1 / 22

Privacy and pervasive computing

With thanks to Bob Kummerfeld. Privacy and pervasive computing. Overview. Overview of privacy concepts Summary of principles and laws examples. Textbook: “ the right to control who knows certain aspects about you, your communications, and your activities ”

fausta
Télécharger la présentation

Privacy and pervasive computing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. With thanks to Bob Kummerfeld Privacy and pervasive computing

  2. Overview Overview of privacy concepts Summary of principles and laws examples

  3. Textbook: “the right to control who knows certain aspects about you, your communications, and your activities” • Privacy is not the same as confidentiality or secrecy • Private information relates to a person or entity What is Privacy?

  4. Textbook: “the right to control who knows certain aspects about you, your communications, and your activities” • Privacy is not the same as confidentiality or secrecy • Private information relates to a person or entity • Over to you: • What is Privacy? What is Privacy?

  5. The Office of the Australian Information Commissioner (Australian Federal Government) considers privacy of personal information, which may “include privacy issues associated with information about your location, your health and body and your communications with others.” What is Privacy?

  6. What is Privacy? A piece of information that one person considers private may not be private for another person Depends on the person and the information Eg A might consider their age to be private information, while B may not. Privacy is multi-faceted: Some information I may not want anyone to know Some information I’m happy to tell immediate family Some information I don’t mind telling friends Context is important Trust is a key factor If I release information to another individual and they make it public my privacy has been breached

  7. What is Privacy? As well as individuals, information can be private to Groups Organisations Companies Governments In some cases information is private to prevent competitors getting an advantage (eg companies, governments) Privacy is controlled disclosure: the subject chooses what personal data to give out and to whom

  8. Privacy is controlled disclosure: the subject chooses what personal data to give out and to whom How does pervasive computing interaction with that?

  9. Privacy was an issue long before we had computers • But, computers change the way we collect and use information about people and entities. • Single data centres can now hold petabytes of information (1015 or 1,000,000,000,000,000) • If we collect 1000 bytes of data about a person every second, and do this for 100 years, it is ~3.1TBytes. This storage can be attached to an average PC today. In 100 years…… • We are rapidly approaching a time when we never delete data. Computers and Privacy

  10. We are close to a time when ALL our interaction with the world can be captured This can have many good uses but is a major privacy risk Health tracking Alzheimer's treatment http://www.kickstarter.com/projects/martinkallstrom/memoto-lifelogging-camera Life Logging

  11. Permission Some information is given knowingly and with permission to use it elsewhere. However, a lot of data is now acquired about people without their (informed) consent. People leave digital footprints wherever they go: Phone calls Smart phone tracking Purchases with a credit card ATM use Transport card use Internet use (cookies etc) Sensorsin buildings, on streets Sensors people carry (phones, Sensecam-like devices)

  12. Data Ownership Information collected about people by one organisation is sometimes sold to another organisation Eg your browsing habits might be sold Information about you can now easily be passed from one organisation to another Information about you now persists, potentially forever! Facebook comments or photos you posted when you were a teenager may be found by a potential employer when you are 21 Video capture that is made public Once you release information into the “wild” it is almost impossible to retract it. Weiser’s vision of Sal’s house and all the personal data stored there

  13. Privacy Principles Data should be obtained lawfully and fairly Data should be relevant to the purpose, accurate, complete and up-to-date The purpose for data collection should be identified Data should be destroyed after use Data should not be used for other purposes without permission (eg medical uses: Henrietta Lacks) Security of data against loss, corruption, theft Confidentiality, Integrity, Anonymity Openness: users are able to access information about the collection, storage and use of the data, as well as the data itself. The data acquirer is accountable. Only necessary data is acquired

  14. Privacy Laws In general, privacy laws have covered the privacy principles In some countries (eg USA) the privacy laws do not have complete coverage: they only apply to some types of data or some user groups (eg children) or some industries Europe has the most comprehensive privacy laws Extra requirements for “sensitive” data (eg health) Controls on data transfer Independent oversight The right to be “forgotten” Laws in different countries overlap and may clash Which law applies to an internet transaction? Example: Europe vs USA for airline passenger data Laws are evolving as understanding of pervasive and ubiquitous computing and its implications develop

  15. Anonymity: without a name or nameless • Not the same as false or multiple identities • Pseudonymity: how do we establish a long-term relationship with another entity, without disclosing identity? • What is identity? • information that uniquely designates a single person • Eg drivers licence, tax file number, social security number in USA, …. • A name may designate more than one person Identity and Anonymity

  16. Authentication = Verification of identity I claim I am John Smith and I can prove it since I know the username and password linked to John Smith in the database Pseudonymity: multiple identities Eg multiple email addresses Authenticate each identity with different credentials Ubicomp identification and authentication How to do at tabletop? Identification and Authentication

  17. If you know enough information about a person, including account numbers/names and passwords, then you can pretend to be them • Authenticating as someone else is identity theft • Assuming another person’s identity allows an attacker access to private information about the person Identity Theft

  18. Background to surveillance in Australia http://www.theage.com.au/technology/technology-news/be-careful-she-might-hear-you-20120924-26h6r.html Proposal to store two years of internet log data for all users and allow access by many authorities http://www.theage.com.au/technology/technology-news/turnbulls-doubts-on-storing-digital-data-20121008-279q4.html Biometric scanners in pubs: http://www.theage.com.au/it-pro/security-it/id-scans-raise-privacy-fears-20120930-26tv3.html Public transport cards: http://www.theage.com.au/it-pro/government-it/police-handed-data-on-myki-users-20120917-262v8.html Privacy Issues

  19. The ultimate biometric is DNA • The easy capture and analysis of this has worrying implications for privacy: • http://www.reuters.com/article/2012/10/11/us-usa-geneticprivacy-idUSBRE89A06H20121011 • http://youtu.be/dGCA7FWF1pk Coming soon?

  20. Overview Overview of privacy concepts Summary of principles and laws examples

  21. Overview Overview of privacy concepts Summary of principles and laws examples

  22. Overview Overview of privacy concepts Summary of principles and laws examples

More Related