Presentation is loading. Please wait.

Presentation is loading. Please wait.

Location, Location, Location: The Emerging Crisis in Wireless Data Privacy Ari Schwartz & Alan Davidson Center for Democracy and Technology

Published byMarylou Ferguson Modified over 8 years ago

Similar presentations

Presentation on theme: "Location, Location, Location: The Emerging Crisis in Wireless Data Privacy Ari Schwartz & Alan Davidson Center for Democracy and Technology"— Presentation transcript:

1

2 Location, Location, Location: The Emerging Crisis in Wireless Data Privacy Ari Schwartz & Alan Davidson Center for Democracy and Technology http://www.cdt.org

3 Overview The wireless data environment raises important new privacy concerns that could threaten the success of these wireless Web applications specifically, and individual liberty more generally. In this talk: –New Privacy Problems in Wireless Data –Remedies and Challenges: Industry best practices Government access and government regulation Technology approaches: Privacy by Design

4 The Online Privacy Problem A Rising Tide of Public Concern –Survey data and real business experiences showing that privacy is a major consumer concern as they move their lives online. New Privacy Risks –Collection of information that was never before available. –Aggregation of data across time, space, applications, vendors. Accumulation creates a detailed dossier of activity and thought. –Distribution now cheap and easy - and more widespread. –Retention is cheap and easy too, so “Email is forever.”

5 Wireless Privacy is Even Harder Sensitive New Information, Especially Location –Personally-identifiable geographical location is a new form of extremely invasive data that consumers are not accustomed to dealing with. –Logging is a critical issue. Historical records of location can be a tool for surveillance and a treasure trove in lawsuits. –Meaningful notice and choice for consumers will be an essential part of location privacy. –Other context-based information creates new risks. Ex: Phone numbers as identifiers, Potential aggregation of click-stream data, location information, phone numbers dialed, off-line databases, etc.

6 Wireless Privacy is Even Harder Identification and Anonymity –Wireless data services appear to provide a clearer connection between a user’s activities and identity. Ex: Impact of sharing user phone number with wireless applications providers. –How will desired consumer anonymity be preserved? –Key point: Authentication is not Identification Platform-Specific Difficulties –Platform constraints on privacy policies, privacy seals –Traditional opt-in/opt-out harder to explain –What is meaningful notice/consent/access in the wireless context?

7 Privacy Responses: Industry Best Practices Need for industry best practices and standards, including: –Meaningful notice –Meaningful consent –Adherence to other Fair Information Practices, including access, control, and use limitation –Good system security –Capability for anonymous/pseudonymous activity –Take-home point: Privacy can and will be a source of competitive advantage. Industry self-regulation must be the first defense But marketplace approaches have limitations...

8 Wireless Privacy: The Government Access Problem The best corporate privacy practices are of limited help if sensitive information is readily available through other means without adequate privacy protections. Access can take place in the course of criminal investigations, or civil discovery in a range of contexts. The customer subject to a subpoena or court order need never have violated the law.

9 Privacy Responses: The Government Laws needed to protect sensitive information such as location, so that data is only released pursuant to the highest legal standards. Regulations likely to protect highly sensitive areas, such as health and financial data. Other regulations might ensure baseline industry practices (especially notice and choice) and punish abuse. But regulation is highly limited as well... –Government is slow, has other interests (e.g. surveillance) –National laws don’t scale globally

10 Privacy Responses: Technology Privacy as design value: Importance of building privacy into the technology. Collection limitation –Don’t collect, keep, share, or communicate data unless essential –Exs. Log retention, sharing of location and phone number Anonymity, Limits on identification –Limit personally identifiable of data –Allow for anonymity, pseudonymity, proxies, trust agents –Reminder: Authentication is not Identification Enhance user control –Ex. W3C Platform for Privacy Preferences (P3P) –Default Location Controls Should Be OFF

11 Conclusion Wireless data systems raise important new concerns about privacy, and new opportunities for those who can gain consumer trust. Promoting privacy and trust will likely require a combination of industry responses, government action (esp. rules for lawful access to data), and technology. Privacy should be a critical technical design value as wireless data systems are conceived and implemented. For more information about privacy online please visit: http://www.cdt.org

12 Appendix: Fair Information Practice Principles Collection Limitation Openness Consent Access Data Quality Use Limitation Security Accountability

Download ppt "Location, Location, Location: The Emerging Crisis in Wireless Data Privacy Ari Schwartz & Alan Davidson Center for Democracy and Technology"

Similar presentations

CHAPTER 4 E-ENVIRONMENT

CHAPTER 4 E-ENVIRONMENT
Ethical and Social...J.M.Kizza 1 Module 5: Anonymity, Security, Privacy and Civil Liberties IntroductionAnonymitySecurityPrivacy Ethical and Social Issues.

Ethical and Social...J.M.Kizza 1 Module 5: Anonymity, Security, Privacy and Civil Liberties IntroductionAnonymitySecurityPrivacy Ethical and Social Issues.
Consumer Privacy and Information Access Professor Matt Thatcher.

Consumer Privacy and Information Access Professor Matt Thatcher.
IS3350 Security Issues in Legal Context

IS3350 Security Issues in Legal Context
Identity Management In A Federated Environment Identity Protection and Management Conference Presented by Samuel P. Jenkins, Director Defense Privacy and.

Identity Management In A Federated Environment Identity Protection and Management Conference Presented by Samuel P. Jenkins, Director Defense Privacy and.
© 2003 IBM Corporation www.ibm.com/security/privacy Preparing for Privacy Society of Internet Professionals January 19, 2004 Nigel Brown Senior Privacy.

© 2003 IBM Corporation Preparing for Privacy Society of Internet Professionals January 19, 2004 Nigel Brown Senior Privacy.
Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.

Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
E-Commerce Thuyduong Nguyen IT 3700-02 Spring 2003 April 28, 2003.

E-Commerce Thuyduong Nguyen IT Spring 2003 April 28, 2003.
Internet Privacy Policies Presented by: Paul Frenken President, COLAIP.

Internet Privacy Policies Presented by: Paul Frenken President, COLAIP.
Domain Name Registrant Data: The Privacy Questions Alan Davidson Center for Democracy and Technology

Domain Name Registrant Data: The Privacy Questions Alan Davidson Center for Democracy and Technology
Privacy Chris Kelly iLaw July 5, 2002.

Privacy Chris Kelly iLaw July 5, 2002.
P3P: Platform for Privacy Preferences Charlin Lu Sensitive Information in a Wired World November 11, 2003.

P3P: Platform for Privacy Preferences Charlin Lu Sensitive Information in a Wired World November 11, 2003.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Privacy as an International Information Issue MD823 October 18, 2004.

Privacy as an International Information Issue MD823 October 18, 2004.
NTIA Privacy Multistakeholder Meeting March 25, 2014 Amanda Koulousias, Attorney Division of Privacy and Identity Protection Federal Trade Commission FTC.

NTIA Privacy Multistakeholder Meeting March 25, 2014 Amanda Koulousias, Attorney Division of Privacy and Identity Protection Federal Trade Commission FTC.
E-Commerce: Regulatory, Ethical, and Social Environments

E-Commerce: Regulatory, Ethical, and Social Environments
Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.

Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.
Privacy in Computing Legal & Ethical Issues in Computer …Security Information Security Management …and Security Controls Week-9.

Privacy in Computing Legal & Ethical Issues in Computer …Security Information Security Management …and Security Controls Week-9.
No one questions that Microsoft can write great software. Customers want to know if we can be innovative, scalable, reliable in the cloud. (1996) 450M+

No one questions that Microsoft can write great software. Customers want to know if we can be innovative, scalable, reliable in the cloud. (1996) 450M+

Similar presentations

Ads by Google