© 2002 ibm corporation information & privacy commissioner/ontario 1 pettep history and future:...
TRANSCRIPT
1
© 2002 IBM Corporation
Information & Privacy Commissioner/Ontario
PETTEPHistory and Future:
Making the ISO connection
Mike GurskiInformation & Privacy Commissioner/[email protected]
Information & Privacy Commissioner/Ontario
Data Protection & Privacy Commissioners Conference, Australia 2003 © 2003 IPC/O2
Defining Privacy
Set of legal rights of an individual’s personal control over the collection, use, disclosure and retention as well as timeliness, accuracy and relevancy of any recorded information about that identifiable individual
An organization's responsibility for data protection and management of personal information in its custody or control as well as the interchange of such personal information with other organizations
Information & Privacy Commissioner/Ontario
Data Protection & Privacy Commissioners Conference, Australia 2003 © 2003 IPC/O3
PrivacyConcerns are increasing
Concern that information is collected, used, disclosed and protected properly
•Compliance with legislation
Information & Privacy Commissioner/Ontario
Data Protection & Privacy Commissioners Conference, Australia 2003 © 2003 IPC/O4
Privacy Enhancing Technologies
Information & Privacy Commissioner/Ontario
Data Protection & Privacy Commissioners Conference, Australia 2003 © 2003 IPC/O5
Privacy Enhancing Technologies
PETs have been defined as “a coherent system of Information and Communications Technology measures that protect privacy by eliminating or reducing personal data or by preventing unnecessary and/or undesired processing of personal data; all without losing the functionality of the data system “
Information & Privacy Commissioner/Ontario
Data Protection & Privacy Commissioners Conference, Australia 2003 © 2003 IPC/O6
Privacy Enhancing Technologies
A Partial List of Types of PETsAnonymizers/Pseudonymizers
Limited Show Blind Signatures
Biometric Encryption
Secret Sharing
Privacy Preserving Data Mining
Unlinkable databases
Unobservable data management
Information & Privacy Commissioner/Ontario
Data Protection & Privacy Commissioners Conference, Australia 2003 © 2003 IPC/O7
PETs Proliferating
No defined criteria
No international coordination
Different Testing schemes
The Concern.
Need to be able to trust PETs in order to Deploy
Need to evaluate
PETs under a
common standard
recognized
internationally
Need to evaluate
PETs under a
common standard
recognized
internationally
Information & Privacy Commissioner/Ontario
Data Protection & Privacy Commissioners Conference, Australia 2003 © 2003 IPC/O8
Privacy Enhancing Technologies Testing and Evaluation Project (PETTEP)
Information & Privacy Commissioner/Ontario
Data Protection & Privacy Commissioners Conference, Australia 2003 © 2003 IPC/O9
PETTEP Goals
Goals: Short Term to Long Term
Develop Testing Criteria for Labs
Implement Pilot Testing
Inform PET Technology Development
Inform Technology Implementation
Incorporate experience into International Technology Standards
Information & Privacy Commissioner/Ontario
Data Protection & Privacy Commissioners Conference, Australia 2003 © 2003 IPC/O10
PETTEP
Ontario IPC formed an international team to take on the challenge of developing testing criteria for PET’s
Privacy Enhancing Technologies Testing and Evaluation Project
Members included Privacy and CC experts from government, industry academic and legal communities.
Core team consists of German, Dutch, Swedish, Italian, Canadian Privacy/DataProtection Commissions, Research and Academic institutions, Government sponsorship (CSE, DoD) Private Sector Involvement (e.g., IBM)
Information & Privacy Commissioner/Ontario
Data Protection & Privacy Commissioners Conference, Australia 2003 © 2003 IPC/O11
PETTEP
•The work: based evaluation of PETs on the CC
–Internationally accepted criteria for ITS products
–National Evaluation Schemes already exist to provide oversight, lab accreditation and evaluation methodology
–Although intended for security - Privacy elements already included
–Security Functionality Requirements may be mapped to the elements of the Privacy Fair Information Practices
Information & Privacy Commissioner/Ontario
Data Protection & Privacy Commissioners Conference, Australia 2003 © 2003 IPC/O12
PETTEP Approach
Map Fair Information Practices to CC where possible
Determine how to approach evaluation of PETs – based on technology grouping, multiple PP’s, single PP, package?
Gain understanding and consensus within PETTEP membership on way ahead.
Multiple analysis (protection profiles, extensions, retrofitting CC)
Used a research/workshop approach to develop materials.
Goal to rewrite current CC chapter on Privacy
Information & Privacy Commissioner/Ontario
Data Protection & Privacy Commissioners Conference, Australia 2003 © 2003 IPC/O13
Why the Common Criteria as Foundation?
The Common Criteria had a place-holder already developed for privacy technologies that dealt with observability, linkability, traceability and anonymity.
The Communications & Security Establishment (CSE), NSA’s Canadian equivalent, joined the project and funded two initial contracts to examine elements of this project (reports attached).
The Common Criteria scheme was both endorsed by a growing number of national governments and formed an ISO standard.
Independent testing labs around the world are accredited Common Criteria certifiers.
Information & Privacy Commissioner/Ontario
Data Protection & Privacy Commissioners Conference, Australia 2003 © 2003 IPC/O14
Using the Protection Profile Model in the Common Criteria
Protection Profile (PP) (a standard tool of the Common Criteria)A statement of user need
A system design document
A consistent thread from ‘what’ to ‘how’
Based on fair information practices
Provides high-level guidelines
Implementation independent
Multiple implementation may satisfy
Protection profile is the agreed upon approach within PETTEP to address evaluation of privacy functionality.
Information & Privacy Commissioner/Ontario
Data Protection & Privacy Commissioners Conference, Australia 2003 © 2003 IPC/O15
Clustering Fair Information Practices for Technology Evaluation
The right of individuals to determine for themselves when, how and to what
extent information
about them is communicated
to others.
Collection Limitations
Openness
Disclosure
Accountability Verification
Use Limitations
Security
Privacy Principles
CHOICE/CONSENT
NOTICE/AWARENESS
ACCESS
ENFORCEMENT/RECOURSE
INFORMATION QUALITY & INTEGRITY
Protecting Privacy
Collection LimitationsCollection Limitations
OpennessOpenness
DisclosureDisclosure
AccountabilityAccountability Compliance
Use Limitations
Use Limitations Consent
SecuritySecurity
Privacy PrinciplesCHOICE/CONSENT
ACCURACY
SECURITY
COLLECTION/USE
ACCOUNTABILITY
Protecting Privacy
Privacy Protection Profiles
Information & Privacy Commissioner/Ontario
Data Protection & Privacy Commissioners Conference, Australia 2003 © 2003 IPC/O16
Includes:
Security and Safeguards
SecurityData
ManagementIncludes: Unlinkability Unobservability Pseudonymity Anonymity Deletion Consent Identifying
purpose Limit
use/disclosure Non-Collection Limit collection Data Scarcity
PETTEP – Privacy PP Development
Includes:
Accountability
Challenging compliance
Openness
Individual access
Openness Accuracy
Accountability
Information & Privacy Commissioner/Ontario
Data Protection & Privacy Commissioners Conference, Australia 2003 © 2003 IPC/O17
Response to Singapore resolution
Question 1 - PETTEP is in favor of JTC1 addressing privacy Question 2 - The suggested organization is a new SC
Needs focus
Privacy standards have progressed - JTC1 needs to address existing privacy work
Time frames need to be shortened of delivery and a new SC can prioritize ONLY privacy related standards
PETTEP would support and work with a new SC Question 3 - Scope MUST reconcile with existing PETTEP work Scope needs to address standards, as outlined
Canada would be a good candidate for hosting the secretariat for such new ISO Sub-Committee(SC) on Privacy
Information & Privacy Commissioner/Ontario
Data Protection & Privacy Commissioners Conference, Australia 2003 © 2003 IPC/O18
PETTEP: Next Steps
Finalisation of research into CC for re-usable elements for Privacy
Continued Workshops
Final review of Privacy Security PP developed by DoD
Private Sector funding for next phase (Chapter Rewrite and lab testing/ refinement)
Examination of issues and way ahead
Information & Privacy Commissioner/Ontario
Data Protection & Privacy Commissioners Conference, Australia 2003 © 2003 IPC/O19
Challenges remaining
How to use the existing functionality of the CC in creation of Privacy PP’s (mapping of FIPS) – OR – are additional privacy functions required?
Development of the other PP’s Evaluation of the designated PET products to the PP (proof of
concept) The need to evaluate more PET products (via PP or ST) Encourage vendors to have PET products evaluated Gaining acceptance of the PETTEP approach internationally Need to position Privacy PPs (based on thread model approach) in
context of overall set of Privacy requirements & development of a multipart ISO standard.
Time!!! and of course Money!!!
Information & Privacy Commissioner/Ontario
Data Protection & Privacy Commissioners Conference, Australia 2003 © 2003 IPC/O20
PETTEP and ISO: a match made in Privacy Heaven
PETTEP membership is international, multi-jurisdictional, bridges academic, privacy and public sectors and is available to work with ISO in developing a Privacy Technology Standard.
PETTEP experience and research papers available. Canadian leadership in PETs evaluation can be levered for ISO
work. ISO can benefit from involvement of international privacy/data
protection community.
Information & Privacy Commissioner/Ontario
Data Protection & Privacy Commissioners Conference, Australia 2003 © 2003 IPC/O21
Summary and Closing Thoughts
Next Steps for next 18 months:Continue PETTEP workshops to review work by partners
Test technologies using Privacy Protection Profiles
Use results to develop a Privacy Protection Profile standard based on CC as part of new multipart ISO Privacy standard
Request ISO to establish of Standards Committee for Privacy
Develop a common definition for Privacy and a common set of FIPs as input into multipart ISO standard
Information & Privacy Commissioner/Ontario
Data Protection & Privacy Commissioners Conference, Australia 2003 © 2003 IPC/O22
Thank You
Mike Gurski
Information & Privacy Commissioner/Ontario