Preserving Privacy and Security by kdq54459


									   Preserving Privacy
      and Security

       Ann Cavoukian, Ph.D.
Information & Privacy Commissioner/Ontario

         Imperial Oil Limited
          Toronto, Ontario

            March 1, 2005
     Impetus for Change
•   Growth of Privacy as a Global Issue.
     (EU Directive on Data Protection)

•   Convergence of growth in bandwidth,
    sensors, data storage and computing

•   Exponential growth of personal data
    collected, transmitted and exploited.

•   Consumer Backlash; heightened
    consumer expectations.
   And then came 9/11
• U.S. Patriot Act and series
  of anti-terrorism laws

• Served to expand powers
  of surveillance on the part
  of the state, and reduce
  judicial oversight.
         The Aftermath

•It’s business as usual:
  – Clear distinction between public safety
    and business issues – make no
  – NO reduction in consumer
  – Increased value of trusted
   Consumer Attitudes
• Business is not a beneficiary of
  the post-9/11 “Trust Mood”

 Increased trust in government has
 not been paralleled by increased
 trust in business handling of
 personal information.

  Privacy On and Off the Internet: What Consumers Want
                       Harris Interactive, November 2001
                                           Dr. Alan Westin
       Information Privacy
• Information Privacy: Data Protection

   –   Freedom of choice; control; informational

   –   Personal control over the collection, use
       and disclosure of any recorded information
       about an identifiable individual.
What Privacy is Not

Security  Privacy
    The Foundation of
   Information Security
• The control of information on
  the part of data holders or their
  – Functions:
    • Authentication
    • Authorization
    • Confidentiality
    • Data Integrity
    • Non-repudiation
    • Availability
    The Privacy/Security
• Privacy relates to personal control
  over one’s personal information.

• Security relates to organizational
  control over information.

• These represent two overlapping,
  but distinct activities.
     Risk Management
• Security Risk Management
 – Owner of the data is assumed to be
 – System design is trusted.

• Privacy Risk Management
 – Custodian of data not considered
 – System design not to be trusted.
      - Eg. CAPPS II
     Privacy and Security:
        The Difference

•   Authentication
•   Data Integrity            Organizational control of
•   Confidentiality           information through
                              information systems
•   Non-repudiation

     Privacy; Data Protection
     Fair Information Practices
    Summary of Fair
  Information Practices
• Accountability   • Accuracy
• Identifying      •   Safeguards
  Purposes         •   Openness
• Consent
                   •   Individual Access
• Limiting
  Collection       •   Challenging
• Limiting Use,
    The Bottom Line

Privacy should be viewed
as a business issue, not
a compliance issue.
          The Promise
 Electronic Commerce projected to
  reach $220 billion by 2001.
                                    WTO, 1998

 Estimates revised downward to
    reflect lower expectations

 Electronic Commerce projected to
 reach $133 billion by 2004.
             Wharton Forum on E-Commerce, 1999
       The Reality of E-

United States: e-commerce sales
were only 1.6% of total sales --
$54.9 billion in 2003.
  U.S. Dept. of Commerce, Census Bureau, February 2004

Canada: Online sales were only
0.8% of total revenues -- $18.6
billion in 2003.
                           Statistics Canada, April 2004
     Lack of Privacy =
       Lack of Sales
“Consumer privacy apprehensions
 continue to plague the Web. These
 fears will hold back roughly $15
 billion in e-commerce revenue.”
         Forrester Research, September 2001

“Privacy and security concerns could
 cost online sellers almost $25
 billion by 2006.”
                 Jupiter Research, May 2002
      The Business Case

• “Our research shows that 80% of our
  customers would walk away if we
  mishandled their personal information.”
              CPO, Royal Bank of Canada, 2003

• Nearly 90% of online consumers want
  the right to control how their personal
  information is used after it is collected.
 ISF Highlights Damage
done by Privacy Breaches
• The Information Security Forum
  reported that a company’s privacy
  breaches can cause major damage to
  brand and reputation:
  – 25% of companies surveyed experienced
    some adverse publicity due to privacy.
  – 1 in 10 had experienced civil litigation, lost
    business or broken contracts.
  – Robust privacy policies and staff training
    were viewed as keys to avoiding privacy

                  The Information Security Forum, July 7, 2004
  It’s all about Trust

“Trust is more important than
 ever online … Price does not
 rule the Web … Trust does.”

      Frederick F. Reichheld, Loyalty Rules:
         How Today’s Leaders Build Lasting
Translating Privacy
Requirements into
Technology and Privacy

“The most effective
means to counter
technology’s erosion of
privacy is technology

              Alan Greenspan,
              Federal Reserve Chairman
RFID Technology
Benefits of RFID Technology

– More efficient management and
  tracking of goods and inventory
  through the supply chain process.

– Reduced labour costs (e.g., no
  manual scanning of individual items
  is required).

– Better post-sale service for
  consumers, warranty servicing, etc.
    Privacy and RFIDs

• RFID tags contain information
  about a product, not an individual
  (e.g., EPC, price, size, colour,
  manufacture date).

• Despite that, many consumers
  perceive a threat to privacy –
  why is that?
   Implementing RFIDs

• A failure to build privacy into the
  design and implementation of
  RFIDs can produce a consumer

• This will have an adverse impact
  on a company’s reputation and
  ultimately, its bottom line.
    Consumer Backlash

• How real are consumer concerns?

• Could privacy issues potentially
  deter the roll-out of RFIDs?
• Today, there are more than 6 million active Speedpass
  devices in the U.S.

• Speedpass uses a radio frequency system located in the
  pump/register to "talk"with the miniature transponder
  located in the Speedpass device.

• Each device has a unique security code that is
  transmitted to the reader when a purchase is made.

• Credit card numbers and personal information are never
  stored in the Speedpass device.

• Speedpass can also be used by customers at more than
  1,600 locations in Canada, Singapore and Japan.
 Cracking the RFID Code
• January 2005, Researchers at Johns Hopkins
  University discover cryptographic vulnerabilities
  in the RFID SpeedPass technology.

• Using a black-box reverse engineering method,
  the research team were able to unravel the
  algorithm used in the DST tag.

• The information allowed them to program a
  $200 commercial microchip to find the secret
  key in a SpeedPass tag.

• Full report: Security Analysis of a Cryptographically-
  Enabled RFID Device —
         Vulnerability and
• Researchers warned that tech-savvy criminals could
  wirelessly probe a key tag in close proximity, download
  the unique code number, and load it onto a similar
  homemade device.

• “Millions of tags that are in use by consumers can be
  cracked without requiring direct contact”.

• Researchers recommended a simple and
  inexpensive solution: A metallic sheath that can
  cover RFID tags when they are not in use.
           Free Ride
“To validate our attack, we extracted
the key from our own SpeedPass
token and simulated it in our own RF
device. We purchased gasoline
successfully at an ExxonMobil station
multiple times in a single day.”

          Johns Hopkins RFID analysis team,
                          January 28, 2005
       Building Privacy
    Safeguards into RFIDs
• RFIDs will continue to produce a consumer
  backlash unless both RFID manufacturers and
  business users adopt privacy safeguards.

• Privacy is not a concern at most stages of the
  supply chain (e.g., tracking items in a

• However, privacy concerns are triggered at
  the point when a consumer comes into contact
  with a product with an RFID.
Possible Privacy Solutions
• RFID tags should be deactivated at the
  point of sale, or when the consumer
  comes into contact with the tag (e.g.,
  through blocking technology carried by
  the consumer or pervasive in the
• Deactivation at point of sale should be
  the default, but is not without its
• Deactivation limits post-sale benefits of
       Make Privacy a
      Corporate Priority
• An effective privacy program needs to
  be integrated into the corporate culture

• It is essential that privacy protection
  become a corporate priority throughout
  all levels of the organization

• Senior Management and Board of
  Directors’ commitment is critical
       Good Governance
         and Privacy
“Privacy and Boards of Directors:
 What You Don’t Know Can Hurt You”
  – Guidance to corporate directors faced with
    increasing responsibilities and expectation
    of openness and transparency
  – Privacy among the key issues that Boards
    of Directors must address
  – Potential risks if Directors ignore privacy
  – Great benefits to be reaped if privacy
    included in a company’s business plan
 Privacy Diagnostic Tool
• Simple, plain-language
  tool (paper and e-

• Free & self-

• CSA model code to
  examine an
  organization’s privacy
  management practices

           Final Thought
“Anyone today who thinks
the privacy issue has
peaked is greatly
mistaken…we are in the
early stages of a
sweeping change in
attitudes that will fuel
political battles and put
once-routine business
practices under the
Forrester Research, March 5, 2001
     How to Contact Us

Ann Cavoukian, Ph.D.
Information & Privacy Commissioner/Ontario
2 Bloor Street East, Suite 1400
Toronto, Ontario
M4W 1A8
Phone:    (416) 326-3333

To top