SLIDE 1
The Everyday Life of Surveillance (V): Architectures, Spaces, Territories
Privacy by Design?
Marc Langheinrich University of Lugano (USI) Switzerland
Privacy by Design? Marc Langheinrich University of Lugano (USI) - - PowerPoint PPT Presentation
Privacy by Design? Marc Langheinrich University of Lugano (USI) - - PowerPoint PPT Presentation
The Everyday Life of Surveillance (V): Architectures, Spaces, Territories Privacy by Design? Marc Langheinrich University of Lugano (USI) Switzerland Projects Ubiquitous Privacy Computing Gothenburg Lancaster Paris Zurich Patras
SLIDE 2
SLIDE 3
Projects
SLIDE 4
Privacy Ubiquitous Computing
SLIDE 5
SLIDE 6
SLIDE 7
Patras Zurich Gothenburg Paris Lancaster Sevilla
SLIDE 8
Approaches to Ubicomp Privacy
Disappearing Computer Troubadour Project (10/2002 - 05/2003)
- Make it Someone Else’s Problem
– “For [my colleague] it is more appropriate to think about [security and privacy] issues. It’s not really the case in my case“
- Absence of Protection as User Empowerment
– “It’s maybe about letting them find their own ways of cheating“
- Insist that “Good Security“ will Fix It
– “All you need is really good firewalls“
Marc Langheinrich: The DC-Privacy Troubadour – Assessing Privacy Implications of DC-Projects. Designing for Privacy Workshop. DC Tales Conference, Santorini, Greece, June 2003.
24
SLIDE 9
SLIDE 10
SLIDE 11
SLIDE 12
NON PRIVACY BY NON DESIGN
Example 1: Make it someone elses problem
SLIDE 13
SLIDE 14
SLIDE 15
“Uses the highest level of encryption allowed by the U.S. government.”
SLIDE 16
2006
SLIDE 17
20 cards
no encryption
SLIDE 18
Cardholder‘s Name Card Number Expiration Date
SLIDE 19
SLIDE 20
O‘Reilly Conf. 2008 Pablos Holman
SLIDE 21
“cards incorporate 128-bit encryption”
SLIDE 22
Cardholder‘s Name Card Number Expiration Date
SLIDE 23
SLIDE 24
SLIDE 25
*MacBook Air not included
SLIDE 26
Defcon 2008 Flexilis
SLIDE 27
SLIDE 28
SLIDE 29
SLIDE 30
Non Privacy By Non Design
SLIDE 31
NON PRIVACY BY (BAD) DESIGN
Example 2: User Empowerment
SECURITY
SLIDE 32
SLIDE 33
P<D<<LANGHEINRICH<<MARC<<<<<<<<<<<<<<<<<<<<< 123456789?D<<710123?M070101?<<<<<<<<<<<<<<<?
SLIDE 34
Marc Langheinrich
SLIDE 35
DD/MMM/1971
SLIDE 36
SLIDE 37
P<D<<LANGHEINRICH<<MARC<<<<<<<<<<<<<<<<<<<<< 12345678??D<<710123?M0701???<<<<<<<<<<<<<<<?
SLIDE 38
SLIDE 39
SLIDE 40
SLIDE 41
SLIDE 42
SLIDE 43
Protection from Forgery!!
SLIDE 44
Digital Signature
SLIDE 45
„ ...cloned and manipulated... “
SLIDE 46
SLIDE 47
Mustermann Christian 0000000000000
?
Proof of Genuine Passport
?
SLIDE 48
SLIDE 49
SLIDE 50
SLIDE 51
Non Security By Bad Design
SLIDE 52
PRIVACY BY DESIGN?
Example 3: Good Firewalls
SLIDE 53
SLIDE 54
Smart Fridge
SLIDE 55
Smart Stove
SLIDE 56
Receiptless Returns
SLIDE 57
Fast Checkout
SLIDE 58
SLIDE 59
SLIDE 60
SLIDE 61
Whig
Model #2342 Material: Polyester
Tiger Thong
Maker: Woolworth Last washed: 5 days ago
Viagra
Maker: Pfizer Size: Maxi (60 pills)
Original “RFID-Man” Artwork (c) 2006 Ari Juels, RSA Laboratories
SLIDE 62
SLIDE 63
SLIDE 64
SLIDE 65
SLIDE 66
SLIDE 67
SLIDE 68
SLIDE 69
SLIDE 70
Working Hypothesis
SLIDE 71
People don‘t want privacy tools
SLIDE 72
People want to get things done!
The more secure, private, safe, the better
SLIDE 73
Getting Things Done?
SLIDE 74
Vision
SLIDE 75
Hands Free Privacy
The more secure, private, safe, the better
SLIDE 76
Example: The Shamir Tag
Langheinrich, Marti: Practical Minimalist Cryptography for RFID
- Privacy. IEEE Systems Journal, Vol. 1, No. 2, 2007
SLIDE 77
Example: The Shamir Tag
- Unsolicited read-outs take long time
–Difficult (but not impossible) to track
- r identify
- Instant Identification for known tags
–Owner uses tags without restrictions
Langheinrich, Marti: Practical Minimalist Cryptography for RFID
- Privacy. IEEE Systems Journal, Vol. 1, No. 2, 2007
SLIDE 78
Shamir Tags Illustrated
Original RFID-Tag:
RFID-Tag contains encrypted ID + Key, but cut in many small pieces. All pieces are needed to decrypt Tag ID.
SLIDE 79
Shamir Tags Illustrated
Original RFID-Tag: Unknown Reader sees:
Only few shares disclosed A few more shares disclosed Still not enough shares… wait wait wait
RFID-Tag contains encrypted ID + Key, but cut in many small pieces. All pieces are needed to decrypt Tag ID.
time
SLIDE 80
Shamir Tags Illustrated + =
Original RFID-Tag: Unknown Reader sees: Owner‘s Reader sees:
Owner checks for known (cached) tag Instant Identification Only few shares disclosed Only few shares disclosed A few more shares disclosed Still not enough shares… wait wait wait
RFID-Tag contains encrypted ID + Key, but cut in many small pieces. All pieces are needed to decrypt Tag ID.
SLIDE 81
Consumers receive basic protection for all tagged goods
Additional security mechanism
can be layered above Shamir Tags
SLIDE 82
Summary
SLIDE 83
Privacy by Design
- Difficult to do even for technology experts
– Industrial (RFID Credit Cards) – Government (ePassport)
- Difficult if wrong user model
– People want to get things done – Privacy, security often gets in the way
- We need usable security and privacy
– Sometimes less security may mean more privacy
SLIDE 84
Outlook
SLIDE 85
SLIDE 86
SLIDE 87
SLIDE 88
SLIDE 89
SLIDE 90
SLIDE 91
SLIDE 92
The wireless century will bring an end to many crimes. It will be a century of morality, since it is known that morality and fear are one and the same.
(Robert Sloss, “The World in 100 Years”, 1910)