© 2002 ibm corporation information & privacy commissioner/ontario 1 pettep history and future:...

1

© 2002 IBM Corporation

Information & Privacy Commissioner/Ontario

PETTEPHistory and Future:

Making the ISO connection

Mike GurskiInformation & Privacy Commissioner/[email protected]


Data Protection & Privacy Commissioners Conference, Australia 2003 © 2003 IPC/O2

Defining Privacy

Set of legal rights of an individual’s personal control over the collection, use, disclosure and retention as well as timeliness, accuracy and relevancy of any recorded information about that identifiable individual

An organization's responsibility for data protection and management of personal information in its custody or control as well as the interchange of such personal information with other organizations



PrivacyConcerns are increasing

Concern that information is collected, used, disclosed and protected properly

•Compliance with legislation



Privacy Enhancing Technologies




PETs have been defined as “a coherent system of Information and Communications Technology measures that protect privacy by eliminating or reducing personal data or by preventing unnecessary and/or undesired processing of personal data; all without losing the functionality of the data system “




A Partial List of Types of PETsAnonymizers/Pseudonymizers

Limited Show Blind Signatures

Biometric Encryption

Secret Sharing

Privacy Preserving Data Mining

Unlinkable databases

Unobservable data management



PETs Proliferating

No defined criteria

No international coordination

Different Testing schemes

The Concern.

Need to be able to trust PETs in order to Deploy

Need to evaluate

PETs under a

common standard

recognized

internationally

Need to evaluate

PETs under a

common standard

recognized

internationally



Privacy Enhancing Technologies Testing and Evaluation Project (PETTEP)



PETTEP Goals

Goals: Short Term to Long Term

Develop Testing Criteria for Labs

Implement Pilot Testing

Inform PET Technology Development

Inform Technology Implementation

Incorporate experience into International Technology Standards



PETTEP

Ontario IPC formed an international team to take on the challenge of developing testing criteria for PET’s

Privacy Enhancing Technologies Testing and Evaluation Project

Members included Privacy and CC experts from government, industry academic and legal communities.

Core team consists of German, Dutch, Swedish, Italian, Canadian Privacy/DataProtection Commissions, Research and Academic institutions, Government sponsorship (CSE, DoD) Private Sector Involvement (e.g., IBM)



PETTEP

•The work: based evaluation of PETs on the CC

–Internationally accepted criteria for ITS products

–National Evaluation Schemes already exist to provide oversight, lab accreditation and evaluation methodology

–Although intended for security - Privacy elements already included

–Security Functionality Requirements may be mapped to the elements of the Privacy Fair Information Practices



PETTEP Approach

Map Fair Information Practices to CC where possible

Determine how to approach evaluation of PETs – based on technology grouping, multiple PP’s, single PP, package?

Gain understanding and consensus within PETTEP membership on way ahead.

Multiple analysis (protection profiles, extensions, retrofitting CC)

Used a research/workshop approach to develop materials.

Goal to rewrite current CC chapter on Privacy



Why the Common Criteria as Foundation?

The Common Criteria had a place-holder already developed for privacy technologies that dealt with observability, linkability, traceability and anonymity.

The Communications & Security Establishment (CSE), NSA’s Canadian equivalent, joined the project and funded two initial contracts to examine elements of this project (reports attached).

The Common Criteria scheme was both endorsed by a growing number of national governments and formed an ISO standard.

Independent testing labs around the world are accredited Common Criteria certifiers.



Using the Protection Profile Model in the Common Criteria

Protection Profile (PP) (a standard tool of the Common Criteria)A statement of user need

A system design document

A consistent thread from ‘what’ to ‘how’

Based on fair information practices

Provides high-level guidelines

Implementation independent

Multiple implementation may satisfy

Protection profile is the agreed upon approach within PETTEP to address evaluation of privacy functionality.



Clustering Fair Information Practices for Technology Evaluation

The right of individuals to determine for themselves when, how and to what

extent information

about them is communicated

to others.

Collection Limitations

Openness

Disclosure

Accountability Verification

Use Limitations

Security

Privacy Principles

CHOICE/CONSENT

NOTICE/AWARENESS

ACCESS

ENFORCEMENT/RECOURSE

INFORMATION QUALITY & INTEGRITY

Protecting Privacy

Collection LimitationsCollection Limitations

OpennessOpenness

DisclosureDisclosure

AccountabilityAccountability Compliance

Use Limitations

Use Limitations Consent

SecuritySecurity

Privacy PrinciplesCHOICE/CONSENT

ACCURACY

SECURITY

COLLECTION/USE

ACCOUNTABILITY

Protecting Privacy

Privacy Protection Profiles



Includes:

Security and Safeguards

SecurityData

ManagementIncludes: Unlinkability Unobservability Pseudonymity Anonymity Deletion Consent Identifying

purpose Limit

use/disclosure Non-Collection Limit collection Data Scarcity

PETTEP – Privacy PP Development

Includes:

Accountability

Challenging compliance

Openness

Individual access

Openness Accuracy

Accountability



Response to Singapore resolution

Question 1 - PETTEP is in favor of JTC1 addressing privacy Question 2 - The suggested organization is a new SC

Needs focus

Privacy standards have progressed - JTC1 needs to address existing privacy work

Time frames need to be shortened of delivery and a new SC can prioritize ONLY privacy related standards

PETTEP would support and work with a new SC Question 3 - Scope MUST reconcile with existing PETTEP work Scope needs to address standards, as outlined

Canada would be a good candidate for hosting the secretariat for such new ISO Sub-Committee(SC) on Privacy



PETTEP: Next Steps

Finalisation of research into CC for re-usable elements for Privacy

Continued Workshops

Final review of Privacy Security PP developed by DoD

Private Sector funding for next phase (Chapter Rewrite and lab testing/ refinement)

Examination of issues and way ahead



Challenges remaining

How to use the existing functionality of the CC in creation of Privacy PP’s (mapping of FIPS) – OR – are additional privacy functions required?

Development of the other PP’s Evaluation of the designated PET products to the PP (proof of

concept) The need to evaluate more PET products (via PP or ST) Encourage vendors to have PET products evaluated Gaining acceptance of the PETTEP approach internationally Need to position Privacy PPs (based on thread model approach) in

context of overall set of Privacy requirements & development of a multipart ISO standard.

Time!!! and of course Money!!!



PETTEP and ISO: a match made in Privacy Heaven

PETTEP membership is international, multi-jurisdictional, bridges academic, privacy and public sectors and is available to work with ISO in developing a Privacy Technology Standard.

PETTEP experience and research papers available. Canadian leadership in PETs evaluation can be levered for ISO

work. ISO can benefit from involvement of international privacy/data

protection community.



Summary and Closing Thoughts

Next Steps for next 18 months:Continue PETTEP workshops to review work by partners

Test technologies using Privacy Protection Profiles

Use results to develop a Privacy Protection Profile standard based on CC as part of new multipart ISO Privacy standard

Request ISO to establish of Standards Committee for Privacy

Develop a common definition for Privacy and a common set of FIPs as input into multipart ISO standard



Thank You

Mike Gurski


[email protected]

© 2002 ibm corporation information & privacy commissioner/ontario 1 pettep history and future:...

Documents

pets privacy

privacy concerns

data system slide

recorded information

privacy set of legal

technologies slide

coherent system of information

technologies testing