Download PDF - No Slide Title

Document Sample
Download PDF - No Slide Title Powered By Docstoc
					Identity, privacy and the law

              Lorna Brazell
  SCL Information Governance conference
                May 2009
• Identity and privacy
   • Identities and partial identities
   • The private space
       • Territorial, bodily, media, information
• Identity in law
   • In transactions
       • identification and authentication
   • In travel
       • MRTDs, ePassports and eIDs
• Brave New World:
   • ambient intelligence and traffic data retention –
   • is data protection law sufficient?
       • Privacy-by-design
       • Organisation-centric and user-centric data (identity) management
•       An identity is a set of attributes
    •      Name, age, nationality, gender, qualifications, golf handicap,
           fingerprints, DNA sequence…
          •   biographical or biological
•       No legal definition in English law prior to Identity
        Cards Act 2006
    •      Not seen as a legal issue… e.g. informal approach to naming
          •   Cf civil law countries with limited list of legally allowed names,
              central registers of citizen and aliens
    •      Name is a very inadequate identifier in most cases
          •   Few names remotely unique
          •   Does not convey any definite information about the bearer
          •   Easily changed by declaration or deed poll
•       What information is necessary to define an identity?
•       It depends!
    •      Commercial relationships e.g. mortgage: age and salary
    •      Social relationships e.g. golf club: handicap, salary and 'who
           you know'
    •      Political relationships e.g. voting: nationality/ legal residency
•       Each comprises a different 'partial identity' of the same
        physical individual
    •      Individual may conduct themselves differently – and possibly
           incompatibly - in each context
          •   Ability to do so depends on ability to keep other aspects of life
•       What is privacy?
    •      Territorial
    •      Bodily
    •      Media
    •      Information
•       Legal regulation
    •      Land law – "my home is my castle"
    •      Human rights – habeas corpus, limited police rights of stop and
           search, right to refuse medical treatment
    •      Law of confidence – right to restrict possession/ use/disclosure of
           information obtained in breach of confidence
    •      Data protection
           •   And freedom not to have to identify oneself in day-to-day life
    •      E-Privacy Directive
          Identity and Privacy: biographical
•       No clear boundaries
•       Information falls on a spectrum of confidentiality:
    •      Schools attended – matter of public record and notice at the time
          •    30 years later may be difficult to uncover without disclosure
          •    University societies or political groups – never entirely public, but at the
               time observable by fellow students

•       Law of confidence: protection may vary according to
        the circumstances/ relationship
•       Data protection: protection depends upon the exact
        nature of the information and upon other information
        held by the same controller
•       Neither 100% transparent to the ordinary citizen
          Identity and Privacy: biographical
•       Special cases:
•       Law of media privacy
    •     Emerging from ECHR Von Hannover decision
          •   Murray most far-reaching UK case to date
    •     Reklos and Davourtis v Greece - potential image right?
          •   Impact on CCTV?

•       Public communications systems:
    •     "anyone using a public telephone system has to accept the risk
          of being overheard" (Malone v DPP)
          •   In Malone, each wiretap was cumbersome and information
              capture/storage/analysis capacity was relatively limited
          •   Cf RIP Act, current furore over traffic data retention proposals?
              Identity and Privacy: biological
•       No clear boundaries
•       Information falls on a spectrum
    •      Immediately observable – height, (approximate) weight,
           ethnicity, to
    •      Detectable only with sophisticated equipment – DNA, iris
           patterns, true hair/eye colour…
•       Some always confidential/ sensitive personal data
    •      ECHR ruling on UK DNA database
          •    Joseph Rowntree Trust report on UK databases generally….
•       Other depends on context in which held
                              Identity in law
•       Verification and authentication
    •      Does such an individual/ identity exist?
    •      Is the person claiming it the person actually entitled?

•       'Brute force' solution: organisation-centric ID
    •      Capture all information (biological and biographical) about every
           individual from birth onwards and hold it in an enormous database

•       Any objections….?
    •      loss of privacy
    •      Incalculable potential for abuse
    •      Appalling potential for identity theft and data loss
                         Identity in law
(1) Transactions:
   •   Commercial – is identity relevant at all?
       •   Only really need to know creditworthiness or authority level in
       •   Both separable from individual's genetics and most of personal

   •   With public administration – ditto?
       •   Only really need to know entitlement
           • to information/ services
           • to vote
                           Identity in law
(2) Travel
   •   MRTDs, e-Passports, eIDs
   •   What aspects of identity are relevant?
       •     Citizenship
       •     (terrorist affiliations…
              • … everything the individual has ever said, done or thought
                   • …. Everywhere the individual has ever been….)
   •   Balancing risk to individual privacy vs national security:
       •     High level of assurance as to physical identity
             • Biometrics
       •     High level of data security, surely?
             • But mass travel suggests convenience and speed of
                 processing just as important…
                             Identity in law
•       Is the single all-embracing eID really a solution?
•       The more applications to be covered, the more
        information must be stored/ linked
    •      greater potential for abuse
    •      greater risk of compromise
           •   No such thing as uncrackable security of a misappropriated smart

•       "Those who would give up essential liberty to purchase a little
        temporary safety, deserve neither liberty nor safety"
                           Brave New World
•       Ambient intelligence/ the internet of things
    •      Electronic devices generally equipped with data recording and
           communication potential
    •      Broadband communications both within and outside buildings
          •   European broadband performance index launched September
    •      Massive increases in sophistication of data processing
          •   E.g. ability to infer emotional states from facial expressions

    •      A future of continuous undetectable sensing, analysis and
          •   The intelligent house/ office
          •   Personalised location-specific services
              • Directions, goods/service availability, stock market updates
                   on the move…
                         Brave New World
•       Requires identification for all participating components
    •      RFID
          •   passive, low information on tag, low read range to
          •   sophisticated, high data storage tags and long read range -
              reaching commercial viability in the near future
          •   Applications – access control, ID cards, event ticketing, tracking
              in supply/ distribution chains
          •   Future – remote monitoring of ambient conditions e.g. for food/
              drug storage, environment.
          •   Current supply-chain tagging mostly at pallet/ carton level, but
              trend toward individual item tagging as prices decline
•       Requires compatibility of data storage and transmission
        formats/ protocols
                      Brave New World
•    Add in
    • SNS and Twitter
        •   the limitless public disclosure of detailed personal
    •   Automatic numberplate recognition systems
    •   Ubiquitous CCTV….
                         Brave New World
•       Challenges:
    •      ability to trace information and join to profile individuals
    •      potential pervasiveness of tags and readers – tracking of
           individuals without their knowledge
          •   "the wearer of Rolex no. 1234567 has just entered your shop", or
          •   "this shopper carries no luxury items: refuse credit"
               • Is this personal data at all?
    •      protection of personal data,
    •      redefinition of privacy?
          •   control of boundaries of personal space is lost

•       Security risks – speed of cloning, skimming of data,
                        Privacy by design
•       Unrealistic to aim for total privacy or total security
    •     Aim for
          • minimising data spillage or disclosure
          • Enabling data sharing within the control of the individual
             • New relationships of mutual trust
          • Both within acceptable standard of convenience
                           Privacy by design
•       Principles:
    •      Notice
          •   real and effective
    •      Choice/ consent
          •   real alternative cf 'take it or leave it'
    •      Anonymity/pseudonymity
          •   Common Services Agency v Scottish Information Commissioner
    •      Proximity/locality of dissemination of data
    •      Security
    •      Access controls
          •   And proper enforcement of them
                         Privacy by design
•       Methods:
    •     Privacy audits
    •     Automatic deactivation of tracking devices at point of sale
          •   Unless consumer opts in
    •     Announcements as to ambient surveillance – with opt out
    •     Built-in range limitations
    •     User-centric data (or identity) management
          •   As opposed to the centralised database, or organisation-centric
          •   Challenge: motivating individuals to sacrifice some convenience
              for greater control/ privacy….
                         Privacy by design
•       User-centric data management
    •     Individual retains separate identifiers corresponding to
          separate partial identities, for use with separate entities
    •     single-sign-on mechanism to a point of network presence
          •   E.g. Austrian Burgerkarte
          •   Individual authenticates to point of presence
               • Highly secure process necessary
          •   Separate channels from point of network presence to
              counterparties use different identifiers
               • (or not, at individual's option)
          •   Permission hub at point of network presence controls what
              information each counterparty can access
               • Including permission for different counterparties to share
    •     Individual has to take greater responsibility for data privacy
                          Privacy by design
•       User-centric data management initiatives
    •      Microsoft CardSpace
          •   Tied to the computer used
              • But may shortly tie to mobile phones instead
    •      OpenID

•       federated IdM
    •      Liberty Alliance
          •   Circles of Trust, e.g. airline and its partner hotel, car rental etc
    •      Shibboleth
          •   Academia

Shared By: