Information Sharing: The Paradox Andrew Cormack Chief Regulatory Adviser, Janet
Privacy needs help
The information sharing paradox • Sharing information protects privacy – Prevents/mitigates privacy invasion by phishers, crackers, bot-herders... – Also supports NRENs’ ethics of helping clean the ‘net • Sharing information may also harm privacy – Increasing availability of information about systems/people
How to balance these?
And explain it to our automated systems?
Need to plan our information sharing
Where to Start?
Possible information sharing principles • Necessity – only share when it helps • Minimisation – only share what is likely to help • Accuracy – not all information is alike • Security – protect what you share (and receive)
Thinking about necessity • How might our involvement make things better? – Until this is clear, probably best not to – Magnitude of threat may justify more involvement • NRENs can act as trusted intermediary – Facilitate contact between info.source and victim – E.g. SURFnet botnet Code of Practice (TNC2014) • Direction of sharing? – Us: send problem to(wards) person – Courts: bring person to problem – Fix your own problems!
Thinking about minimisation • Only share the information a recipient needs – Discuss/pilot this manually before automating it – Recipient probably doesn’t need local identity • Keep linking information (if you have it) separate • Only disclose on court order? • IP addresses represent different levels of privacy risk – Sharing server IP probably less risky than endpoints – Sharing external IP probably less risky than internal – And truncate/aggregate/remove unnecessary identifiers • Minimise scope of sharing to reduce risk – Affected service < trusted party < trusted community < world • Plan minimisation into information collection (e.g. pDNS) – Still need minimisation process for unplanned donations
Thinking about accuracy • When sharing, explain clearly – How reliable the information is – What it is suitable for – What it’s allowed to be used for – How long it’s worth keeping • Shouldn’t need to disclose source to do this
Thinking about security • Use the technology... – Encrypted transfer – Secure storage – Authentication • May also reduce free-rider problem that can reduce trust • E.g. Need to donate if you want to receive more • Common rules facilitate sharing – Membership agreements, ethics codes, ... – E.g. ISACs
Is it Lawful?
Data Protection law • “Upstream” sharing supports user notification – As required by Directive if you get personal data indirectly! • Positive support in draft Data Protection Regulation – Incident prevention/response is a legitimate interest – Art.29 WP discuss balancing those with fundamental rights • Law requires us to keep information secure – ISO27002 says Incident Response is a key control • Areas to watch/influence – Incentives for pseudonyms could help sharing – Detailed list of legitimate interests could prevent us protecting privacy – Unrealistic limits on metadata retention (e.g. delete at end of call) – Export rules – incidents don’t recognise EEA border (see next slide)
International issues • Need to share outside EEA – Incidents cross borders deliberately • Often sending information back where it came from – UK ICO suggests meeting their national expectations – So definitely shouldn’t be harder than sharing within EEA
Conclusion
Getting sharing right • Sharing is essential – Can’t protect privacy without it – But does create some privacy risks • Plan collection/sharing to achieve proportionate risk – Don’t be paralysed because you can’t eliminate it – Treat breaches of rules/ethics as serious • Explain benefits/risks – Openness builds trust & confidence – Set standards the law should encourage
Now it’s your turn... Janet, Lumen House Library Avenue, Harwell Oxford Didcot, Oxfordshire t: +44 (0) 1235 822200 e: Andrew.Cormack@ja.net b: https://community.ja.net/blogs/regulatory-developments t: @JanetLegReg
Recommend
More recommend
