More Related Content Similar to Smart City Lecture 2 - Privacy in the Smart City (20) More from Peter Waher (20) Smart City Lecture 2 - Privacy in the Smart City1. © Waher Data AB, 2018.
Smart City Lecture 2
Privacy in the Smart City
3. © Waher Data AB, 2018.
Smart City / Society
Automation
Open Data
Transport
Traffic (C-ITS)
Parking
Utilities
Health Care
Law enforcement
Schools
Libraries
Waste management
Citizens?
…
Smart for whom?
5. © Waher Data AB, 2018.
Chinese Social Credit System
(World’s most?) ambitious “Smart City”
project.
Calculates economic and social
reputation, based on mass surveillance
and AI:
Honesty
Commercial Integrity
Social Integrity
Judicial Credibility
6. © Waher Data AB, 2018.
Chinese Social Credit System
Collects data from:
Online activity
Searches
Shopping behavior
Locations
Friends
Health
Bank accounts
Messages
Smart Home appliances
News sources
Dating
…
7. © Waher Data AB, 2018.
Chinese Social Credit System
Affects:
Job positions
Salaries
Living
Travel restrictions
Visa restrictions
Access to schools
Social status
Loans
Internet bandwidth
…
8. © Waher Data AB, 2018.
Universal Declaration of Human Rights
Article 12:
No one shall be subjected to arbitrary
interference with his privacy, family,
home or correspondence, nor to attacks
upon his honour and reputation. Everyone
has the right to the protection of the
law against such interference or
attacks.
https://www.un.org/en/universal-declaration-human-rights/
Well… it all depends on how you choose to interpret
“arbitrary” and “attack”…
9. © Waher Data AB, 2018.
Vision of a Smart City
Ubiquitous access to interoperable
sensors and things.
Ubiquitous access to data and
information from society’s authorities.
Access to smart services in all niches of
society.
Definition of ownership of information.
Protection of Privacy, by design and by
default.
Market for access to things and data.
Is this Science Fiction?
11. © Waher Data AB, 2018.
What is privacy?
A fundamental human right:
The right to have confidential conversations.
The ability to select with whom we communicate.
Protection against unwarranted monitoring or
searches.
12. © Waher Data AB, 2018.
Does privacy extend to Social Networks?
Who can access your information?
Do you want uninvited to know:
What you think?
What you like?
Who you know?
What you’ve done?
Spy on you?
Or be able to:
Steal your ideas?
Utilize your confidential information?
13. © Waher Data AB, 2018.
Does privacy extend to the IoT?
Who can communicate with devices around you,
and about what?
Do you want uninvited to know:
When you’re home?
If you’re in the shower?
What places you visit?
Your health status?
Or be able to:
Control your vehicle?
Turn off your pacemaker?
14. Ex-Director of National Intelligence
James R. Clapper
http://www.popsci.com/clapper-americas-greatest-threat-is-internet-things
”America's greatest
threat is the
Internet of Things”
Feb 9, 2016
15. © Waher Data AB, 2018.
3. GDPR
General Data Protection Regulation
Can it help?
16. © Waher Data AB, 2018.
Goals
EU Regulation
Automatic law in each Member State.
Came into full effect May 2018.
Harmonizes privacy regulations
across the EU.
Balances
Privacy of individuals.
Interests of corporations.
Legal requirements.
Facilitate the free flow of information.
17. © Waher Data AB, 2018.
Limits
GDPR balances
Privacy of individuals.
Interests of corporations.
Legal requirements.
Maximum required effort
Proportionality to the rights of all
participants.
Minimum required effort
State of the art
Lack of knowledge not acceptable
Severe sanctions
18. © Waher Data AB, 2018.
Personal Data
Any information relating
directly, or indirectly, to an
identified or identifiable
natural person.
“Personality is contagious”
19. © Waher Data AB, 2018.
Processing
Any operation or set of operations
which is performed on personal data
or on sets of personal data.
“Automatic” is not mentioned. Manual processes are included.
20. © Waher Data AB, 2018.
Anonymization
Data subjects are no longer
identifiable.
Examples: Data obfuscation, statistical aggregation, etc.
GDPR
21. © Waher Data AB, 2018.
Pseudonymization
Data subjects can be identified with
the use of separate data
Examples: Pseudonyms, ordinal numbers, hashes.
GDPR
22. © Waher Data AB, 2018.
What is allowed?
As little as possible
For as short a time as possible
Share with as few as possible
For as few purposes as possible
As correctly as possible
If there are no other means
After providing transparent
information
Minimalistic definition: Minimalism
Always with proportional data protection mechanisms.
23. © Waher Data AB, 2018.
Data Protection
Data must be protected*:
By design
By default
State of the art
cf. Black lists vs. White lists
(*) Proportional to the risks of the data subjects, in the
absence of measures taken to mitigate the risks.
24. © Waher Data AB, 2018.
Transparent Information
Easily accessible
Easily understood
Clear and plain language
Explicit
Purposes of processing
Risks to the subject
Safeguards
Rights of the subjects
Transparency is measured on what is understood, not what is semantically stated.
25. © Waher Data AB, 2018.
Lawfulness
Consent
Legal obligation
Legitimate interest
Based on contract
Vital interest
Public interest
Research & Development has to be argued is a Legitimate Interest.
26. © Waher Data AB, 2018.
Individual Rights
Transparent Information
Access to ones personal data
Export personal data provided by oneself
Correct erroneous data
Erase data*
Object to processing*
Restrict processing*
Withdrawal of consent (if based on consent)
Avoid being subject to automatic decisions
(with negative legal consequences) based
on automatic profiling.
(*) in certain cases
27. © Waher Data AB, 2018.
Propagation of Rights
When sharing information:
Inform data subjects.
Delegate responsibilities.
Forward requests from data subjects.
Includes links, copies and reproductions.
28. © Waher Data AB, 2018.
Sanctions
Authorities are granted access to all
Information
Machines
Data
Warnings
Reprimands
Restrictions
Shut down processes
Fines (up to 4% of global annual turnover)
Damages (even indirect, unless you prove you’re
not responsible)
GDPR
29. © Waher Data AB, 2018.
Paradigm Shift
Previous paradigm:
The more you collect, the more potential value you have.
This is no longer true.
New paradigm:
The more you collect, the greater the risk, and the greater
the responsibility.
You should only collect that to which you can assign value.
31. © Waher Data AB, 2018.
Who owns the data?
Who is the owner of data?
The person/entity generating (inventing) the data?
The person/entity storing (controlling) the data?
The person about whom the data relates to?
Is it important?
32. © Waher Data AB, 2018.
Legislation
Which law is applicable?
Copyright?
Trade secrets?
Intellectual Property?
Privacy?
Enforcing ownership through legal means
is difficult.
33. © Waher Data AB, 2018.
Ownership of things
How is normal ownership enforced?
Protection behind lock & key.
Access only to trusted parties.
Monitoring.
Demonstration of ownership.
34. © Waher Data AB, 2018.
Ownership of data
Why treat data differently?
Local storage (decentralization) allows:
Protection behind lock & key.
Limiting access to trusted parties.
Monitoring access.
Demonstrating ownership.
Enforcing ownership of data.
Added benefit:
Intrinsic value of data through access.
35. © Waher Data AB, 2018.
Edge Computing
Processing “on the Edge” instead of
“in the Cloud” allows:
Access = Value
Scalability
Resilience
Security
And it helps protect privacy…
37. © Waher Data AB, 2018.
Making privacy more problematic
Technologies making protecting
privacy more difficult:
Centralized processing
HTTP(S)
CoAP, LWM2M
MQTT
Blockchain
You have to develop data protection mechanisms just to
counter-act the side effects of using such technologies.
38. © Waher Data AB, 2018.
Centralized processing
Less attack surfaces
Value of central nodes is huge
Value/Effort ratio large
Difficult to protect
External use
Internal use
Consequences huge
Massive leaks
39. © Waher Data AB, 2018.
HTTP
Good for
Publishing documents
Providing public services
Bad at
Authentication
Authorization
Distribution
Asynchronous processing
Topology problem promotes
Centralized processing
… or “hole punching”
40. © Waher Data AB, 2018.
CoAP & LWM2M
Tries to solve aspects of HTTP for IoT
Still has topology problem
Assumes middleware for Internet use
LWM2M is standardized middleware
Some interoperability
IPSO Smart Objects
Only for data collection
Difficult to interoperate between things
42. © Waher Data AB, 2018.
Privacy issues by design in MQTT
No forwarded identities
Authorization becomes impossible by things
Makes injection a great threat
Control signals
False data
Bandwidth depletion
Lack of privacy
No negotiation of who can subscribe
Access control out-of-band (proprietary)
Wildcards
Makes it easy to eavesdrop
Relies on careful operation of broker
Overview of topic tree difficult
Who operates the broker across domains?
Interoperability a problem.
… and many more security-related issues exist.
43. © Waher Data AB, 2018.
Warnings
Governments warn against bad
MQTT implementations.
MQTT is notoriously difficult to use
securely.
Use it only in internal secured networks.
https://cert.se/2016/09/mqtt-i-sverige
44. © Waher Data AB, 2018.
Blockchain
Blocks cannot
be deleted
on request
after a given time
… or ever
be corrected
Access is given to all or nothing
Public access has to be assumed
Hashes of personal information is still personal
Cryptographic Algorithms fixed
Lends itself to future frauds
Blockchain is not suitable for personal information at all.
46. © Waher Data AB, 2018.
Security ≠ Privacy
Technologies that do not help, or work
against the protection of privacy:
TLS
DTLS
X.509
VPN
…
Using such technologies doesn’t solve any privacy issues.
But at least they don’t add new issues by themselves.
48. © Waher Data AB, 2018.
Identities
Technologies that either help or make it
more difficult to protect privacy:
Anonymity
Strong identities
Pseudonyms
Using such technologies have strong privacy-related
implications. Which-way is determined by how they are used.
49. © Waher Data AB, 2018.
Anonymity
Protects
Whistle blower
Dissident
(Criminal)
(Terrorist)
Security decisions difficult
Facilitates leaking personal data
How do you protect sensitive information, if you don’t know
who’s on the other end?
50. © Waher Data AB, 2018.
Strong Identities
Protects information owners
Allows selective responses
Can be used to track
individuals
Logging for security purposes is legitimate. How can you
make sure logging is only used for security purposes?
(One answer: Use of standardized, open software that are
agnostic to the purposes of processing, such as brokers and
End-to-End encryption of payloads.)
52. © Waher Data AB, 2018.
Solving Privacy-related problems
Examples of technologies that help
protect privacy:
Decentralized Processing
Edge computing
XMPP
Consent-based communication
IEEE IoT Harmonization
Data ownership in Smart Cities
Using such technologies solve many privacy related issues
by design and by default.
53. © Waher Data AB, 2018.
Decentralization & security
Decentralization has security implications:
More attack surfaces.
But value of each node is small.
Value/Effort ratio small.
Easier to protect.
Massive data breaches difficult.
You don’t put all your eggs into the same basket.
More resilient.
End-to-end encryption.
54. © Waher Data AB, 2018.
XMPP
Authentication of clients
SASL
Cooperation (federation)
Forwarding identities
Authorization
Roster
Presence
Subscription
Solves
Topology problem.
Latency problem.
Scalability problem.
55. © Waher Data AB, 2018.
Communication Patterns
Async.
Msg.
Req/Resp Pub/Sub Federation Broker P2P7
MQTT ✓ ✓
HTTP ✓ ✓
CoAP ✓ ✓ ✓
XMPP ✓ ✓ ✓✓✓ ✓ ✓* ✓
* Note: XMPP supports server-less communication as well.
56. © Waher Data AB, 2018.
XMPP & Data Protection by Design
XMPP supports data protection by design:
Decentralization
Ubiquitous encryption
Even end-to-end encryption
Global identities
Authenticated
Forwarded
Federated
Basic communication authorized
57. © Waher Data AB, 2018.
XMPP & Data Protection by Default
XMPP supports data protection by default:
Presence negotiation
Consent-based authorization
Required to be able to communicate
properly.
Consent can be withdrawn.
58. © Waher Data AB, 2018.
IEEE IoT Harmonization (1451-99)
Sensor Data
Control Operations
Localization (M2M, M2H)
Tokens for distributed transactions
Decision Support (for devices)
Provisioning (for owners)
Peer-to-Peer communication
End-to-end encryption
Concentrator/Bridge (“Thing of things”)
Discovery
Ownership
Clock Synchronization
Secure Account Creation
Legal Identities
Contracts
Automated provisioning
Economic feedback
https://gitlab.com/IEEE-SA/XMPPI/IoT
60. © Waher Data AB, 2018.
Smart City Lectures*
1. How to build a Smart City (Oct 4th)
2. Privacy in the Smart City (Oct 18th)
3. An Open and/or Secure Smart City (Oct 25th)
4. Harmonizing the Internet of Things (Nov 8th)
5. Introduction to Encryption (Nov 15th)
6. Earning by Sharing in the Smart City (Nov 22th)
7. …
8. …
(*) Funded by Swedish Internet Fund.
61. © Waher Data AB, 2018.
Smart City Labs*
1. Sensors and actuators (Oct 10th)
2. Connect and chat with your device (Oct 17th)
3. Publishing data from your sensor (Oct 24th)
4. Publishing and discovering devices (Nov 7th)
5. Controlling actuators (Nov 14th)
6. Decision Support for your devices (Nov 21th)
7. …
8. …
(*) Funded by Swedish Internet Fund.
62. © Waher Data AB, 2018.
Raspberry Pi & Arduino
Sensors, Actuators, Controllers,
Concentrators, Bridges
Protocols:
MQTT, HTTP, CoAP, LWM2M, XMPP
Interoperability
Social Interaction
Decision Support
Product Lifecycle
IoT Service Platforms
IoT Harmonization
Security
Privacy
Amazon
Packt
Microsoft Store
Contact: https://waher.se/, https://littlesister.se/
Mastering Internet of Things
63. © Waher Data AB, 2018.
10. Open Discussion
Ownership?
Privacy?
Security?
Surveillance?
Interoperability?
Cool stuff?
Qué?
Where’s the Money?
Who pays?
What could go wrong?
Little Sister?
Harmonization?