female
Name: Alice SmithAddress: 1234 Crypto, Seattle, WAStatus: gold customer
Prove that you are from WA
and over 21
Name: Alice Smith
Address: 1234 Crypto, Seattle, WA
Status: gold customer
Which adult
from WA is this?
? ?
DOB: 03-25-1976
Reputation: high
Gender: female
Over-21 proof
Copyright © 2005-2008 Microsoft Corporation. All Rights Reserved.Copyright © 2005-2008 Microsoft Corporation. All Rights Reserved.
Avoid unnecessary (“excessive”) data Avoid unnecessary (“excessive”) data trails in transactional systemstrails in transactional systems
Access services based on proof-of-age-limits, or Access services based on proof-of-age-limits, or class of entitlementclass of entitlementreduce liabilities, exposure to breaches / insider-reduce liabilities, exposure to breaches / insider-attacksattackssafe private-sector use of data in national eID safe private-sector use of data in national eID systemssystems
Apply different policies to different Apply different policies to different risksrisks
Inherently more “proportionate” for ECHRInherently more “proportionate” for ECHR
These capabilities are counter-These capabilities are counter-intuitive !intuitive !
Copyright © 2005-2008 Microsoft Corporation. All Rights Reserved.Copyright © 2005-2008 Microsoft Corporation. All Rights Reserved.
