on enforcing the digital immunity of a large humanitarian
play

On Enforcing the Digital Immunity of a Large Humanitarian - PowerPoint PPT Presentation

Mar 06, 2024 •418 likes •872 views

On Enforcing the Digital Immunity of a Large Humanitarian Organization Stevens Le Blond , Alejandro Cuevas, Juan Ramon Troncoso- Pastoriza, Philipp Jovanovic, Bryan Ford, Jean-Pierre Hubaux 2 Digital immunity Computer security and privacy

  1. On Enforcing the Digital Immunity of a Large Humanitarian Organization Stevens Le Blond , Alejandro Cuevas, Juan Ramon Troncoso- Pastoriza, Philipp Jovanovic, Bryan Ford, Jean-Pierre Hubaux

  2. 2

  3. Digital immunity “Computer security and privacy encompassing technical & organizational factors , and privileges and immunities (P&I) ” What practical factors influence use of security tech by humanitarian orgs? 3

  4. 4

  5. Outline • The International Commitee of the Red Cross (ICRC) • Methodology • Results • Data collected • Data flows • Operational and legal factors • Proposed architecture 5

  6. Outline • The International Commitee of the Red Cross (ICRC) • Methodology • Results • Data collected • Data flows • Operational and legal factors • Proposed architecture 6

  7. Characteristics of the ICRC $ x3 Nobel 16,000 2.1 billion At-risk Privileges & Peace Prices employees annual budget operations Immunity (P&I) 7

  8. Privileges and Immunities (P&I) 1/2 Freedom of Bilateral Armed conflicts Inviolability communications agreement of premises 8

  9. Privileges and Immunities (P&I) 2/2 9

  10. Outline • The International Commitee of the Red Cross (ICRC) • Methodology • Results • Data collected • Data flows • Operational and Legal factors • Proposed architecture 10

  11. Methodology Inductive 27 interviews until 278 years Qualitative approach methods topic exhaustion of experience 11

  12. Summary of interviews 12

  13. Location of ICRC delegations Participants Others 13

  14. Outline • The International Commitee of the Red Cross (ICRC) • Methodology • Results • Data collected • Data flows • Operational and legal factors • Proposed architecture 14

  15. Outline • The International Commitee of the Red Cross (ICRC) • Methodology • Results • Data collected • Data flows • Operational and legal factors • Future work 15

  16. Summary of collected data types by units 16

  17. Sensitivity of Collected Data Beneficiaries Organization Governments 17

  18. Outline • The International Commitee of the Red Cross (ICRC) • Methodology • Results • Data collected • Data flows • Operational and legal factors • Proposed architecture 18

  19. Overview of data flows Participants Others 19

  20. Outline • The International Commitee of the Red Cross (ICRC) • Methodology • Results • Data collected • Data flows • Operational and legal factors • Proposed architecture 20

  21. Organizational structure HQ 21

  22. Practical factors Vulnerability HQ 22

  23. Practical factors Vulnerability Capacity building Coercion HQ 23

  24. Practical factors Vulnerability Capacity building Coercion Physical attacks HQ 24

  25. Practical factors Vulnerability Capacity building Coercion Physical attacks Legal factors 25

  26. Lessons learnt 1. Data management rights should be granted on a need basis and should take citizenship, Privileges and Immunities (P&I), and susceptibility to coercion into account. 2. Operational security might need to be traded off to accommodate the needs and requirements of beneficiaries, field workers, and local authorities. • The ability of establishing secure communications among field workers and beneficiaries depends on their P&I, physical locations, and technological capability (or IT service). • Data protection can hamper humanitarian action; in particular, jurisdictions with conflicting legislations can preclude data sharing. 3. P&I enable humanitarian activities in adversarial environments; however, to be effective, they must be complemented with operational and technological safeguards. 26

  27. Outline • The International Commitee of the Red Cross (ICRC) • Methodology • Results • Data collected • Data flows • Operational and legal factors • Proposed architecture 27

  28. Needs of ICRC staff Processing Management Communication (Low) 0 1 2 3 4 5 (High) Satisfied Needed 28

  29. Problems with existing communication technology no end-to-end Meta-data Personal encryption leakages smartphones Need for privacy-enhancing network for organizational communications 29

  30. Organizational structure and practical factors Vulnerability Capacity building Coercion Physical attacks HQ Legal factors 30

  31. Proposed architecture Vulnerability Capacity building Coercion Physical attacks HQ Legal factors 31

  32. Proposed architecture Vulnerability Capacity building Coercion Physical attacks HQ Legal factors 32

  33. Proposed architecture Vulnerability Capacity building Coercion Physical attacks Legal factors 33

  34. Take home messages • Need for secure communications, data management, and processing robust to coercion, lack of physical security and asymmetric legislations • Deploy a technological platform tailored to these legal and organizational factors • Create a foundation combining academic and industrial capability to deploy security tech at ICRC and other humanitarian organizations 34

  36. How did you recruit participants? • Recruited participants both laterally (across divisions) and vertically (from field workers to heads of divisions) • Began interviewing employees with experience collecting & managing humanitarian data • As organizational, technical, and legal aspects emerged, we included managers, ICT and DPO personnel

  37. How did you prepare and analyzed the interview data? • Two researchers recorded and transcribed all interviews (25 hours of recording and 150,000 words of transcriptions) • One researcher lead the interview while the other did an initial coding so new themes could be quickly incorporated • After interview both researchers discussed the set of codes adding more codes if consensus wasn’t reached • Interactively developed conceptual categories in which relevant excerpts were clustered

  38. What is your assessment of the validity of your study? • Following Maxwell model for validity in qualitative studies: • Descriptive validity by saving audio recording of the interviews & performing verbatim transcriptions • Absence of significant disparities of the participants’ accounts during coding ( interpretative validity) • Internal generalizability on the ICRC practices due to diversity of geographical areas of operations (no external generalization) • Omit theoretical and evaluative validity as we do not attempt to explain why observed phenomena occur nor dis/credit practices in place

  39. What are the potential biases of your study? • Many participants and units and extensive experience likely representative of the needs and practices of the ICRC ( self-selection bias ) • Availability of ICT and DPO likely correlate to better practices ( availability of resources and individuality ) • Geographic reach, years of experience, and rigorous methodology make us confident that our results capture security challenges (small sample-size)

  40. What was your interview script? • Identified areas of interest by reviewing the ICRC’s data protection rules & refined it with our liaison • Trial run with participant with 20 years of experience and incorporated feedback • Drew from instruments utilized by related work • Our questionnaire comprised seven categories (cf. Appendix A): • Background • Data collection • Data processing • Data transfers • Data breaches and security • Information security training • General security practices

  41. How does the ICRC compare with other humanitarian organizations? • ICRC is an International Organization (IO) whose mandates follow from the Geneva conventions • Benefits from better Privileges and Immunities than most humanitarian NGOs • Operates both within government-provided infrastructure and its own privately-owned infrastructure

  42. How does the ICRC compare with journalistic organizations? • Both threat models involve governments, armed forces, and criminal organizations • Operational security of journalists is tailored to one or few individuals, although ICRC often has dozens or more field workers • Unlike freedom of the press, the ICRC’s legal protection is captured in bi- lateral agreements with host countries

  43. How did you ensure that interviews were conducted ethically? • Study approved by IRB • Informed consent from all participants to participate in the study and record the interviews’ audio • Audio files were transmitted and stored only in encrypted form and some information was redacted • Possibility to withdraw from study up to 30 days after the interview (P24 chose to do so)

  44. What precautions will you take before deploying your proposed platform? • Designs will be peer-reviewed • Implementations will be open sourced and audited by independent experts • Integration will be delegated to a foundation based in Switzerland

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Parliamentary immunity in Poland Contents Introduction immunity in the context of

Parliamentary immunity in Poland Contents Introduction immunity in the context of

Parliamentary immunity in Poland Contents Introduction immunity in the context of constitutional principles Material immunity (irresponsibility) Types of inviolability privileges Immunity procedures Parliamentary practice

733 views • 10 slides
Digital Signs and Billboards: g g Crafting and Enforcing Local Regulations Evaluating Siting

Digital Signs and Billboards: g g Crafting and Enforcing Local Regulations Evaluating Siting

Presenting a live 90 minute webinar with interactive Q&A Digital Signs and Billboards: g g Crafting and Enforcing Local Regulations Evaluating Siting Issues, Environmental Concerns and Revenue Sharing Opportunities TUES DAY, JUNE 7, 2011

1.17k views • 95 slides
The Global Healthsites Mapping Project GeOnG 2018 - The Humanitarian Data Forum What business

The Global Healthsites Mapping Project GeOnG 2018 - The Humanitarian Data Forum What business

The Global Healthsites Mapping Project GeOnG 2018 - The Humanitarian Data Forum What business model for digital commons in the humanitarian sector? Mark Herringer - Project lead - Digital producer @sharehealthdata Civic co-creation through

385 views • 15 slides
Digital Signs and Billboards: Crafting and Enforcing Local Regulations Evaluating Siting Issues,

Digital Signs and Billboards: Crafting and Enforcing Local Regulations Evaluating Siting Issues,

Presenting a live 90-minute webinar with interactive Q&A Digital Signs and Billboards: Crafting and Enforcing Local Regulations Evaluating Siting Issues, Environmental Concerns and Revenue Sharing Opportunities THURSDAY, JULY 23, 2015 1pm

1.53k views • 136 slides
Digital Signs and Billboards: Crafting and Enforcing Local Regulations Evaluating Siting Issues,

Digital Signs and Billboards: Crafting and Enforcing Local Regulations Evaluating Siting Issues,

Presenting a live 90-minute webinar with interactive Q&A Digital Signs and Billboards: Crafting and Enforcing Local Regulations Evaluating Siting Issues, Environmental Concerns and Revenue Sharing Opportunities WEDNES DAY, DECEMBER 11, 2013

1.68k views • 128 slides
Physician Peer Review: Ensuring Immunity, Confidentiality and Compliance Preserving Immunity or

Physician Peer Review: Ensuring Immunity, Confidentiality and Compliance Preserving Immunity or

Presenting a live 90-minute webinar with interactive Q&A Physician Peer Review: Ensuring Immunity, Confidentiality and Compliance Preserving Immunity or Leveraging Exceptions, Shielding Documentation, Complying With Statutory and JHACO

1.14k views • 50 slides
HUMANITARIAN LEADERSHIP ACADEMY HUMANITARIAN PARTNERSHIP CONFERENCE 15 SEPTEMBER 2015 NAIROBI

HUMANITARIAN LEADERSHIP ACADEMY HUMANITARIAN PARTNERSHIP CONFERENCE 15 SEPTEMBER 2015 NAIROBI

HUMANITARIAN LEADERSHIP ACADEMY HUMANITARIAN PARTNERSHIP CONFERENCE 15 SEPTEMBER 2015 NAIROBI @ACADEMYHUM Localisation is the future of humanitarian aid HUMANITARIAN LEADERSHIP ACADEMY Humanitarian crises are becoming more frequent,

329 views • 19 slides
Information Operations Immunity Style www.immunityinc.com Agenda Scenario Problems of

Information Operations Immunity Style www.immunityinc.com Agenda Scenario Problems of

Information Operations Immunity Style www.immunityinc.com Agenda Scenario Problems of scale when hacking Client-sides Immunity's PINK Framework Trojaning hard targets Immunity Debugger Parasitic Infection Scenario

1.71k views • 36 slides
1 Herd Immunity Herd Immunity Herd immunity protects not only yourself, but those who are

1 Herd Immunity Herd Immunity Herd immunity protects not only yourself, but those who are

Background Influenza Vaccination Influenza is also known as the flu Contagious respiratory illness which can cause severe illness can result in hospitalization or death Spreads by droplets (e.g. infected person coughs, sneezes,

430 views • 4 slides
NGOs and Humanitarian Reform Project: Key messages on humanitarian reform and funding Monteux

NGOs and Humanitarian Reform Project: Key messages on humanitarian reform and funding Monteux

NGOs and Humanitarian Reform Project: Key messages on humanitarian reform and funding Monteux Good Humanitarian Donorship Retreat 1X March 2009 The following presentation was given by Tasneem Mowjee, Senior Policy Advisor, Development

265 views • 3 slides
Information Operations Immunity Style www.immunityinc.com Agenda A Real Life Scenario

Information Operations Immunity Style www.immunityinc.com Agenda A Real Life Scenario

Information Operations Immunity Style www.immunityinc.com Agenda A Real Life Scenario Problems of scale when hacking Client-sides Immunity's PINK Framework Trojaning hard targets Immunity Debugger Parasitic Infection Real

750 views • 45 slides
10/12/2018 Magnitude and Burden of Forced Displacement The Humanitarian Gap Old System, New

10/12/2018 Magnitude and Burden of Forced Displacement The Humanitarian Gap Old System, New

10/12/2018 Magnitude and Burden of Forced Displacement The Humanitarian Gap Old System, New Ways Forward: Does the humanitarian assistance model need to be changed? Paul Spiegel MD, MPH Director, Center for Humanitarian Health Professor,

237 views • 6 slides
H ACKING HIV: C REATING AND A SSESSING A NOVEL CTL- BASED HIV-1 VACCINE Craig Rouskey Immunity

H ACKING HIV: C REATING AND A SSESSING A NOVEL CTL- BASED HIV-1 VACCINE Craig Rouskey Immunity

H ACKING HIV: C REATING AND A SSESSING A NOVEL CTL- BASED HIV-1 VACCINE Craig Rouskey Immunity Project Waag Society, Amsterdam, NL September 9, 2014 C.Rouskey | Immunity Project | Sept. 2014 I MMUNITY P ROJECT Immunity Project is a non-profit

312 views • 27 slides
DIGITAL MARKETING STRATEGIES AT LARGE COMPANIES Cradle Fund Presentation You are not a large

DIGITAL MARKETING STRATEGIES AT LARGE COMPANIES Cradle Fund Presentation You are not a large

DIGITAL MARKETING STRATEGIES AT LARGE COMPANIES Cradle Fund Presentation You are not a large company Spend more in a month then you will ever get in seed funding Shock and awe launch Huge teams of people focused on

224 views • 18 slides
Ease of Doing Business - Enforcing Contracts A localised perspective on the efficacy of

Ease of Doing Business - Enforcing Contracts A localised perspective on the efficacy of

Ease of Doing Business - Enforcing Contracts A localised perspective on the efficacy of enforcing contracts in Malaysia Sabarina Samadi ASEAN INSIDERS 5-6 December 2016 by origin and passion 1 OVERVIEW Introduction to the Malaysian

390 views • 37 slides
Austrian Humanitarian Admission Programme Humanitarian Admission Programme Austria - Overview

Austrian Humanitarian Admission Programme Humanitarian Admission Programme Austria - Overview

ARGE Resettlement Webinar 23.03.2017 Austrian Humanitarian Admission Programme Humanitarian Admission Programme Austria - Overview Austria has been implementing a humanitarian admission programme (HAP) since 2013 with a total number of

240 views • 10 slides
TARRANT COUNTY COLLEGE DISTRICT VOCATIONAL NURSING Mission We prepare skilled nurses to deliver

TARRANT COUNTY COLLEGE DISTRICT VOCATIONAL NURSING Mission We prepare skilled nurses to deliver

VOCATIONAL NURSING INFORMATION SESSION TRINITY RIVER EAST CAMPUS TARRANT COUNTY COLLEGE DISTRICT VOCATIONAL NURSING Mission We prepare skilled nurses to deliver quality, safe patient care in a dynamic health care environment, through patient

274 views • 15 slides
Lecture 8.1: Modeling with nonlinear systems Matthew Macauley Department of Mathematical Sciences

Lecture 8.1: Modeling with nonlinear systems Matthew Macauley Department of Mathematical Sciences

Lecture 8.1: Modeling with nonlinear systems Matthew Macauley Department of Mathematical Sciences Clemson University http://www.math.clemson.edu/~macaule/ Math 2080, Differential Equations M. Macauley (Clemson) Lecture 8.1: Modeling with

96 views • 8 slides
On the Fast Algebraic Immunity of Majority Functions Pierrick M AUX ICTEAM/ELEN/Crypto Group,

On the Fast Algebraic Immunity of Majority Functions Pierrick M AUX ICTEAM/ELEN/Crypto Group,

On the Fast Algebraic Immunity of Majority Functions Pierrick M AUX ICTEAM/ELEN/Crypto Group, Universit catholique de Louvain, Belgium Latincrypt 2019 Santiago de Chile Wednesday October 2 1 / 15 Table of Contents Introduction Results

670 views • 44 slides
Exploiting Branch Target Injection Jann Horn, Google Project Zero 1 Outline Introduction

Exploiting Branch Target Injection Jann Horn, Google Project Zero 1 Outline Introduction

Exploiting Branch Target Injection Jann Horn, Google Project Zero 1 Outline Introduction Reverse-engineering branch prediction Leaking host memory from KVM 2 Disclaimer I haven't worked in CPU design I don't

670 views • 40 slides
VACCINES TO END CANCER MARY L. (NORA) DISIS ASSOCIATE DEAN, TRANSLATIONAL HEALTH SCIENCE, UW

VACCINES TO END CANCER MARY L. (NORA) DISIS ASSOCIATE DEAN, TRANSLATIONAL HEALTH SCIENCE, UW

VACCINES TO END CANCER MARY L. (NORA) DISIS ASSOCIATE DEAN, TRANSLATIONAL HEALTH SCIENCE, UW SCHOOL OF MEDICINE ATHENA DISTINGUISHED PROFESSOR OF BREAST CANCER RESEARCH AMERICAN CANCER SOCIETY CLINICAL RESEARCH PROFESSOR PROFESSOR OF MEDICINE

300 views • 26 slides
1 2 . Strategies for Maximizing Digital Impact National Immunization Awareness Month Webinar

1 2 . Strategies for Maximizing Digital Impact National Immunization Awareness Month Webinar

The Virtual Immunization Communication (VIC) Network is a project of the National Public Health Information Coalition (NPHIC) and the California Immunization Coalition, funded through a cooperative agreement with the Centers for Disease Control

654 views • 64 slides
Office Hours: COVID-19 Planning and Response September 11, 2020 Housekeeping A recording of

Office Hours: COVID-19 Planning and Response September 11, 2020 Housekeeping A recording of

Office Hours: COVID-19 Planning and Response September 11, 2020 Housekeeping A recording of todays session, along with the slide deck and a copy of the Chat and Q&A content will be posted to the HUD Exchange within 2-3 business days

586 views • 55 slides
Best Practices in Promoting College Immunizations Hosted by WithinReach and the Immunization

Best Practices in Promoting College Immunizations Hosted by WithinReach and the Immunization

Making the connections Washington families need to be healthy. Best Practices in Promoting College Immunizations Hosted by WithinReach and the Immunization Action Coalition of Washington (IACW) September 19, 2017 11:00 AM 12:00 PM (PDT)

570 views • 53 slides

More recommend