The Everyday Life of Surveillance (V): Architectures, Spaces, Territories Privacy by Design? Marc Langheinrich University of Lugano (USI) Switzerland
Projects
Ubiquitous Privacy Computing
Gothenburg Lancaster Paris Zurich Patras Sevilla
Approaches to Ubicomp Privacy Disappearing Computer Troubadour Project (10/2002 - 05/2003) • Make it Someone Else’s Problem – “For [my colleague] it is more appropriate to think about [security and privacy] issues. It’s not really the case in my case“ • Absence of Protection as User Empowerment – “It’s maybe about letting them find their own ways of cheating“ • Insist that “ Good Security “ will Fix It – “All you need is really good firewalls “ 24 Marc Langheinrich: The DC-Privacy Troubadour – Assessing Privacy Implications of DC-Projects . Designing for Privacy Workshop. DC Tales Conference, Santorini, Greece, June 2003.
Example 1: Make it someone elses problem NON PRIVACY BY NON DESIGN
“Uses the highest level of encryption allowed by the U.S. government.”
2006
20 cards no encryption
Cardholder‘s Name Card Number Expiration Date
Pablos Holman O‘Reilly Conf. 2008
“cards incorporate 128-bit encryption”
Cardholder‘s Name Card Number Expiration Date
*MacBook Air not included
Flexilis Defcon 2008
Non Privacy By Non Design
Example 2: User Empowerment NON PRIVACY BY (BAD) DESIGN SECURITY
P<D<<LANGHEINRICH<<MARC<<<<<<<<<<<<<<<<<<<<< 123456789 ? D<<710123 ? M070101 ? <<<<<<<<<<<<<<< ?
Marc Langheinrich
DD/MMM/1971
P<D<<LANGHEINRICH<<MARC<<<<<<<<<<<<<<<<<<<<< 12345678? ? D<<710123 ? M0701?? ? <<<<<<<<<<<<<<< ?
Protection from Forgery!!
Digital Signature
„ ...cloned and manipulated ... “
? Mustermann Christian 0000000000000 ? Proof of Genuine Passport
Non Security By Bad Design
Example 3: Good Firewalls PRIVACY BY DESIGN?
Smart Fridge
Smart Stove
Receiptless Returns
Fast Checkout
Whig Model #2342 Tiger Thong Material: Polyester Maker: Woolworth Last washed: 5 days ago Original “RFID-Man” Artwork (c) 2006 Ari Juels, RSA Laboratories Viagra Maker: Pfizer Size: Maxi (60 pills)
Working Hypothesis
People don‘t want privacy tools
People want to get things done! The more secure, private, safe, the better
Getting Things Done?
Vision
Hands Free Privacy The more secure, private, safe, the better
Example: The Shamir Tag Langheinrich, Marti: Practical Minimalist Cryptography for RFID Privacy . IEEE Systems Journal , Vol. 1, No. 2, 2007
Example: The Shamir Tag • Unsolicited read-outs take long time – Difficult (but not impossible) to track or identify • Instant Identification for known tags – Owner uses tags without restrictions Langheinrich, Marti: Practical Minimalist Cryptography for RFID Privacy . IEEE Systems Journal , Vol. 1, No. 2, 2007
Shamir Tags Illustrated Original RFID-Tag contains encrypted ID + Key, but cut in many RFID-Tag: small pieces. All pieces are needed to decrypt Tag ID.
Shamir Tags Illustrated Original RFID-Tag contains encrypted ID + Key, but cut in many RFID-Tag: small pieces. All pieces are needed to decrypt Tag ID. Unknown wait wait wait Reader sees: Only few shares disclosed A few more shares disclosed Still not enough shares… time
Shamir Tags Illustrated Original RFID-Tag contains encrypted ID + Key, but cut in many RFID-Tag: small pieces. All pieces are needed to decrypt Tag ID. Unknown wait wait wait Reader sees: Only few shares disclosed A few more shares disclosed Still not enough shares… Owner‘s + = Reader sees: Only few shares disclosed Instant Identification Owner checks for known (cached) tag
Consumers receive basic protection for all tagged goods Additional security mechanism can be layered above Shamir Tags
Summary
Privacy by Design • Difficult to do even for technology experts – Industrial (RFID Credit Cards) – Government (ePassport) • Difficult if wrong user model – People want to get things done – Privacy, security often gets in the way • We need usable security and privacy – Sometimes less security may mean more privacy
Outlook
The wireless century will bring an end to many crimes. It will be a century of morality, since it is known that morality and fear are one and the same. (Robert Sloss, “The World in 100 Years”, 1910)
Recommend
More recommend