Mobile Solutions and Privacy –
Not One at the Expense of the Other
Ann Cavoukian, Ph.D.
Information and Privacy Commissioner
Ontario, Canada
TELUS Security Solutions
January 15, 2013

Presentation Outline
1. Privacy by Design (PbD): The Gold Standard
2. Adoption of PbD as an International Standard
3. PbD in Mobile Communications
4. CryptoMill Technologies
5. Encryption by Default
6. SecureKey
7. Conclusions

The Decade of Privacy by Design

The Future of Privacy
Change the Paradigm to
Positive-Sum,
NOT
Zero-Sum

Positive-Sum Model
Change the paradigm
from a zero-sum to
a “positive-sum” model:
Create a win-win scenario,
not an either/or (vs.)
involving unnecessary trade-offs
and false dichotomies …
replace “vs.” with “and”

Adoption of “Privacy by Design”
as an International Standard
Landmark Resolution Passed to Preserve
the Future of Privacy
By Anna Ohlden – October 29th 2010 - http://www.science20.com/newswire/landmark_resolution_passed_preserve_future_privacy
JERUSALEM, October 29, 2010 – A landmark Resolution by
Ontario's Information and Privacy Commissioner, Dr. Ann Cavoukian,
was approved by international Data Protection and Privacy
Commissioners in Jerusalem today at their annual conference. The
resolution recognizes Commissioner Cavoukian's concept of Privacy
by Design - which ensures that privacy is embedded into new
technologies and business practices, right from the outset - as an
essential component of fundamental privacy protection.
Full Article:
http://www.science20.com/newswire/landmark_resolution_passed_preserve_future_privacy

Privacy by Design:
The 7 Foundational Principles
1. Proactive not Reactive:
Preventative, not Remedial;
2. Privacy as the Default setting;
3. Privacy Embedded into Design;
4. Full Functionality:
Positive-Sum, not Zero-Sum;
5. End-to-End Security:
Full Lifecycle Protection;
6. Visibility and Transparency:
Keep it Open;
7. Respect for User Privacy:
Keep it User-Centric.
www.ipc.on.ca/images/Resources/7foundationalprinciples.pdf

Privacy by Design in
Mobile Communications

• Widespread Adoption of
Mobile Communications
Technology;
• Privacy and Mobile
Communications;
• Roadmap for PbD in the
Mobile Communications
Industry:
• Device Manufacturers;
• OS/Platform & Application
Developers;
• Network Providers.
www.privacybydesign.ca/content/uploads/2011/02/pbd-asu-mobile.pdf

ASU Expert Panel Solutions
For Device Manufacturers:
•Build privacy protections into the device form factor;
•Allow users to differentiate between roles;
•Consider thin-client mobile devices;
•Develop a privacy wizard to allow protections to be set quickly and easily;
•Develop at-a-glance feedback mechanisms for data being collected;
•Create safe disposal and secure destruction mechanisms.
For OS/Platform Developers:
•Collaborate with the Device Manufacturer;
•Integrate fine-grained, cross-application privacy controls;
•Regulate applications’ access to device data;
•To the extent practicable, define privacy requirements and security standards for
services provided on the platform;
•Develop reporting mechanisms.

ASU Expert Panel Solutions (Cont’d)
For Network Providers:
•Use the direct relationship with users to promote privacy education;
•Protect data travelling through the network;
•Consider the creation of an identity infrastructure for users.
For Application Developers / Data Processors:
•Abide by the protections of the Global Privacy Standard;
•Employ notice and informed consent;
•Utilize and document appropriate security practices;
•Use privacy-protective default settings;
•Ensure end-to-end protection of data;
•Design applications with privacy in mind.

ASU Expert Panel Solutions (Cont’d)
For All Parties:
•Develop privacy standards for the mobile industry;
•Develop privacy ‘seals;’
•Develop and utilize consumer-facing privacy icons;
•Recognize that transparency, education and awareness are the
keys to trust.
For Users / Consumers:
•Use the protections provided;
•Be receptive to privacy messages from service providers
or developers.

Mobile/Smartphone Tracking
• Transparency – give users clear notice from the outset;
• Consent – make it user-centric – make privacy the default;
• Anonymized data – don't let it be linked back to identifiers;
• Data Minimization – don’t collect more data than you need.
• When consumers find out after the fact that their data is
being tracked, it erodes confidence and trust;
• This is why we need Privacy by Design – privacy controls
embedded directly into the system, right from the outset,
as the default setting.

The Survey Results are in:
Privacy is a Bigger Concern than Security
on Smartphones and Mobile Devices
• Privacy concerns rank #1: Most consumers expressed great
concern about their data privacy both when using smartphones
in general, but especially when using mobile apps, in particular;
• Consumers want more control over their data: an unprecedented
98% of consumers expressed a strong desire for better controls
over how their personal information is collected and used via
mobile devices and apps;
• A significant majority of consumers (77%) don’t want to share
their location data with app owners/developers.
— Janet Jaiswal
Consumers Say Privacy is a Bigger Concern Than Security on Smartphones,
TRUSTe – www.truste.com

Wi-Fi Positioning Systems:
Beware of Unintended Consequences
• Advances in location-based
technology and services;
• Overview of major mobile
positioning systems;
• Wi-Fi Positioning System
“location aggregators;”
• Privacy by Design: Removing
the “Informant” from WPS
Location Architecture.
www.privacybydesign.ca

Near Field Communications (NFC) White Paper
• Residual security
and privacy risks;
• NFC use cases;
• Privacy by Design
to mitigate risks;
• Infrastructures of
ubiquitous surveillance
are emerging
– must be mitigated.
www.privacybydesign.ca

Unintended Consequences:
“Unknowing Informant”
• Privacy concerns are raised whenever an individual uses location-
based services because their mobile device can relay a unique
identifier called a Media Access Control (MAC) address;
• The MAC address may be connected with other information about an
individual such as physical location and lifestyle habits;
• Becoming an “unknowing informant” is an unintended consequence
of building a location architecture using existing Wi-Fi networks
which broadcast MAC addresses that are collected and geotagged;
• When designing an architecture (e.g. wireless networks), the question
of unintended uses, inadvertently introduced through the existence of
that architecture, should form part of a privacy threat risk analysis;
• Privacy must be Designed into Wi-Fi positioning systems to prevent
“unintended consequences.”

CryptoMill
Technologies

CryptoMill Technologies
• An Ontario-based company which has developed enterprise
end point security encryption software solutions;
• CryptoMill offers one of a number of encryption software
solutions that are widely available, many of which are built
right into mobile electronic storage devices;
• The requirement to encrypt sensitive data is not a novel
idea – it should be fundamental to the policies and practices
of any organization whose bread and butter is the personal
information that has been entrusted to its care.
www.cryptomill.com

CryptoMill SEAhawk
Three pillars of data security:
•Protection against inadvertent exposure of data due to accidental
misplacement, physical loss or deliberate theft by providing
transparent and automatic encryption of the data;
•Control via a "storage firewall" that prevents unauthorized copying of
data to or from ANY mobile storage device (either secure or
unsecure);
•Containment by limiting the accessibility of data to be within certain
cryptographic boundaries, SEAhawk provides protection against data
leakage even when the theft is internal.

Encryption by Default

Encryption by Default
• End-to-End Security;
• Health-Care Security
Challenges;
• Mobile Device Encryption;
• Using Technology for Better
Risk Management;
• CryptoMill Trust Boundaries
and Circles of Trust;
• Desirable Security Properties
of Trust Boundaries.
www.ipc.on.ca/english/Resources/Discussion-Papers/Discussion-Papers-Summary/?id=1259

PHIPA Order HO-007
• On December 21, 2009, I was notified
that a public health nurse working for
the Durham Health Department had lost
a USB memory stick containing the
personal health information of 83,524
individuals who had attended H1N1
immunization clinics;
• The personal information included their
names, addresses, telephone numbers,
dates of birth, health card numbers and
additional health information;
• Truly regrettable — the memory stick
was not encrypted, despite the fact that
the encryption of mobile devices was
required as of Order HO-004 in 2007.
www.ipc.on.ca/English/Decisions-and-Resolutions/Decisions-and-Resolutions-Summary/?id=8367

California AG Sues Delta for Failure to Post
a Privacy Policy on Its Mobile App
• December 6, 2012 – California’s Attorney General announced a lawsuit against
Delta Air Lines for violations of the California Online Privacy Protection Act;
• The suit alleges that Delta failed to post a privacy policy within Delta’s “Fly
Delta” mobile application to inform users of what personally identifiable
information is collected and how it is being used by the company;
• The Act requires an operator of a commercial Web site or online service that
collects personally identifiable information through the Internet about individual
consumers to post a privacy policy that contains the elements set out in the Act;
• According to the Attorney General’s complaint, “despite collecting information
such as user’s name, telephone number, email address, frequent flyer account
number and PIN code, photographs, and geo-location, the Fly Delta application
does not have a privacy policy.
www.huntonprivacyblog.com/2012/12/articles/california-ag-sues-delta-for-failure-to-post-a-privacy-policy-
on-its-mobile-app/#more-3726

Privacy on the Go
• Recommendations for
App Developers;
• Recommendations for
App Platform Providers;
• Recommendations for
Advertising Networks;
oag.ca.gov/sites/all/files/pdfs/privacy/privacy_on_the_go.pdf

SecureKey

SecureKey Technologies
• Provides an innovative platform-as-a-service for authentication,
payment and identity applications:
• Extensible security software embedded into mobile phones,
tablets, and notebooks creates a network of “trusted” devices;
• Cloud-based service provides simple interconnection to relying
parties;
• Enables a wide range of applications for government, banking,
healthcare, telecom, and other enterprises;
• Patents pending for online authentication, identity validation,
credential brokering.

Privacy by Design in SecureKey
• User friendly architecture with mandatory notices
of consent;
• Proactive approach to solution architecture, privacy
requirements build into the software development life cycle;
• Privacy is integrated into operations lifecycle which
undergo regular privacy reviews by independent parties;
• Anonymization of identities in systems by default;
• Open Security model provides visibility and transparency
of the privacy controls and practices.

SecureKey Solutions
Trusted Federated EMV ID Card Mobile Devices
Authentication Solutions for Strong
•Kick-start secure access to •Contactless card Authentication
government services by issuance capability; •Consumer devices as
using online banking
•Payment industry-based reading terminal;
credentials;
credentials; •Device as strong (crypto)
•Trusted partners; credential;
•No user-private data
•Managed user accounts; contained on the card; •Validation against original
•Maintains Privacy and •High availability and credential issuer;
Security. reliability. •Flexible identity vetting
processes.

Mobile Apps and Other Applications
• Police and official services
– Driver’s license and ID verification
– Hunting licenses
• Emergency health services
– Access personal medical records
– En-route admissions
• Online voting
– Mobile and online
• Commercial applications
– Age and address verification

Operationalizing Privacy by Design
9 PbD Application Areas
•CCTV/Surveillance cameras in
mass transit systems;
•Biometrics used in casinos and
gaming facilities;
•Smart Meters and the Smart Grid;
•Mobile Communications;
•Near Field Communications;
•RFIDs and sensor technologies;
•Redesigning IP Geolocation;
•Remote Home Health Care;
•Big Data and Data Analytics.
www.privacybydesign.ca

Coming Soon!
Privacy and Security by Design
• The value to businesses of
protecting privacy within an
enterprise environment;
• The role of software engineers
is at play in this context;
• Fostering a culture of respect
for privacy within the enterprise;
• Good privacy = Good business;
• Gain a sustainable competitive
advantage by embedding
Privacy by Design.
www.privacybydesign.ca

Conclusions
• Make privacy a priority – ensure that privacy
is embedded into your systems and
operational processes – into your business
practices;
• It is easier and more cost-effective to build
in privacy up-front, rather than after-the-fact;
• Privacy risks are best managed by proactively
embedding the principles of Privacy by Design;
• Get smart – lead with Privacy – by Design, not
privacy by chance or, worse, Privacy by Disaster!

How to Contact Us
Ann Cavoukian, Ph.D.
Information & Privacy Commissioner of Ontario
2 Bloor Street East, Suite 1400
Toronto, Ontario, Canada
M4W 1A8
Phone: (416) 326-3948 / 1-800-387-0073
Web: www.ipc.on.ca
E-mail: info@ipc.on.ca
For more information on Privacy by Design,
please visit: www.privacybydesign.ca