gregory neven, ibm research – zurich digital identity ... · gregory neven, ibm research –...
TRANSCRIPT
© 2010 IBM Corporation
How to win back privacy
Gregory Neven, IBM Research – Zurich
Digital Identity, Trust & Confidence Workshop, Münchenwiler, Switzerland, May 20-21, 2010
© 2010 IBM CorporationGregory Neven, IBM Research – Zurich, Digital Identity, Trust & Confidence Workshop, Münchenwiler, Switzerland, May 20-21, 2010
“Neil Armstrong’s Footsteps are still there” (Robin Wilton, futureidentity )
© 2010 IBM CorporationGregory Neven, IBM Research – Zurich, Digital Identity, Trust & Confidence Workshop, Münchenwiler, Switzerland, May 20-21, 2010
And we leave traces, lots of traces!
© 2010 IBM CorporationGregory Neven, IBM Research – Zurich, Digital Identity, Trust & Confidence Workshop, Münchenwiler, Switzerland, May 20-21, 2010
Computers don’t forget!� Data storage becomes ever cheaper
store by default
e.g., surveillance cameras, Google Street View
with wireless router traffic
� Data mining techniques ever better
self-training algorithms become more intelligent
than their designers
not just trend detection, even prediction
e.g., flu pandemics, ad clicks, purchases,…
what about mortgage defaults, criminal behavior?
correlation with illegal criteria, e.g., race, religion?
© 2010 IBM CorporationGregory Neven, IBM Research – Zurich, Digital Identity, Trust & Confidence Workshop, Münchenwiler, Switzerland, May 20-21, 2010
� Embarrassment
� Discredit
� Financial fraud
� Blackmailing
� Identity theft
None of these risks are new,
but they are higher due to online availability of personal data.
What are the risks?
© 2010 IBM CorporationGregory Neven, IBM Research – Zurich, Digital Identity, Trust & Confidence Workshop, Münchenwiler, Switzerland, May 20-21, 2010
Everyday privacy threats
� Sacked because of Facebook or Twitter posts
� Burglars using Facebook and Twitter to find targets
� Electronic toll collection data used in divorce cases
� Abuse of stored or transmitted data by malicious employees
e.g., Telecom Italia wiretapping scandal
� Mother’s maiden name, birth date,… often used as backup secret
� Facebook’s evolving default privacy policy
http://mattmckeon.com/facebook-privacy
� Google Street View storing payload data from wireless networks
Bria
n F
airr
ingt
on, C
agle
Car
toon
s
© 2010 IBM CorporationGregory Neven, IBM Research – Zurich, Digital Identity, Trust & Confidence Workshop, Münchenwiler, Switzerland, May 20-21, 2010
Privacy breaches happen almost daily
countlessLive video images from shops on InternetTaschen GmbH25.01.2010
thousandsSpying on own employeesIhr Platz25.01.2010
multipleCredit card glitchSheraton-Hotel26.01.2010
400Data of welfare beneficiaries sent to private personGemeinde Senden05.02.2010
12000Sensitive customer data leakedAWD08.02.2010
1.5 millionPrivacy breach: health insurance being blackmailedBKK Gesundheit11.02.2010
40Internal data of enterprises accessible on InternetStruktur- und Wirtschaftsförderungsgesellschaft (SWFG)18.02.2010
3500Participants' personal data sent by DVDMünster-Marathon e.V.09.03.2010
thousandsSensitive customer data on black marketVodafone15.03.2010
multipleConfidential documents lost from bike basketVerteidiger des Aufsichtsrates des Wohn- und Stadtbaus22.03.2010
21Psychiatric patient data found on streetKlinikum Kassel24.03.2010
thousandsTruck loses notes with personal dataTelekommunikations- und Kabel-TV-Anbieter24.03.2010
thousandsHackers steal credit card dataMetaltix08.04.2010
countlessGlitch makes confidential information visible onlineStadtverwaltung28.04.2010
22Patient list found on streetKlinikum Kassel28.04.2010
multipleSensitive documents used as drawing paper for childrenJugendamt des Lahn-Dill-Kreises03.05.2010
1.6 millionLarge-scale phishing of members' dataSchülerVZ04.05.2010
fewGlitch leaks customers' MobileMailsVodafone12.05.2010
thousandsHard disk with member data stolenRote Hilfe e.V.14.05.2010
hundredsHard disks with tax data on flea marketBayerisches Landesamt für Steuern14.05.2010
Source: www.projekt-datenschutz.de
© 2010 IBM CorporationGregory Neven, IBM Research – Zurich, Digital Identity, Trust & Confidence Workshop, Münchenwiler, Switzerland, May 20-21, 2010
�Most of the technology is there (but have to use it)
�Most of the legislation is there (but have to enforce it)
�Awareness is growing (but have to raise it even more)
�But what are the incentives?
What can we do?
© 2010 IBM CorporationGregory Neven, IBM Research – Zurich, Digital Identity, Trust & Confidence Workshop, Münchenwiler, Switzerland, May 20-21, 2010
�Cryptography
�Policy languages
�User interfaces
Most of the technology is there!
© 2010 IBM CorporationGregory Neven, IBM Research – Zurich, Digital Identity, Trust & Confidence Workshop, Münchenwiler, Switzerland, May 20-21, 2010
Cryptography at network layer
� Anonymous communication at network layer
e.g., mix networks, onion routing, DC-nets, …
(at the price of lower bandwidth; physical layer notoriously hard to protect)
© 2010 IBM CorporationGregory Neven, IBM Research – Zurich, Digital Identity, Trust & Confidence Workshop, Münchenwiler, Switzerland, May 20-21, 2010
Cryptography at identification layer
� Anonymous communication at identification layer:
anonymous credentials, e.g., Identity Mixer, U-Prove
(more details in a moment…)
© 2010 IBM CorporationGregory Neven, IBM Research – Zurich, Digital Identity, Trust & Confidence Workshop, Münchenwiler, Switzerland, May 20-21, 2010
Cryptography at application layer
� Anonymous communication at application layer:
e.g., searchable encryption:
e.g., oblivious transfer
database does not learn who accesses, or which record is accessed
even with (anonymous) access control, pricing!
DNA Database
search(“urgent”)
© 2010 IBM CorporationGregory Neven, IBM Research – Zurich, Digital Identity, Trust & Confidence Workshop, Münchenwiler, Switzerland, May 20-21, 2010
Cryptography at application layer
e.g., secure multi-party computation
x1
x5
x2
x3
x4
f(x1,…,xn)
© 2010 IBM CorporationGregory Neven, IBM Research – Zurich, Digital Identity, Trust & Confidence Workshop, Münchenwiler, Switzerland, May 20-21, 2010
Standard public-key certificates
e.g., SwissID, Belgian eID
In the beginning…
© 2010 IBM CorporationGregory Neven, IBM Research – Zurich, Digital Identity, Trust & Confidence Workshop, Münchenwiler, Switzerland, May 20-21, 2010
Standard public-key certificates
e.g., SwissID, Belgian eID
Obtaining a certificate…
name = “Alice Doe”,birth date = “1973/10/24, pk =
© 2010 IBM CorporationGregory Neven, IBM Research – Zurich, Digital Identity, Trust & Confidence Workshop, Münchenwiler, Switzerland, May 20-21, 2010
Standard public-key certificates
e.g., SwissID, Belgian eID
Using a certificate…
name = “Alice Doe”,birth date = “1973/10/24, pk =
© 2010 IBM CorporationGregory Neven, IBM Research – Zurich, Digital Identity, Trust & Confidence Workshop, Münchenwiler, Switzerland, May 20-21, 2010
Standard public-key certificates
e.g., SwissID, Belgian eID
Using a certificate again…
name = “Alice Doe”,birth date = “1973/10/24, pk =
name = “Alice Doe”,birth date = “1973/10/24,
pk =
© 2010 IBM CorporationGregory Neven, IBM Research – Zurich, Digital Identity, Trust & Confidence Workshop, Münchenwiler, Switzerland, May 20-21, 2010
Anonymous credentials
e.g., Identity Mixer
In the beginning…
© 2010 IBM CorporationGregory Neven, IBM Research – Zurich, Digital Identity, Trust & Confidence Workshop, Münchenwiler, Switzerland, May 20-21, 2010
Anonymous credentials
e.g., Identity Mixer
Obtaining a credential…
name = “Alice Doe”,birth date = “1973/10/24, nym =
© 2010 IBM CorporationGregory Neven, IBM Research – Zurich, Digital Identity, Trust & Confidence Workshop, Münchenwiler, Switzerland, May 20-21, 2010
Anonymous credentials
e.g., Identity Mixer
Using a credential…
name = “Alice Doe”,birth date = “1973/10/24, nym =
© 2010 IBM CorporationGregory Neven, IBM Research – Zurich, Digital Identity, Trust & Confidence Workshop, Münchenwiler, Switzerland, May 20-21, 2010
Anonymous credentials
e.g., Identity Mixer
Using a credential…
name = ?birth date = “1973/10/24, nym =
© 2010 IBM CorporationGregory Neven, IBM Research – Zurich, Digital Identity, Trust & Confidence Workshop, Münchenwiler, Switzerland, May 20-21, 2010
Anonymous credentials
e.g., Identity Mixer
Using a credential…
name = ?birth date > 1992/05/19, nym =
© 2010 IBM CorporationGregory Neven, IBM Research – Zurich, Digital Identity, Trust & Confidence Workshop, Münchenwiler, Switzerland, May 20-21, 2010
Anonymous credentials
e.g., Identity Mixer
Using a credential again…
name = ?birth date > 1992/05/19, nym =
name = “Alice Doe”,birth date = ?,
nym =
© 2010 IBM CorporationGregory Neven, IBM Research – Zurich, Digital Identity, Trust & Confidence Workshop, Münchenwiler, Switzerland, May 20-21, 2010
Privacy policy languages
� “Legalese” privacy policies
� Machine-interpretable languages:
–P3P: Server-side, enterprise to outside world
–APPEL: Client-side
–EPAL: Server-side, enterprise-internal
–Usage control policies
� Lack of suitable vocabularies/ontologies for data classes, purposes,
obligations,…
© 2010 IBM CorporationGregory Neven, IBM Research – Zurich, Digital Identity, Trust & Confidence Workshop, Münchenwiler, Switzerland, May 20-21, 2010
� Identity selectors: Cardspace (Microsoft), Higgins (open source)
� Privacy settings
but some challenges remain…
Privacy user interfaces
© 2010 IBM CorporationGregory Neven, IBM Research – Zurich, Digital Identity, Trust & Confidence Workshop, Münchenwiler, Switzerland, May 20-21, 2010
�Universal declaration of human rights
�EU Data Protection Directive (95/46/EC)
�National legislation
(e.g., jail sentences in Italy for Google executives)
�National (or state) data protection agencies as watchdogs
Most of the legislation is there!
© 2010 IBM CorporationGregory Neven, IBM Research – Zurich, Digital Identity, Trust & Confidence Workshop, Münchenwiler, Switzerland, May 20-21, 2010
�Almost daily reports in press about privacy incidents
e.g., data leakages, Facebook incidents, Google street view
�Public outrage over new Facebook privacy policies
�Villagers blocking access to Google Street View car
but…
�>70% of users willing to reveal password for chocolate bar
34% of users willing to reveal without “compensation”
Awareness is growing!
© 2010 IBM CorporationGregory Neven, IBM Research – Zurich, Digital Identity, Trust & Confidence Workshop, Münchenwiler, Switzerland, May 20-21, 2010
�Privacy only costs money, does not generate money
�Free market, but users unaware of value of their information
“consumer education” at school?
�Stricter enforcement of existing legislation?
�Mandatory security/privacy audits?
�Mandatory use of privacy-friendly technologies
cf. health insurance
But what are the incentives?
© 2010 IBM CorporationGregory Neven, IBM Research – Zurich, Digital Identity, Trust & Confidence Workshop, Münchenwiler, Switzerland, May 20-21, 2010
�Most of the technology is there (but have to use it)
–Cryptography (in particular, anonymous credentials)
–Policy languages
–User interfaces
�Most of the legislation is there (but have to enforce it)
national and international
�Awareness is growing (but have to raise it even more)
�Need to create incentives!
Conclusion