Transparency-Enhancing Tools PETs PhD Course at Chalmers Tobias - - PowerPoint PPT Presentation

Transparency TETs Transparency Logging A4Cloud Summary

Transparency-Enhancing Tools

PETs PhD Course at Chalmers Tobias Pulls

Karlstad University, Sweden tobias.pulls@kau.se

October 29, 2012

Transparency TETs Transparency Logging A4Cloud Summary

The Transparent Society – David Brin

According to The Transparent Society, ubiquitous surveillance is inevitable The question is if the weak will in turn surveil the strong

Transparency TETs Transparency Logging A4Cloud Summary

Brin’s viewpoint

Transparency TETs Transparency Logging A4Cloud Summary

The Myth of the ‘Transparent Society’ – Bruce Schneier

Some quotes by Schneier:

• “Except it doesn’t work, because it ignores the

crucial dissimilarity of power.”

Transparency TETs Transparency Logging A4Cloud Summary

The Myth of the ‘Transparent Society’ – Bruce Schneier

Some quotes by Schneier:

• “Except it doesn’t work, because it ignores the

crucial dissimilarity of power.”

• “The more power you have, the more

additional power you derive from the new data.”

Transparency TETs Transparency Logging A4Cloud Summary

The Myth of the ‘Transparent Society’ – Bruce Schneier

Some quotes by Schneier:

• “Except it doesn’t work, because it ignores the

crucial dissimilarity of power.”

• “The more power you have, the more

additional power you derive from the new data.”

• “Forced openness in government reduces the

relative power differential between the two, and is generally good. Forced openness in laypeople increases the relative power, and is generally bad.”

Transparency TETs Transparency Logging A4Cloud Summary

David Brin rebuts Schneier

Some quotes by Brin:

• “All of the great enlightenment arenas –

markets, science and democracy – flourish in direct proportion to how much their players (consumers, scientists and voters) know, in

• rder to make good decisions. To whatever

extent these arenas get clogged by secrecy, they fail.”

Transparency TETs Transparency Logging A4Cloud Summary

David Brin rebuts Schneier

Some quotes by Brin:

• “All of the great enlightenment arenas –

markets, science and democracy – flourish in direct proportion to how much their players (consumers, scientists and voters) know, in

• rder to make good decisions. To whatever

extent these arenas get clogged by secrecy, they fail.”

• “If civilization becomes a cloud of secrecy (as

some are now trying to achieve), that’s when elites can really exploit disparities of power.”

Transparency TETs Transparency Logging A4Cloud Summary

David Brin rebuts Schneier

Some quotes by Brin:

• “All of the great enlightenment arenas –

markets, science and democracy – flourish in direct proportion to how much their players (consumers, scientists and voters) know, in

• rder to make good decisions. To whatever

extent these arenas get clogged by secrecy, they fail.”

• “If civilization becomes a cloud of secrecy (as

some are now trying to achieve), that’s when elites can really exploit disparities of power.”

• “...it was a generally open society that invented

modern privacy”

Transparency TETs Transparency Logging A4Cloud Summary

What to make of all of this?

1 The progress of technology leads to

greater ability for the powerful to surveil the weak

Transparency TETs Transparency Logging A4Cloud Summary

What to make of all of this?

1 The progress of technology leads to

greater ability for the powerful to surveil the weak

2 Transparency fosters control

Transparency TETs Transparency Logging A4Cloud Summary

What to make of all of this?

1 The progress of technology leads to

greater ability for the powerful to surveil the weak

2 Transparency fosters control 3 Society functions the best when the

relative power between the strong and weak is as small as possible

Transparency TETs Transparency Logging A4Cloud Summary

What are TETs?

Transparency TETs Transparency Logging A4Cloud Summary

TETs and PETs

Different approaches to addressing information asymmetries: TETs Increases the information available to the weaker party PETs Decreases the information available to the stronger party TETs weak PETs strong information party

Transparency TETs Transparency Logging A4Cloud Summary

The need for preserving privacy in TETs

• Ensuring that TETs preserve privacy is a form of optimisation

Transparency TETs Transparency Logging A4Cloud Summary

The need for preserving privacy in TETs

• Ensuring that TETs preserve privacy is a form of optimisation
• The big picture: not repeating past mistakes, ensuring accuracy

Transparency TETs Transparency Logging A4Cloud Summary

The need for preserving privacy in TETs

• Ensuring that TETs preserve privacy is a form of optimisation
• The big picture: not repeating past mistakes, ensuring accuracy
• Just like any other type of technology: privacy matters

Transparency TETs Transparency Logging A4Cloud Summary

A question

How is data processed by data processors?

Transparency TETs Transparency Logging A4Cloud Summary

What you usually find

Transparency TETs Transparency Logging A4Cloud Summary

One step further

Log processing data and send it to data subjects (users)

Transparency TETs Transparency Logging A4Cloud Summary

One step further

Log processing data and send it to data subjects (users)

• Comparing actual processing with prior agreements

Transparency TETs Transparency Logging A4Cloud Summary

One step further

Log processing data and send it to data subjects (users)

• Comparing actual processing with prior agreements
• Towards holding data processors accountable

Transparency TETs Transparency Logging A4Cloud Summary

One step further

Log processing data and send it to data subjects (users)

• Comparing actual processing with prior agreements
• Towards holding data processors accountable

Main research question How to log processing data in a privacy-preserving way?

Transparency TETs Transparency Logging A4Cloud Summary

Building a log trail

Transparency TETs Transparency Logging A4Cloud Summary

Building a log trail

Transparency TETs Transparency Logging A4Cloud Summary

Building a log trail

Transparency TETs Transparency Logging A4Cloud Summary

Reconstructing a log trail

Transparency TETs Transparency Logging A4Cloud Summary

Reconstructing a log trail

Transparency TETs Transparency Logging A4Cloud Summary

Reconstructing a log trail

Transparency TETs Transparency Logging A4Cloud Summary

Properties

The scheme has the following properties:

• Confidentiality of log data (forward secrecy)

Transparency TETs Transparency Logging A4Cloud Summary

Properties

The scheme has the following properties:

• Confidentiality of log data (forward secrecy)
• Integrity of log data (forward integrity)

Transparency TETs Transparency Logging A4Cloud Summary

Properties

The scheme has the following properties:

• Confidentiality of log data (forward secrecy)
• Integrity of log data (forward integrity)
• Unlinkability of log entries and data subjects (forward unlinkability)

Transparency TETs Transparency Logging A4Cloud Summary

Properties

The scheme has the following properties:

• Confidentiality of log data (forward secrecy)
• Integrity of log data (forward integrity)
• Unlinkability of log entries and data subjects (forward unlinkability)
• Auditable

Transparency TETs Transparency Logging A4Cloud Summary

Properties

The scheme has the following properties:

• Confidentiality of log data (forward secrecy)
• Integrity of log data (forward integrity)
• Unlinkability of log entries and data subjects (forward unlinkability)
• Auditable
• Anonymous trail reconstruction and verification

Transparency TETs Transparency Logging A4Cloud Summary

Properties

The scheme has the following properties:

• Confidentiality of log data (forward secrecy)
• Integrity of log data (forward integrity)
• Unlinkability of log entries and data subjects (forward unlinkability)
• Auditable
• Anonymous trail reconstruction and verification
• Resilient to compromise

Transparency TETs Transparency Logging A4Cloud Summary

Auditability

Transparency TETs Transparency Logging A4Cloud Summary

Auditability

Transparency TETs Transparency Logging A4Cloud Summary

Auditability

Transparency TETs Transparency Logging A4Cloud Summary

Auditability

Transparency TETs Transparency Logging A4Cloud Summary

Unlinkability

Transparency TETs Transparency Logging A4Cloud Summary

Unlinkability

Transparency TETs Transparency Logging A4Cloud Summary

Unlinkability

Transparency TETs Transparency Logging A4Cloud Summary

Unlinkability - why

Transparency TETs Transparency Logging A4Cloud Summary

Unlinkability - why

Transparency TETs Transparency Logging A4Cloud Summary

Unlinkability - enabled by

Transparency TETs Transparency Logging A4Cloud Summary

Unlinkability - enabled by

Transparency TETs Transparency Logging A4Cloud Summary

Unlinkability - enabled by

Transparency TETs Transparency Logging A4Cloud Summary

Attackers - our model

Transparency TETs Transparency Logging A4Cloud Summary

Attackers - our model

Transparency TETs Transparency Logging A4Cloud Summary

Attackers - our model

Transparency TETs Transparency Logging A4Cloud Summary

Attackers - would like to be OK

Transparency TETs Transparency Logging A4Cloud Summary

Attackers - would like to be OK

Transparency TETs Transparency Logging A4Cloud Summary

A4Cloud

Accountability For Cloud and Other Future Internet Services

Transparency TETs Transparency Logging A4Cloud Summary

Summary

• “The goal is justice, the method is

transparency” – Julian Assange

• Transparency → Control

→ Accountability → Trust

• TETs address information

asymmetries by increasing information available to the weak party

• Privacy in the context of TETs is a

matter of accuracy and optimisation

Transparency TETs Transparency Logging A4Cloud Summary

Assumed trust in prior sessions 1/2

Session 1: Privacy & legal Aspects society E-voting at least one mix, entity performing setup Mix-nets at least one mix

Transparency TETs Transparency Logging A4Cloud Summary

Assumed trust in prior sessions 1/2

Session 1: Privacy & legal Aspects society E-voting at least one mix, entity performing setup Mix-nets at least one mix Session 2: Onion routing at least one node DC-nets passive adversaries Crowds a subset of the crowd Tor at least one relay, directory servie Traffic analysis “what if we don’t trust the network?”

Transparency TETs Transparency Logging A4Cloud Summary

Assumed trust in prior sessions 2/2

Session 3: Bitcoin a majority of the computational power E-Cash nobody Vehicular communication manufacturer, identity authorities, ... Secure MPC a subset of participants

Transparency TETs Transparency Logging A4Cloud Summary

Assumed trust in prior sessions 2/2

Session 3: Bitcoin a majority of the computational power E-Cash nobody Vehicular communication manufacturer, identity authorities, ... Secure MPC a subset of participants Session 4: Statistical databases the collector and holder of data, recipients of the knowledge of the database Smart grid everyone except the provider (but the provider’s engineers)

Transparency TETs Transparency Logging A4Cloud Summary

Sources

Sources of images (all accessed 2012-10-28):

1 Sousveillance:

https://zaboujojo.wordpress.com/2012/03/20/sousveillance-when-the- citizens-watch-back/

2 Doctor:

http://wiki.teamfortress.com/wiki/File:Physician%27s Procedure Mask.png

3 Principia Mathematica:

http://history.howstuffworks.com/historical-events/enlightenment.htm

4 Spy mosquito: http://www.hell-labs.com/images/skeeter.jpg 5 Open government:

https://digiphile.wordpress.com/2010/03/28/transparency-camp-2010- government-transparency-open-data-and-coffee/