cybersecurity: privacy, data protection and identity · · 2016-11-23 data protection by design...

Cybersecurity: Privacy, Data Protection and Identity

Marit Hansen Data Protection Commissioner Schleswig-Holstein, Germany

Workshop on Cybersecurity Vilnius, 26 October 2016

www.datenschutzzentrum.de


Setting of ULD

• Data Protection Authority (DPA) for both the public and private sector

• Also responsible for freedom of information

Source: en.wikipedia.org/ wiki/Schleswig-Holstein

Source: www.maps-for-free.com


Overview

• Privacy and data protection

• Requirements

High level protection goals

Legal basis from May 2018

• Solutions

• Conclusion



Data Protection is mainly about data


human beings with their

rights

Photo: Ashtyn Renee

Questions to consider in system design:

• Effects on individuals?

• Effects on society?



Imbalance in power

data protection necessary

Important: Perspective of the individual

Foto: Azureon2


Perspective: Alice & Bob


Information security: The adversary is Eve (or Mallory).

Data protection: The adversary is Bob! (Well, at least he is one of them.)

Data processing interference

with fundamental rights


Data flow model: enriching information


Possible consequences: • Personalised ads • Better/worse credit conditions • Lower/higher prices • Getting an insurance (or not) • Being under suspicion (or not) • …

At each step, different parties (with

different responsibilities) can be involved.

Reference: Marit Hansen: Linkage Control – Integrating the Essence of Privacy Protection into IMS, Proc. eChallenges 2008, 1585-1592


Overview


• Requirements



• Solutions

• Conclusion



Protection goals: more than IT security


Integrity

Confidentiality Unlinkability

Intervenability

Transparency Availability

classical IT security protection goals*)

*) From the data subject’s perspective


Requirements for data protection: consulting the law

The new “General Data Protection Regulation” (GDPR)

• Effective from 25 May 2018

• Single set of rules for all EU Member States

• Scope (“market location principle”):

Data controller/processor or the data subject in the EU

Also organizations based outside the European Union if they process personal data of EU residents

• Principles like lawfulness, purpose binding, necessity, data minimisation, transparency, intervenability …

• Sanctions

• Data Protection by Design and by Default



Data Protection by Design & by Default

• Art. 25 GDPR

• Targeted at controllers + data processors

• Producers of IT systems “should be encouraged” (Rec. 78)

• Objective: to design systems + services from early on, for the full lifecycle … a) … in a data-minimising way b) … with the most data protection-friendly pre-settings


Art. 25 Data Protection by Design and by Default

1. Taking into account the state of the art, the cost of implementation and the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for rights and freedoms of natural persons posed by the processing, the controller shall, both at the time of the determination of the means for processing and at the time of the processing itself, implement appropriate technical and organisational measures, […]


Related: Security by Design

Built-in security, e.g. manufacturers preventing default passwords (or none at all)



Related: Security by Design


http://www.theverge.com/2013/10/21/4863872/

dick-cheney-pacemaker-wireless-disabled-2007

http://resources.infosecinstitute.com/hcking-implantable-medical-devices/

Built-in security by removing functionality


WWW with or w/o security?


http://www.theregister.co.uk/2014/10/08/sir_tim_bernerslee_defends_decision_not_to_bake_security_into_www/

“timing and priorities” – security secondary objective …


eIDAS Regulation



Overview


• Requirements



• Solutions

• Conclusion




Solutions: Identities Management

• Different contexts or purposes different digital identities

• Proof of attributes instead of identification


Best Practice Data Minimisation: Authentication without identification


Full data set:

Often not all data necessary:

• attribute selection

• attribute aggregation

• unlinkability of multiple presentations

Minimal data set:

Which data are really necessary for the purpose?

Examples:

Privacy-ABCs: attribute-based credentials


Example: Privacy-ABCs in a school communication network


https://abc4trust.eu/soederhamn


Example Privacy-ABCs: process for exceptionally revealing identity information needing multiple parties



ISO standardisation on identity management



Further (de-facto) standards w.r.t. identities

• IP addresses

• MAC addresses

• Cookies

• Combined data for browser or device fingerprinting

• Location data

• Creditworthiness checks

• Social Media identifiers

• …



Anonymity is difficult to achieve … … and highly context-sensitive

• Attempts for anonymity metrics

k-anonymity (1998)

l-diversity (2007)

t-closeness (2007)

t-plausibility (2009)

…

• Anonymisation of existing personal data:

Requires data transformation

Often: reduction of data quality and utility


Photo: Jesus Solana


Overview


• Requirements



• Solutions

• Conclusion



Conclusion

• Requirements analysis necessary – not one size fits all

• Built-in privacy and data protection in products, services, and infrastructures

• The more unlinkability by infrastructure, the more options

• To address:

(De-facto) standards

Usability issues

Incentives (easy+available solutions, advancing state-of-the-art, enforcement

where necessary, business models …)



References

• https://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/privacy-and-data-protection-by-design (2014)

• https://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/pets (2015)

• https://www.datenschutzzentrum.de/uploads/sdm/SDM-Handbuch.pdf (2015) [English translation in progress]

• Hansen/Jensen/Rost: Protection Goals for Privacy Engineering, Proc. 1st International Workshop on Privacy Engineering, IEEE, 2015



Funding Notice


Forum Privatheit und selbstbestimmtes Leben

in der Digitalen Welt (Privacy-Forum)

partly funded by the

German Federal Ministry of Education and Research

www.forum-privatheit.de

Privacy & Us

partly funded by

MSCA-ITN-2015-ETN – Marie Skłodowska-Curie

Innovative Training Networks Project Number: 675730

www.privacyus.eu

cybersecurity: privacy, data protection and identity · · 2016-11-23 data protection by design...

Documents