PowerPoint Presentation

Security Clip 2 PrivacySchool of Computer Science & CommunicationsPh. Janson

Information, Computing & CommunicationICC Module 3 Lesson 5 IT Security# / 4 2015 Ph. JansonThis video clip is part of the E.P.F.L. introductory course on Information, Computing, and Communication.It is the second in a series of video clips on computer security.1Information securityInformation security

Clip 2

Privacy (protection of Personal Information = PI)Intro clipPrevious clipNext clip

ICC Module 3 Lesson 5 IT Security# / 4 2015 Ph. JansonIn this second clip about information security, we will underline the increasingly acute problem of protecting the privacy of personal information

2Sensitization to privacy= Confidentiality of our identity Isolate its different facets against spoofing / blackmail NOT hide guilty facets Thin border between accountability and privacy

Integrity of our reputation Hard won, easily ruined

+ Obligations for receivers of our private information (PI)

Most people do not pay attention to privacy until they loose it

patientEtcresidentcharactercitizenauthoremployeeconsumerPI

ThreatsDefensesData securityPrivacyCommunications securityInformation securityComputing security

ICC Module 3 Lesson 5 IT Security# / 4 2015 Ph. JansonWe take the opportunity of this video clip to alert you to the sensitive issue of privacy protection.Privacy protection is about ensuring the confidentiality of specific Personal Information, often referred to as PI.

PI is what makes up our personal identity.As depicted here anyones identity has a number of facets. Beyond our own characteristic features, each of us is: a citizen of one or more countries, a resident of one country, an employee (or owner) of some organization, a consumer of various products and services, the author of many actions in and outside the IT world, and unfortunately sometimes the patient of a doctor or client of a lawyerAll of these things make up our personality and are part of our identity.While any such facet may be legitimately known to some party, such as our doctor or our lawyervery bad things can result if all facets become known to everyone.For instance, our employer could dismiss us upon learning that we suffer from some serious medical condition.-Privacy protection is not about hiding facets of our identity that could be thought of as guilty.However it is about isolating the different facets of our identity so that they are not all public.Between holding people accountable for any immoral behavior and protecting their privacy is of course a very linecalling for a balance between accountability and confidentiality of PI.-More generally what is at stake behind our privacy is our entire reputation, which is something that takes ages to build up but can be destroyed in seconds upon the revelation of sensitive private information.-The confidentiality of PI is protected by so-called obligations upon anyone who receives such PI.For instance, the banking secret, medical secret, legal secret are all such obligations.The trouble is that while a number of professions (banking, medical, legal) are regulated by such obligations, many more are not, esp. in the IT world.-Many people are pretty careless about giving out or posting their private information until some day they realize what they lost but it is too late to put the worms back into the can and close it again.

[add pointing to slide]

3Sensitization to privacyMore and more PI isCollected Stored for ever somewhere in the cloud (see Module 3 Lesson 4)Exchanged Retrieved by correlation between web sitesPublished

By 3rd parties whose business model is invading and selling our privacyTheir purported privacy policies are mostly fuzzy and misleadingopt-out rather than opt-in

Beware of free services if they are free their merchandises are their clients = US!We have no idea about consequences of life in a world that constantly records everythingand never forgets anything

ThreatsDefensesData securityPrivacyCommunications securityInformation securityComputing security

ICC Module 3 Lesson 5 IT Security# / 4 2015 Ph. JansonThe problem comes from the fact that today on the Internet more and more PI gets CollectedStored and copied over and over again incl. on back-up copies that will never be needed but are never destroyed eitherExchanged with uncontrolled or even unauthorized partiesRetrieved and correlated across supposedly isolated web sites even if our name has been removed from itAnd eventually published in places where we would prefer not to see it-This is done by unscrupulous 3rd parties whose business model is to sell our privacy and,who in the absence of any legal obligations, promise to protect our privacy according to rules nobody ever cares to read as they are anyway boring and so fuzzy and misleading that we would not understand them, not to speak of verifying compliance with them.For instance, many enterprises who collect our PI feel good about offering us the choice to opt out to stop theim from collecting or using itwhen in fact these enterprises should by default not collect and use anything and offer us the choice to explicitly opt in to authorize such collection and use.-You are thus strongly encouraged to watch out for your own deeds in the IT world, especially beware of anything that sounds too good to be true.In particular free services on the Internet are usually free because their merchandise is not what you get from them but your privacy, which they sell to others.Stay away from them or browse in private mode to prevent your browser from leaving traces that can be collected.We have no idea what it means to live in the cyber world, which never forgets anything anymore. 4