Contenu connexe

Similaire à Mobile Solutions and Privacy – Not One at the Expense of the Other(20)


Mobile Solutions and Privacy – Not One at the Expense of the Other

  1. Mobile Solutions and Privacy – Not One at the Expense of the Other Ann Cavoukian, Ph.D. Information and Privacy Commissioner Ontario, Canada TELUS Security Solutions January 15, 2013
  2. Presentation Outline 1. Privacy by Design (PbD): The Gold Standard 2. Adoption of PbD as an International Standard 3. PbD in Mobile Communications 4. CryptoMill Technologies 5. Encryption by Default 6. SecureKey 7. Conclusions
  3. The Decade of Privacy by Design
  4. The Future of Privacy Change the Paradigm to Positive-Sum, NOT Zero-Sum
  5. Positive-Sum Model Change the paradigm from a zero-sum to a “positive-sum” model: Create a win-win scenario, not an either/or (vs.) involving unnecessary trade-offs and false dichotomies … replace “vs.” with “and”
  6. Adoption of “Privacy by Design” as an International Standard Landmark Resolution Passed to Preserve the Future of Privacy By Anna Ohlden – October 29th 2010 - JERUSALEM, October 29, 2010 – A landmark Resolution by Ontario's Information and Privacy Commissioner, Dr. Ann Cavoukian, was approved by international Data Protection and Privacy Commissioners in Jerusalem today at their annual conference. The resolution recognizes Commissioner Cavoukian's concept of Privacy by Design - which ensures that privacy is embedded into new technologies and business practices, right from the outset - as an essential component of fundamental privacy protection. Full Article:
  7. Privacy by Design: The 7 Foundational Principles 1. Proactive not Reactive: Preventative, not Remedial; 2. Privacy as the Default setting; 3. Privacy Embedded into Design; 4. Full Functionality: Positive-Sum, not Zero-Sum; 5. End-to-End Security: Full Lifecycle Protection; 6. Visibility and Transparency: Keep it Open; 7. Respect for User Privacy: Keep it User-Centric.
  8. Privacy by Design in Mobile Communications
  9. • Widespread Adoption of Mobile Communications Technology; • Privacy and Mobile Communications; • Roadmap for PbD in the Mobile Communications Industry: • Device Manufacturers; • OS/Platform & Application Developers; • Network Providers.
  10. ASU Expert Panel Solutions For Device Manufacturers: •Build privacy protections into the device form factor; •Allow users to differentiate between roles; •Consider thin-client mobile devices; •Develop a privacy wizard to allow protections to be set quickly and easily; •Develop at-a-glance feedback mechanisms for data being collected; •Create safe disposal and secure destruction mechanisms. For OS/Platform Developers: •Collaborate with the Device Manufacturer; •Integrate fine-grained, cross-application privacy controls; •Regulate applications’ access to device data; •To the extent practicable, define privacy requirements and security standards for services provided on the platform; •Develop reporting mechanisms.
  11. ASU Expert Panel Solutions (Cont’d) For Network Providers: •Use the direct relationship with users to promote privacy education; •Protect data travelling through the network; •Consider the creation of an identity infrastructure for users. For Application Developers / Data Processors: •Abide by the protections of the Global Privacy Standard; •Employ notice and informed consent; •Utilize and document appropriate security practices; •Use privacy-protective default settings; •Ensure end-to-end protection of data; •Design applications with privacy in mind.
  12. ASU Expert Panel Solutions (Cont’d) For All Parties: •Develop privacy standards for the mobile industry; •Develop privacy ‘seals;’ •Develop and utilize consumer-facing privacy icons; •Recognize that transparency, education and awareness are the keys to trust. For Users / Consumers: •Use the protections provided; •Be receptive to privacy messages from service providers or developers.
  13. Mobile/Smartphone Tracking • Transparency – give users clear notice from the outset; • Consent – make it user-centric – make privacy the default; • Anonymized data – don't let it be linked back to identifiers; • Data Minimization – don’t collect more data than you need. • When consumers find out after the fact that their data is being tracked, it erodes confidence and trust; • This is why we need Privacy by Design – privacy controls embedded directly into the system, right from the outset, as the default setting.
  14. The Survey Results are in: Privacy is a Bigger Concern than Security on Smartphones and Mobile Devices • Privacy concerns rank #1: Most consumers expressed great concern about their data privacy both when using smartphones in general, but especially when using mobile apps, in particular; • Consumers want more control over their data: an unprecedented 98% of consumers expressed a strong desire for better controls over how their personal information is collected and used via mobile devices and apps; • A significant majority of consumers (77%) don’t want to share their location data with app owners/developers. — Janet Jaiswal Consumers Say Privacy is a Bigger Concern Than Security on Smartphones, TRUSTe –
  15. Wi-Fi Positioning Systems: Beware of Unintended Consequences • Advances in location-based technology and services; • Overview of major mobile positioning systems; • Wi-Fi Positioning System “location aggregators;” • Privacy by Design: Removing the “Informant” from WPS Location Architecture.
  16. Near Field Communications (NFC) White Paper • Residual security and privacy risks; • NFC use cases; • Privacy by Design to mitigate risks; • Infrastructures of ubiquitous surveillance are emerging – must be mitigated.
  17. Unintended Consequences: “Unknowing Informant” • Privacy concerns are raised whenever an individual uses location- based services because their mobile device can relay a unique identifier called a Media Access Control (MAC) address; • The MAC address may be connected with other information about an individual such as physical location and lifestyle habits; • Becoming an “unknowing informant” is an unintended consequence of building a location architecture using existing Wi-Fi networks which broadcast MAC addresses that are collected and geotagged; • When designing an architecture (e.g. wireless networks), the question of unintended uses, inadvertently introduced through the existence of that architecture, should form part of a privacy threat risk analysis; • Privacy must be Designed into Wi-Fi positioning systems to prevent “unintended consequences.”
  18. CryptoMill Technologies
  19. CryptoMill Technologies • An Ontario-based company which has developed enterprise end point security encryption software solutions; • CryptoMill offers one of a number of encryption software solutions that are widely available, many of which are built right into mobile electronic storage devices; • The requirement to encrypt sensitive data is not a novel idea – it should be fundamental to the policies and practices of any organization whose bread and butter is the personal information that has been entrusted to its care.
  20. CryptoMill SEAhawk Three pillars of data security: •Protection against inadvertent exposure of data due to accidental misplacement, physical loss or deliberate theft by providing transparent and automatic encryption of the data; •Control via a "storage firewall" that prevents unauthorized copying of data to or from ANY mobile storage device (either secure or unsecure); •Containment by limiting the accessibility of data to be within certain cryptographic boundaries, SEAhawk provides protection against data leakage even when the theft is internal.
  21. Encryption by Default
  22. Encryption by Default • End-to-End Security; • Health-Care Security Challenges; • Mobile Device Encryption; • Using Technology for Better Risk Management; • CryptoMill Trust Boundaries and Circles of Trust; • Desirable Security Properties of Trust Boundaries.
  23. PHIPA Order HO-007 • On December 21, 2009, I was notified that a public health nurse working for the Durham Health Department had lost a USB memory stick containing the personal health information of 83,524 individuals who had attended H1N1 immunization clinics; • The personal information included their names, addresses, telephone numbers, dates of birth, health card numbers and additional health information; • Truly regrettable — the memory stick was not encrypted, despite the fact that the encryption of mobile devices was required as of Order HO-004 in 2007.
  24. California AG Sues Delta for Failure to Post a Privacy Policy on Its Mobile App • December 6, 2012 – California’s Attorney General announced a lawsuit against Delta Air Lines for violations of the California Online Privacy Protection Act; • The suit alleges that Delta failed to post a privacy policy within Delta’s “Fly Delta” mobile application to inform users of what personally identifiable information is collected and how it is being used by the company; • The Act requires an operator of a commercial Web site or online service that collects personally identifiable information through the Internet about individual consumers to post a privacy policy that contains the elements set out in the Act; • According to the Attorney General’s complaint, “despite collecting information such as user’s name, telephone number, email address, frequent flyer account number and PIN code, photographs, and geo-location, the Fly Delta application does not have a privacy policy. on-its-mobile-app/#more-3726
  25. Privacy on the Go • Recommendations for App Developers; • Recommendations for App Platform Providers; • Recommendations for Advertising Networks;
  26. SecureKey
  27. SecureKey Technologies • Provides an innovative platform-as-a-service for authentication, payment and identity applications: • Extensible security software embedded into mobile phones, tablets, and notebooks creates a network of “trusted” devices; • Cloud-based service provides simple interconnection to relying parties; • Enables a wide range of applications for government, banking, healthcare, telecom, and other enterprises; • Patents pending for online authentication, identity validation, credential brokering.
  28. Privacy by Design in SecureKey • User friendly architecture with mandatory notices of consent; • Proactive approach to solution architecture, privacy requirements build into the software development life cycle; • Privacy is integrated into operations lifecycle which undergo regular privacy reviews by independent parties; • Anonymization of identities in systems by default; • Open Security model provides visibility and transparency of the privacy controls and practices.
  29. SecureKey Solutions Trusted Federated EMV ID Card Mobile Devices Authentication Solutions for Strong •Kick-start secure access to •Contactless card Authentication government services by issuance capability; •Consumer devices as using online banking •Payment industry-based reading terminal; credentials; credentials; •Device as strong (crypto) •Trusted partners; credential; •No user-private data •Managed user accounts; contained on the card; •Validation against original •Maintains Privacy and •High availability and credential issuer; Security. reliability. •Flexible identity vetting processes.
  30. Mobile Apps and Other Applications • Police and official services – Driver’s license and ID verification – Hunting licenses • Emergency health services – Access personal medical records – En-route admissions • Online voting – Mobile and online • Commercial applications – Age and address verification
  31. Operationalizing Privacy by Design 9 PbD Application Areas •CCTV/Surveillance cameras in mass transit systems; •Biometrics used in casinos and gaming facilities; •Smart Meters and the Smart Grid; •Mobile Communications; •Near Field Communications; •RFIDs and sensor technologies; •Redesigning IP Geolocation; •Remote Home Health Care; •Big Data and Data Analytics.
  32. Coming Soon! Privacy and Security by Design • The value to businesses of protecting privacy within an enterprise environment; • The role of software engineers is at play in this context; • Fostering a culture of respect for privacy within the enterprise; • Good privacy = Good business; • Gain a sustainable competitive advantage by embedding Privacy by Design.
  33. Conclusions • Make privacy a priority – ensure that privacy is embedded into your systems and operational processes – into your business practices; • It is easier and more cost-effective to build in privacy up-front, rather than after-the-fact; • Privacy risks are best managed by proactively embedding the principles of Privacy by Design; • Get smart – lead with Privacy – by Design, not privacy by chance or, worse, Privacy by Disaster!
  34. How to Contact Us Ann Cavoukian, Ph.D. Information & Privacy Commissioner of Ontario 2 Bloor Street East, Suite 1400 Toronto, Ontario, Canada M4W 1A8 Phone: (416) 326-3948 / 1-800-387-0073 Web: E-mail: For more information on Privacy by Design, please visit:

Notes de l'éditeur

  1. Presentation Outline
  2. Privacy by Design
  3. Change the Paradigm I first developed the concept of Privacy by Design in the ’ 90s, as a response to the growing threats to online privacy that were beginning to emerge; Privacy by Design seeks to build in privacy – up front, right into the design specifications; into the architecture; embedding privacy into the very technology used – bake it in ; Data minimization is key : minimize the routine collection and use of personally identifiable information – use encrypted or coded information, whenever possible; Use privacy-enhancing technologies (PETs) where possible, but make it PETs Plus , invoking a positive-sum paradigm, and giving people maximum control over their own data.
  4. Positive-Sum Model
  5. Jerusalem Resolution A Positive-Sum (or “win-win” or “non zero-sum”) paradigm, by contrast, describes a concept or situation in which participants can all gain or suffer together. That is, the sum of gains and losses by the participants are always more or less than what they began with, depending on their choices and behaviour. If privacy and security are not a ‘zero sum game’, and if we need to ensure strong security and strong privacy what are we left with? We can’t leave privacy to policies and procedures alone, as that ignores the reality of the systems in which so much personal information resides. We can’t focus on security alone, as I talked about earlier. There isn’t a balance to be sought. What is required is a WIN-WIN situation, in which strong privacy policies mutually reinforce a strong security focus. “ We need better options for securing the Internet. Instead of looking primarily for top-down government intervention, we can enlist the operators and users themselves.” — Jonathan Zittrain, Freedom and Anonymity: Keeping the Internet Open, Scientific American, February 24, 2011
  6. PbD – 7 Foundational Principles
  7. PbD in Action – Mobile Communications Proactive not Reactive; Preventative not Remedial Privacy as the Default Privacy Embedded into Design Full Functionality: Positive-Sum, not Zero-Sum End-to-End Lifecycle Protection Visibility and Transparency Respect for User Privacy
  8. IPC Paper – Roadmap for Mobile Communications
  9. ASU Expert Panel Solutions The authors further recognize the members of the expert industry panel convened for the Arizona State University (ASU) Privacy by Design Lab’s study on mobile technologies, and their contributions to that project. This panel consisted of: Frank Dawson (Nokia), William H. Demaine (Mayo Clinic), Marissa Hambleton (MH2 LLC), Janet Price (Maricopa County Community Colleges District), Walt Tamminen (Nokia), Mark Williams (SRP), and American Institute of CPAs (AICPA) task force members Ken Askelson, Sagi Leizerov (Ernst & Young), Doron Rotman (KPMG) and Don Sheehy (Deloitte).
  10. ASU Expert Panel Solutions (Cont’d) Now that the PbD paradigm has achieved this high level of acceptance, the next major question to be addressed is – how can PbD best be operationalized?   In the first half of 2010, Arizona State University’s Privacy by Design Research Lab set out to develop a set of practical tools to answer this question, by focusing on a particular case study: the mobile communications industry.   To achieve this, the researchers convened an expert panel of top executives in the leading organizations in this industry, with the goal of identifying and rating the privacy and security challenges in their growing field – as well as proposing potential solutions – based on their real world, on-the-ground experiences. Participants based their discussions around the 7 Foundational Principles of Privacy by Design.
  11. ASU Expert Panel Solutions (Cont’d)
  12. Mobile/Smartphone Tracking
  13. Mobile/Smartphone Survey Results Fair Information Practices
  14. IPC/Kim Cameron Wi-Fi Paper To learn more about how consumers navigate this emerging mobile landscape, TRUSTe worked with Harris Interactive to survey 1,000 members of its online consumer panel about their smart phone usage, behaviors, protective measures and privacy concerns.
  15. NFC Paper Co-Authored with Kim Cameron Against a backdrop of the popularity of smartphones and other mobile devices, there continues to be intense scrutiny of the capability of these mobile systems to track our lives without our knowledge. The mobile ecosystem is extremely complex and it is no wonder that smartphone researchers state that “today’s smartphone operating systems frequently fail to provide users with adequate control over and visibility into how third-party applications use their private data.” Often, these third parties operate outside of the telecommunications regulatory framework. On the other hand, these smart mobile devices can operate sophisticated geo-location software that enhance the end-user’s mobile experience through a wide range of services that rely on the device’s location. To deliver these location services with greater speed and accuracy, Wi-Fi positioning systems (WPS) were established that rely on wireless access points for location coordinates. For the proper functioning of a wireless architecture, a Media Access Control (MAC) address is assigned to local area network devices by IEEE Project 802. A wireless access point such as a router will be given a unique MAC address, as will Wi-Fi equipped laptops, mobile phones and even printers, for example. An important and necessary feature of the MAC address for the proper functioning of a wireless communications network is that it is visible in communicated data frames whether or not the wireless network is encrypted. In a WPS, the MAC address for a Wi-Fi access point becomes an index for a geo-location reference point. Companies known as location aggregators are building and/or maintaining databases of the MAC addresses of these Wi-Fi access points for commercial purposes and provide access for third parties interested in location based application development and advertising.
  16. Unintended Consequences The Information and Privacy Commissioner gratefully acknowledges the input and work of the Nokia Privacy and NFC Teams. Special thanks also extend to: Collin Mulliner , Technical University of Berlin and T-Labs, and Harley Geiger , Policy Counsel at the Center for Democracy and Technology
  17. CryptoMill I’ll repeat the message I gave about the Apple and Sony controversies – don’t protect privacy by chance. Companies should practice Privacy by Design – they should address privacy proactively and put control squarely in the hands of the users, where it belongs. Privacy is predicated on providing individual mobile device users with personal control alongside openness and transparency by the provider; In no case, should the MAC address of an individual’s Wi-Fi device be collected or recorded without the individual’s consent; Engineers should use Privacy by Design as a standard to ensure that privacy is embedded into the architecture of various technologies and systems; Privacy by Design is now the International Standard for privacy and should be considered at the outset, for a doubly-enabling outcome; When designing technical architecture, the potential for unintended uses should form part of a privacy threat/risk analysis; Continue to research and think creatively to find ways to embed privacy into Wi-Fi protocols that can randomize MAC addresses or ensure privacy through a proxy-like method of assigning addresses.
  18. CryptoMill Technologies
  19. CryptoMill SEAhawk
  20. Encryption by Default Also, SEAhawk intelligently manages access to removable storage devices like USB flash drives, iPods and CD/DVD. Based on SEAhawk policy settings, these devices can be restricted to Read-Only or Blocked. Trust Boundaries can be set up which provides data containment by binding the data to an organization or department. This prevents data from falling into the wrong hands, either accidentally or intentionally. Trust Boundaries protect data; prevent internal breaches and all while provide easy group sharing.
  21. IPC Paper – Encryption by Default
  22. PHIPA Order HO-007 This paper discusses the challenges of assuring strong security of sensitive personal health information (PHI) stored on portable storage media by organizations that require high data availability and use. The loss or theft of unencrypted mobile computing devices or storage media remains the No. 1 cause of breaches – 53 per cent of all U.S. health-care breaches reported since 2009.   The paper also introduces the “Circle of Trust” concept, developed by CryptoMill Technologies. Modelled after the “Circle of Care” concept, Circles of Trust refer to mobile encryption deployment scenarios that enable the free flow of PHI strictly among authorized health-care providers, only for purposes of patient-care and treatment, while at the same time, ensuring that PHI remains encrypted and inaccessible to anyone else, by default.   This paper targets information management professionals and is intended to illustrate evolving security approaches and practices, with the help of two community partners: Sunnybrook Health Sciences Centre and CryptoMill Technologies. This paper explores the end-point encryption practices in place or being considered by Sunnybrook and provides an overview of emerging access control technology that can be applied within large-scale enterprise environments.
  23. California AG Sues Delta Airlines
  24. California AG Paper – Privacy on the Go   In October 2012, the California AG sent letters to approximately 100 mobile app operators, informing them that they are not in compliance with CalOPPA - Delta was one of the recipients.   According to the California Attorney General’s news release, this is the Attorney General’s first enforcement action under CalOPPA for failing to comply with the state’s law. Violations of CalOPPA may result in penalties of up to $2,500 for each violation.   Pursuant to CalOPPA, an operator has violated the subdivision requiring the conspicuous posting of a privacy policy if it fails to post a privacy policy within 30 days after being notified of the noncompliance, and the violation is made either knowingly and willfully or negligently and materially.
  25. SecureKey Highlights of Recommendations For App Developers Start with a data checklist to review the personally indentifiable data your app could collect and use it to make decisions on your privacy practices. Avoid or limit collecting personally indentifiable data not needed for your app’s basic functionality. Develop a privacy policy that is clear, accurate, and conspicuously accessible to users and potential users. Use enhanced measures – “special notices” or the combination of a short privacy statement and privacy controls – to draw users’ attention to data practices that may be unexpected and to enable them to make meaningful choices. For Mobile Ad Networks Avoid using out-of-app ads that are delivered by modifying browser settings or placing icons on the mobile desktop. Have a privacy policy and provide it to the app developers who will enable the delivery of targeted ads through your network. Move away from the use of interchangeable device-specific identifiers and transition to app-specific or temporary device identifiers For Operating System Developers Develop global privacy settings that allow users to control the data and device features accessible to apps. For Mobile Carriers Leverage your ongoing relationship with mobile customers to educate them on mobile privacy and particularly on children’s privacy.. For App Platform Providers Make app privacy policies accessible from the app platform so that they may be reviewed before a user downloads an app Use the platform to educate users on mobile privacy.
  26. SecureKey Technologies
  27. PbD in SecureKey Extensible security software   Extensible is a computer science term “relating to a programming language or a system that can be modified by changing or adding features.”   In the context of SecureKey Technologies, this just means that their security software that is embedded into mobile devices can be reused again and again for other applications and uses, making it extensible (and more useful/valuable).
  28. SecureKey Solutions
  29. Mobile Apps EMV ID Card Solutions   EMV stands for Europay , MasterCard and Visa , a global consortium-led standard for inter-operation of integrated circuit cards (IC cards or "chip cards") and IC card capable point of sale (POS) terminals and automated teller machines (ATMs), for authenticating credit and debit card transactions.   In the context of SecureKey’s solutions, EMV ID Card basically refers to any consumer (financial) wallet card that conforms to EMV physical and performance standard – all will work with their solution.
  30. Operationalizing PbD
  31. IPC Paper Coming Soon – Privacy and Security by Design
  32. Conclusions Paper to discuss requirements for enterprise security: Identity management Access management Database protection Heterogenous clients such as desktops/laptops, web services. Current Technologies in Enterprise Security Untethered devices such as smartphones or tablets (the BYOD movement). Future trends in enterprise security
  33. How to Contact Us