Tunis, Tunisia, 18-19 June 2012

Privacy in Cloud Computing

Vijay Mauree,Programme Coordinator, TSB,

ITU vijay.mauree@itu.int

ITU Workshop on “Cloud Computing”

(Tunis, Tunisia, 18-19 June 2012)

Agenda

Cloud Computing ChallengesWhat is privacy?What is the data lifecycle?Key privacy concernsPrivacy by design and PETsConclusions

Tunis, Tunisia, 18-19 June 2012 2

Privacy in Cloud Computing

ITU Technology Watch Report – March 2012

Jointly with Stéphane Guilloteau, France Telecom Orange

The reportSurveys privacy issues in cloud computing and best practices to meet legal and regulatory obligations.Standardization activities ongoing at international level

Tunis, Tunisia, 18-19 June 2012 3

Cloud Computing Challenges

The cloud is like a big black box, nothing inside the cloud is visible to the clientsData in the cloud are easier to manipulateThere could be malicious system admins who can violate confidentiality and integrityClouds are still subject to traditional data confidentiality, integrity, availability, and privacy issues, plus some additional attacks

4Tunis, Tunisia, 18-19 June 2012

Cloud Computing Challenges

Can cloud providers be trusted?Are cloud servers reliable?What happens if data get lost?What about privacy?Is it easy to switch to another cloud provider?

5Tunis, Tunisia, 18-19 June 2012

Impact of cloud computing on the governance structure of IT

organizations

6Tunis, Tunisia, 18-19 June 2012

What is Privacy?The concept of privacy varies widely among (and sometimes within) countries, cultures, and jurisdictions. It is shaped by public expectations and legal interpretations; as such, a concise definition is elusive if not impossible. No universally binding legislation covering all countriesEurope and United StatesPrivacy

Right to self determination, i.e right of individuals to ‘know what is known about them’Be aware what information is stored about them, control how information is communicated and prevent its abuse.It is more than just confidentiality of information

7

What is Privacy?Privacy rights or obligations are related to the collection, use, disclosure, storage, and destruction of personal data (or Personally Identifiable Information—PII). At the end of the day, privacy is about the accountability of organizations to data subjects, as well as the transparency to an organization’s practice around personal information.

8

What is the data life cycle?

9

• Personal information should be managed as part of the data used by the organization

• Protection of personal information should consider the impact of the cloud on each phase

What Are the Key Privacy Concerns?

Typically mix security and privacySome considerations to be aware of:

StorageRetentionDestructionAuditing, monitoring and risk managementPrivacy BreachesWho is responsible for protecting privacy?

10

What Are the Key Privacy Concerns?

Data integrity and availability are essential elements in the provision of cloud computing services. Article 17 EU Data Protection DirectiveThe controller and its processors must implement technical and organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access; having regard to the state of the art and the cost of their implementation, such measures must ensure a level of security appropriate to the risks represented by the processing and the nature of the data to be protected

11

Example

Odense Municipality Caseuse Google Apps within the school system

Danish Data Protection Agency rejected the municipality plan to use Google Apps

The municipality does not know where the data are physically located. It is unclear how the following requirements of the Danish Data Protection Act will be met:

Deletion of data so that it cannot be recreated.Transmission and login: the municipality has not made clear whether encryption will be used when transferring data between the various data centres.No information has been provided about what data are logged or how long the log is stored.

Tunis, Tunisia, 18-19 June 2012 12

What Are the Key Privacy Concerns?Cloud Deployment Models

Service as a Service (SaaS)

Platform as a Service (PaaS)

Infrastructure as a Service (IaaS)

SaaSCustomer has no influence over input data is processed

Customer can decide if personal data will be input

Customer can secure personal data before it is sent to the SaaS.

PaaSProvides tools supported by a cloud provider for developers to deploy applications

Responsibility lies with the developer to use best practices and privacy friendly tools

Developer relies on the trustworthiness of the PaaS

13

What Are the Key Privacy Concerns?

IaaSProvides customer with computing resources to run applicationsIaaS provider will secure data centres, network and also ensure employees and procedures comply with applicable laws and proceduresIaaS provider will not provide data-level compliance e.g geographic restriction of data transfers.Responsibility lies with the cloud user to maintain compliance controlsE.g if the IaaS is based on virtualization, it should be possible for the user to express that IaaS provider should migrate the virtual machines from EU based data centres to US based data centres.

14

The Madrid Resolution

Madrid Resolution (2009) approved by data protection authorities of 50 countriesFramework for international standards on privacy and data protectionDefines a set of principles and rights

for protecting privacy with regards to processing of personal data andFacilitate international flow of personal data

Encourages countries to implement proactive measures to promote better compliance with data protection laws and adapt information systems for processing of personal data

15

Privacy By Design

EU review of Data Protection Directive in 2011Principle of privacy by designImplement privacy enhancing technologies (PETs)Privacy by default settingsEU rules must apply if personal data is handled abroad by companies active in EU market

Privacy by design binding forData controllersDevelopersBusiness partners

Need for standardized privacy protection measures

Tunis, Tunisia, 18-19 June 2012 16

Privacy By Design

7 principlesData minimizationControllabilityTransparencyUser friendly systemsData confidentialityData qualityUse limitation

Tunis, Tunisia, 18-19 June 2012 17

Privacy By Design

Data Flow TableType of dataPersons entitled to process personal dataOperating platformProcessing applicationPurpose of data processingProtection modeStorage lifetime and disposal measureData recipientsIndicate destination country if data is transferred outside the country.

Tunis, Tunisia, 18-19 June 2012 18

PETs

No common definition for PETs. Main characteristics

Reduce the risk of breaching privacy principlesMinimize amount of data held about peopleAllow individuals to retain control of information about themselves

IncludesOpacity tools e.g encryption, anonymizationTransparency enhancing tools which provides users with information about privacy policies or granting them online access to their personal data.

Tunis, Tunisia, 18-19 June 2012 19

PETs

Tunis, Tunisia, 18-19 June 2012 20

Data life cycle Privacy principles Privacy protection measures

Examples of PETs and ICT standards

Collection/Generation Proportionality and purpose specification

Data minimization Anonymous communication

Anonymous credential

Group and blind signatures

ISO/IEC JTC1/SC27 WG2 and WG5

Storage Accountability, Security measures

Sensitive data

Confidentiality Encryption

AES NIST (FIPS 197)

Sharing and processing

Lawfulness and fairness, consent, right of access

Data access control Privacy dashboard

OASIS XACML, ITU-T X.1142

Deletion Openness, right to delete

Confidentiality Deletion

Anonymization protocol

Hash functions

Conclusions

Privacy concerns are increasingly importantPrivacy issues are different depending on cloud deployment model usedMadrid Resolution provides an international framework for privacy standardsA security risk assessment is essential before switching to cloud based environment.Embedding privacy by design and PETs for cloud services is strongly supported by Data Protection Authorities.Privacy by design and PETs will play an important role in cloud services

Tunis, Tunisia, 18-19 June 2012 21