data retention vs data privacy
play

Data Retention vs Data Privacy By Therese Saliba Khairallah - PowerPoint PPT Presentation

Dec 05, 2023 •163 likes •365 views

Data Retention vs Data Privacy By Therese Saliba Khairallah Operations Manager Inconet Data Management SAL E-mail: therese.saliba@idm.net.lb Middle East Cyber Crime Forum Beirut, Lebanon, 23 rd & 24 th February 2006 Agenda Agenda Data

  1. Data Retention vs Data Privacy By Therese Saliba Khairallah Operations Manager Inconet Data Management SAL E-mail: therese.saliba@idm.net.lb Middle East Cyber Crime Forum Beirut, Lebanon, 23 rd & 24 th February 2006

  2. Agenda Agenda � Data Retention principles & issues � Current Practices relating to Data Retention � Global Debates � Implications � Thoughts

  3. Data Retention principles & issues Data Retention principles & issues � Data Retention Types � Information contained in a Log File, related to End-User’s identity, location, destination,… � Content of Communication: emails, chat, web pages downloaded, voice over IP communication, video communication, peer-to-peer communication (Napster, Kazaa, Morpheus, iMesh etc…) Not dealt with in the following presentation � Data Retention Process � Data Collection � Data Storage � Data Retrieval

  4. Data Retention principles & issues Data Retention principles & issues Data Collection � Data collected from Switches, Routers & Network elements � Authentication Data � IP Assignments, IP Flow Logs � Routing tables � Syslog data, snmp data � Data collected from: Servers, Service Gateways � DNS servers � Mail servers (smtp, pop, ..) � Web & FTP Servers � Cache Engines, Proxy, NAT etc… � Data collected from: Databases � User Data (name, address) & Billing information Time stamp collected from all the above

  5. Data Retention principles & issues Data Retention principles & issues Data Collection (Cnt’d) � Possible Data to log at the access Provider level � Login Data & IP assignments at the terminal server level � Requests & parameters, cached pages, IP translation at the proxy level � Requested pages at the DNS level � IP Flow logs at the router and switches level � Additional data in log files from Firewalls, transparent proxies, NAT systems, intrusion Detection etc… � Operating System Access (i.e. High level administrative or root access) � Application access (i.e. users and objects with write and execute privileges) � Possible Data to log at the Presence Provider level � IP-Address � Requested page

  6. Data Retention principles & issues Data Retention principles & issues

  7. Data Retention principles & issues Data Retention principles & issues Data Collection: Issues � Data collected from Switches, Routers & Network elements � No single point of collection for the whole network � Same data logged several times in Network � Data provided is raw data, pre-processing required to produce useful, readable data � Information required to produce useful logs require outside sources (i.e. DNS, other Providers) � Data collected from: Servers, Service Gateways � Multiple Log Files formats, plain text � Huge amounts of data, dependant on log detail level � Log Files designed for humans, not easily machine readable � Anonymous use often possible � High probability of source being intermediary (Proxy, NAT, load balancing)

  8. Data Retention principles & issues Data Retention principles & issues Data Storage � Data storage situation � Long-Term storage only for billing records � Secure storage of logs is not an industry standard practice � Separate storage required for on line and off line data � Data Storage: Issues � Storage of raw data will not lead to useful information � Storage of preprocessed data requires significant processing � Long-Term Retention of data means massive volumes of data (TB) depending on: • ISP Size • ISP Service Portfolio • Number of Subscribers • Subscriber’s Consumption Volume (Note: Introduction of ADSL promotes large video transfers)

  9. Data Retention principles & issues Data Retention principles & issues Data Retrieval � Internal resources needed to handle requests for Data � Separate and powerful systems to search for data quickly � Development of new retrieval systems to cope with ISP regularly changing systems: � ISPs would require highly qualified staff to insure the development or the maintenance of such systems � Availability of intelligent software for data retrieval worldwide

  10. Current Practices relating to Data Retention Current Practices relating to Data Retention Current Logging � Currently ISPs can log the following from Several Sources Manually: � IP Address – Assigned by ISP to a user � Telephone Line a username is using – Dial-up Users (Availability of Digital Lines) � Location of the Hotspot a username is using – WIFI Users � Duration of Connection – (Start Time / Stop Time) for all users using authentication data to connect � ISP Mail Application – From / To, IP, Time Stamp, sent or not, received or not � Website Visits (URLs) from Cache Engines (Date, IP, URLs, Time Stamp)

  11. Current Practices relating to Data retention Current Practices relating to Data retention Issues with current practices � Difficulty to know the username ID in the following cases: � prepaid card bought from the market � IP assigned to a public internet access (Internet cafe) � IP assigned to an enterprise providing Internet access to its employees � IP assigned to an educational institution providing access to its students � IP assigned to a roaming user � Duration of retention is variable from years to minutes, depending on the logged data and the ISP � ISPs start retaining less and less data due to unlimited usage provided now and due to the increasing amount of retained data. � Unclear Data privacy law in Lebanon (Lebanese citizens rights)

  12. Current Practices relating to Data retention Current Practices relating to Data retention Scenarios of Government Requests Fulfilled by ISPs Today. � Case 1: tracking the identity of an IP address (case of an IP address implicated in a cyber crime) � Case 2: tracking usage from a certain telephone line (case of a customer refusing to pay the MOT bill, denying using the Internet) � Case 3: tracking the initiator of an ISP e-mail: IP address, telephone line (case of business e-mails read by a spy) � Case 4: tracking username caller id (case of stolen computer)

  13. Current Practices relating to Data retention Current Practices relating to Data retention Process of requests coming today to ISP � Request to the ISP from Internal Security Forces approved by the Public Prosecutor before the Supreme Court � ISP will fetch in the Log Files � ISP will send an official letter to the Internal Security Forces in answer of the request with the results

  14. Global Debates Global Debates � EuroISPA – European Internet Service Provider Association � Mandatory law for data retention for two years, but still debated � USISPA – United States Internet Service Provider Association � No mandatory law for data retention but they share most of EuroISPA concerns � ARISPA – Arabic Internet Service Provider Association � Just starting � AFRISPA – African Internet Service Provider Association � No info on data retention law on their web site

  15. Implications Implications � ISPs � Additional very high cost, new innovative services, competition, high quality of services � End-User � Cost, Privacy, flexibility (to use the service from a network café, hotspot, prepaid cards, online buying, future vending machines…) � Government � Additional cost to reimburse the ISP’s in case of a mandatory law of retention � Risk on some Type of Business � E-commerce

  16. Implications – – Cost Factors Cost Factors Implications � Network design of the ISP and its size � Number of Subscribers � Service portfolio � Duration of Retention Regime � Which data falls within the retention regime � Quality of Data (i.e. must it be of evidential quality?) � Highly Skilled people for dealing with requests � Attending Court Cases � Maintaining “Golden Copies” of data passed over to law enforcement authorities � Hardware & Software infrastructure for the retention required � Upgrade of existing Hardware for logging � Highly skilled people to maintain the intelligence of retention � Global Time Synchronization

  17. Thoughts Thoughts � End-User Privacy versus Government Security � Data protection and data retention requirements are almost mutually exclusive � Data retention is a potential infringement of fundamental rights and laws in the country � A Sustained period of close dialogue between the relevant stakeholders (Government, ISPs, Legislators, Regulators) � Qualified Department in the Government to maintain this dialogue � Establish a framework to provide ongoing industry input

  18. Data Privacy & Security Data Privacy & Security Country’s Vulnerabilities Personal Privacy To informational Attacks

  19. Data retention vs vs Data Privacy Data Privacy Data retention Thank you for your attention By Therese Saliba Khairallah Operations Manager Inconet Data Management SAL E-mail: therese.saliba@idm.net.lb Middle East Cyber Crime Forum Beirut, Lebanon, 23rd & 24th February 2006

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Preserving the Privacy of Sensitive Relationships in Graph Data Motivation Valuable Data! No

Preserving the Privacy of Sensitive Relationships in Graph Data Motivation Valuable Data! No

Preserving the Privacy of Sensitive Relationships in Graph Data Motivation Valuable Data! No privacy breaches! Public Data Anonymization Data representation? Privacy breach? Value of data? Data publisher Privacy Analyst Work by: Elena

80 views • 3 slides
Data Privacy for IEEE Volunteer Data Managers 2 Overview Changes in Data Privacy IEEE

Data Privacy for IEEE Volunteer Data Managers 2 Overview Changes in Data Privacy IEEE

Data Privacy for IEEE Volunteer Data Managers 2 Overview Changes in Data Privacy IEEE Privacy Policy Terms & Conditions and Subscriptions Consent Structure and Preferences Meetings, Conferences, and Events

926 views • 36 slides
Data privacy and big Data privacy and big data data Engineering & Public Policy Lorrie

Data privacy and big Data privacy and big data data Engineering & Public Policy Lorrie

CyLab Data privacy and big Data privacy and big data data Engineering & Public Policy Lorrie Faith Cranor November 12, 2015 y & c S a e v c i u r P r i t e y l b L a a s b U o 8-533 / 8-733 / 19-608 /

658 views • 21 slides
EU Art.29 Data Protection Users care about privacy Working Party From: Special Eurobarometer

EU Art.29 Data Protection Users care about privacy Working Party From: Special Eurobarometer

28/05/15 Outline Data privacy and the evolving regulation Privacy threats from LBS to geoSN EveryWare Lab Main (location) privacy protection techniques Data Management for Mobile Protecting geo-tagged resource publication

411 views • 7 slides
Data Privacy Law Overview Privacy Protections (D) Working Group Jennifer McAdam Senior Counsel

Data Privacy Law Overview Privacy Protections (D) Working Group Jennifer McAdam Senior Counsel

Data Privacy Law Overview Privacy Protections (D) Working Group Jennifer McAdam Senior Counsel DECEMBER 8, 2019 Data Privacy vs. Data Security Data Privacy Data Security How data is collected & How data is stored & used

465 views • 23 slides
CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security

CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security

CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security in Healthcare Li Xiong Healthcare security and privacy HIPAA overview Research survey on information security and privacy in healthcare

1.05k views • 57 slides
Landscape of Retention & Participation: An Evaluation Perspective Anthony Panzera, PhD MPH

Landscape of Retention & Participation: An Evaluation Perspective Anthony Panzera, PhD MPH

The Spectrum of Retention: Using Data to Identify Different Types of Retention Issues in WIC Pre-Conference Workshop: Participant Retention Strategies 2019 NWA Annual Education and Training Conference & Exhibits Landscape of Retention &

342 views • 13 slides
Privacy and your data Christopher Scholefield Commercial Partner Lara Zambon Legal

Privacy and your data Christopher Scholefield Commercial Partner Lara Zambon Legal

Privacy & your data Privacy and your data Christopher Scholefield Commercial Partner Lara Zambon Legal Assistant Privacy & your data Data protection What are we talking about? What is personal data? Rights of the data

486 views • 19 slides
#MicroFocusCyberSummit Cloud-based Data Privacy and Protection Protecting data and privacy

#MicroFocusCyberSummit Cloud-based Data Privacy and Protection Protecting data and privacy

#MicroFocusCyberSummit Cloud-based Data Privacy and Protection Protecting data and privacy across hybrid IT Farshad Ghazi - Moderator Mat Spitz Lacy Gruen #MicroFocusCyberSummit Reiner Kappenberger Cloud-based Data Privacy and Protection:

453 views • 10 slides
Privacy by Deletion: 5 Steps to Reducing Data Risk July 19, 2017 Agenda Introductions The

Privacy by Deletion: 5 Steps to Reducing Data Risk July 19, 2017 Agenda Introductions The

Privacy by Deletion: 5 Steps to Reducing Data Risk July 19, 2017 Agenda Introductions The Risks Involved with Over-Retention 5 Steps to Reduce Data Risk Understanding what exists Focusing on risks Leveraging lower cost storage

664 views • 25 slides
Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in

Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in

Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in many ways over the years. Usually privacy is concerned with the individual human being. We may talk about privacy as the control over your own

230 views • 21 slides
11-830 Computational Ethics for NLP Lecture 11: Privacy and Anonymity Privacy and Anonymity

11-830 Computational Ethics for NLP Lecture 11: Privacy and Anonymity Privacy and Anonymity

11-830 Computational Ethics for NLP Lecture 11: Privacy and Anonymity Privacy and Anonymity Being on-line without giving up everything about you Ensuring collected data doesnt reveal its users data Privacy in Structured Data:

766 views • 49 slides
1 Data Mining and Privacy The primary task in data mining: Develop models about aggregated

1 Data Mining and Privacy The primary task in data mining: Develop models about aggregated

Privacy Breaches in Privacy-Preserving Data Mining Johannes Gehrke Department of Computer Science Cornell University Joint work with Sasha Evfimievski (Cornell), Ramakrishnan Srikant (IBM), and Rakesh Agrawal (IBM) Motivation: Information

310 views • 18 slides
Privacy-Preserving Query Processing over Encrypted Data in Cloud CS573 Data Privacy and Security

Privacy-Preserving Query Processing over Encrypted Data in Cloud CS573 Data Privacy and Security

Motivation Two-Cloud Setting PP k NN Classification Conclusion and Future Research Privacy-Preserving Query Processing over Encrypted Data in Cloud CS573 Data Privacy and Security Yousef M. Elmehdwi Department of Mathematics and Computer

919 views • 19 slides
Data Privacy Anonymization Li Xiong CS573 Data Privacy and Security Outline Inference

Data Privacy Anonymization Li Xiong CS573 Data Privacy and Security Outline Inference

Data Privacy Anonymization Li Xiong CS573 Data Privacy and Security Outline Inference control Anonymization problem Anonymization notions and approaches (and how they fail to work!) k-anonymity l-diversity t-closeness

741 views • 51 slides
DIMACS/PORTIA Workshop on Privacy Preserving Data Mining Data Mining & Information Privacy:

DIMACS/PORTIA Workshop on Privacy Preserving Data Mining Data Mining & Information Privacy:

DIMACS/PORTIA Workshop on Privacy Preserving Data Mining Data Mining & Information Privacy: New Problems and the Search for Solutions March 15 th , 2004 Tal Zarsky The Information Society Project, Yale Law School Introduction: Various

273 views • 25 slides
VOGLERS ARCHETYPES CAMPBELL biological , recur in many myths, instantly recognisable for

VOGLERS ARCHETYPES CAMPBELL biological , recur in many myths, instantly recognisable for

VOGLERS ARCHETYPES CAMPBELL biological , recur in many myths, instantly recognisable for everyone JUNG Archetypes - universal symbols of humanitys collective unconscious The concept of archetypes is an indispensable tool for

460 views • 13 slides
Simulation of a Self-adaptive Run-time Environment with Hardware and Software Components Onur

Simulation of a Self-adaptive Run-time Environment with Hardware and Software Components Onur

Simulation of a Self-adaptive Run-time Environment with Hardware and Software Components Onur Derin, Alberto Ferrante Advanced Learning and Research Institute Faculty of Informatics Universit` a della Svizzera italiana Lugano, 6900,

798 views • 21 slides
Intrusion Detection and Prevention System (IPS) Technology, Applications, and Trend Dr.

Intrusion Detection and Prevention System (IPS) Technology, Applications, and Trend Dr.

Intrusion Detection and Prevention System (IPS) Technology, Applications, and Trend Dr. Nen-Fu (Fred) Huang Professor, Department of Computer Science, National Tsing Hua University, Taiwan President, Broadweb Corp, Taiwan E-mail:

846 views • 41 slides
3 rd Facilitation Meeting for WSIS Action Line C5 Building confidence and security in the use

3 rd Facilitation Meeting for WSIS Action Line C5 Building confidence and security in the use

3 rd Facilitation Meeting for WSIS Action Line C5 Building confidence and security in the use of ICTs 22nd May 2008 GENEVA VOICE OVER IP (VoIP) Presented by Graham Butler President & C.E.O Bitek International Inc www.bitek.com

191 views • 17 slides
GPS Tracking System Amany El Gouhary Richard Wells Anthony Thatcher Motivation Shuttles up

GPS Tracking System Amany El Gouhary Richard Wells Anthony Thatcher Motivation Shuttles up

GPS Tracking System Amany El Gouhary Richard Wells Anthony Thatcher Motivation Shuttles up to 50 minutes late Drivers take breaks when running behind Repeatedly miss stops However, UTA buses are always within one or two minutes

513 views • 32 slides
Investing with ATRC By : Khawar Nehal Date : 1 February 2018 Job vs Business Job vs Business

Investing with ATRC By : Khawar Nehal Date : 1 February 2018 Job vs Business Job vs Business

Investing with ATRC By : Khawar Nehal Date : 1 February 2018 Job vs Business Job vs Business BUT !!!! Businesses require the following in general : 5 years of rigorous work and experience before regular profits are realized. 20 years of

169 views • 16 slides
Refactoring to Java 8 Trisha Gee (@trisha_gee) Developer & Technical Advocate, JetBrains

Refactoring to Java 8 Trisha Gee (@trisha_gee) Developer & Technical Advocate, JetBrains

Refactoring to Java 8 Trisha Gee (@trisha_gee) Developer & Technical Advocate, JetBrains Why Java 8? Its Faster Performance Improvements in Common Data Structures Fork/Join Speed Improvements Changes to Support Concurrency

1.4k views • 75 slides
Two-Level Morphology: A General Model for Word-Form Recognition and Production Kimmo

Two-Level Morphology: A General Model for Word-Form Recognition and Production Kimmo

Two-Level Morphology: A General Model for Word-Form Recognition and Production Kimmo Koskenniemi, 1983 Flavia N ahrlich Eberhard Karls Universit at T ubingen December 13, 2016 Kimmo Koskenniemi: Two-Level Morphology Content 1.

430 views • 20 slides

More recommend