1. Privacy by Design: Building Trust into Technology Ann Cavoukian, Ph.D. Information and Privacy Commissioner/Ontario 1 st Annual Privacy & Security Conference Centre for Applied Cryptographic Research Toronto November 10, 2000

2. Privacy: The Key to the New Economy Call it the economics of privacy. The cost of privacy violation to potential economic growth is rising… Unless privacy is protected soon, the revolutionary potential of the Internet may never be realized… The invasion of privacy may turn out to be the greatest menace to the New Economy. Business Week, March 16, 1998

3. Privacy & E-Commerce  “Rate of growth of online spending declined in 1999, although total spending was up, the average number of dollars spent per Internet user was down.”  “Major reason for decline in spending growth: concerns about privacy and trust.”  “15% of e-consumers dropped out based on 1997/98 data, only 50% returned in 1999.” Wharton Forum on Electronic Commerce

4. E-commerce Survey Statistics 1999  Total value of online sales in Canada was only 0.2% of total operating revenues  Total value of online sales in the United States was only 0.6% of total sales in the 4 th quarter of 1999 Statistics Canada (August, 2000)

5. Recent Survey Results  90% of people surveyed said privacy was the most important issue for e-commerce to address;  79% don’t use web sites which require personal information; 42% fabricate information;  Consumers generally wary of releasing phone number, address and credit card number over the Internet. Yankelovich Partners (August, 2000)

6. Consequences of Mishandling Privacy  Intel Pentium III –processor serial number controversy –pressure from privacy groups forced Intel to disable the feature: the default is now “off” not “on”  Microsoft HotMail –e-mail password protection faulty  CD Universe –300,000 credit card numbers stolen

7. Recent Class Action Lawsuits  DoubleClick –an Internet ad agency, facing lawsuits filed by 15 individuals and a class action suit, for violating privacy and using deceptive business practices  America Online (Netscape) –Netscape facing a federal class action suit claiming it violates the federal Electronic Communications Privacy Act by tracking the type of files a user is accessing through its SmartDownload software

8. Falsifying Information on the Web  42.1% have falsified information at one time or another when asked to register at a Web site  70% walk away when asked for personally identifying information (10 th WWW User Survey, October 1998)

9. Security  Privacy

10. Security Plus Privacy Security authentication data-integrity confidentiality non-repudiation privacy, data protection (Fair Information Practices)

11. Fair Information Practices The Basics: Think “Use”  identify the primary purpose - then only collect what you need to achieve that purpose  secondary purposes - don’t use the information collected for any other purpose (without explicit consent)

12. Fair Information Practices  purpose specification  collection limitation  use limitation  openness and transparency  right of access and correction  data quality and security  independent oversight

13. Canadian & American Privacy Initiatives  E.U. Directive on Data Protection  C.S.A. Model Code for the Protection of Personal Information  Canada’s Personal Information Protection and Electronic Document Act (Bill C-6)  U.S. Safe Harbor Arrangement

14. Technology and Privacy  “The most effective means to counter technology’s erosion of privacy is technology itself.” Alan Greenspan, Federal Reserve Chairman  “A technology should reveal no more information than is necessary…it should be built to be the least revealing system possible.” Dr. Lawrence Lessig, Harvard, September 1999

15. Crypto is not Enough… New cryptographic protocols have created a vast design space. Along one edge of this space lie the traditional technologies for creating personally identifiable records. Along the opposite edge lie technologies of anonymity… Between these two extremes lie numerous other possibilities. …[But in order] for these technologies to fulfill their promise, they must be integrated with the larger institutional world, including business models, regulatory systems, contractual language, and social customs. Phillip Agre, The Architecture of Identity 1999

16. Privacy Enhancing Technologies  What are PETs –Anonymisers, pseudonomisers, intermediaries  Their Strengths – tools to protect personal information  Their Limitations – usually individual responses to an existing architecture – sometimes someone still has your personal information

17. Building in Privacy  Build in privacy – right up front, into the design specifications  Minimize the collection and routine use of personally identifiable information – use aggregate or coded information if possible  Wherever possible, encrypt personal information  Assess the risk to privacy; be proactive; conduct a privacy impact assessment

18. Where to Start? 3 things you can do right now:  If you don’t have a privacy policy, develop one that is simple, clear and concise  Your privacy policy should be prominently posted, both online and in offline publications  Develop a culture of privacy in your organization  Get consent – at a minimum, offer the ability to opt-out of secondary uses such as unwanted marketing pitches or unsolicited e-mails  Remember the 3 C’s: choice, consent and control

19. How to Contact Us Ann Cavoukian, Ph.D. Commissioner 80 Bloor Street West, Suite 1700 Toronto, Ontario Canada M5S 2V1 Phone: (416) 326-3948 Web: www.ipc.on.ca E-mail: commissioner@ipc.on.ca