gregory neven, ibm research – zurich digital identity ... · gregory neven, ibm research –...

© 2010 IBM Corporation

How to win back privacy

Gregory Neven, IBM Research – Zurich

Digital Identity, Trust & Confidence Workshop, Münchenwiler, Switzerland, May 20-21, 2010

© 2010 IBM CorporationGregory Neven, IBM Research – Zurich, Digital Identity, Trust & Confidence Workshop, Münchenwiler, Switzerland, May 20-21, 2010

“Neil Armstrong’s Footsteps are still there” (Robin Wilton, futureidentity )


And we leave traces, lots of traces!


Computers don’t forget!� Data storage becomes ever cheaper

store by default

e.g., surveillance cameras, Google Street View

with wireless router traffic

� Data mining techniques ever better

self-training algorithms become more intelligent

than their designers

not just trend detection, even prediction

e.g., flu pandemics, ad clicks, purchases,…

what about mortgage defaults, criminal behavior?

correlation with illegal criteria, e.g., race, religion?


� Embarrassment

� Discredit

� Financial fraud

� Blackmailing

� Identity theft

None of these risks are new,

but they are higher due to online availability of personal data.

What are the risks?


Everyday privacy threats

� Sacked because of Facebook or Twitter posts

� Burglars using Facebook and Twitter to find targets

� Electronic toll collection data used in divorce cases

� Abuse of stored or transmitted data by malicious employees

e.g., Telecom Italia wiretapping scandal

� Mother’s maiden name, birth date,… often used as backup secret

� Facebook’s evolving default privacy policy

http://mattmckeon.com/facebook-privacy

� Google Street View storing payload data from wireless networks

Bria

n F

airr

ingt

on, C

agle

Car

toon

s


Privacy breaches happen almost daily

countlessLive video images from shops on InternetTaschen GmbH25.01.2010

thousandsSpying on own employeesIhr Platz25.01.2010

multipleCredit card glitchSheraton-Hotel26.01.2010

400Data of welfare beneficiaries sent to private personGemeinde Senden05.02.2010

12000Sensitive customer data leakedAWD08.02.2010

1.5 millionPrivacy breach: health insurance being blackmailedBKK Gesundheit11.02.2010

40Internal data of enterprises accessible on InternetStruktur- und Wirtschaftsförderungsgesellschaft (SWFG)18.02.2010

3500Participants' personal data sent by DVDMünster-Marathon e.V.09.03.2010

thousandsSensitive customer data on black marketVodafone15.03.2010

multipleConfidential documents lost from bike basketVerteidiger des Aufsichtsrates des Wohn- und Stadtbaus22.03.2010

21Psychiatric patient data found on streetKlinikum Kassel24.03.2010

thousandsTruck loses notes with personal dataTelekommunikations- und Kabel-TV-Anbieter24.03.2010

thousandsHackers steal credit card dataMetaltix08.04.2010

countlessGlitch makes confidential information visible onlineStadtverwaltung28.04.2010

22Patient list found on streetKlinikum Kassel28.04.2010

multipleSensitive documents used as drawing paper for childrenJugendamt des Lahn-Dill-Kreises03.05.2010

1.6 millionLarge-scale phishing of members' dataSchülerVZ04.05.2010

fewGlitch leaks customers' MobileMailsVodafone12.05.2010

thousandsHard disk with member data stolenRote Hilfe e.V.14.05.2010

hundredsHard disks with tax data on flea marketBayerisches Landesamt für Steuern14.05.2010

Source: www.projekt-datenschutz.de


�Most of the technology is there (but have to use it)

�Most of the legislation is there (but have to enforce it)

�Awareness is growing (but have to raise it even more)

�But what are the incentives?

What can we do?


�Cryptography

�Policy languages

�User interfaces

Most of the technology is there!


Cryptography at network layer

� Anonymous communication at network layer

e.g., mix networks, onion routing, DC-nets, …

(at the price of lower bandwidth; physical layer notoriously hard to protect)


Cryptography at identification layer

� Anonymous communication at identification layer:

anonymous credentials, e.g., Identity Mixer, U-Prove

(more details in a moment…)


Cryptography at application layer

� Anonymous communication at application layer:

e.g., searchable encryption:

e.g., oblivious transfer

database does not learn who accesses, or which record is accessed

even with (anonymous) access control, pricing!

DNA Database

search(“urgent”)


Cryptography at application layer

e.g., secure multi-party computation

x1

x5

x2

x3

x4

f(x1,…,xn)


Standard public-key certificates

e.g., SwissID, Belgian eID

In the beginning…




Obtaining a certificate…

name = “Alice Doe”,birth date = “1973/10/24, pk =




Using a certificate…





Using a certificate again…


name = “Alice Doe”,birth date = “1973/10/24,

pk =


Anonymous credentials

e.g., Identity Mixer

In the beginning…




Obtaining a credential…

name = “Alice Doe”,birth date = “1973/10/24, nym =




Using a credential…

name = “Alice Doe”,birth date = “1973/10/24, nym =





name = ?birth date = “1973/10/24, nym =





name = ?birth date > 1992/05/19, nym =




Using a credential again…

name = ?birth date > 1992/05/19, nym =

name = “Alice Doe”,birth date = ?,

nym =


Privacy policy languages

� “Legalese” privacy policies

� Machine-interpretable languages:

–P3P: Server-side, enterprise to outside world

–APPEL: Client-side

–EPAL: Server-side, enterprise-internal

–Usage control policies

� Lack of suitable vocabularies/ontologies for data classes, purposes,

obligations,…


� Identity selectors: Cardspace (Microsoft), Higgins (open source)

� Privacy settings

but some challenges remain…

Privacy user interfaces


�Universal declaration of human rights

�EU Data Protection Directive (95/46/EC)

�National legislation

(e.g., jail sentences in Italy for Google executives)

�National (or state) data protection agencies as watchdogs

Most of the legislation is there!


�Almost daily reports in press about privacy incidents

e.g., data leakages, Facebook incidents, Google street view

�Public outrage over new Facebook privacy policies

�Villagers blocking access to Google Street View car

but…

�>70% of users willing to reveal password for chocolate bar

34% of users willing to reveal without “compensation”

Awareness is growing!


�Privacy only costs money, does not generate money

�Free market, but users unaware of value of their information

“consumer education” at school?

�Stricter enforcement of existing legislation?

�Mandatory security/privacy audits?

�Mandatory use of privacy-friendly technologies

cf. health insurance

But what are the incentives?


�Most of the technology is there (but have to use it)

–Cryptography (in particular, anonymous credentials)

–Policy languages

–User interfaces

�Most of the legislation is there (but have to enforce it)

national and international

�Awareness is growing (but have to raise it even more)

�Need to create incentives!

Conclusion

gregory neven, ibm research – zurich digital identity ... · gregory neven, ibm research –...

Documents