NCS-427

PRIVACY IN A NETWORKED WORLD

PRIVACY LAW AND REGULATION:
TECHNOLOGIES, IMPLICATIONS, AND SOLUTIONS

DR. EMIR VAJZOVIĆ ([email protected])

 AGENDA
• Introduction
• What is the challenge?
• Ethical and Legal aspects of Privacy
• Business aspects of Privacy
• Security aspect of Privacy
• Legal aspect of Privacy
• Information, media and Platform Society
• Impacts
• Responses and Solutions
Disclaimer: This presentation represents the personal views of the presenter.
DISCUSSION

• Privacy ??? - “nothing-to-hide” perspective

• Privacy vs. National Security
• Privacy vs. Services
• Privacy vs OnLife
• Privacy vs Criminal Activities (for Criminals) (Criminal Procedure
PRIVACY (UK: /ˈPRɪVƏSIː/, US: /ˈPRAɪ-/)
• Is the ability of an individual or group to seclude themselves or information
about themselves, and thereby express themselves selectively.
• Etymology of the word privacy: the word privacy is derived from the Latin word
"privatus" which means set apart from what is public, personal and belonging to
oneself, and not to the state.
• The domain of privacy partially overlaps with security, which can include the
concepts of appropriate use and protection of information. Privacy may also take
the form of bodily integrity. The right not to be subjected to unsanctioned
invasions of privacy by the government, corporations, or individuals is part of
many countries' privacy laws, and in some cases, constitutions.
TODAY’S PROGRAM
(INTRODUCTION BASIC THEORY AND INTRODUCTION TO FUNDAMENTALS OF INFORMATION SECURITY
CHAPTER 1)

• Syllabus
• Semester Schedule
• Terminology
• Key Concepts
MATERIALS

• Textbook:
• Sherali Zeadally, and Mohamad Badra. Privacy in a Digital, Networked World:
Technologies, Implications and Solutions (Computer Communications and
Networks), Springer; 1st edition (October 14, 2015). ISBN-10: 3319084690.
• References:
• Bruce Schneier. Secrets and Lies: Digital Security in a Networked World,
Wiley; 15th Anniversary edition (March 23, 2015). ISBN-10: 1119092434
COURSE LEARNING OUTCOMES (CLOS):

• After completing this course, the students should be able to:

• CLO1. Produce a conceptual framework to reason about privacy.
• CLO2. Develop scenarios of potential negative consequences resulting when a person's privacy is
violated.
• CLO3. Investigate privacy concerns (e.g. violating one's privacy) in different contexts using
legislation, policies and best practices.
• CLO4. Apply suitable solutions on the protection of privacy and transborder flows of personal
data.
• CLO5. Articulate the relationship between privacy and security.
• CLO6. Enumerate shortcomings and challenges of existing privacy approaches
COURSE TOPICS (CTS):
• CT1. Introduction, Database Privacy
• CT2. Privacy and Big Data, Privacy in Crowdsourced Platforms
• CT3. Privacy in Healthcare, Privacy in Peer-to-Peer Networks
• CT4. Privacy in the Cloud, Privacy in Vehicular Ad Hoc Networks
• CT5. Privacy Law and Regulation: Technologies, Implications, and Solutions
• CT6. Privacy in Mobile Devices, Privacy in Biometric Systems
• CT7. Privacy in Social Networks
• CT8. The Right to Privacy in the Age of Digital Technology
• CT9. Techniques, Taxonomy, and Challenges of Privacy Protection in the Smart Grid
• CT10. Location-Based Privacy, Protection, Safety and Security
Privacy Law and Regulation:
Technologies, Implications, and Solutions
• Data Colonisation
 OUTLINE — INTRODUCTION TO PRIVACY IN
COMPUTING

1) Introduction (def., dimensions, basic principles, …)

2) Recognition of the need for privacy
3) Threats to privacy
4) Privacy Controls
4.1) Technical privacy controls - Privacy-Enhancing Technologies (PETs)
a) Protecting user identities
b) Protecting usee identities
c) Protecting confidentiality & integrity of personal data
4.2) Legal privacy controls
a) Legal World Views on Privacy
b) International Privacy Laws: Comprehensive or Sectoral
c) Privacy Law Conflict between European Union – USA
d) A Common Approach: Privacy Impact Assessments (PIA)
e) Observations & Conclusions
5) Selected Advanced Topics in Privacy
5.1) Privacy in pervasive computing
5.2) Using trust paradigm for privacy protection
5.3) Privacy metrics
5.4) Trading privacy for trust
 1. INTRODUCTION (1)
• Def. of privacy
• = the claim of individuals, groups and institutions to
determine for themselves, when, how and to what extent
information about them is communicated to others

• 3 dimensions of privacy:
1) Personal privacy
Protecting a person against undue interference (such as physical searches) and
information that violates his/her moral sense
2) Territorial privacy
Protecting a physical area surrounding a person that may not be violated
without the acquiescence of the person
• Safeguards: laws referring to trespassers search warrants
3) Informational privacy
Deals with the gathering, compilation and selective dissemination of
information
 INTRODUCTION

• Basic privacy principles

• Lawfulness and fairness
• Necessity of data collection and processing
• Purpose specification and purpose binding
• There are no "non-sensitive" data
• Transparency
• Data subject´s right to information correction, erasure or blocking of incorrect/
illegally stored data
• Supervision (= control by independent data protection authority) & sanctions
• Adequate organizational and technical safeguards

• Privacy protection can be undertaken by:

• Privacy and data protection laws promoted by government
• Self-regulation for fair information practices by codes of conducts promoted by
businesses
• Privacy-enhancing technologies (PETs) adopted by individuals
 3. THREATS TO PRIVACY

1) Threats to privacy at application level

 Threats to collection / transmission of large quantities of personal
data
• Incl. projects for new applications on Information Highway, e.g.:
• Health Networks / Public administration Networks
• Research Networks / Electronic Commerce / Teleworking
• Distance Learning / Private use

• Example: Information infrastructure for a better healthcare

[cf. Danish "INFO-Society 2000"- or Bangemann-Report]

• National and European healthcare networks for the interchange of information

• Interchange of (standardized) electronic patient case files
• Systems for tele-diagnosing and clinical treatment
 3. THREAT TO PRIVACY (2)

2) Threats to privacy at communication level

• Threats to anonymity of sender / forwarder / receiver
• Threats to anonymity of service provider
• Threats to privacy of communication
• E.g., via monitoring / logging of transactional data
• Extraction of user profiles & its long-term storage

3) Threats to privacy at system level

• E.g., threats at system access level

4) Threats to privacy in audit trails

 3. THREAT TO PRIVACY

• Identity theft – the most serious crime against privacy

• Threats to privacy – another view
• Aggregation and data mining
• Poor system security
• Government threats
• Gov’t has a lot of people’s most private data
• Taxes / homeland security / etc.
• People’s privacy vs. homeland security concerns
• The Internet as privacy threat
• Unencrypted e-mail / web surfing / attacks
• Corporate rights and private business
• Companies may collect data that U.S. gov’t is not allowed to
• Privacy for sale - many traps
• “Free” is not free…
• E.g., accepting frequent-buyer cards reduces your privacy
 4. PRIVACY CONTROLS
1) Technical privacy controls - Privacy-Enhancing Technologies
(PETs)

a) Protecting user identities

b) Protecting confidentiality & integrity of personal data

2) Legal privacy controls

 4.1. TECHNICAL PRIVACY
CONTROLS (1)
 Technical controls - Privacy-Enhancing Technologies (PETs)
a) Protecting user identities via, e.g.:
• Anonymity - a user may use a resource or service without
disclosing her identity
• Pseudonymity - a user acting under a pseudonym may use a
resource or service without disclosing his identity
• Unobservability - a user may use a resource or service without
others being able to observe that the resource or service is
being used
• Unlinkability - sender and recipient cannot be identified as
communicating with each other
4.1. TECHNICAL PRIVACY CONTROLS (4)

• The risk of reidentification (a threat to anonymity)

• Types of data in statistical records:
• Identity data - e.g., name, address, personal number
• Demographic data - e.g., sex, age, nationality
• Analysis data - e.g., diseases, habits

• The degree of anonymity of statistical data depends on:

• Database size
• The entropy of the demographic data attributes that can serve as
supplementary knowledge for an attacker

• The entropy of the demographic data attributes depends on:

• The number of attributes
• The number of possible values of each attribute
• Frequency distribution of the values
 4.1. TECHNICAL PRIVACY CONTROLS (5)

c) Protecting confidentiality and integrity of personal data via, e.g.:

• Privacy-enhanced identity management

• Limiting access control
• Incl. formal privacy models for access control
• Enterprise privacy policies
• Steganography
• Specific tools
• Incl. P3P (Platform for Privacy Preferences)
 4.2. LEGAL PRIVACY CONTROLS (1)
• Outline
a) Legal World Views on Privacy
b) International Privacy Laws:
• Comprehensive Privacy Laws
• Sectoral Privacy Laws

c) Privacy Law Conflict European Union vs. USA

d) A Common Approach: Privacy Impact Assessments (PIA)
e) Observations & Conclusions
 4.2. LEGAL PRIVACY CONTROLS (2)
A) LEGAL WORLD VIEWS ON PRIVACY (1)

• General belief: Privacy is a fundamental human right that

has become one of the most important rights of the modern
age

• Privacy also recognized and protected by individual

countries
• At a minimum each country has a provision for rights of
inviolability of the home and secrecy of communications
• Definitions of privacy vary according to context and environment
 4.2. LEGAL PRIVACY CONTROLS (3)
A) LEGAL WORLD VIEWS ON PRIVACY (2)

United States: “Privacy is the right to be left alone” - Justice

Louis Brandeis

UK: “the right of an individual to be protected against intrusion

into his personal life or affairs by direct physical means or by
publication of information

Australia: “Privacy is a basic human right and the reasonable

expectation of every person”
 4.2. LEGAL PRIVACY CONTROLS (4)
B) INTERNATIONAL PRIVACY LAWS

• Two types of privacy laws in various countries:

1) Comprehensive Laws
• Def: General laws that govern the collection, use and dissemination of
personal information by public & private sectors
• Require commissioners or independent enforcement body
• Difficulty: lack of resources for oversight and enforcement; agencies
under government control
• Examples: European Union, Australia, Canada and the UK

2) Sectoral Laws
• Idea: Avoid general laws, focus on specific sectors instead
• Advantage: enforcement through a range of mechanisms
• Disadvantage: each new technology requires new legislation
 4.2. LEGAL PRIVACY CONTROLS (5) -- B) INTERNATIONAL PRIVACY LAWS
COMPREHENSIVE LAWS - EUROPEAN UNION

• European Union Council adopted the new Privacy Electronic Communications Directive
[cf. A.M. Green, Yale, 2004]

• Prohibits secondary uses of data without informed consent

• No transfer of data to non EU countries unless there is adequate privacy protection
• Consequences for the USA

• EU laws related to privacy include

• 1994 — EU Data Protection Act
• 1998 — EU Data Protection Act
• Privacy protections stronger than in the U.S.
 4.2. LEGAL PRIVACY CONTROLS (9)
D) A COMMON APPROACH:
PRIVACY IMPACT ASSESSMENTS (PIA) (1)

• An evaluation conducted to assess how the adoption of new information policies, the procurement of new
computer systems, or the initiation of new data collection programs will affect individual privacy

• The premise: Considering privacy issues at the early stages of a project cycle will reduce potential adverse
impacts on privacy after it has been implemented

• Requirements:
• PIA process should be independent
• PIA performed by an independent entity (office and/or commissioner) not linked to the project under review
• Participating countries: US, EU, Canada, etc.
 4.2. LEGAL PRIVACY CONTROLS (11)

E) OBSERVATIONS AND CONCLUSIONS

• Observation 1: At present too many mechanisms seem to operate on a national or regional, rather than global
level
• E.g., by OECD

• Observation 2: Use of self-regulatory mechanisms for the protection of online activities seems somewhat
haphazard and is concentrated in a few member countries

• Observation 3: Technological solutions to protect privacy are implemented to a limited extent only

• Observation 4: Not enough being done to encourage the implementation of technical solutions for privacy
compliance and enforcement
• Only a few member countries reported much activity in this area
 4.2. LEGAL PRIVACY CONTROLS (12)
E) OBSERVATIONS AND CONCLUSIONS

• Conclusions
• Still work to be done to ensure the security of personal information for all individuals in
all countries

• Critical that privacy protection be viewed in a global perspective

• Better than a purely national one –
To better handle privacy violations that cross national borders
5. SELECTED ADVANCED TOPICS IN PRIVACY
(1)

Outline

5.1) Privacy in pervasive computing

5.2) Using trust paradigm for privacy protection
5.3) Privacy metrics
5.4) Trading privacy for trust
 5. SELECTED ADVANCED TOPICS IN PRIVACY

5.2. USING TRUST FOR PRIVACY PROTECTION (1)

• Privacy = entity’s ability to control the availability and exposure of

information about itself
• We extended the subject of privacy from a person in the original definition [“Internet
Security Glossary,” The Internet Society, Aug. 2004 ] to an entity— including an
organization or software
• Controversial but stimulating
• Important in pervasive computing
• Privacy and trust are closely related
• Trust is a socially-based paradigm
• Privacy-trust tradeoff: Entity can trade privacy for a corresponding gain in its
partners’ trust in it

• The scope of an entity’s privacy disclosure should be proportional to the benefits

expected from the interaction
• As in social interactions
• E.g.: a customer applying for a mortgage must reveal much more personal data
 5.2. USING TRUST FOR PRIVACY PROTECTION (2)

• Optimize degree of privacy traded to gain trust

• Disclose minimum needed for gaining partner’s necessary trust level
• To optimize, need privacy & trust measures
Once measures available:
• Automate evaluations of the privacy loss and trust gain
• Quantify the trade-off
• Optimize it
• Privacy-for-trust trading requires privacy guarantees for further
dissemination of private info
• Disclosing party needs satisfactory limitations on further dissemination (or the lack
of thereof) of traded private information
• E.g., needs partner’s solid privacy policies
• Merely perceived danger of a partner’s privacy violation can make the disclosing party
reluctant to enter into a partnership
• E.g., a user who learns that an ISP has carelessly revealed any customer’s email will look for
 5.2. USING TRUST FOR PRIVACY PROTECTION (3)

• Conclusions on Privacy and Trust

• Without privacy guarantees, there can be no trust and trusted interactions
• People will avoid trust-building negotiations if their privacy is threatened by
the negotiations
• W/o trust-building negotiations no trust can be established
• W/o trust, there are no trusted interactions

• Without privacy guarantees, lack of trust will cripple the promise of

pervasive computing
• Bec. people will avoid untrusted interactions with privacy-invading pervasive
devices / systems
• E.g., due to the fear of opportunistic sensor networks
Self-organized by electronic devices around us – can harm people in their midst

• Privacy must be guaranteed for trust-building negotiations

 5. SELECTED ADVANCED TOPICS IN PRIVACY

5.3. PRIVACY METRICS (1)

Outline

• Problem and Challenges

• Requirements for Privacy Metrics
• Related Work
• Proposed Metrics
A. Anonymity set size metrics
B. Entropy-based metrics
 5.3. PRIVACY METRICS (2)

A) PROBLEM AND CHALLENGES

• Problem
• How to determine that certain degree of data privacy is
provided?

• Challenges
• Different privacy-preserving techniques or systems
claim different degrees of data privacy
• Metrics are usually ad hoc and customized
• Customized for a user model
• Customized for a specific technique/system

• Need to develop uniform privacy metrics

• To confidently compare different techniques/systems
 5.3. PRIVACY METRICS (3A)

B) REQUIREMENTS FOR PRIVACY METRICS

• Privacy metrics should account for:

• Dynamics of legitimate users
• How users interact with the system?
E.g., repeated patterns of accessing the same data can leak information to a
violator
• Dynamics of violators
• How much information a violator gains by watching the system for a period of
time?
• Associated costs
• Storage, injected traffic, consumed CPU cycles, delay
-- The End --