privacy by design
play

Privacy by Design? Marc Langheinrich University of Lugano (USI) - PowerPoint PPT Presentation

Jan 18, 2023 •221 likes •1.15k views

The Everyday Life of Surveillance (V): Architectures, Spaces, Territories Privacy by Design? Marc Langheinrich University of Lugano (USI) Switzerland Projects Ubiquitous Privacy Computing Gothenburg Lancaster Paris Zurich Patras

  1. The Everyday Life of Surveillance (V): Architectures, Spaces, Territories Privacy by Design? Marc Langheinrich University of Lugano (USI) Switzerland

  3. Projects

  4. Ubiquitous Privacy Computing

  7. Gothenburg Lancaster Paris Zurich Patras Sevilla

  8. Approaches to Ubicomp Privacy Disappearing Computer Troubadour Project (10/2002 - 05/2003) • Make it Someone Else’s Problem – “For [my colleague] it is more appropriate to think about [security and privacy] issues. It’s not really the case in my case“ • Absence of Protection as User Empowerment – “It’s maybe about letting them find their own ways of cheating“ • Insist that “ Good Security “ will Fix It – “All you need is really good firewalls “ 24 Marc Langheinrich: The DC-Privacy Troubadour – Assessing Privacy Implications of DC-Projects . Designing for Privacy Workshop. DC Tales Conference, Santorini, Greece, June 2003.

  12. Example 1: Make it someone elses problem NON PRIVACY BY NON DESIGN

  15. “Uses the highest level of encryption allowed by the U.S. government.”

  16. 2006

  17. 20 cards no encryption

  18. Cardholder‘s Name Card Number Expiration Date

  20. Pablos Holman O‘Reilly Conf. 2008

  21. “cards incorporate 128-bit encryption”

  22. Cardholder‘s Name Card Number Expiration Date

  25. *MacBook Air not included

  26. Flexilis Defcon 2008

  30. Non Privacy By Non Design

  31. Example 2: User Empowerment NON PRIVACY BY (BAD) DESIGN SECURITY

  33. P<D<<LANGHEINRICH<<MARC<<<<<<<<<<<<<<<<<<<<< 123456789 ? D<<710123 ? M070101 ? <<<<<<<<<<<<<<< ?

  34. Marc Langheinrich

  35. DD/MMM/1971

  37. P<D<<LANGHEINRICH<<MARC<<<<<<<<<<<<<<<<<<<<< 12345678? ? D<<710123 ? M0701?? ? <<<<<<<<<<<<<<< ?

  43. Protection from Forgery!!

  44. Digital Signature

  45. „ ...cloned and manipulated ... “

  47. ? Mustermann Christian 0000000000000 ? Proof of Genuine Passport

  51. Non Security By Bad Design

  52. Example 3: Good Firewalls PRIVACY BY DESIGN?

  54. Smart Fridge

  55. Smart Stove

  56. Receiptless Returns

  57. Fast Checkout

  61. Whig Model #2342 Tiger Thong Material: Polyester Maker: Woolworth Last washed: 5 days ago Original “RFID-Man” Artwork (c) 2006 Ari Juels, RSA Laboratories Viagra Maker: Pfizer Size: Maxi (60 pills)

  70. Working Hypothesis

  71. People don‘t want privacy tools

  72. People want to get things done! The more secure, private, safe, the better

  73. Getting Things Done?

  74. Vision

  75. Hands Free Privacy The more secure, private, safe, the better

  76. Example: The Shamir Tag Langheinrich, Marti: Practical Minimalist Cryptography for RFID Privacy . IEEE Systems Journal , Vol. 1, No. 2, 2007

  77. Example: The Shamir Tag • Unsolicited read-outs take long time – Difficult (but not impossible) to track or identify • Instant Identification for known tags – Owner uses tags without restrictions Langheinrich, Marti: Practical Minimalist Cryptography for RFID Privacy . IEEE Systems Journal , Vol. 1, No. 2, 2007

  78. Shamir Tags Illustrated Original RFID-Tag contains encrypted ID + Key, but cut in many RFID-Tag: small pieces. All pieces are needed to decrypt Tag ID.

  79. Shamir Tags Illustrated Original RFID-Tag contains encrypted ID + Key, but cut in many RFID-Tag: small pieces. All pieces are needed to decrypt Tag ID. Unknown wait wait wait Reader sees: Only few shares disclosed A few more shares disclosed Still not enough shares… time

  80. Shamir Tags Illustrated Original RFID-Tag contains encrypted ID + Key, but cut in many RFID-Tag: small pieces. All pieces are needed to decrypt Tag ID. Unknown wait wait wait Reader sees: Only few shares disclosed A few more shares disclosed Still not enough shares… Owner‘s + = Reader sees: Only few shares disclosed Instant Identification Owner checks for known (cached) tag

  81. Consumers receive basic protection for all tagged goods Additional security mechanism can be layered above Shamir Tags

  82. Summary

  83. Privacy by Design • Difficult to do even for technology experts – Industrial (RFID Credit Cards) – Government (ePassport) • Difficult if wrong user model – People want to get things done – Privacy, security often gets in the way • We need usable security and privacy – Sometimes less security may mean more privacy

  84. Outlook

  92. The wireless century will bring an end to many crimes. It will be a century of morality, since it is known that morality and fear are one and the same. (Robert Sloss, “The World in 100 Years”, 1910)

Recommend

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy Commissioner of Ontario https://www.ipc.on.ca/images/resources/7foundationalprinciples.pdf Privacy by Design Let's have it! Article 25 European

1.32k views • 118 slides
Privacy by Design Deirdre K. Mulligan Privacy by design, why now? Legal Drivers E- Government

Privacy by Design Deirdre K. Mulligan Privacy by design, why now? Legal Drivers E- Government

Privacy by Design Deirdre K. Mulligan Privacy by design, why now? Legal Drivers E- Government Act of 2002 and OMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002 Resolution on Privacy by Design, Data Protection

556 views • 41 slides
Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering &amp; Public Policy Lorrie Faith Cranor October 29, 2013 y &amp; c S a e v c i u r P r i t e y l b L a a s

245 views • 20 slides
Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering &amp; Public Policy Lorrie Faith Cranor November 11, 2014 y &amp; c S a e v c i u r P r i t e y l b L a a s

555 views • 21 slides
Privacy and Security by Design: Regulatory Compliance Will Not be Enough to Preserve our Privacy

Privacy and Security by Design: Regulatory Compliance Will Not be Enough to Preserve our Privacy

Privacy and Security by Design: Regulatory Compliance Will Not be Enough to Preserve our Privacy Ann Cavoukian, Ph.D. Distinguished Expert-in-Residence Privacy by Design Centre of Excellence Ryerson University Ryerson CSR Institute / PPOCIR

3.12k views • 64 slides
Privacy by Design Principles of Privacy-Aware Ubiquitous Systems Marc Langheinrich Privacy by

Privacy by Design Principles of Privacy-Aware Ubiquitous Systems Marc Langheinrich Privacy by

Privacy by Design Principles of Privacy-Aware Ubiquitous Systems Marc Langheinrich Privacy by Design ETH Zurich, Switzerland www.inf.ethz.ch/~langhein Ubicomp 2001, Atlanta Contents Ubicomp 2001, Atlanta ! Privacy primer Does privacy

680 views • 22 slides
Privacy engineering, privacy by design, and privacy governance Engineering &amp; Public Policy

Privacy engineering, privacy by design, and privacy governance Engineering &amp; Public Policy

CyLab Privacy engineering, privacy by design, and privacy governance Engineering &amp; Public Policy Lorrie Faith Cranor November 17, 2015 y &amp; c S a e v c i u r P r i t e y l b L a a s b U o 8-533 / 8-733 /

539 views • 22 slides
Privacy by Design A technical perspective Carmela Troncoso Gradiant The usual privacy

Privacy by Design A technical perspective Carmela Troncoso Gradiant The usual privacy

PR eparing I ndustry to P rivacy-by-design by supporting its A pplication in RE search Privacy by Design A technical perspective Carmela Troncoso Gradiant The usual privacy scenario Protect personal data from third parties Data

359 views • 9 slides
From Privacy Protection to Interface Design: Implementing Information Privacy in Human-Computer

From Privacy Protection to Interface Design: Implementing Information Privacy in Human-Computer

From Privacy Protection to Interface Design: Implementing Information Privacy in Human-Computer Interactions Andrew S. Patrick Steve Kenny Independent Consultant National Research Council of Canada stephen_mh_kenny@yahoo.com

407 views • 22 slides
Engineering Privacy By Design Seda Grses COSIC, ESAT K.U. Leuven Belgium 1 Outline -

Engineering Privacy By Design Seda Grses COSIC, ESAT K.U. Leuven Belgium 1 Outline -

Engineering Privacy By Design Seda Grses COSIC, ESAT K.U. Leuven Belgium 1 Outline - Introduction and Approach - Privacy Requirements Definition Problem - Privacy Requirements Analysis Problem - Policy and Compliance - Privacy By Design -

1.48k views • 63 slides
The Vital Need for Privacy and Security by Design Ann Cavoukian, Ph.D. Executive Director

The Vital Need for Privacy and Security by Design Ann Cavoukian, Ph.D. Executive Director

The Vital Need for Privacy and Security by Design Ann Cavoukian, Ph.D. Executive Director Global Privacy &amp; Security by Design Centre Technion Summer School on Cyber Security Haifa, Israel September 9, 2020 Lets Dispel The Myths

929 views • 55 slides
Privacy Engineering Objectives and Risk Model Objective-Based Design for Improving Privacy in

Privacy Engineering Objectives and Risk Model Objective-Based Design for Improving Privacy in

Privacy Engineering Objectives and Risk Model Objective-Based Design for Improving Privacy in Information Systems 1 NIST research has a broad impact shutterstock.com shutterstocom G. Hooijer/ D. Stork/ Facilitates trade and fair Improves

405 views • 18 slides
Privacy Enhancing T echnologies Carmela Troncoso, Gradiant PRIPARE Workshop on Privacy by Design

Privacy Enhancing T echnologies Carmela Troncoso, Gradiant PRIPARE Workshop on Privacy by Design

T rialog, Atos, T rilateral, Inria , AUP, Gradiant, UPM, UUlm, Fraunhofer SIT, WIT , KU Leuve Privacy Enhancing T echnologies Carmela Troncoso, Gradiant PRIPARE Workshop on Privacy by Design Ulm 9 th -10 th March 2015 11/03/2015 Privacy

668 views • 48 slides
Lightning Introductions PRIVACY ENABLING DESIGN May 7-8, 2015 Brian Anderson / IBM Where does

Lightning Introductions PRIVACY ENABLING DESIGN May 7-8, 2015 Brian Anderson / IBM Where does

Lightning Introductions PRIVACY ENABLING DESIGN May 7-8, 2015 Brian Anderson / IBM Where does privacy end and security begin? What are the responsibilities of an organization to protect their assets while balancing the privacy of those who

980 views • 52 slides
Do Not Beg: Moving Beyond Do Not Track with Privacy By Design Mike Perry W3C DNT Nov 28, 2012

Do Not Beg: Moving Beyond Do Not Track with Privacy By Design Mike Perry W3C DNT Nov 28, 2012

Do Not Beg: Moving Beyond Do Not Track with Privacy By Design Mike Perry W3C DNT Nov 28, 2012 Do Not Track as Privacy By Design The meat of the initial IETF DNT Draft: A server acting in a third-party capacity MUST NOT track a user or

293 views • 10 slides
Discussion of Privacy as a Tool for Robust Mechanism Design

Discussion of Privacy as a Tool for Robust Mechanism Design

Discussion of Privacy as a Tool for Robust Mechanism Design in Large Markets Leeat Yariv General Theme Interpret differenAal privacy as a

275 views • 25 slides
Privacy and data protection by design cross-over of multiple disciplines Marit Hansen

Privacy and data protection by design cross-over of multiple disciplines Marit Hansen

Privacy and data protection by design cross-over of multiple disciplines Marit Hansen Privacy and Information Commissioner Schleswig-Holstein, Germany marit.hansen@datenschutzzentrum.de Annual Privacy Forum 2015 Luxembourg, 7 October,

551 views • 29 slides
Privacy Design Patterns and Anti-Patterns Patterns Misapplied and Unintended Consequences Nick

Privacy Design Patterns and Anti-Patterns Patterns Misapplied and Unintended Consequences Nick

Privacy Design Patterns and Anti-Patterns Patterns Misapplied and Unintended Consequences Nick Doty &amp; Mohit Gupta UC Berkeley, School of Information Privacy-by-Design ... in practice for designers and developers of technologies document

266 views • 11 slides
Privacy by design and (big or not-so-big) clinical research data (management) Safeguarding

Privacy by design and (big or not-so-big) clinical research data (management) Safeguarding

Privacy by design and (big or not-so-big) clinical research data (management) Safeguarding privacy while maximizing scientific benefits: a biostatisticians approach to good data management Ronald Brand Dep of Medical Statistics, section

436 views • 26 slides
$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

Presentation Slides $ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

318 views • 13 slides
Privacy by Design in EUs GDPR Botjan Brumen University of Maribor Faculty of Electrical

Privacy by Design in EUs GDPR Botjan Brumen University of Maribor Faculty of Electrical

Privacy by Design in EUs GDPR Botjan Brumen University of Maribor Faculty of Electrical Engineering and Computer Science Slovenia Background Respect for privacy: Not a new phenomenon: the polis (gr. ): the public area of

389 views • 6 slides
Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; Security and Cooperation in Wireless Networks Georg-August University Gttingen Chapter outline 1 Important privacy related

1.12k views • 33 slides
Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

CISPA Center for IT Security, Privacy and Accountabiltiy Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when,

573 views • 26 slides
$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

Presentation Slides $ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

429 views • 13 slides

More recommend