SlideShare une entreprise Scribd logo

People Power in Your Pocket

C
Craig Heath

This document discusses opportunities for privacy-enhancing technologies on Symbian smartphones. It identifies Symbian as the world's most widely used open-source mobile platform and discusses four projects that could improve user privacy but may not be undertaken by phone manufacturers: notarized call recording, pre-advice of premium call charges, simple personal data sharing controls, and tools to help users maintain control over their own identity and personal information. The document provides more details on each of these proposed projects and their potential benefits for users.

Technologie
1  sur  8
Télécharger pour lire hors ligne
“People Power in Your Pocket” Opportunities for Privacy Enhancing Technology Craig Heath Chief Security Technologist Symbian Foundation
What is the World’s Most Widely Used Open Source Personal Computing Platform?  Not Linux  not a big success on the desktop – probably less than 50M users  not on phones either – less than 20M Android users so far?  Not anything on a PC  worldwide, more people are accessing the internet via phones  World’s most popular smartphone platform is open source  cumulative Symbian shipments top 350 million  still shipping more units every day than Android or iPhone 2
How to Enhance Privacy and Security?  Two areas of interest for end-user security:  Correcting “information asymmetries” to benefit consumers  Better management of personal information  Four projects that phone manufacturers are unlikely to do:  NOTARISED CALL RECORDING  service providers record your call so why don't you?  PRE-ADVICE OF PREMIUM-RATE CHARGES  data is available, why not present it to the consumer?  SIMPLE PERSONAL DATA SHARING CONTROLS (metadata)  most social networking services do a bad job on this  KEEPING CONTROL OF YOUR OWN IDENTITY (VRM, Mydex)  not having to rely on service providers to “do the right thing” 3
Notarised Call Recording  “Reciprocal Surveillance” – who watches the watchers?  When you call a utility company, do you hear “this call may be recorded”?  it’s being recorded for their benefit, not yours  Have you ever been told they will do something, but when you call back: “I’m sorry, I have no record of that”?  probably they do, but you can’t prove it: information asymmetry  Even a simple recording would help, along with the call log  but unlikely to be good enough evidence to use in court  Could combine this with a digital notary  take a hash of the recording (prevents future tampering)  have the hash signed by a trusted third party with a time stamp  proves that the recording was made at or before that time 4
Pre-Advice of Premium-Rate Charges  Premium rate voice and SMS service providers in the UK are required by law to advise consumers of their charges in advance  but they haven’t always done this is the most obvious way  malware isn’t going to respect this  In the UK, you can discover the charges with a free SMS (76787)  also available as a web-based online number checker  but I doubt many people use this regularly  It would be much more useful if your phone did this for you  how about a filter to check the numbers your phone is calling and texting, and warn you before the call is made if it’s premium rate?  “allow this application to spend 50p?” is far more useful than “allow this application to make phone calls and send text messages?”  Could be extended to enforce rules, e.g.  allow this application to spend up to £5  allow this application to send 2 texts per day 5
Simple Personal Data Sharing Controls  The Symbian platform has the notion of “user data”, and the ReadUserData and WriteUserData capabilities  doesn’t, however, identify which user data is intended to be shared and which to be kept private  Could borrow the concept of “sensitivity labels” from the classic MLS (Multi-Level Secure) orange book systems  principle is that the sensitivity label is indivisible from the data  Labels could be set in one application (e.g. the camera app) and then acted upon in another (e.g. a file sharing app)  should be preserved even when files are moved or copied  Should be useful (essential?) for the Social Mobile Framework  but it currently isn’t (“you can trust us” attitude?) 6
Keeping Control of Your Own Identity  “Vendor Relationship Management” (VRM) – reciprocal of “Customer Relationship Management” (CRM)  shouldn’t have to rely on vendors to manage your privacy  they may “do the right thing” but you shouldn’t have to trust them  projectvrm.org: VRM Principles  quick summary:  customers should always be in control of their own data  customers should be able to set their own “terms of engagement”  Based on web services standards for identity management  “user-driven identity” – OpenID / Information Cards  mydex.org – pilot project in the UK for local government  looking for volunteers to implement a Symbian client 7
Over to You! Any Questions? http://developer.symbian.org/mailman/listinfo/privacy 8

Recommandé

Mobile Security Sticks and Carrots
Mobile Security Sticks and CarrotsMobile Security Sticks and Carrots
Mobile Security Sticks and CarrotsCraig Heath
 
The Future of Computer Security and Cybercrime
The Future of Computer Security and CybercrimeThe Future of Computer Security and Cybercrime
The Future of Computer Security and CybercrimeCraig Heath
 
Security Lessons from Bletchley Park and Enigma
Security Lessons from Bletchley Park and EnigmaSecurity Lessons from Bletchley Park and Enigma
Security Lessons from Bletchley Park and EnigmaCraig Heath
 
Use Access Control Systems?
Use Access Control Systems?Use Access Control Systems?
Use Access Control Systems?electricgatelocksstudy77
 
Smartphone Security Article
Smartphone Security ArticleSmartphone Security Article
Smartphone Security ArticleChristopher Papazian
 
Top 15 security predictions for 2017
Top 15 security predictions for 2017Top 15 security predictions for 2017
Top 15 security predictions for 2017Accelerate Tech
 
Top Cybersecurity Trends In 2022 - What Does The Future Hold For Anti-Scam & ...
Top Cybersecurity Trends In 2022 - What Does The Future Hold For Anti-Scam & ...Top Cybersecurity Trends In 2022 - What Does The Future Hold For Anti-Scam & ...
Top Cybersecurity Trends In 2022 - What Does The Future Hold For Anti-Scam & ...Money 2Conf
 
Enabling a Zero Trust strategy for SMS
Enabling a Zero Trust strategy for SMSEnabling a Zero Trust strategy for SMS
Enabling a Zero Trust strategy for SMSPaul Walsh
 

Recommandé

Mobile Security Sticks and Carrots
Mobile Security Sticks and CarrotsMobile Security Sticks and Carrots
Mobile Security Sticks and CarrotsCraig Heath
 
The Future of Computer Security and Cybercrime
The Future of Computer Security and CybercrimeThe Future of Computer Security and Cybercrime
The Future of Computer Security and CybercrimeCraig Heath
 
Security Lessons from Bletchley Park and Enigma
Security Lessons from Bletchley Park and EnigmaSecurity Lessons from Bletchley Park and Enigma
Security Lessons from Bletchley Park and EnigmaCraig Heath
 
Use Access Control Systems?
Use Access Control Systems?Use Access Control Systems?
Use Access Control Systems?electricgatelocksstudy77
 
Smartphone Security Article
Smartphone Security ArticleSmartphone Security Article
Smartphone Security ArticleChristopher Papazian
 
Top 15 security predictions for 2017
Top 15 security predictions for 2017Top 15 security predictions for 2017
Top 15 security predictions for 2017Accelerate Tech
 
Top Cybersecurity Trends In 2022 - What Does The Future Hold For Anti-Scam & ...
Top Cybersecurity Trends In 2022 - What Does The Future Hold For Anti-Scam & ...Top Cybersecurity Trends In 2022 - What Does The Future Hold For Anti-Scam & ...
Top Cybersecurity Trends In 2022 - What Does The Future Hold For Anti-Scam & ...Money 2Conf
 
Enabling a Zero Trust strategy for SMS
Enabling a Zero Trust strategy for SMSEnabling a Zero Trust strategy for SMS
Enabling a Zero Trust strategy for SMSPaul Walsh
 
10 IT Security Trends to Watch for in 2016
10 IT Security Trends to Watch for in 201610 IT Security Trends to Watch for in 2016
10 IT Security Trends to Watch for in 2016Core Security
 
10 Things to Watch for in 2016
10 Things to Watch for in 201610 Things to Watch for in 2016
10 Things to Watch for in 2016Courion Corporation
 
Relentless Mobile Threats to Avoid
Relentless Mobile Threats to AvoidRelentless Mobile Threats to Avoid
Relentless Mobile Threats to AvoidLookout
 
Is it safe to bank on our phones?
Is it safe to bank on our phones?Is it safe to bank on our phones?
Is it safe to bank on our phones?Queen's University
 
Patrick armstrong athens
Patrick armstrong athensPatrick armstrong athens
Patrick armstrong athensjoseph armstrong augusta georgia
 
Top Seven Risks of Enterprise Mobility - How to protect your business
Top Seven Risks of Enterprise Mobility - How to protect your businessTop Seven Risks of Enterprise Mobility - How to protect your business
Top Seven Risks of Enterprise Mobility - How to protect your businessSymantec
 
What's digital profiling and its impact on your privacy
What's digital profiling and its impact on your privacyWhat's digital profiling and its impact on your privacy
What's digital profiling and its impact on your privacyFabrizio Gramuglio
 
How can i hide my ip on permanent basis
How can i hide my ip on permanent basisHow can i hide my ip on permanent basis
How can i hide my ip on permanent basishidemyipaddress
 
Security weekly september 28 october 4, 2021
Security weekly september 28 october 4, 2021 Security weekly september 28 october 4, 2021
Security weekly september 28 october 4, 2021 Roen Branham
 
The 2016 IT Trend Showcase
The 2016 IT Trend ShowcaseThe 2016 IT Trend Showcase
The 2016 IT Trend Showcaseflowil
 
State of Application Security Vol. 4
State of Application Security Vol. 4State of Application Security Vol. 4
State of Application Security Vol. 4IBM Security
 
Public safety LTE gives agencies new standards of intelligence to enhance com...
Public safety LTE gives agencies new standards of intelligence to enhance com...Public safety LTE gives agencies new standards of intelligence to enhance com...
Public safety LTE gives agencies new standards of intelligence to enhance com...Comms Connect
 
If At First You Don't Succeed... The Mobile Learning Journey At Qualcomm
If At First You Don't Succeed... The Mobile Learning Journey At QualcommIf At First You Don't Succeed... The Mobile Learning Journey At Qualcomm
If At First You Don't Succeed... The Mobile Learning Journey At QualcommBarbara Ludwig
 
Social Media Balancing Security & Authenticity without Controlling the Message
Social Media Balancing Security & Authenticity without Controlling the MessageSocial Media Balancing Security & Authenticity without Controlling the Message
Social Media Balancing Security & Authenticity without Controlling the MessageCindy Kim
 
Digital Transformation and the Role of IAM
Digital Transformation and the Role of IAMDigital Transformation and the Role of IAM
Digital Transformation and the Role of IAMPing Identity
 
Detecting Frauds and Identifying Security Challenge | by Money2Conf
Detecting Frauds and Identifying Security Challenge | by Money2ConfDetecting Frauds and Identifying Security Challenge | by Money2Conf
Detecting Frauds and Identifying Security Challenge | by Money2ConfMoney 2Conf
 
Digital security update: 10 cybersecurity and privacy threats
Digital security update: 10 cybersecurity and privacy threatsDigital security update: 10 cybersecurity and privacy threats
Digital security update: 10 cybersecurity and privacy threatsEntefy
 
Charlie Johnson, Digital Element: Protecting your users privacy and deliverin...
Charlie Johnson, Digital Element: Protecting your users privacy and deliverin...Charlie Johnson, Digital Element: Protecting your users privacy and deliverin...
Charlie Johnson, Digital Element: Protecting your users privacy and deliverin...ad:tech London, MMS & iMedia
 
Presentation1
Presentation1Presentation1
Presentation1LhackDotcom
 
Social Media & Crime
Social Media & CrimeSocial Media & Crime
Social Media & CrimeInstant Checkmate
 
Prevent Strikes On Industrial And Civil Items Using Access Control
Prevent Strikes On Industrial And Civil Items Using Access ControlPrevent Strikes On Industrial And Civil Items Using Access Control
Prevent Strikes On Industrial And Civil Items Using Access Controlmorticelocksnational21
 
The Weakest Point of Security in IoT
The Weakest Point of Security in IoTThe Weakest Point of Security in IoT
The Weakest Point of Security in IoTnsangary
 

Contenu connexe

Tendances

10 IT Security Trends to Watch for in 2016
10 IT Security Trends to Watch for in 201610 IT Security Trends to Watch for in 2016
10 IT Security Trends to Watch for in 2016Core Security
 
Relentless Mobile Threats to Avoid
Relentless Mobile Threats to AvoidRelentless Mobile Threats to Avoid
Relentless Mobile Threats to AvoidLookout
 
Is it safe to bank on our phones?
Is it safe to bank on our phones?Is it safe to bank on our phones?
Is it safe to bank on our phones?Queen's University
 
Top Seven Risks of Enterprise Mobility - How to protect your business
Top Seven Risks of Enterprise Mobility - How to protect your businessTop Seven Risks of Enterprise Mobility - How to protect your business
Top Seven Risks of Enterprise Mobility - How to protect your businessSymantec
 
What's digital profiling and its impact on your privacy
What's digital profiling and its impact on your privacyWhat's digital profiling and its impact on your privacy
What's digital profiling and its impact on your privacyFabrizio Gramuglio
 
How can i hide my ip on permanent basis
How can i hide my ip on permanent basisHow can i hide my ip on permanent basis
How can i hide my ip on permanent basishidemyipaddress
 
Security weekly september 28 october 4, 2021
Security weekly september 28 october 4, 2021 Security weekly september 28 october 4, 2021
Security weekly september 28 october 4, 2021 Roen Branham
 
The 2016 IT Trend Showcase
The 2016 IT Trend ShowcaseThe 2016 IT Trend Showcase
The 2016 IT Trend Showcaseflowil
 
State of Application Security Vol. 4
State of Application Security Vol. 4State of Application Security Vol. 4
State of Application Security Vol. 4IBM Security
 
Public safety LTE gives agencies new standards of intelligence to enhance com...
Public safety LTE gives agencies new standards of intelligence to enhance com...Public safety LTE gives agencies new standards of intelligence to enhance com...
Public safety LTE gives agencies new standards of intelligence to enhance com...Comms Connect
 
If At First You Don't Succeed... The Mobile Learning Journey At Qualcomm
If At First You Don't Succeed... The Mobile Learning Journey At QualcommIf At First You Don't Succeed... The Mobile Learning Journey At Qualcomm
If At First You Don't Succeed... The Mobile Learning Journey At QualcommBarbara Ludwig
 
Social Media Balancing Security & Authenticity without Controlling the Message
Social Media Balancing Security & Authenticity without Controlling the MessageSocial Media Balancing Security & Authenticity without Controlling the Message
Social Media Balancing Security & Authenticity without Controlling the MessageCindy Kim
 
Digital Transformation and the Role of IAM
Digital Transformation and the Role of IAMDigital Transformation and the Role of IAM
Digital Transformation and the Role of IAMPing Identity
 
Detecting Frauds and Identifying Security Challenge | by Money2Conf
Detecting Frauds and Identifying Security Challenge | by Money2ConfDetecting Frauds and Identifying Security Challenge | by Money2Conf
Detecting Frauds and Identifying Security Challenge | by Money2ConfMoney 2Conf
 
Digital security update: 10 cybersecurity and privacy threats
Digital security update: 10 cybersecurity and privacy threatsDigital security update: 10 cybersecurity and privacy threats
Digital security update: 10 cybersecurity and privacy threatsEntefy
 
Charlie Johnson, Digital Element: Protecting your users privacy and deliverin...
Charlie Johnson, Digital Element: Protecting your users privacy and deliverin...Charlie Johnson, Digital Element: Protecting your users privacy and deliverin...
Charlie Johnson, Digital Element: Protecting your users privacy and deliverin...ad:tech London, MMS & iMedia
 

Tendances (20)

10 IT Security Trends to Watch for in 2016
10 IT Security Trends to Watch for in 201610 IT Security Trends to Watch for in 2016
10 IT Security Trends to Watch for in 2016
 
10 Things to Watch for in 2016
10 Things to Watch for in 201610 Things to Watch for in 2016
10 Things to Watch for in 2016
 
Relentless Mobile Threats to Avoid
Relentless Mobile Threats to AvoidRelentless Mobile Threats to Avoid
Relentless Mobile Threats to Avoid
 
Is it safe to bank on our phones?
Is it safe to bank on our phones?Is it safe to bank on our phones?
Is it safe to bank on our phones?
 
Patrick armstrong athens
Patrick armstrong athensPatrick armstrong athens
Patrick armstrong athens
 
Top Seven Risks of Enterprise Mobility - How to protect your business
Top Seven Risks of Enterprise Mobility - How to protect your businessTop Seven Risks of Enterprise Mobility - How to protect your business
Top Seven Risks of Enterprise Mobility - How to protect your business
 
What's digital profiling and its impact on your privacy
What's digital profiling and its impact on your privacyWhat's digital profiling and its impact on your privacy
What's digital profiling and its impact on your privacy
 
How can i hide my ip on permanent basis
How can i hide my ip on permanent basisHow can i hide my ip on permanent basis
How can i hide my ip on permanent basis
 
Security weekly september 28 october 4, 2021
Security weekly september 28 october 4, 2021 Security weekly september 28 october 4, 2021
Security weekly september 28 october 4, 2021
 
The 2016 IT Trend Showcase
The 2016 IT Trend ShowcaseThe 2016 IT Trend Showcase
The 2016 IT Trend Showcase
 
State of Application Security Vol. 4
State of Application Security Vol. 4State of Application Security Vol. 4
State of Application Security Vol. 4
 
Public safety LTE gives agencies new standards of intelligence to enhance com...
Public safety LTE gives agencies new standards of intelligence to enhance com...Public safety LTE gives agencies new standards of intelligence to enhance com...
Public safety LTE gives agencies new standards of intelligence to enhance com...
 
If At First You Don't Succeed... The Mobile Learning Journey At Qualcomm
If At First You Don't Succeed... The Mobile Learning Journey At QualcommIf At First You Don't Succeed... The Mobile Learning Journey At Qualcomm
If At First You Don't Succeed... The Mobile Learning Journey At Qualcomm
 
Social Media Balancing Security & Authenticity without Controlling the Message
Social Media Balancing Security & Authenticity without Controlling the MessageSocial Media Balancing Security & Authenticity without Controlling the Message
Social Media Balancing Security & Authenticity without Controlling the Message
 
Digital Transformation and the Role of IAM
Digital Transformation and the Role of IAMDigital Transformation and the Role of IAM
Digital Transformation and the Role of IAM
 
Detecting Frauds and Identifying Security Challenge | by Money2Conf
Detecting Frauds and Identifying Security Challenge | by Money2ConfDetecting Frauds and Identifying Security Challenge | by Money2Conf
Detecting Frauds and Identifying Security Challenge | by Money2Conf
 
Digital security update: 10 cybersecurity and privacy threats
Digital security update: 10 cybersecurity and privacy threatsDigital security update: 10 cybersecurity and privacy threats
Digital security update: 10 cybersecurity and privacy threats
 
Charlie Johnson, Digital Element: Protecting your users privacy and deliverin...
Charlie Johnson, Digital Element: Protecting your users privacy and deliverin...Charlie Johnson, Digital Element: Protecting your users privacy and deliverin...
Charlie Johnson, Digital Element: Protecting your users privacy and deliverin...
 
Presentation1
Presentation1Presentation1
Presentation1
 
Social Media & Crime
Social Media & CrimeSocial Media & Crime
Social Media & Crime
 

Similaire à People Power in Your Pocket

Prevent Strikes On Industrial And Civil Items Using Access Control
Prevent Strikes On Industrial And Civil Items Using Access ControlPrevent Strikes On Industrial And Civil Items Using Access Control
Prevent Strikes On Industrial And Civil Items Using Access Controlmorticelocksnational21
 
The Weakest Point of Security in IoT
The Weakest Point of Security in IoTThe Weakest Point of Security in IoT
The Weakest Point of Security in IoTnsangary
 
Fingerpay
FingerpayFingerpay
FingerpayAnand B
 
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of CompromiseInsight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise21CT Inc.
 
Introduction to IBM MessageSight
Introduction to IBM MessageSightIntroduction to IBM MessageSight
Introduction to IBM MessageSightAndrew Schofield
 
Introduction to IBM MessageSight - IMPACT 2014
Introduction to IBM MessageSight - IMPACT 2014Introduction to IBM MessageSight - IMPACT 2014
Introduction to IBM MessageSight - IMPACT 2014Arnaud Mathieu
 
Introduction to MessageSight - gateway to the internet of things and mobile m...
Introduction to MessageSight - gateway to the internet of things and mobile m...Introduction to MessageSight - gateway to the internet of things and mobile m...
Introduction to MessageSight - gateway to the internet of things and mobile m...Bernard Kufluk
 
ISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyMichael Davis
 
10.1.1.436.3364.pdf
10.1.1.436.3364.pdf10.1.1.436.3364.pdf
10.1.1.436.3364.pdfmistryritesh
 
Are Mobile Banking Apps Safe?
Are Mobile Banking Apps Safe?Are Mobile Banking Apps Safe?
Are Mobile Banking Apps Safe?VISTA InfoSec
 
8 i internet_security
8 i internet_security8 i internet_security
8 i internet_securityAnil Pandey
 
Multitenency - Solving Security Issue
Multitenency - Solving Security Issue Multitenency - Solving Security Issue
Multitenency - Solving Security Issue MANVENDRA PRIYADARSHI
 
9 Trends in Identity Verification (2023) by Regula
9 Trends in Identity Verification (2023) by Regula9 Trends in Identity Verification (2023) by Regula
9 Trends in Identity Verification (2023) by RegulaRegula
 
West Chester Tech Blog - Training Class - Session 10
West Chester Tech Blog - Training Class - Session 10West Chester Tech Blog - Training Class - Session 10
West Chester Tech Blog - Training Class - Session 10William Mann
 
Law firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMaskLaw firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMaskCloudMask inc.
 

Similaire à People Power in Your Pocket (20)

Prevent Strikes On Industrial And Civil Items Using Access Control
Prevent Strikes On Industrial And Civil Items Using Access ControlPrevent Strikes On Industrial And Civil Items Using Access Control
Prevent Strikes On Industrial And Civil Items Using Access Control
 
The Weakest Point of Security in IoT
The Weakest Point of Security in IoTThe Weakest Point of Security in IoT
The Weakest Point of Security in IoT
 
Designing for Privacy
Designing for PrivacyDesigning for Privacy
Designing for Privacy
 
Designing for Privacy
Designing for PrivacyDesigning for Privacy
Designing for Privacy
 
Fingerpay
FingerpayFingerpay
Fingerpay
 
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of CompromiseInsight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
 
Wfh remote access tips
Wfh remote access tipsWfh remote access tips
Wfh remote access tips
 
Identity in the Internet Age
Identity in the Internet Age Identity in the Internet Age
Identity in the Internet Age
 
WeDo Technologies Blog 2014
WeDo Technologies Blog 2014WeDo Technologies Blog 2014
WeDo Technologies Blog 2014
 
Introduction to IBM MessageSight
Introduction to IBM MessageSightIntroduction to IBM MessageSight
Introduction to IBM MessageSight
 
Introduction to IBM MessageSight - IMPACT 2014
Introduction to IBM MessageSight - IMPACT 2014Introduction to IBM MessageSight - IMPACT 2014
Introduction to IBM MessageSight - IMPACT 2014
 
Introduction to MessageSight - gateway to the internet of things and mobile m...
Introduction to MessageSight - gateway to the internet of things and mobile m...Introduction to MessageSight - gateway to the internet of things and mobile m...
Introduction to MessageSight - gateway to the internet of things and mobile m...
 
ISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and Privacy
 
10.1.1.436.3364.pdf
10.1.1.436.3364.pdf10.1.1.436.3364.pdf
10.1.1.436.3364.pdf
 
Are Mobile Banking Apps Safe?
Are Mobile Banking Apps Safe?Are Mobile Banking Apps Safe?
Are Mobile Banking Apps Safe?
 
8 i internet_security
8 i internet_security8 i internet_security
8 i internet_security
 
Multitenency - Solving Security Issue
Multitenency - Solving Security Issue Multitenency - Solving Security Issue
Multitenency - Solving Security Issue
 
9 Trends in Identity Verification (2023) by Regula
9 Trends in Identity Verification (2023) by Regula9 Trends in Identity Verification (2023) by Regula
9 Trends in Identity Verification (2023) by Regula
 
West Chester Tech Blog - Training Class - Session 10
West Chester Tech Blog - Training Class - Session 10West Chester Tech Blog - Training Class - Session 10
West Chester Tech Blog - Training Class - Session 10
 
Law firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMaskLaw firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMask
 

Dernier

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 

Dernier (20)

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 

People Power in Your Pocket

  • 1. “People Power in Your Pocket” Opportunities for Privacy Enhancing Technology Craig Heath Chief Security Technologist Symbian Foundation
  • 2. What is the World’s Most Widely Used Open Source Personal Computing Platform?  Not Linux  not a big success on the desktop – probably less than 50M users  not on phones either – less than 20M Android users so far?  Not anything on a PC  worldwide, more people are accessing the internet via phones  World’s most popular smartphone platform is open source  cumulative Symbian shipments top 350 million  still shipping more units every day than Android or iPhone 2
  • 3. How to Enhance Privacy and Security?  Two areas of interest for end-user security:  Correcting “information asymmetries” to benefit consumers  Better management of personal information  Four projects that phone manufacturers are unlikely to do:  NOTARISED CALL RECORDING  service providers record your call so why don't you?  PRE-ADVICE OF PREMIUM-RATE CHARGES  data is available, why not present it to the consumer?  SIMPLE PERSONAL DATA SHARING CONTROLS (metadata)  most social networking services do a bad job on this  KEEPING CONTROL OF YOUR OWN IDENTITY (VRM, Mydex)  not having to rely on service providers to “do the right thing” 3
  • 4. Notarised Call Recording  “Reciprocal Surveillance” – who watches the watchers?  When you call a utility company, do you hear “this call may be recorded”?  it’s being recorded for their benefit, not yours  Have you ever been told they will do something, but when you call back: “I’m sorry, I have no record of that”?  probably they do, but you can’t prove it: information asymmetry  Even a simple recording would help, along with the call log  but unlikely to be good enough evidence to use in court  Could combine this with a digital notary  take a hash of the recording (prevents future tampering)  have the hash signed by a trusted third party with a time stamp  proves that the recording was made at or before that time 4
  • 5. Pre-Advice of Premium-Rate Charges  Premium rate voice and SMS service providers in the UK are required by law to advise consumers of their charges in advance  but they haven’t always done this is the most obvious way  malware isn’t going to respect this  In the UK, you can discover the charges with a free SMS (76787)  also available as a web-based online number checker  but I doubt many people use this regularly  It would be much more useful if your phone did this for you  how about a filter to check the numbers your phone is calling and texting, and warn you before the call is made if it’s premium rate?  “allow this application to spend 50p?” is far more useful than “allow this application to make phone calls and send text messages?”  Could be extended to enforce rules, e.g.  allow this application to spend up to £5  allow this application to send 2 texts per day 5
  • 6. Simple Personal Data Sharing Controls  The Symbian platform has the notion of “user data”, and the ReadUserData and WriteUserData capabilities  doesn’t, however, identify which user data is intended to be shared and which to be kept private  Could borrow the concept of “sensitivity labels” from the classic MLS (Multi-Level Secure) orange book systems  principle is that the sensitivity label is indivisible from the data  Labels could be set in one application (e.g. the camera app) and then acted upon in another (e.g. a file sharing app)  should be preserved even when files are moved or copied  Should be useful (essential?) for the Social Mobile Framework  but it currently isn’t (“you can trust us” attitude?) 6
  • 7. Keeping Control of Your Own Identity  “Vendor Relationship Management” (VRM) – reciprocal of “Customer Relationship Management” (CRM)  shouldn’t have to rely on vendors to manage your privacy  they may “do the right thing” but you shouldn’t have to trust them  projectvrm.org: VRM Principles  quick summary:  customers should always be in control of their own data  customers should be able to set their own “terms of engagement”  Based on web services standards for identity management  “user-driven identity” – OpenID / Information Cards  mydex.org – pilot project in the UK for local government  looking for volunteers to implement a Symbian client 7
  • 8. Over to You! Any Questions? http://developer.symbian.org/mailman/listinfo/privacy 8

Notes de l'éditeur

  1. “Information asymmetry” is an economic term, referring to transactions in which one party has more, or better, information than the other.