Personal Privacy Ross Anderson Professor of Security Engineering Cambridge University.

Slides:

Advertisements

Similar presentations

A NEW LOOK AT FACEBOOK!. What you can do with facebook: What you can do with facebook: o o You can see where old friends have gone o o Students can make.

Advertisements

Communication Transferring information from one person to another. Communication is used to instruct, clarify interpret, notify, warn, receive feedback,

Ministry of Interior of Montenegro,,The Fight against corruption and organized crime in Montenegro Ministry of Interior of Montenegro,,The Fight against.

Joining up care for the patient and family Marlene Winfield

WRSU Customer Service The Beauty of Change. Privacy and Confidentiality.

Current developments: A View from Social Care Terry Dafter Chair of ADASS Informatics Network November 2014.

HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.

User Perception and Acceptance of Biometrics M. Angela Sasse Professor of Human-Centred Technology Department of Computer Science University College London,

SPYWARE Presented by The State Security Office November 17, 2004.

Primary Healthcare Reform The Australian Experience Professor Mark Booth First Assistant Secretary Primary and Mental Health Care Division Department.

Unit 7: Store and Retrieve it Database Management Systems (DBMS)

Where’s the Equilibrium? Ross Anderson Cambridge.

Public Information Online. Timothy WhitneyCaroline Aaron.

NHS Databases – The Big Opt Out Ross Anderson Cambridge University and Foundation for Information Policy Research.

Chapter 1 What is Security Engineering?. Security Engineering Building systems that remain stable Malice Error Mischance Focuses on Tool Processes Methods.

Privacy, Trust and the State Ross Anderson Cambridge University and Foundation for Information Policy Research.

Confidentiality and Collaboration The ethics of information sharing in health and social care.

Security of Computerized Medical Information: Threats from Authorized Users James G. Anderson, Ph.D. Purdue University.

1 Business Economics I Markets and Organizations II.

Safety and Privacy of Clinical Information (see FIPR evidence by Ross Anderson, Ian Brown. Fleur Fisher & Douwe Korff on

Information Technology for the Health Professions, 2/e By Lillian Burke and Barbara Weill ©2005 Pearson Education, Inc. Pearson Prentice Hall Upper Saddle.

Ian Akeroyd Virgin Media Business 10th October 2014

Features and Functions of Information Systems. What are information systems?  Information systems consist of software, hardware and communication networks.

Career Research Power Point My Top Cluster  Health Science was my top cluster  My video link for this cluster is ( deos/CareerandClusterVideos/care.

The University of Kansas Medical Center Shadow Experience Training.

Tanroop Sidhu Block:2 April.25, Duty's and Responsibilities of a Marine Biologist Marine Biologists are biologists that basically just study the.

Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.

Department of Marketing The Practice of Management Research Professor Mark Gabbott Deputy Dean, Business and Economics.

National Science Foundation Chief Information Officer CIO Fall Update for the Advisory Committee for Business and Operations: Identity Management 2.0 George.

The Private Finance Initiative n Advantages * Benefits of the PFI The major appeal of the PFI for the government is that the cost of the hospital does.

GOVERMENT Regulators: CQC HCPC NHS Clinical Commissioning Groups Mental Health Trusts Local Authorities Local Authority Commissioners Social Services Community.

HIPAA EFFECTS OF HEALTH CARE LEGISLATION. Evaluation of the influences of HIPAA  How it affected health care system  How it works as a law  Changes.

Chapter 12 by Lisa Reeves Bertin Securing Information in a Network.

Chapter 7: Market Structures Section 2

1 Employment in the European Union: Perspectives and threats Labour markets, Ageing labour force, migration International Conference “Days of Socio-Economy:

Annual Conference 2012 Developing ‘Business’ IT for the NHS INFORMATICS DEPT.

Security of the Distributed Electronic Patient Record: A Case-Based Approach James G. Anderson, Ph.D. Purdue University.

Copyright © Allyn & Bacon 2002 An Introduction to Human Services: Policy and Practice Privatization §This multimedia product and its contents are protected.

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.

Tiani Spirit REALISING AND MANAGING THE SINGLE PATIENT RECORD MIKE MORRIS.

Sports Unlimited Reaching the World of customers Green Team Spring 2010.

Ehealth Group A – Andrew McNaught, Konrad Borowiecki, James Wilson, Xi Chen.

1 CS 501 Spring 2003 CS 501: Software Engineering Lecture 7 Business Aspects of Software Engineering.

The American Private Enterprise System. Part II Our Economy- How It Works, What It Provides.

Derek T Barron Interim Executive Director Nursing, Midwifery and Allied Health Professions NHS

FGM – THE ENHANCED DATASET DR EMMA TUKMACHI LEAD GP FOR SAFEGUARDING CHILDREN IN TOWER HAMLETS.

C HAPTER 34 Code Blue Health Sciences Edition 4. Confidentiality of sensitive information is an important issue in healthcare. Breaches of confidentiality.

Mario Čagalj Sveučilište u Splitu 2014/15. Sigurnost računala i podataka.

Data protection and European citizens’ initiatives

Your health record How the local NHS uses and protects the information held about you Other ways that your records may be used Your local NHS services.

Creating Open Data whilst maintaining confidentiality Philip Lowthian, Caroline Tudor Office for National Statistics 1.

Unit 7 Seminar.  According to Sanderson (2009), the problems with the current paper-based health record system have been well documented. The author.

Building a Shared Service Focus on high-volume areas Focus on high-volume areas Need for scalable resilience Need for scalable resilience ‘A significant.

Your general practice and the Family Doctor service in general is under threat. The government is taking steps which doctor’s believe will harm patient.

INTERNAL CONTROLS What are they? Why should I care?

Health Report 10 November Big Health Check – Self Assessment 2011 This report is all about the big NHS health check Each year we look at NHS services.

Objectives  Legislation:  Understand that implementation of legislation will impact on procedures within an organisation.  Describe.

Topics 1.Health and Safety, ACC, KiwiSaver 2.NZ style CVs, online applications – highlight 3.Interviews (role plays) 4.Cold calling and networking Week.

Supporting the NHS to deliver better, safer, quality care NHS Connecting for Health.

Can We Trust the Computer? FIRE, Chapter 4. What Can Go Wrong? What are the risks and reasons for computer failures? How much risk must or should we accept?

Employability Laws Matt Haller. Americans with Disabilities Act – 1990 (ADA) Nation's first comprehensive civil rights law addressing the needs of people.

EMPLOYABILITY LAWS Owen weaver. AMERICANS WITH DISABILITIES ACT – 1990 (ADA) Nation's first comprehensive civil rights law addressing the needs of people.

ETHICS Internet And Online Community Week 10.

North Carolina Law Review Symposium

Data Sharing Consultation Event

Internet And Online Community Week 10

Other Sources of Information

Chapter 7 Vocabulary Review

IGraphic Social impacts of IT

Communication Technology in a Changing World

Presentation transcript:

Personal Privacy Ross Anderson Professor of Security Engineering Cambridge University

Privacy Engineering Engineering for privacy, as for security or dependability, involves –computer science – for matters like scalability –economics – systems often fail when the people who maintain them have the wrong incentives –psychology – the feeling and the reality are often different Privacy is particularly hard because all three of these factors are often pushing the wrong way

Privacy and Business It’s economically efficient to charge different prices to different customers The falling costs of collecting and processing data make this easier The move if businesses online makes them more like the software business (with low marginal costs, network effects and lock-in) which makes price discrimination more profitable However price discrimination annoys people – especially those who end up paying more

Example – Facebook A newsworthy conflict of interest –Facebook wants to sell user data –Users want feeling of intimacy, small group, social control Complex access controls – 60+ settings on 7 pages Privacy almost never salient (deliberately!) Over 90% of users never change defaults This lets Facebook blame the customer when things go wrong

How Privacy Scales Main privacy threat is usually insiders Traditional GP: 12 staff have access to 10,000 records. Can cope with that! What happens if we let 45,000 GPs plus 40,000 staff see 50,000,000 records? Lesson from Scotland Effect of pervasive malware What’s done in intelligence agencies

‘Database State’ The Joseph Rowntree Reform Trust sponsored a systematic study of all government systems that hold information on at least a substantial minority of us Authors: me, Ian Brown, Terri Dowty, Philip Ingelsant, William Heath, Angela Sasse Are these databases legal, and effective? Which systems should the next Government, scrap, keep or fix?

Database State (2) Of 46 systems, we found that 11 were almost certainly illegal Health: SUS, DCR – fall foul of I v Finland judgement Kids: eCAF, ONSET, ContactPoint Home Office: NDNAD, NIR, IMP DWP data sharing, National Fraud Initiative The EU Prüm framework

Database State (3) We also found 29 ‘amber’ databases with significant problems including –National Childhood Obesity Database (why?) –NHS Summary Care record (almost useless) –National Pupil Database (mission creep) –Police National Database (federating much stuff that used to be local, like the NHS) Only 6 of 46 databases got a green light (and one of those was an error)!

Where Are We Now? Three ‘red’ systems were closed down (NIR, ContactPoint, NAO) Other red systems being spun/renamed (IMP) Two new ‘red’ systems – SCR and YJCMS A number of ‘amber’ systems that harm privacy while providing no benefit are spared (NCOD, NPD, Learner Records Service) In short: no real change, despite Coalition Agreement and the parties’ pre-election pitches

Statistical Security The Department of Health wants to keep its databases but protect privacy by stripping out patients’ names and addresses But this doesn’t in general work! Example: find the salary of the female professor in the computer lab as (average salary professors) - (average salary male professors) x (number of professors) With health it’s even harder – especially as researchers want longitudonal records that link up care episodes

Economics of Privacy Economics of security has been a rapidly growing field since 2001 The economics of privacy are perplexing! People say they value privacy, but usually act otherwise Is this due to ignorance, externalities, social effects, …? Will people suddenly become militant?

Conclusion Privacy online is hard! The economics, psychology and computer science often push in the wrong direction The private sector is motivated by price discrimination The public sector is somewhat similar with a drive to ‘personalised service’ or ‘transformation government’ What sets the boundary? European law? A public reaction against ‘creepy’ organisations? Rational rejection of surveillance by richer citizens?

Europe to the Rescue? The I v Finland case, 2008 Ms “I” was a nurse in Helsinki, HIV+ Her hospital systems let everyone see everything Her colleagues found out about her HIV and hounded her out of her job ECHR: she had a right to restrict her health records to clinicians involved directly in her care Now, so do we all!