ID by Law Is the EC Directive valid in 10 years? Jan Willem Broekema Open Source Onderdeel Software Strategie

European Data Protection Directive 95/46 Data Protection in the European Union based on the concept  of data regarding identified or identifiable person(s)  of (automated) processing  of a processor (person or organisation)  of a controller (controlling the processor)

Raison d’être  Early 70’s fear of Domesday Books  Full population census (know all to better policy)  1984 scenario (know all to better police)  All-powerful all-knowing government  Relational database structures NOT however  Internet / World Wide Web  Search engines  Data mining

Linked to basic human rights  The right to be left alone (privacy in 19 th C America)  Human rights charters Nine basic rules  1. Notification  2. Transparency  3. Finality  4. Grounds  5. Quality  6. Rights  7. Data security  8. Processor  9. Data transfers

Internet - the new? kid on the block based on technological & financial efficiency  re-use of processing power  re-use of code  re-use of information  more, faster  limitless

, Usenet, Talk  Person - to - person (vs computer-computer)  Indirect, store_and_forward, store_and_get  Direct, “on-line” chat and messenger  1-2-1, 1-2-N  address change from to

World Wide Web  Collection of client information  Collection of visitor information  Cookies  Trojan Horses  Bots  Zombies  Phishes  all aimed at the (unwanted) collection of personal data

New and future developments  Search engines  Waybackmachine  ID in EXIF  IP v6  Personal digital assistant  Smart phone  Data storage by and for police forces  Data storage by and for public transport  Data storage by and for medicare  Data storage by and for public sector  Data storage by and for lending & spending  Data storage by and for commerce  Data storage by and for friends & unwanted others  Data storage by and for (ex) lovers, (ex) wives, (ex) dogs  Data storage by and for schools & education  Data storage by and for terrorists, thieves, abductors  Data storage by and for anybody who wants to know  Data storage by and for your mother in law  Data storage by and for you & your neighbour

So, what left - or what’s right?  Anonymity on internet, tech helps  Only for ‘hackers’  There’s nowhere to hide  There’s no road back  Any code can be broken  Everybody leaves a trace; “Toninootje”  Closed software (=no) solutions, backdoors  Pigeons on the loose But what if?  others publish your info  publication is legal but unwanted

Coming to a close Is there Privacy in the Future?  No, for standard society issues not  No, for governmental procedures not  No, not for have-nots/know-nots However  If you really want it, yes, by technology/knowledge  If you really want it, yes, by fraud  If you really want it, yes, by social engineering and then it is very successfulllllllllllll!!!!!!!!!!!!!!

Should EC 95/46 be changed?  EU-wide general privacy protection framework  based on human rights (no business interest)  different value for private and public sectors  national data protection authorities  is a web publication a processing of personal information  should web visitors be notified of further use  should police power be controlled / curbed  should governmental collection be stopped

ID by Law or Jan Willem Broekema Open Source Onderdeel Software Strategie