Copyright JNT Association 2009 NorduNET, 18th September 2009 1
Protecting Privacyin Global Networks
Andrew CormackChief Regulatory Adviser,
JANET(UK)[email protected]
Copyright JNT Association 2009 NorduNET, 18th September 2009 4
?What is Privacy, anyway?
Secret Dog
Same DogLassie
Copyright JNT Association 2009 NorduNET, 18th September 2009 5
IdentificationRecognition
Attribute?Secret
Copyright JNT Association 2009 NorduNET, 18th September 2009 6
Real-world privacy leaks!
“Dog”
+ “Alsatian”
Copyright JNT Association 2009 NorduNET, 18th September 2009 7
Real-world privacy leaks!
“Can pay”
+ Name
+ Affiliation
Copyright JNT Association 2009 NorduNET, 18th September 2009 8
Real-world privacy leaks!
“Can drive”
+ Name
+ Date of Birth
+ Where born
+ Where living
+ Signature
= Theft kit
= Identity theft kit
Copyright JNT Association 2009 NorduNET, 18th September 2009 9
On-line: can do better
Give meaccess
Save stuff formy next visit
Find me inother systems
Bill me?Punish me?
js56
cfa12e0b
Copyright JNT Association 2009 NorduNET, 18th September 2009 10
How to use privacy tools?• Real world experience is a poor guide
– Don’t import “leak and label”• Law may say how to use technology
– “how fast can I drive in Denmark?”– “which side of the road?”
Copyright JNT Association 2009 NorduNET, 18th September 2009 11
Lots of Privacy Law, but...• Is amount of tax paid private data?
YES! NO!
Copyright JNT Association 2009 NorduNET, 18th September 2009 12
YES! NO!
Lots of Privacy Law, but...• Is a web server log private data?
Copyright JNT Association 2009 NorduNET, 18th September 2009 13
Lots of Privacy Law, but...• Who owns your private data?
ME! YOU!
Copyright JNT Association 2009 NorduNET, 18th September 2009 14
Doing Privacy Right• Privacy = “subject-controlled use”• So, from that definition
– Don’t cause of loss of control• Either deliberately or accidentally• Data/use minimisation => risk minimisation
– Tell subject what you will do• What uses they control and what they don’t
– Build privacy into systems• Identification as last (exceptional) resort
Copyright JNT Association 2009 NorduNET, 18th September 2009 15
Separation of Roles• Separating identification is good• Maybe separate credential issue too?
– First get a (generic) on-line credential– Then use it to enrol with a particular service– As in PGP, sort of
• Result: SSO with better privacy– No “central database” of attributes or links– Services choose own enrolment standard
• Up to limit set by credential issue/use
Top Related