Location, Location, Location: The Emerging Crisis in Wireless Data Privacy Ari Schwartz & Alan Davidson Center for Democracy and Technology

Slides:

Advertisements

Similar presentations

CHAPTER 4 E-ENVIRONMENT

Advertisements

Ethical and Social...J.M.Kizza 1 Module 5: Anonymity, Security, Privacy and Civil Liberties IntroductionAnonymitySecurityPrivacy Ethical and Social Issues.

Consumer Privacy and Information Access Professor Matt Thatcher.

IS3350 Security Issues in Legal Context

Identity Management In A Federated Environment Identity Protection and Management Conference Presented by Samuel P. Jenkins, Director Defense Privacy and.

© 2003 IBM Corporation Preparing for Privacy Society of Internet Professionals January 19, 2004 Nigel Brown Senior Privacy.

Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

E-Commerce Thuyduong Nguyen IT Spring 2003 April 28, 2003.

Internet Privacy Policies Presented by: Paul Frenken President, COLAIP.

Domain Name Registrant Data: The Privacy Questions Alan Davidson Center for Democracy and Technology

Privacy Chris Kelly iLaw July 5, 2002.

P3P: Platform for Privacy Preferences Charlin Lu Sensitive Information in a Wired World November 11, 2003.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Privacy as an International Information Issue MD823 October 18, 2004.

NTIA Privacy Multistakeholder Meeting March 25, 2014 Amanda Koulousias, Attorney Division of Privacy and Identity Protection Federal Trade Commission FTC.

E-Commerce: Regulatory, Ethical, and Social Environments

Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.

Privacy in Computing Legal & Ethical Issues in Computer …Security Information Security Management …and Security Controls Week-9.

No one questions that Microsoft can write great software. Customers want to know if we can be innovative, scalable, reliable in the cloud. (1996) 450M+

C4- Social, Legal, and Ethical Issues in the Digital Firm

Eric J. Pritchard One Liberty Place, 46 th Floor 1650 Market Street Philadelphia, Pennsylvania (215)

© 2007 The MITRE Corporation. MITRE Privacy Practice W3C Government Linked Data Working Group Michael Aisenberg, Esq. 29 June 2011 Predicate for Privacy.

How Can We Deal with Risks from the Internet: Why Privacy Legislation Is Hot Right Now Professor Peter Swire Ohio State University/Center for American.

Building User Trust Online Sarah Andrews International Conference on the Legal Aspects of an E-Commerce Transaction The Hague October 2004.

WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ Identity and Privacy: the.

Prepared for; Conference on Multi-Level Regulatory Governance in Canada Addressing; Multi-Level Regulatory Governance in the Health Sector Prepared by;

Privacy, P3P and Internet Explorer 6 P3P Briefing – 11/16/01.

Slides prepared by Cyndi Chie and Sarah Frye1 A Gift of Fire Third edition Sara Baase Chapter 2: Privacy.

1 WS-Privacy Paul Bui Ryan Dickey. 2 Agenda  WS-Privacy  Introduction to P3P  How P3P Works  P3P Details  A P3P Scenario  Conclusion  References.

Marketing in Today’s Economy

Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.

Introduction to Computer Security PA Turnpike Commission.

Mayer Brown is a global legal services organization comprising legal practices that are separate entities ("Mayer Brown Practices"). The Mayer Brown Practices.

Identity Crisis: Global Challenges of Identity Protection in a Networked World Alison Knight.

Privacy ECT 582 Robin Burke. Outline Homework #6 Privacy basics relationship to security privacy policies and requirements.

Privacy Engineering for Digital Rights Management Systems By XiaoYu Chen.

Patient Confidentiality and Electronic Medical Records Ann J. Olsen, MBA, MA Information Security Officer and Director, Information Management Planning.

1 Public FTAA.ecom/inf/122 February 13, 2002 Original: English.

The privacy risks and rewards of distributed identity Conference Presentation (8 September 2003) Surveillance and Privacy 2003, University of New South.

CSCE 201 Open Source Information Privacy. CSCE Farkas2 Reading List Recommended reading: – Open Source Intelligence: Private Sector Capabilities.

October 10, 2007 Fenwick & West Conference Center EFF 2007 Bootcamp 2.0 Best Practices for OSPs: Law Enforcement Information Requests Kurt Opsahl, Senior.

The Internet of Things and Consumer Protection

Malcolm Crompton APEC Information Privacy Framework: review, impact, & progress APEC Symposium on Information Privacy Protection in E Government & E Commerce.

May 11, 2009 Golden Gate University EFF 2009 Bootcamp 2.0 Best Practices for OSPs: Law Enforcement Information Requests Kurt Opsahl, Senior Staff Attorney.

Approved for Public Release. Distribution Unlimited. 1 Government Privacy Rick Newbold, JD, MBA, CIPP/G Futures Branch 28.

Privacy & Confidentiality in Internet Research Jeffrey M. Cohen, Ph.D. Associate Dean, Responsible Conduct of Research Weill Medical College of Cornell.

Privacy Advisory Services … … A Best Practices, Integrated Approach Insert Firm Name Here.

PRIVACY, LAW & ETHICS MBA 563. Source: eMarketing eXcellence Chaffey et al. BH Overview: Establishing trust and confidence in the online world.

Overview of ONC Report to Congress on Health Information Blocking Presented to the Health IT Policy Committee, Task Force on Clinical, Technical, Organizational,

TOP 10 TECHNOLOGY INITIATIVES Robert G Parker July 12, 2013.

John Weigelt, MEng, PEng, CISSP, CISM National Technology Officer Microsoft Canada November 2005 Fighting Fraud Through Data Governance.

1 The Privacy Impact Assessment Guidelines Guy Herriges Manager, Information and Privacy Office of the Corporate Chief Strategist, MBS November 2000.

APEC Privacy Framework “The lack of consumer trust and confidence in the privacy and security of online transactions and information networks is one element.

Introduction: Introduction: As technology advances, we have cheaper and easier ways to stay connected to the world around us. We are able to order almost.

1 Ethics of Computing MONT 113G, Spring 2012 Session 31 Privacy as a value.

Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.

Data protection—training materials [Name and details of speaker]

What is the Prevent Duty? Part of the 2015 Counter Terrorism and Security Act. A duty to protect ‘people from being drawn into terrorism’ by “extremists.”

You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only. By using this IS (which includes any device.

The technology behind the USPS EPM. AND COMPLIANCE March 25, 2004 Adam Hoffman.

Consumer Information Federal Trade Commission Act grants Federal Trade Commission (FTC) responsibility regarding unfair methods of competition and unfair.

Framework of engagement : big data for official use Roy D. Ibay AVP Regulatory PLDT – Smart.

Unlinking Private Data

Michael Spiegel, Esq Timothy Shimeall, Ph.D.

E-Commerce: Regulatory, Ethical, and Social Environments

Marketing in Today’s Economy

HIPAA Privacy and Security Update - 5 Years After Implementation

IT and Society Week 2: Privacy.

Presentation transcript:

Location, Location, Location: The Emerging Crisis in Wireless Data Privacy Ari Schwartz & Alan Davidson Center for Democracy and Technology

Overview The wireless data environment raises important new privacy concerns that could threaten the success of these wireless Web applications specifically, and individual liberty more generally. In this talk: –New Privacy Problems in Wireless Data –Remedies and Challenges: Industry best practices Government access and government regulation Technology approaches: Privacy by Design

The Online Privacy Problem A Rising Tide of Public Concern –Survey data and real business experiences showing that privacy is a major consumer concern as they move their lives online. New Privacy Risks –Collection of information that was never before available. –Aggregation of data across time, space, applications, vendors. Accumulation creates a detailed dossier of activity and thought. –Distribution now cheap and easy - and more widespread. –Retention is cheap and easy too, so “ is forever.”

Wireless Privacy is Even Harder Sensitive New Information, Especially Location –Personally-identifiable geographical location is a new form of extremely invasive data that consumers are not accustomed to dealing with. –Logging is a critical issue. Historical records of location can be a tool for surveillance and a treasure trove in lawsuits. –Meaningful notice and choice for consumers will be an essential part of location privacy. –Other context-based information creates new risks. Ex: Phone numbers as identifiers, Potential aggregation of click-stream data, location information, phone numbers dialed, off-line databases, etc.

Wireless Privacy is Even Harder Identification and Anonymity –Wireless data services appear to provide a clearer connection between a user’s activities and identity. Ex: Impact of sharing user phone number with wireless applications providers. –How will desired consumer anonymity be preserved? –Key point: Authentication is not Identification Platform-Specific Difficulties –Platform constraints on privacy policies, privacy seals –Traditional opt-in/opt-out harder to explain –What is meaningful notice/consent/access in the wireless context?

Privacy Responses: Industry Best Practices Need for industry best practices and standards, including: –Meaningful notice –Meaningful consent –Adherence to other Fair Information Practices, including access, control, and use limitation –Good system security –Capability for anonymous/pseudonymous activity –Take-home point: Privacy can and will be a source of competitive advantage. Industry self-regulation must be the first defense But marketplace approaches have limitations...

Wireless Privacy: The Government Access Problem The best corporate privacy practices are of limited help if sensitive information is readily available through other means without adequate privacy protections. Access can take place in the course of criminal investigations, or civil discovery in a range of contexts. The customer subject to a subpoena or court order need never have violated the law.

Privacy Responses: The Government Laws needed to protect sensitive information such as location, so that data is only released pursuant to the highest legal standards. Regulations likely to protect highly sensitive areas, such as health and financial data. Other regulations might ensure baseline industry practices (especially notice and choice) and punish abuse. But regulation is highly limited as well... –Government is slow, has other interests (e.g. surveillance) –National laws don’t scale globally

Privacy Responses: Technology Privacy as design value: Importance of building privacy into the technology. Collection limitation –Don’t collect, keep, share, or communicate data unless essential –Exs. Log retention, sharing of location and phone number Anonymity, Limits on identification –Limit personally identifiable of data –Allow for anonymity, pseudonymity, proxies, trust agents –Reminder: Authentication is not Identification Enhance user control –Ex. W3C Platform for Privacy Preferences (P3P) –Default Location Controls Should Be OFF

Conclusion Wireless data systems raise important new concerns about privacy, and new opportunities for those who can gain consumer trust. Promoting privacy and trust will likely require a combination of industry responses, government action (esp. rules for lawful access to data), and technology. Privacy should be a critical technical design value as wireless data systems are conceived and implemented. For more information about privacy online please visit:

Appendix: Fair Information Practice Principles Collection Limitation Openness Consent Access Data Quality Use Limitation Security Accountability