06/02/2020 Dan Perjovschi Dan Perjovschi, 2007 Jaap-Henk Hoepman - - PDF document

06/02/2020 1

Jaap-Henk Hoepman //

Dan Perjovschi

9-2-2017 // Privacy: an overview Dan Perjovschi, 2007 1

1

Jaap-Henk Hoepman

* jhh@cs.ru.nl // 8 www.cs.ru.nl/~jhh // 8 blog.xot.nl // @xotoxot Privacy & Identity Lab Radboud University Tilburg University University of Groningen

Privacy Seminar

Introduction

2

Jaap-Henk Hoepman //

Agenda

n Course overview n Privacy: an introduction

30-01-2018 // Privacy by design 3

3

06/02/2020 2

Organsiation

4

Jaap-Henk Hoepman // 9-2-2017 // Privacy Seminar 5

Organisation

n Teachers

• Jaap-Henk Hoepman (jhh@cs.ru.nl); Erasmus 19.12

n Blackboard not used

• Website: https://www.cs.ru.nl/~jhh/secsem.html
• Wiki: http://wiki.science.ru.nl/privacy/

5

Jaap-Henk Hoepman //

Seminar

n Seminar

• Student lecture
• Student paper
• Student opposition

n Grade = weighted average

• But only if all grades at least 5.5
• If not, lowest grade is final grade!

n Working in groups

• 2 or 3 people

n Attendance required n Lecture rooms

• From February 6 to March 19 in room HFML 0220. From April 16 to June 11 in

HG 00.310.

9-2-2017 // Privacy Seminar 6

6

06/02/2020 3

Jaap-Henk Hoepman // 9-2-2017 // Privacy Seminar 7

Course schedule

7

Jaap-Henk Hoepman //

Topics (first come first serve)

n Privacy in databases

• How to provide (controlled) access to personal data stored in

databases, without immediately threatening the privacy of the people involved, using mechanisms like differential privacy or statistical disclosure control. n Privacy friendly search

• How to hide the query (i.e. what is searched for) from the

party hosting the database. n Searching in encrypted databases

• How to also hide the underlying data in the database from

the party hosting the database. n Privacy in machine learning

• How to ensure that individual data used to train a machine

learning model is not leaked when using the model. n Polymorphic encryption

• How to protect privacy in e.g. health care where data must be

made conditionally accessible to certain care providers while staying encrypted in general. n Privacy friendly identity management

• How to use e.g. attribute based credentials or other claims

based approaches to make identity management more privacy friendly. n Privacy friendly revocation of credentials

• How to (efficiently) revoke anonymous credentials. I.e. how to

revoke a particular credential, even though individual credentials cannot be traced by definition n Revocable privacy

• How to guarantee privacy while also guaranteeing that all

users of a system abide by some predetermined rules, i.e. how to design systems that are both privacy friendly and secure. n Privacy friendly location based services

• How to provide a service that depends on the user's current

location, without revealing the actual, exact location? n Privacy in asynchronous messaging

• How to establish contact anonymously, and how to

subsequently exchange messages in an unlinkable fashion that prevents the service provider to learn who is communicating with who. n Anonymous cryptocurrencies

• How to make Bitcoin like cryptocurrencies privacy friendly.

n Secure multiparty computation

• How to jointly compute the output of a function (e.g. some

aggregate statistic) without revealing the individual inputs. 30-01-2018 // Privacy by design 8

8

Jaap-Henk Hoepman //

Research

n analyse a particular practical case

• what are the privacy issues (from a societal and legal perspective) and

how are they dealt with

n give a precise and concise problem description

• in technical terms: define your model; your assumpions

n investigate possible PETs that apply

• summarise your analysis

n pick one and solve the problem (involves a protocol)

• describe this in sufficient detail!

n (informally) prove or argue correctness

9-2-2017 // Privacy Seminar 9

9

06/02/2020 4

Jaap-Henk Hoepman //

Student lecture

n Goal of lecture

• to inform other students about your research

n Important

• make lecture interactive
• add additional material

n Discuss draft

• thursday 13:00-13:15 the week before, in my office
• mail slides etc. at least two day before

9-2-2017 // Privacy Seminar 10

10

Jaap-Henk Hoepman //

Student lecture: grading

Content

n Argumentation and Depth

• Whether your lecture provides a solid basis and

backing of all statements and claims made, and whether it covers all important topics in sufficient detail. n Intelligibility

• Whether the message comes across, whether your

lecture connects to what your audience expects and understands, how well you explain certain topics. n Comprehensiveness

• Whether your lecture covers all important aspects,

and clearly separates important issues from secondary details. Equal attention should be paid to technical and legal/societal issues.

Form and performance

n Structure

• Logical ordering of your lecture, the relationship

between the topics. n Attractiveness

• Whether your lecture captivates the audience, your

use of supporting materials (e.g. powerpoint). n Delivery

• Level of engagement and contact with the audience,

your presence in front of the class, the liveliness and tone of your lecture n Interaction

• Level of interactivity, the way you respond to

questions. n Language

• Pronunciation, vocabulary, grammar.

30-01-2018 // Privacy by design 11

11

Jaap-Henk Hoepman //

Student paper

n Goal

• Report on research
• Express own perspective and opinion on PETs

n Format

• Roughly 12 pages (excluding references)

«A4, reasonable margins, 10-11 pt font

n Beware

• Collect your own literature as well
• Use input obtained during presentation in class

9-2-2017 // Privacy Seminar 12

12

06/02/2020 5

Jaap-Henk Hoepman //

Student paper

n Typical structure

• Context
• Problem description

«Including legal/social analysis

• Proposed solution
• Technical analysis
• Conclusions

9-2-2017 // Privacy Seminar 13

13

Jaap-Henk Hoepman //

Student paper: planning

n Average timespan

• Literature study: 2 weeks
• Perform research: 2 weeks
• Write skeleton: 1 week
• Write final paper: 3 weeks

n Deadlines

• April 23: Skeleton
• June 11: Final paper

n So start as soon as you can!

9-2-2017 // Privacy Seminar 14

14

Jaap-Henk Hoepman //

Student paper: grading

Contet

n (Technical) quality

• Whether the paper shows an understanding of the

(technical) issues involved. Correctness of all (technical) statements and claims. n Analysis

• Whether a proper argumentation is given, and

whether all main aspects of the topic are addressed, with proper regard of what are the main points and what are only secondary points. (This covers the criteria argumentation, depth and intelligibility, and comprehensiveness used for scoring the presentation.) n Quality of references

• Whether you found and cite all relevant literature.

Originality (finding relevant references yourself) is appreciated. n Own opinion

• Whether the paper clearly expresses and argues

your own opinion on the subject matter.

Form

n Style

• Clarity of writing, objectiveness, linguistic quality (in

terms of spelling and grammar). n Structure

• Logical structure of the paper, helping the reader

understand what he is about to read, giving the paper a natural flow. n Attractiveness

• Formatting of the paper, including precise

formatting of the bibliography. 30-01-2018 // Privacy by design 15

15

06/02/2020 6

Jaap-Henk Hoepman //

Working in groups

n Everyone responsible for all output

• Review each others work!

n Work together, not seperately n Plan your work n Equally divide work

• And make sure everyone delivers
• If not: notify me before everything escalates….

30-01-2018 // Privacy by design 16

16

Jaap-Henk Hoepman //

Remaining points

n Contribute to the wiki

• http://wiki.science.ru.nl/privacy/

9-2-2017 // Privacy Seminar 17

17

Privacy: an overview

• 2. Privacy: an overview

18

06/02/2020 7

Jaap-Henk Hoepman //

Contents

n Privacy under threat

• Government
• Business
• People

n What is privacy? n The value of privacy

• Individual liberty
• Social value

n How the law protects privacy

19

Jaap-Henk Hoepman //

Government surveillance

9-2-2017 // Privacy: an overview 20

20

Jaap-Henk Hoepman //

Fraud detection, policing

30-01-2018 // Privacy by design 21

21

06/02/2020 8

Jaap-Henk Hoepman //

Commercial surveillance

9-2-2017 // Privacy: an overview 22

22

Jaap-Henk Hoepman // // Privacy: an overview 23 9-2-2017

23

Jaap-Henk Hoepman //

Cambridge Analytica

30-01-2018 // Privacy by design 24

https://www.theguardian.com/uk-news/cambridge-analytica

24

06/02/2020 9

Jaap-Henk Hoepman //

They know things before you yourself do!

// Privacy: an overview 25 9-2-2017

25

Jaap-Henk Hoepman //

They track you even in real shops

// Privacy: an overview 26 9-2-2017

26

Jaap-Henk Hoepman //

People…

n Online 24 hours/day n Do many things over the Internet

• Social networking
• Communications
• Reading
• Video
• Finance
• Maps
• Platforms (Airbnb, Uber)

30-01-2018 // Privacy by design 27

27

06/02/2020 10

Jaap-Henk Hoepman // 9-2-2017 // Privacy: an overview

Privacy

what is privacy according to you?

28

28

Jaap-Henk Hoepman //

Privacy typology (Koops et. al. 2017)

bodily privacy spatial privacy communicational privacy propritary privacy intllctual privacy dcisional privacy associational privacy bavioral privacy (emphasis on) freedom from "bein e aone" (emphasis on) freedom o "sefdeeopmen" persona one "soide" aess

• nro

inimae one "inima" semipriae one "sere" pbi one "inonspiosness" inormational privacy

30-01-2018 // Privacy by design 29

29

Jaap-Henk Hoepman //

7 types of privacy

n privacy of

• the (physical) person,
• behaviour and action,
• personal communication,
• data and image,
• thoughts and feelings,
• location and space, and
• association (including group privacy).

9-2-2017 // Privacy: an overview 30

Finn, R.L., Wright, D., and Friedewald, M.: Seven types of privacy. CPDP 2012 Clarke, R.: Introduction to Dataveillance and Information Privacy, and Definitions of Terms, 1997

30

06/02/2020 11

Jaap-Henk Hoepman //

Different definitons

n The right to be let alone

• [Warren & Brandeis, 1890]

n Informational self-determination: The right to determine for yourself when, how and to what extend information about you is communicated to others

• [Westin, 1967]

n The freedom from unreasonable constraints on the construction of

• ne’s identity
• [Agre, 1998]

n Contextual integrity: the right to prevent information to flow from one context to another

• [Nissenbaum, 2004]

9-2-2017 // Privacy: an overview 31

31

Jaap-Henk Hoepman //

Contextual integrity

9-2-2017 // Privacy: an overview 32 [FIDIS project]

32

Jaap-Henk Hoepman //

Don’t confuse these concepts!

9-2-2017 // Privacy: an overview

security privacy data protection

33

33

06/02/2020 12

Jaap-Henk Hoepman //

Privacy invasions

9-2-2017 // Privacy: an overview

Collect Process Disseminate Invade/Use Intrusion Interference Surveillance Interrogation Aggregation Identification Insecurity Secondary Use Exclusion Breach of confidentiality Disclosure Exposure Increased availability Blackmail Appropriation Distortion

Based on: Daniel J. Solove,"A Taxonomy of Privacy" 2006. 34

34

Jaap-Henk Hoepman // 9-2-2017 // Privacy: an overview

Privacy

computing (1950-)

• searching becomes efficient
• data kept forever

networking (1980-)

• datasharing becomes easy
• data accessible on-line

“network effect”

35

35

Jaap-Henk Hoepman //

Transfer

Different types of data/information

n Volunteered

• What you reveal explicitly when asked

n Observed

• What you reveal implicitly by your behaviour

n Inferred

• What is derived from other data about you

9-2-2017 // Privacy: an overview 36

[World Economic Forum Report Personal Data: The Emergence

• f a New Asset Class]

36

06/02/2020 13

Jaap-Henk Hoepman //

Data vs Metadata

n Metadata (= Behavioural data)

• Condensed (information rich, easy to process)
• More ”true” (judge a man not on what he says but on what he does)

9-2-2017 // Privacy: an overview 37

37

Jaap-Henk Hoepman //

Why is privacy important

9-2-2017 // Privacy: an overview 38

38

Jaap-Henk Hoepman // 9-2-2017 // Privacy: an overview

“Privacy is essential for freedom, democracy, psychological well-being, individuality and creativity”

Daniel J. Solove. “Understanding Privacy.” Harvard University Press, 2008.

39

39

06/02/2020 14

Jaap-Henk Hoepman //

Moral basis for data protection

n prevention of information-based harm

• Like guns, information may kill people

n prevention of informational inequality

• The “market” of information
• Non-discrimination

n prevention of informational injustice

• Spheres of privacy must be protected

n respect for moral autonomy.

• People change

9-2-2017 // Privacy: an overview 40 Hoven, Jeroen Van Den and Vermaas, Pieter E.(2007) 'Nano-Technology and Privacy: On Continuous Surveillance Outside the Panopticon', Journal of Medicine and Philosophy, 32: 3, 283 — 297

40

Jaap-Henk Hoepman // 9-2-2017 // Privacy: an overview

Searching for the right metaphor

• rwell / big brother

chandler / little sister kafka / the trial

41

41

Jaap-Henk Hoepman //

Of: the Matrix

// Privacy: an overview 42 9-2-2017

42

06/02/2020 15

Jaap-Henk Hoepman //

You’ve got nothing to hide

9-2-2017 // Privacy: an overview 43

43

Jaap-Henk Hoepman //

Have you!!??

9-2-2017 // Privacy: an overview 44

44

Jaap-Henk Hoepman //

I have nothing to hide....

n Everybody has something to be embarrassed about n Assumes that the problem is data you want to hide

• even “innocent” data can harm you

n Freedom of thought

• That job offer looks interesting...
• That woman looks “interesting”...

n No distinction between illegal (legal) vs disgraceful (moral) vs …: data is data n What is the data used for: investigation, anti-terrorism, or …??

• Function creep

9-2-2017 // Privacy: an overview

Wrong assumption

The point is not that there is data that is apriori “wrong” or illegal (as seen by the “sender”) The point is that “innocent” data can (later) be used wrongly (by the current “receiver”)

Solove, Daniel J., “I’ve got nothing to hide" 2008. 45

45

06/02/2020 16

Jaap-Henk Hoepman //

Beyond privacy: autonomy

// Privacy: an overview 46 9-2-2017

46

Jaap-Henk Hoepman //

The GDPR in 5 minutes

26-03-2018 // De blockhain 47

47

Jaap-Henk Hoepman //

Applies when you process personal data?

n But also…

• License plate
• IP Address
• Likes
• Tweets
• Search terms

3-5-2017 // Eight Privacy Design Strategies 48

n So…

• Name
• Social security number
• Email address

48

06/02/2020 17

Jaap-Henk Hoepman //

Subject / controller / processor

26-03-2018 // De blockhain 49

Data subject Data controller Data processor

personal data

49

Jaap-Henk Hoepman //

Data protection law (core principles)

n Legitimate Processing Grounds

• consent
• necessity

n Data Subject Rights

• notification
• access
• rectification
• object to profiling

n Data Protection Principles

• purpose limitation
• data minimisation
• duration of retention
• accuracy of the data

n Accountability

• risk based-approach
• transparency of processing
• data protection by design
• data protection impact

assessment

11-2-2016 // Privacy Enhancing Technologies 50

50

Jaap-Henk Hoepman // 26-03-2018 // De blockhain 51

51

06/02/2020 18

Jaap-Henk Hoepman // 9-2-2017 // Privacy: an overview 52

52

Jaap-Henk Hoepman //

Resources

n Websites

• http://wiki.science.ru.nl/privacy/
• https://www.eff.org/
• https://www.bof.nl

n Books

• Agre & Rotenberg: Technology and Privacy: The New Landscape, MIT Press,

1998

• Ilija Trojanow, Juli Zeh “Aanslag op de vrijheid”, de Geus,2010
• Daniel J Solove "Understanding Privacy", Harvard University Press, 2008.
• Bart de Koning "Alles onder controle", Uitgeverij Balans, 2008.

9-2-2017 // Privacy: an overview 53

53

Jaap-Henk Hoepman //

Questions / discussie

30-01-2018 // Privacy by design 54

twitter: @xotoxot 8 www.cs.ru.nl/~jhh * jhh@cs.ru.nl 8 blog.xot.nl [Monty Python’s Argument Clinic sketch]

54