the norwegian blue
play

The Norwegian Blue A lesson in Privacy Engineering Eivind Arvesen, - PowerPoint PPT Presentation

Jan 05, 2024 •532 likes •1.18k views

The Norwegian Blue A lesson in Privacy Engineering Eivind Arvesen, Aug. 7th 2020 Crypto & Privacy Village: Glitched (at DEF CON 28: SAFE MODE) $ whoami Eivind Arvesen Consultant @ Bouvet (Oslo, Norway) Privacy and security Senior

  1. The Norwegian Blue A lesson in Privacy Engineering Eivind Arvesen, Aug. 7th 2020 Crypto & Privacy Village: Glitched (at DEF CON 28: SAFE MODE)

  2. $ whoami Eivind Arvesen 
 Consultant @ Bouvet (Oslo, Norway) • Privacy and security • Senior software developer and architect • Security competency group leader • Argumentative hobby writer • Part of expert group evaluating Smittestopp EivindArvesen.com : @EivindArvesen

  3. Disclaimers ⚠

  5. Norway?

  11. Norway • A scandinavian, nordic country (in Northern Europe) • Consistently scores high on • Per-capita income • Human Development Index • Inequality-adjusted ranking • World Happiness Report • OECD Better Life Index • Index of Public Integrity • Democracy Index • High trust in the government and public services in general • Highly digitalized society • Pride ourselves on «knowledge» and trusting experts

  13. «I wish to register a complaint»

  14. Contagion

  15. Early examples of digital protocols and implementations (apps) • Singapore • South-Korea • Israel

  17. Shutdown

  18. Source code leak

  19. Source code leak

  20. «It’s dead»

  21. The app

  22. Summary • Closed-source solution • Requires registration and de facto identification of users • Collects sensor data from multiple sources (both BLE and GPS) • Uploads data from all users, all of the time, to a centralized storage • «Heartbeats" that contain information about BLE and GPS-activations in the app are sent in the background. • Static, device-specific identifier

  23. Basis for processing Smittestopp’s basis for processing is not consent – but regulation (still voluntary to use) “We can all help stop the spread of infection and save lives,” Prime Minister Erna Solberg said in a statement at the time. “If many people download the Smittestopp app, we can open up society more and get our freedom back.”

  24. Dual purpose Purposes of the Norwegian COVID-19 contact tracing solution: • Contact tracing • Provide data to evaluate government interventions and use as input to epidemiological models

  25. Location Data

  26. Centralized storage Continuously upload all sensor data from all users 
 – as opposed to keeping user data on device, only uploading when needed.

  27. Privacy-first contact tracing

  28. Privacy-first contact tracing

  29. Data integrity and user traceability

  30. Identifying users and analytics data

  31. Legal implications • Regulation forbids sharing of health and location data data with law enforcement, etc. • BLE is neither • Sunset-clause • Risks of CLOUD & Patriot acts

  32. Interoperability

  33. Misc.

  34. Discussion • Unknown viability • Not in accordance with common European Guidelines • Extremely invasive measures • Closed source

  35. Anonymity in long-term data storage Re: Anonymity… «The report also has a recommendation of anonymization of data for analysis purposes, through so-called di ff erential privacy. FHI has at this point already developed an elaborate system for anonymization that in FHIs view will have an equally anonymizing e ff ect as so-called di ff erential privacy, but which is easier to implement, communicate and doesn't lose any data quality to speak of.» (freely translated from Norwegian)

  36. Possible attacks • Relay-attacks • Tracking-attacks (combine/collaborate for distributed surveillance!) • Infection-mapping • Impersonation/surveillance • Reidentification from de-identified (not the same as anonymized!) data points • Data theft, leak or misuse (risk magnified by state-actor)

  37. «It's restin’»

  38. The expert group Appointing an independent expert group… The group must provide the following: 1. An open report to the Ministry of Health and Care Services with an overall assessment of whether security and privacy are properly taken care of. 2. A report excluding the public to Simula and FHI with a copy to the Ministry of Health on any identified weaknesses that must be corrected. - Expert group mandate (Google Translate)

  39. Preliminary report Limited to smartphone apps, select parts of backend and only technical security aspects. Extremely little time + what solutions were finished (or even started) at that point. Deletion, matching algorhithms, and anonymization/aggregations are examples of things that were not implemented at this point. TLDR; Lots of low-hanging fruit, like scalability-issues, general robustness, vulnerable dependencies, methodological weakness, weak protocols, data- integrity-issues, data leaks, lack of input validation, and weakness in configuration. 
 Also: PERMANENT, device-specific identifiers (!) – which would make it possible to derive others’ identity and/or COVID-status.

  40. Launch The app was launched to the entire country while still in evaluation; collecting data from everyone, but only o ff ering contact notifications for a couple of select test- municipalities Promptly reverse-engineered, inspected by critical tech- community

  42. Petition A petition from over 300 professionals in security, privacy and tech, asking the government to change their approach

  43. «HELLO POLLY»

  44. Outline Findings • Aggressive analytics • Static identifier in BLE-contact • Eternal connection string • Using preview feature for personal data • Limitations of auditing solutions • Data deletion also deletes audit logs • Quality issues in contact analysis code • Using SMS as notification channel

  45. «WAKEY WAKEY»

  46. Conclusion of the report Is security properly handled? 
 No Is privacy properly handled? 
 No

  47. Outline Recommendations The group's recommendations in our final public report included: • Clarifying the regulation which serves as basis for processing (changing "anonymized" to "deidentified"), to enable data aggregation in practice. • Split purposes, and allow users to choose how their data is used (split into several apps, or implement opt-in functionality). This might both protect users' interests and lead to more users. • Remove all data that is not needed (e.g. delete location data older than 15-16 days, delete location data without crossing trajectories at regular intervals) to increase data minimization. • Implement di ff erential privacy in data aggregation processes, to reduce risk to privacy and increase accuracy of the resulting dataset. • Consider rewriting to a more distributed solution, post stabilized contact tracing criteria, as this could be both less invasive and lead to an increase in users. • Implement local di ff erential privacy before uploading user data, to further decrease privacy impact. • Make as much source code as possible available as open source, to give the public real insight into how their data is used. • Regularly evaluate the solution, purpose and e ff ect, to ensure that the solution is still suitable, and the problem is still relevant.

  48. «It's bleedin' demised»

  49. Aftermath 1.The Norwegian Institute of Public Health disagreed with our conclusion 2.The supplier/producer responds to this by publicly attacking the expert group, questioning their motives and claiming that their conclusions and recommendations are personal political opinions 3.Parliament decides to split app based on purpose 4.The Norwegian Data Protection Authority concludes that the degree of privacy-invasiveness is not justified 5.Health authorities chose to stop all data collection, and to delete existing data 6.Amnesty International stated that they found the Norwegian app to be among the most dangerous tracing apps for privacy. 7.International media (NYT, etc.)

  50. Sidenote Media-strategy/handling criticism What about privacy? The expert group concludes that they "think privacy is not well enough taken care of". Simula would like to point out that this is not justified with any sides of the app itself. The expert group do not wish that location data be collected, and they therefore conclude that privacy is not handled good enough. Political recommendations Several of the recommendations from the expert group, on the other hand, bears the impression of being the members' views on some familiar discussions that have been around Smittestopp along the way. This especially goes for the members of the group wanting contact tracing only locally on the phones (Recommendations "Go over to a dsitributed model for collection of data" and "Split the purposes and make it possible to elect to be part of only one") and that the members wish that the source code be made publicly available. ("Make available as much source code as possible as open source"). These are familiar subjects of debate, but has little to do with how Smittestopp works.

  51. Sidenote Media-strategy/handling criticism "There are many countries I think should not use the Norwegian solution – precisely because they don't have a well regulated democracy; They don't have strong privacy interests and governments that keep watch» 
 (freely translated from Norwegian) Simula's Deputy Managing Director in episode #2 of the Norwegian podcast Waterhouse.

  52. Key point: Data protection and and privacy are di ff erent things.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

. Frokostmte: "Den bl skogen , Bergen, 12/2 2015 What (definitions of blue forests

. Frokostmte: "Den bl skogen , Bergen, 12/2 2015 What (definitions of blue forests

Norwegian Blue Forests Network (NBFN) Norsk nettverk for bl skog hva, hvem, hvorfor og hvordan Sindre Langaas, PhD, Research Manager NIVA . Frokostmte: "Den bl skogen , Bergen, 12/2 2015 What (definitions of blue forests and

361 views • 10 slides
The Norwegian EV Success Christina Bu, Secretary General Norwegian EV Association The Norwegian

The Norwegian EV Success Christina Bu, Secretary General Norwegian EV Association The Norwegian

The Norwegian EV Success Christina Bu, Secretary General Norwegian EV Association The Norwegian EV Association Non-profit NGO 70.000 members 30 employees elbil.no Norway 5,3 million Large exporter 2,7 million High

423 views • 39 slides
Blue A Sketch Model Review Blue A Blue A Smooth Passenger Bag Be Gone Talker Blue A

Blue A Sketch Model Review Blue A Blue A Smooth Passenger Bag Be Gone Talker Blue A

Blue A Sketch Model Review Blue A Blue A Smooth Passenger Bag Be Gone Talker Blue A SMOOTH TALKER Blue A !!!! Users 515,000 children in America with ASD who communicate verbally Design Blue A Fastening

246 views • 10 slides
Norwegian Forestry Group Sigurd Ole Ruud Senior Consultant Norwegian Forestry Group Norwegian

Norwegian Forestry Group Sigurd Ole Ruud Senior Consultant Norwegian Forestry Group Norwegian

Norwegian Forestry Group Sigurd Ole Ruud Senior Consultant Norwegian Forestry Group Norwegian Forestry Group (NFG) NFG is a network company with experience from all aspects of Norwegian forestry both in the public and private sector. The

387 views • 10 slides
Norwegian Air Shuttle ASA Investor Presentation January 2020 Norwegian at a glance 150+

Norwegian Air Shuttle ASA Investor Presentation January 2020 Norwegian at a glance 150+

Norwegian Air Shuttle ASA Investor Presentation January 2020 Norwegian at a glance 150+ ~10,000 4 th GLOBAL DESTINATIONS HARD WORKING STAFF LARGEST LOW- COST AIRLINE IN EUROPE* ~36M 160+ PASSENGERS FLOWN 500+ AIRCRAFT IN FLEET

351 views • 23 slides
Green Blue Blue Blue Red Red Text visualization Why use text in visualization? Instant

Green Blue Blue Blue Red Red Text visualization Why use text in visualization? Instant

Web-pages Email Green Blue Blue Blue Red Red Text visualization Why use text in visualization? Instant messages Digitized books, articles Lucas Rizoli CPSC 533C, November 2006 2 3 4 Fast Text can be a dense representation New York

576 views • 3 slides
2020 Blue's Tour August 2020 We would like to Welcome you on behalf of Blue Cross and Blue Shield

2020 Blue's Tour August 2020 We would like to Welcome you on behalf of Blue Cross and Blue Shield

2020 Blue's Tour August 2020 We would like to Welcome you on behalf of Blue Cross and Blue Shield of Kansas to the 2020 Blue's Tour! We are glad you could all join us virtually today! I am Jessica Moore, Education and Communication Coordinator

290 views • 26 slides
RC Claim Assist Kelly Hayes Blue Cross / Blue Care Network Provider Outreach Blue Cross Blue

RC Claim Assist Kelly Hayes Blue Cross / Blue Care Network Provider Outreach Blue Cross Blue

RC Claim Assist Kelly Hayes Blue Cross / Blue Care Network Provider Outreach Blue Cross Blue Shield of Michigan and Blue Care Network are nonprofit corporations and independent licensees of the Blue Cross and Blue Shield Association. RC Claim

423 views • 7 slides
emission in Norwegian cities NBV: The Norwegian Urban Planning Tool Leonor Tarrasn, Gabriela

emission in Norwegian cities NBV: The Norwegian Urban Planning Tool Leonor Tarrasn, Gabriela

Evaluation of wood-burning emission in Norwegian cities NBV: The Norwegian Urban Planning Tool Leonor Tarrasn, Gabriela Sousa Santos, Dam Vo Thanh, Matthias Vogt, Susana Lpez-Aparicio, Bruce Denby, Hvard Vika Ren, Ingrid Sundvor, Dag

412 views • 19 slides
Central Clearing of OTC derivatives - OTC clearing from a Norwegian perspective Johan Christian

Central Clearing of OTC derivatives - OTC clearing from a Norwegian perspective Johan Christian

Central Clearing of OTC derivatives - OTC clearing from a Norwegian perspective Johan Christian Kongsli Introduction EMIR Implementation in Norway Comparison with current Norwegian regulation Some Norwegian perspectives on

260 views • 23 slides
IT Governance in Norwegian Government 10.02.2016 Arild Jansen, AFIN, UiO IT governance in

IT Governance in Norwegian Government 10.02.2016 Arild Jansen, AFIN, UiO IT governance in

IT Governance in Norwegian Government 10.02.2016 Arild Jansen, AFIN, UiO IT governance in Norwegian public sector current ambitions and important challenges Agenda ICT governance in Norway ICT management in Norwegian ministries:

122 views • 10 slides
Overview ew Overview of Corporate Philanthropy Overview of Florida Blue Corporate and Foundation

Overview ew Overview of Corporate Philanthropy Overview of Florida Blue Corporate and Foundation

L ESSONS L EARNED FROM A C ORPORATE D ONOR Susan B. Towler Florida Blue October 21, 2015 Orange Park, FL Blue Cross and Blue Shield of Florida Foundation is an Independent Licensee of the Blue Cross and Blue Shield Association. Overview ew

422 views • 16 slides
Estimation of logistic consumption for the Norwegian Armed Forces Terje Nilsen Norwegian Defence

Estimation of logistic consumption for the Norwegian Armed Forces Terje Nilsen Norwegian Defence

Estimation of logistic consumption for the Norwegian Armed Forces Terje Nilsen Norwegian Defence Research Establishment Be nice to a logistican if you want to Overview hear a BANG! and not a CLICK! ............. Introduction

373 views • 13 slides
Mary Litsardopoulou, Commercial Officer Royal Norwegian Embassy Greece Business Innovation

Mary Litsardopoulou, Commercial Officer Royal Norwegian Embassy Greece Business Innovation

Business Innovation Greece Mary Litsardopoulou, Commercial Officer Royal Norwegian Embassy Greece Business Innovation Greece Green Industry Innovation Blue Growth Information and Communication Technology (ICT) For more

224 views • 3 slides
The New Cooling Unit Generation Blue e+ 1 Die neue Khlgerte-Generation Blue e+ The Blue e+

The New Cooling Unit Generation Blue e+ 1 Die neue Khlgerte-Generation Blue e+ The Blue e+

The New Cooling Unit Generation Blue e+ 1 Die neue Khlgerte-Generation Blue e+ The Blue e+ cooling unit series the ultimate in efficiency. 2 The new Cooling Unit Generation Blue e+ Enclosure Climate Control Sensitive electronic

319 views • 27 slides
BLUE COMMUNITIES What is a Blue Community? The Blue Communities Project encourages municipalities

BLUE COMMUNITIES What is a Blue Community? The Blue Communities Project encourages municipalities

BLUE COMMUNITIES What is a Blue Community? The Blue Communities Project encourages municipalities and Indigenous communities to adopt a water commons framework by: 1. recognizing water and sanitation as human rights 2. banning bottled water in

183 views • 15 slides
1 OLD TESTAMENT MODELS FOR THE NEW TESTAMENT CHRIST Old

1 OLD TESTAMENT MODELS FOR THE NEW TESTAMENT CHRIST Old

Class 10a HOW JESUS BECAME GOD TRAJECTORIES IN EARLY CHRISTIANITY Questions What is the scope of your gospel that is, where does it

462 views • 12 slides
A Refinement Calculus for Requirements Engineering John Mylopoulos University of Ottawa 13 th

A Refinement Calculus for Requirements Engineering John Mylopoulos University of Ottawa 13 th

A Refinement Calculus for Requirements Engineering John Mylopoulos University of Ottawa 13 th Int. Conf. on Research Challenges for Information Science Brussels, May 29, 2019 RCIS19 -- 1 Abstract The requirements problem consists of

286 views • 28 slides
I NTRODUCTION Pattern Recognition Problems (OCR, handwritten and

I NTRODUCTION Pattern Recognition Problems (OCR, handwritten and

XXIV SIBGRAPI - Conference on Graphics, Patterns and Images Rosario A. Medina Rodriguez and Ronaldo Fumio Hashimoto Institute of Mathematics and Statistics

320 views • 20 slides
Please visit pollev.com/jeffterrell for a poll 1 / 29 Interpersonal Effectivness UNC COMP 523

Please visit pollev.com/jeffterrell for a poll 1 / 29 Interpersonal Effectivness UNC COMP 523

Please visit pollev.com/jeffterrell for a poll 1 / 29 Interpersonal Effectivness UNC COMP 523 September 30, 2020 Jeff Terrell 2 / 29 Announcements music: Come Together by the Beatles, as a nod to interpersonal effectiveness autograding on

851 views • 29 slides
WHEN SERIES GO IN INDEFINITUM, AD INFINITUM AND IN INFINITUM CONCEPTS OF INFINITY IN KANT'S

WHEN SERIES GO IN INDEFINITUM, AD INFINITUM AND IN INFINITUM CONCEPTS OF INFINITY IN KANT'S

WHEN SERIES GO IN INDEFINITUM, AD INFINITUM AND IN INFINITUM CONCEPTS OF INFINITY IN KANT'S PHILOSOPHY AND COSMOLOGY Silvia De Bianchi TU Dortmund silvia.debianchi@tu-dortmund.de CONTENTS Part I Kants Antinomy of pure Reason and

500 views • 22 slides
Building Blocks for Value-Based Payment N A H D O 2 0 1 9 H E A L T H C A R E D A T A S U M M

Building Blocks for Value-Based Payment N A H D O 2 0 1 9 H E A L T H C A R E D A T A S U M M

Medicare Price Benchmarks: Building Blocks for Value-Based Payment N A H D O 2 0 1 9 H E A L T H C A R E D A T A S U M M I T N O V E M B E R 6 , 2 0 1 9 L I T T L E R O C K , A R C H A P I N W H I T E S E N I O R P O L I C Y R E S

464 views • 29 slides
The Minimalist Foundation and its impact on the working mathematician Giovanni Sambin

The Minimalist Foundation and its impact on the working mathematician Giovanni Sambin

The Minimalist Foundation and its impact on the working mathematician Giovanni Sambin Dipartimento di Matematica Tullio Levi Civita Universit` a di Padova Continuity, Computability, Constructivity (CCC 2017), Nancy 29 June 2017 Aim

564 views • 33 slides
Heroes vs Villains: Building an Application Security Program that Scales Kevin Delaney , B.IT

Heroes vs Villains: Building an Application Security Program that Scales Kevin Delaney , B.IT

Heroes vs Villains: Building an Application Security Program that Scales Kevin Delaney , B.IT Hons. NetSec Director of Solutions Architecture Security Compass Over 160 Million Credit Cards lifted over 7 years Villains are PROACTIVE Heroes are

452 views • 22 slides

More recommend