SlideShare ist ein Scribd-Unternehmen logo

People Power in Your Pocket

C
Craig Heath

This document discusses opportunities for privacy-enhancing technologies on Symbian smartphones. It identifies Symbian as the world's most widely used open-source mobile platform and discusses four projects that could improve user privacy but may not be undertaken by phone manufacturers: notarized call recording, pre-advice of premium call charges, simple personal data sharing controls, and tools to help users maintain control over their own identity and personal information. The document provides more details on each of these proposed projects and their potential benefits for users.

Technologie
1 von 8
Downloaden Sie, um offline zu lesen
“People Power in Your Pocket” Opportunities for Privacy Enhancing Technology Craig Heath Chief Security Technologist Symbian Foundation
What is the World’s Most Widely Used Open Source Personal Computing Platform?  Not Linux  not a big success on the desktop – probably less than 50M users  not on phones either – less than 20M Android users so far?  Not anything on a PC  worldwide, more people are accessing the internet via phones  World’s most popular smartphone platform is open source  cumulative Symbian shipments top 350 million  still shipping more units every day than Android or iPhone 2
How to Enhance Privacy and Security?  Two areas of interest for end-user security:  Correcting “information asymmetries” to benefit consumers  Better management of personal information  Four projects that phone manufacturers are unlikely to do:  NOTARISED CALL RECORDING  service providers record your call so why don't you?  PRE-ADVICE OF PREMIUM-RATE CHARGES  data is available, why not present it to the consumer?  SIMPLE PERSONAL DATA SHARING CONTROLS (metadata)  most social networking services do a bad job on this  KEEPING CONTROL OF YOUR OWN IDENTITY (VRM, Mydex)  not having to rely on service providers to “do the right thing” 3
Notarised Call Recording  “Reciprocal Surveillance” – who watches the watchers?  When you call a utility company, do you hear “this call may be recorded”?  it’s being recorded for their benefit, not yours  Have you ever been told they will do something, but when you call back: “I’m sorry, I have no record of that”?  probably they do, but you can’t prove it: information asymmetry  Even a simple recording would help, along with the call log  but unlikely to be good enough evidence to use in court  Could combine this with a digital notary  take a hash of the recording (prevents future tampering)  have the hash signed by a trusted third party with a time stamp  proves that the recording was made at or before that time 4
Pre-Advice of Premium-Rate Charges  Premium rate voice and SMS service providers in the UK are required by law to advise consumers of their charges in advance  but they haven’t always done this is the most obvious way  malware isn’t going to respect this  In the UK, you can discover the charges with a free SMS (76787)  also available as a web-based online number checker  but I doubt many people use this regularly  It would be much more useful if your phone did this for you  how about a filter to check the numbers your phone is calling and texting, and warn you before the call is made if it’s premium rate?  “allow this application to spend 50p?” is far more useful than “allow this application to make phone calls and send text messages?”  Could be extended to enforce rules, e.g.  allow this application to spend up to £5  allow this application to send 2 texts per day 5
Simple Personal Data Sharing Controls  The Symbian platform has the notion of “user data”, and the ReadUserData and WriteUserData capabilities  doesn’t, however, identify which user data is intended to be shared and which to be kept private  Could borrow the concept of “sensitivity labels” from the classic MLS (Multi-Level Secure) orange book systems  principle is that the sensitivity label is indivisible from the data  Labels could be set in one application (e.g. the camera app) and then acted upon in another (e.g. a file sharing app)  should be preserved even when files are moved or copied  Should be useful (essential?) for the Social Mobile Framework  but it currently isn’t (“you can trust us” attitude?) 6
Keeping Control of Your Own Identity  “Vendor Relationship Management” (VRM) – reciprocal of “Customer Relationship Management” (CRM)  shouldn’t have to rely on vendors to manage your privacy  they may “do the right thing” but you shouldn’t have to trust them  projectvrm.org: VRM Principles  quick summary:  customers should always be in control of their own data  customers should be able to set their own “terms of engagement”  Based on web services standards for identity management  “user-driven identity” – OpenID / Information Cards  mydex.org – pilot project in the UK for local government  looking for volunteers to implement a Symbian client 7
Over to You! Any Questions? http://developer.symbian.org/mailman/listinfo/privacy 8

Empfohlen

Mobile Security Sticks and Carrots
Mobile Security Sticks and CarrotsMobile Security Sticks and Carrots
Mobile Security Sticks and CarrotsCraig Heath
 
The Future of Computer Security and Cybercrime
The Future of Computer Security and CybercrimeThe Future of Computer Security and Cybercrime
The Future of Computer Security and CybercrimeCraig Heath
 
Security Lessons from Bletchley Park and Enigma
Security Lessons from Bletchley Park and EnigmaSecurity Lessons from Bletchley Park and Enigma
Security Lessons from Bletchley Park and EnigmaCraig Heath
 
Use Access Control Systems?
Use Access Control Systems?Use Access Control Systems?
Use Access Control Systems?electricgatelocksstudy77
 
Smartphone Security Article
Smartphone Security ArticleSmartphone Security Article
Smartphone Security ArticleChristopher Papazian
 
Top 15 security predictions for 2017
Top 15 security predictions for 2017Top 15 security predictions for 2017
Top 15 security predictions for 2017Accelerate Tech
 
Top Cybersecurity Trends In 2022 - What Does The Future Hold For Anti-Scam & ...
Top Cybersecurity Trends In 2022 - What Does The Future Hold For Anti-Scam & ...Top Cybersecurity Trends In 2022 - What Does The Future Hold For Anti-Scam & ...
Top Cybersecurity Trends In 2022 - What Does The Future Hold For Anti-Scam & ...Money 2Conf
 
Enabling a Zero Trust strategy for SMS
Enabling a Zero Trust strategy for SMSEnabling a Zero Trust strategy for SMS
Enabling a Zero Trust strategy for SMSPaul Walsh
 

Empfohlen

Mobile Security Sticks and Carrots
Mobile Security Sticks and CarrotsMobile Security Sticks and Carrots
Mobile Security Sticks and CarrotsCraig Heath
 
The Future of Computer Security and Cybercrime
The Future of Computer Security and CybercrimeThe Future of Computer Security and Cybercrime
The Future of Computer Security and CybercrimeCraig Heath
 
Security Lessons from Bletchley Park and Enigma
Security Lessons from Bletchley Park and EnigmaSecurity Lessons from Bletchley Park and Enigma
Security Lessons from Bletchley Park and EnigmaCraig Heath
 
Use Access Control Systems?
Use Access Control Systems?Use Access Control Systems?
Use Access Control Systems?electricgatelocksstudy77
 
Smartphone Security Article
Smartphone Security ArticleSmartphone Security Article
Smartphone Security ArticleChristopher Papazian
 
Top 15 security predictions for 2017
Top 15 security predictions for 2017Top 15 security predictions for 2017
Top 15 security predictions for 2017Accelerate Tech
 
Top Cybersecurity Trends In 2022 - What Does The Future Hold For Anti-Scam & ...
Top Cybersecurity Trends In 2022 - What Does The Future Hold For Anti-Scam & ...Top Cybersecurity Trends In 2022 - What Does The Future Hold For Anti-Scam & ...
Top Cybersecurity Trends In 2022 - What Does The Future Hold For Anti-Scam & ...Money 2Conf
 
Enabling a Zero Trust strategy for SMS
Enabling a Zero Trust strategy for SMSEnabling a Zero Trust strategy for SMS
Enabling a Zero Trust strategy for SMSPaul Walsh
 
10 IT Security Trends to Watch for in 2016
10 IT Security Trends to Watch for in 201610 IT Security Trends to Watch for in 2016
10 IT Security Trends to Watch for in 2016Core Security
 
10 Things to Watch for in 2016
10 Things to Watch for in 201610 Things to Watch for in 2016
10 Things to Watch for in 2016Courion Corporation
 
Relentless Mobile Threats to Avoid
Relentless Mobile Threats to AvoidRelentless Mobile Threats to Avoid
Relentless Mobile Threats to AvoidLookout
 
Is it safe to bank on our phones?
Is it safe to bank on our phones?Is it safe to bank on our phones?
Is it safe to bank on our phones?Queen's University
 
Patrick armstrong athens
Patrick armstrong athensPatrick armstrong athens
Patrick armstrong athensjoseph armstrong augusta georgia
 
Top Seven Risks of Enterprise Mobility - How to protect your business
Top Seven Risks of Enterprise Mobility - How to protect your businessTop Seven Risks of Enterprise Mobility - How to protect your business
Top Seven Risks of Enterprise Mobility - How to protect your businessSymantec
 
What's digital profiling and its impact on your privacy
What's digital profiling and its impact on your privacyWhat's digital profiling and its impact on your privacy
What's digital profiling and its impact on your privacyFabrizio Gramuglio
 
How can i hide my ip on permanent basis
How can i hide my ip on permanent basisHow can i hide my ip on permanent basis
How can i hide my ip on permanent basishidemyipaddress
 
Security weekly september 28 october 4, 2021
Security weekly september 28 october 4, 2021 Security weekly september 28 october 4, 2021
Security weekly september 28 october 4, 2021 Roen Branham
 
The 2016 IT Trend Showcase
The 2016 IT Trend ShowcaseThe 2016 IT Trend Showcase
The 2016 IT Trend Showcaseflowil
 
State of Application Security Vol. 4
State of Application Security Vol. 4State of Application Security Vol. 4
State of Application Security Vol. 4IBM Security
 
Public safety LTE gives agencies new standards of intelligence to enhance com...
Public safety LTE gives agencies new standards of intelligence to enhance com...Public safety LTE gives agencies new standards of intelligence to enhance com...
Public safety LTE gives agencies new standards of intelligence to enhance com...Comms Connect
 
If At First You Don't Succeed... The Mobile Learning Journey At Qualcomm
If At First You Don't Succeed... The Mobile Learning Journey At QualcommIf At First You Don't Succeed... The Mobile Learning Journey At Qualcomm
If At First You Don't Succeed... The Mobile Learning Journey At QualcommBarbara Ludwig
 
Social Media Balancing Security & Authenticity without Controlling the Message
Social Media Balancing Security & Authenticity without Controlling the MessageSocial Media Balancing Security & Authenticity without Controlling the Message
Social Media Balancing Security & Authenticity without Controlling the MessageCindy Kim
 
Digital Transformation and the Role of IAM
Digital Transformation and the Role of IAMDigital Transformation and the Role of IAM
Digital Transformation and the Role of IAMPing Identity
 
Detecting Frauds and Identifying Security Challenge | by Money2Conf
Detecting Frauds and Identifying Security Challenge | by Money2ConfDetecting Frauds and Identifying Security Challenge | by Money2Conf
Detecting Frauds and Identifying Security Challenge | by Money2ConfMoney 2Conf
 
Digital security update: 10 cybersecurity and privacy threats
Digital security update: 10 cybersecurity and privacy threatsDigital security update: 10 cybersecurity and privacy threats
Digital security update: 10 cybersecurity and privacy threatsEntefy
 
Charlie Johnson, Digital Element: Protecting your users privacy and deliverin...
Charlie Johnson, Digital Element: Protecting your users privacy and deliverin...Charlie Johnson, Digital Element: Protecting your users privacy and deliverin...
Charlie Johnson, Digital Element: Protecting your users privacy and deliverin...ad:tech London, MMS & iMedia
 
Presentation1
Presentation1Presentation1
Presentation1LhackDotcom
 
Social Media & Crime
Social Media & CrimeSocial Media & Crime
Social Media & CrimeInstant Checkmate
 
Prevent Strikes On Industrial And Civil Items Using Access Control
Prevent Strikes On Industrial And Civil Items Using Access ControlPrevent Strikes On Industrial And Civil Items Using Access Control
Prevent Strikes On Industrial And Civil Items Using Access Controlmorticelocksnational21
 
The Weakest Point of Security in IoT
The Weakest Point of Security in IoTThe Weakest Point of Security in IoT
The Weakest Point of Security in IoTnsangary
 

Weitere ähnliche Inhalte

Was ist angesagt?

10 IT Security Trends to Watch for in 2016
10 IT Security Trends to Watch for in 201610 IT Security Trends to Watch for in 2016
10 IT Security Trends to Watch for in 2016Core Security
 
Relentless Mobile Threats to Avoid
Relentless Mobile Threats to AvoidRelentless Mobile Threats to Avoid
Relentless Mobile Threats to AvoidLookout
 
Is it safe to bank on our phones?
Is it safe to bank on our phones?Is it safe to bank on our phones?
Is it safe to bank on our phones?Queen's University
 
Top Seven Risks of Enterprise Mobility - How to protect your business
Top Seven Risks of Enterprise Mobility - How to protect your businessTop Seven Risks of Enterprise Mobility - How to protect your business
Top Seven Risks of Enterprise Mobility - How to protect your businessSymantec
 
What's digital profiling and its impact on your privacy
What's digital profiling and its impact on your privacyWhat's digital profiling and its impact on your privacy
What's digital profiling and its impact on your privacyFabrizio Gramuglio
 
How can i hide my ip on permanent basis
How can i hide my ip on permanent basisHow can i hide my ip on permanent basis
How can i hide my ip on permanent basishidemyipaddress
 
Security weekly september 28 october 4, 2021
Security weekly september 28 october 4, 2021 Security weekly september 28 october 4, 2021
Security weekly september 28 october 4, 2021 Roen Branham
 
The 2016 IT Trend Showcase
The 2016 IT Trend ShowcaseThe 2016 IT Trend Showcase
The 2016 IT Trend Showcaseflowil
 
State of Application Security Vol. 4
State of Application Security Vol. 4State of Application Security Vol. 4
State of Application Security Vol. 4IBM Security
 
Public safety LTE gives agencies new standards of intelligence to enhance com...
Public safety LTE gives agencies new standards of intelligence to enhance com...Public safety LTE gives agencies new standards of intelligence to enhance com...
Public safety LTE gives agencies new standards of intelligence to enhance com...Comms Connect
 
If At First You Don't Succeed... The Mobile Learning Journey At Qualcomm
If At First You Don't Succeed... The Mobile Learning Journey At QualcommIf At First You Don't Succeed... The Mobile Learning Journey At Qualcomm
If At First You Don't Succeed... The Mobile Learning Journey At QualcommBarbara Ludwig
 
Social Media Balancing Security & Authenticity without Controlling the Message
Social Media Balancing Security & Authenticity without Controlling the MessageSocial Media Balancing Security & Authenticity without Controlling the Message
Social Media Balancing Security & Authenticity without Controlling the MessageCindy Kim
 
Digital Transformation and the Role of IAM
Digital Transformation and the Role of IAMDigital Transformation and the Role of IAM
Digital Transformation and the Role of IAMPing Identity
 
Detecting Frauds and Identifying Security Challenge | by Money2Conf
Detecting Frauds and Identifying Security Challenge | by Money2ConfDetecting Frauds and Identifying Security Challenge | by Money2Conf
Detecting Frauds and Identifying Security Challenge | by Money2ConfMoney 2Conf
 
Digital security update: 10 cybersecurity and privacy threats
Digital security update: 10 cybersecurity and privacy threatsDigital security update: 10 cybersecurity and privacy threats
Digital security update: 10 cybersecurity and privacy threatsEntefy
 
Charlie Johnson, Digital Element: Protecting your users privacy and deliverin...
Charlie Johnson, Digital Element: Protecting your users privacy and deliverin...Charlie Johnson, Digital Element: Protecting your users privacy and deliverin...
Charlie Johnson, Digital Element: Protecting your users privacy and deliverin...ad:tech London, MMS & iMedia
 

Was ist angesagt? (20)

10 IT Security Trends to Watch for in 2016
10 IT Security Trends to Watch for in 201610 IT Security Trends to Watch for in 2016
10 IT Security Trends to Watch for in 2016
 
10 Things to Watch for in 2016
10 Things to Watch for in 201610 Things to Watch for in 2016
10 Things to Watch for in 2016
 
Relentless Mobile Threats to Avoid
Relentless Mobile Threats to AvoidRelentless Mobile Threats to Avoid
Relentless Mobile Threats to Avoid
 
Is it safe to bank on our phones?
Is it safe to bank on our phones?Is it safe to bank on our phones?
Is it safe to bank on our phones?
 
Patrick armstrong athens
Patrick armstrong athensPatrick armstrong athens
Patrick armstrong athens
 
Top Seven Risks of Enterprise Mobility - How to protect your business
Top Seven Risks of Enterprise Mobility - How to protect your businessTop Seven Risks of Enterprise Mobility - How to protect your business
Top Seven Risks of Enterprise Mobility - How to protect your business
 
What's digital profiling and its impact on your privacy
What's digital profiling and its impact on your privacyWhat's digital profiling and its impact on your privacy
What's digital profiling and its impact on your privacy
 
How can i hide my ip on permanent basis
How can i hide my ip on permanent basisHow can i hide my ip on permanent basis
How can i hide my ip on permanent basis
 
Security weekly september 28 october 4, 2021
Security weekly september 28 october 4, 2021 Security weekly september 28 october 4, 2021
Security weekly september 28 october 4, 2021
 
The 2016 IT Trend Showcase
The 2016 IT Trend ShowcaseThe 2016 IT Trend Showcase
The 2016 IT Trend Showcase
 
State of Application Security Vol. 4
State of Application Security Vol. 4State of Application Security Vol. 4
State of Application Security Vol. 4
 
Public safety LTE gives agencies new standards of intelligence to enhance com...
Public safety LTE gives agencies new standards of intelligence to enhance com...Public safety LTE gives agencies new standards of intelligence to enhance com...
Public safety LTE gives agencies new standards of intelligence to enhance com...
 
If At First You Don't Succeed... The Mobile Learning Journey At Qualcomm
If At First You Don't Succeed... The Mobile Learning Journey At QualcommIf At First You Don't Succeed... The Mobile Learning Journey At Qualcomm
If At First You Don't Succeed... The Mobile Learning Journey At Qualcomm
 
Social Media Balancing Security & Authenticity without Controlling the Message
Social Media Balancing Security & Authenticity without Controlling the MessageSocial Media Balancing Security & Authenticity without Controlling the Message
Social Media Balancing Security & Authenticity without Controlling the Message
 
Digital Transformation and the Role of IAM
Digital Transformation and the Role of IAMDigital Transformation and the Role of IAM
Digital Transformation and the Role of IAM
 
Detecting Frauds and Identifying Security Challenge | by Money2Conf
Detecting Frauds and Identifying Security Challenge | by Money2ConfDetecting Frauds and Identifying Security Challenge | by Money2Conf
Detecting Frauds and Identifying Security Challenge | by Money2Conf
 
Digital security update: 10 cybersecurity and privacy threats
Digital security update: 10 cybersecurity and privacy threatsDigital security update: 10 cybersecurity and privacy threats
Digital security update: 10 cybersecurity and privacy threats
 
Charlie Johnson, Digital Element: Protecting your users privacy and deliverin...
Charlie Johnson, Digital Element: Protecting your users privacy and deliverin...Charlie Johnson, Digital Element: Protecting your users privacy and deliverin...
Charlie Johnson, Digital Element: Protecting your users privacy and deliverin...
 
Presentation1
Presentation1Presentation1
Presentation1
 
Social Media & Crime
Social Media & CrimeSocial Media & Crime
Social Media & Crime
 

Ähnlich wie People Power in Your Pocket

Prevent Strikes On Industrial And Civil Items Using Access Control
Prevent Strikes On Industrial And Civil Items Using Access ControlPrevent Strikes On Industrial And Civil Items Using Access Control
Prevent Strikes On Industrial And Civil Items Using Access Controlmorticelocksnational21
 
The Weakest Point of Security in IoT
The Weakest Point of Security in IoTThe Weakest Point of Security in IoT
The Weakest Point of Security in IoTnsangary
 
Fingerpay
FingerpayFingerpay
FingerpayAnand B
 
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of CompromiseInsight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise21CT Inc.
 
Introduction to IBM MessageSight
Introduction to IBM MessageSightIntroduction to IBM MessageSight
Introduction to IBM MessageSightAndrew Schofield
 
Introduction to IBM MessageSight - IMPACT 2014
Introduction to IBM MessageSight - IMPACT 2014Introduction to IBM MessageSight - IMPACT 2014
Introduction to IBM MessageSight - IMPACT 2014Arnaud Mathieu
 
Introduction to MessageSight - gateway to the internet of things and mobile m...
Introduction to MessageSight - gateway to the internet of things and mobile m...Introduction to MessageSight - gateway to the internet of things and mobile m...
Introduction to MessageSight - gateway to the internet of things and mobile m...Bernard Kufluk
 
ISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyMichael Davis
 
10.1.1.436.3364.pdf
10.1.1.436.3364.pdf10.1.1.436.3364.pdf
10.1.1.436.3364.pdfmistryritesh
 
Are Mobile Banking Apps Safe?
Are Mobile Banking Apps Safe?Are Mobile Banking Apps Safe?
Are Mobile Banking Apps Safe?VISTA InfoSec
 
8 i internet_security
8 i internet_security8 i internet_security
8 i internet_securityAnil Pandey
 
Multitenency - Solving Security Issue
Multitenency - Solving Security Issue Multitenency - Solving Security Issue
Multitenency - Solving Security Issue MANVENDRA PRIYADARSHI
 
9 Trends in Identity Verification (2023) by Regula
9 Trends in Identity Verification (2023) by Regula9 Trends in Identity Verification (2023) by Regula
9 Trends in Identity Verification (2023) by RegulaRegula
 
West Chester Tech Blog - Training Class - Session 10
West Chester Tech Blog - Training Class - Session 10West Chester Tech Blog - Training Class - Session 10
West Chester Tech Blog - Training Class - Session 10William Mann
 
Law firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMaskLaw firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMaskCloudMask inc.
 

Ähnlich wie People Power in Your Pocket (20)

Prevent Strikes On Industrial And Civil Items Using Access Control
Prevent Strikes On Industrial And Civil Items Using Access ControlPrevent Strikes On Industrial And Civil Items Using Access Control
Prevent Strikes On Industrial And Civil Items Using Access Control
 
The Weakest Point of Security in IoT
The Weakest Point of Security in IoTThe Weakest Point of Security in IoT
The Weakest Point of Security in IoT
 
Designing for Privacy
Designing for PrivacyDesigning for Privacy
Designing for Privacy
 
Designing for Privacy
Designing for PrivacyDesigning for Privacy
Designing for Privacy
 
Fingerpay
FingerpayFingerpay
Fingerpay
 
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of CompromiseInsight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
 
Wfh remote access tips
Wfh remote access tipsWfh remote access tips
Wfh remote access tips
 
Identity in the Internet Age
Identity in the Internet Age Identity in the Internet Age
Identity in the Internet Age
 
WeDo Technologies Blog 2014
WeDo Technologies Blog 2014WeDo Technologies Blog 2014
WeDo Technologies Blog 2014
 
Introduction to IBM MessageSight
Introduction to IBM MessageSightIntroduction to IBM MessageSight
Introduction to IBM MessageSight
 
Introduction to IBM MessageSight - IMPACT 2014
Introduction to IBM MessageSight - IMPACT 2014Introduction to IBM MessageSight - IMPACT 2014
Introduction to IBM MessageSight - IMPACT 2014
 
Introduction to MessageSight - gateway to the internet of things and mobile m...
Introduction to MessageSight - gateway to the internet of things and mobile m...Introduction to MessageSight - gateway to the internet of things and mobile m...
Introduction to MessageSight - gateway to the internet of things and mobile m...
 
ISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and Privacy
 
10.1.1.436.3364.pdf
10.1.1.436.3364.pdf10.1.1.436.3364.pdf
10.1.1.436.3364.pdf
 
Are Mobile Banking Apps Safe?
Are Mobile Banking Apps Safe?Are Mobile Banking Apps Safe?
Are Mobile Banking Apps Safe?
 
8 i internet_security
8 i internet_security8 i internet_security
8 i internet_security
 
Multitenency - Solving Security Issue
Multitenency - Solving Security Issue Multitenency - Solving Security Issue
Multitenency - Solving Security Issue
 
9 Trends in Identity Verification (2023) by Regula
9 Trends in Identity Verification (2023) by Regula9 Trends in Identity Verification (2023) by Regula
9 Trends in Identity Verification (2023) by Regula
 
West Chester Tech Blog - Training Class - Session 10
West Chester Tech Blog - Training Class - Session 10West Chester Tech Blog - Training Class - Session 10
West Chester Tech Blog - Training Class - Session 10
 
Law firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMaskLaw firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMask
 

Kürzlich hochgeladen

4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sectoritnewsafrica
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765
 
Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessWSO2
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...BookNet Canada
 
Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentMahmoud Rabie
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Karmanjay Verma
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesManik S Magar
 
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...itnewsafrica
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxAna-Maria Mihalceanu
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Nikki Chapple
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Mark Simos
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech
 

Kürzlich hochgeladen (20)

4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
 
Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with Platformless
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
 
Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career Development
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
 
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance Toolbox
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
 

People Power in Your Pocket

  • 1. “People Power in Your Pocket” Opportunities for Privacy Enhancing Technology Craig Heath Chief Security Technologist Symbian Foundation
  • 2. What is the World’s Most Widely Used Open Source Personal Computing Platform?  Not Linux  not a big success on the desktop – probably less than 50M users  not on phones either – less than 20M Android users so far?  Not anything on a PC  worldwide, more people are accessing the internet via phones  World’s most popular smartphone platform is open source  cumulative Symbian shipments top 350 million  still shipping more units every day than Android or iPhone 2
  • 3. How to Enhance Privacy and Security?  Two areas of interest for end-user security:  Correcting “information asymmetries” to benefit consumers  Better management of personal information  Four projects that phone manufacturers are unlikely to do:  NOTARISED CALL RECORDING  service providers record your call so why don't you?  PRE-ADVICE OF PREMIUM-RATE CHARGES  data is available, why not present it to the consumer?  SIMPLE PERSONAL DATA SHARING CONTROLS (metadata)  most social networking services do a bad job on this  KEEPING CONTROL OF YOUR OWN IDENTITY (VRM, Mydex)  not having to rely on service providers to “do the right thing” 3
  • 4. Notarised Call Recording  “Reciprocal Surveillance” – who watches the watchers?  When you call a utility company, do you hear “this call may be recorded”?  it’s being recorded for their benefit, not yours  Have you ever been told they will do something, but when you call back: “I’m sorry, I have no record of that”?  probably they do, but you can’t prove it: information asymmetry  Even a simple recording would help, along with the call log  but unlikely to be good enough evidence to use in court  Could combine this with a digital notary  take a hash of the recording (prevents future tampering)  have the hash signed by a trusted third party with a time stamp  proves that the recording was made at or before that time 4
  • 5. Pre-Advice of Premium-Rate Charges  Premium rate voice and SMS service providers in the UK are required by law to advise consumers of their charges in advance  but they haven’t always done this is the most obvious way  malware isn’t going to respect this  In the UK, you can discover the charges with a free SMS (76787)  also available as a web-based online number checker  but I doubt many people use this regularly  It would be much more useful if your phone did this for you  how about a filter to check the numbers your phone is calling and texting, and warn you before the call is made if it’s premium rate?  “allow this application to spend 50p?” is far more useful than “allow this application to make phone calls and send text messages?”  Could be extended to enforce rules, e.g.  allow this application to spend up to £5  allow this application to send 2 texts per day 5
  • 6. Simple Personal Data Sharing Controls  The Symbian platform has the notion of “user data”, and the ReadUserData and WriteUserData capabilities  doesn’t, however, identify which user data is intended to be shared and which to be kept private  Could borrow the concept of “sensitivity labels” from the classic MLS (Multi-Level Secure) orange book systems  principle is that the sensitivity label is indivisible from the data  Labels could be set in one application (e.g. the camera app) and then acted upon in another (e.g. a file sharing app)  should be preserved even when files are moved or copied  Should be useful (essential?) for the Social Mobile Framework  but it currently isn’t (“you can trust us” attitude?) 6
  • 7. Keeping Control of Your Own Identity  “Vendor Relationship Management” (VRM) – reciprocal of “Customer Relationship Management” (CRM)  shouldn’t have to rely on vendors to manage your privacy  they may “do the right thing” but you shouldn’t have to trust them  projectvrm.org: VRM Principles  quick summary:  customers should always be in control of their own data  customers should be able to set their own “terms of engagement”  Based on web services standards for identity management  “user-driven identity” – OpenID / Information Cards  mydex.org – pilot project in the UK for local government  looking for volunteers to implement a Symbian client 7
  • 8. Over to You! Any Questions? http://developer.symbian.org/mailman/listinfo/privacy 8

Hinweis der Redaktion

  1. “Information asymmetry” is an economic term, referring to transactions in which one party has more, or better, information than the other.