SlideShare a Scribd company logo

RW privacy-technology-outlook

R
racingsnake

Robin Wilton presented at the ICO Data Protection Officer Conference in March 2010 in Salford. He discussed the relationship between identity and privacy using the "onion model" to represent layers of personal information. Wilton addressed challenges to online privacy such as managing metadata and finding workable privacy metaphors. He highlighted several projects taking privacy principles to practical applications and encouraged participation in the Kantara Initiative to further such work.

TechnologyNews & Politics
1 of 12
Download to read offline
ICO Data Protection Officer Conference March 2010 Salford A Privacy and Technology Outlook Robin Wilton Director, Future Identity Ltd Director of Privacy and Public Policy, Kantara Initiative Future identity
Do any of these strike a chord? “You have zero privacy anyway. “If you have something that you Get over it” (45) don't want anyone to know, maybe you shouldn't be doing it “Privacy in the first place” (56) is no longer a social norm” (25) “People forgive and forget; computers can't do either” [Voiceover: It will be a strange day indeed when the definitive arbiter of social privacy norms is a single white 25-year-old male billionaire college drop-out...] Future identity
“Ladders, Onions, and Surfing Naked...” Topics for this session: ● How are identity and privacy related? ● What is privacy anyway, and why is it important? ● Is privacy just a matter of protecting PII? ● What future challenges does online privacy present? This presentation draws on the input of many people, including: ● The Liberty Alliance Privacy Summit participants ● Bob Blakley and Ian Glazer of Burton Group ● Dr Mireille Hildebrandt, Vrije Universiteit Brussel My sincere thanks to all of them Future identity
How are identity and privacy related? (The 'Onion' Model) ● The BIS (Basic Identifier Set) is what usually suffices to provide 'proof of uniqueness' ● Credentials usually encapsulate data from multiple 'rings' of the onion ● One 'good practice' approach is for B.I.S credentials to 'gravitate' towards the centre – i.e. not be overloaded with “Other PII” attribute data, but provide: ● the means to link to it; Attributes ● proof of uniqueness. Credentials are not privacy-neutral ● e.g. Using a driver's license to prove your age reveals more than your age; ● By their nature, credentials tend to make transactions 'linkable'; ● Privacy-enhancing systems will (must) be better at attribute-level disclosures, or better still, “Yes/No” answers to attribute-level questions. (cf. Dave Birch's paper on the "Psychic ID" metaphor) http://www.springerlink.com/content/hk1p8r133867x402/fulltext.pdf Future identity
Slicing the Onion ● A 'segment' of the onion may correspond to sector-specific data (healthcare, tax, employment...). ● Some sectors are 'informal' – such as the separation between your Flickr and B.I.S MySpace accounts. ● Others, you might prefer to keep strictly “Other PII” separate – such as online banking. Attributes ● One way to look at privacy is as the preservation of “contextual integrity” between sectoral data sets (Helen Nissenbaum, via Piotr Cofta of BT) We become uneasy if our personal data shows up 'out of context'... Future identity
What risks does this model suggest? ● Privacy is not a 'state': it's a relationship, often involving multiple parties. And like any relationship: ● Privacy brings interests and motivations into conflict: ● What we tell different people often depends on context; ● There are rules – mostly implicit: ● When third parties exchange data about you, is that co-operation or collusion? B.I.S ● Like any relationship, without maintenance and management it may go awry. “Other PII” Attributes Intuitively we know all these things, because humans are social animals... and yet ... Future identity
Beyond the Onion: the DAO of privacy... Increasingly, third parties interact with you based on data at the edge of the Onion and beyond... D.A.O. − Data About You: with enough of your attributes, and/or linkability, you can be identified even if you're not asked for credentials; D.A.P.L.Y. − Data About People Like You: if you can be categorised, third parties will apply inferences from D.A.Y. other 'group' characteristics; − Data About Others: mass data mining makes third party intervention viable without you disclosing any PII. “You don't have to be in the statistics to be affected by the statistics” (Jason Pridmore) Future identity
Flawed Perceptions ● The online world neither works nor behaves like the real world; despite occasional appearances to the contrary... ● The online world often presents us with metaphors, but not ones which would help us overcome these differences. ● We therefore frequently – and willingly - base our behaviour on a flawed perception of risks and the reality which gives rise to them. In other words, we could be surfing naked and not even know it. Brrr. Future identity
Getting the Privacy 'Big Picture' ● “Privacy management” implies being aware of relationships and contexts, and acting accordingly; ● It means taking diverse, legitimate stakeholder perspectives into account; ● It needs a new set of metaphors, which help build a privacy- enhancing culture: 'protocol rules' are not the same as 'social rules'; ● It will involve privacy-enhancing technologies, but those are doomed without a privacy-enhancing ecosystem of governance, adoption and behaviours which, largely, remain to be developed; ● So: what are some of the challenges, if online privacy is to have a future? Privacy is not about secrecy: it's about disclosure... but disclosure with consent and control appropriate to the context. Future identity
Challenges Managing meta-data: − Implied by most governance regimes - strongly indicated for good practice; − Sticky policy: preserving privacy preferences “beyond first disclosure” − Managing revocation as well as disclosure. Finding workable metaphors for online privacy concepts: − Personas, contextual integrity; − Informed consent in social networks. Managing attribute-level assertions:  If credentials are “minimalist”, attribute management becomes critical;  “Yes/No” answers need to be built in from early on;  How to address the “DAO” problem:  “You don't have to be in the statistics to be affected by the statistics” (Pridmore). Future identity
Practical next steps Talk to the stakeholders, and reflect their perspectives and their needs in the 'ecosystem': There are tried and tested models for productive multi- stakeholder conversations. Several relevant projects taking principles to practicalities: PrimeLife (EU): whole-life privacy/identity management; VOME and EnCoRe (UK): privacy perception, consent, revocation; The Kantara Initiative (w/w) has work-groups on: ● User-managed access to personal data ● Information-sharing and user preferences ● Privacy and public policy ● Identity assurance ... and would welcome your projects and participation http://kantarainitiative.org Future identity
ICO Data Protection Officer Conference March 2010 Salford Thank you... ... any questions? Robin Wilton Director, Future Identity Ltd Director of Privacy and Public Policy, Kantara Initiative mail@futureidentity.eu +44 (0)705 005 2931 http://futureidentity.eu http://futureidentity.blogspot.com Future identity

Recommended

Interpersonal data, identity, and relationships – in pursuit of collective mi...
Interpersonal data, identity, and relationships – in pursuit of collective mi...Interpersonal data, identity, and relationships – in pursuit of collective mi...
Interpersonal data, identity, and relationships – in pursuit of collective mi...SSIMeetup
 
Insight analytics: Identity Nexus - The Future of Consumer Personal Information
Insight analytics: Identity Nexus - The Future of Consumer Personal InformationInsight analytics: Identity Nexus - The Future of Consumer Personal Information
Insight analytics: Identity Nexus - The Future of Consumer Personal InformationKaliya "Identity Woman" Young
 
The future of Content management when the mobile Broadcasts Intent
The future of Content management when the mobile Broadcasts Intent The future of Content management when the mobile Broadcasts Intent
The future of Content management when the mobile Broadcasts Intent Tony Fish
 
Big Data
Big Data Big Data
Big Data Tony Fish
 
Big Data.... and digital footprint
Big Data.... and digital footprintBig Data.... and digital footprint
Big Data.... and digital footprintTony Fish
 
Jonathan Cave, University of Warwick (Plenary): Agreeing to Disagree About Pr...
Jonathan Cave, University of Warwick (Plenary): Agreeing to Disagree About Pr...Jonathan Cave, University of Warwick (Plenary): Agreeing to Disagree About Pr...
Jonathan Cave, University of Warwick (Plenary): Agreeing to Disagree About Pr...i_scienceEU
 
Iot privacy vs convenience
Iot privacy vs convenienceIot privacy vs convenience
Iot privacy vs convenienceDon Lovett
 
Social life in digital societies: Trust, Reputation and Privacy EINS summer s...
Social life in digital societies: Trust, Reputation and Privacy EINS summer s...Social life in digital societies: Trust, Reputation and Privacy EINS summer s...
Social life in digital societies: Trust, Reputation and Privacy EINS summer s...i_scienceEU
 

Recommended

Interpersonal data, identity, and relationships – in pursuit of collective mi...
Interpersonal data, identity, and relationships – in pursuit of collective mi...Interpersonal data, identity, and relationships – in pursuit of collective mi...
Interpersonal data, identity, and relationships – in pursuit of collective mi...SSIMeetup
 
Insight analytics: Identity Nexus - The Future of Consumer Personal Information
Insight analytics: Identity Nexus - The Future of Consumer Personal InformationInsight analytics: Identity Nexus - The Future of Consumer Personal Information
Insight analytics: Identity Nexus - The Future of Consumer Personal InformationKaliya "Identity Woman" Young
 
The future of Content management when the mobile Broadcasts Intent
The future of Content management when the mobile Broadcasts Intent The future of Content management when the mobile Broadcasts Intent
The future of Content management when the mobile Broadcasts Intent Tony Fish
 
Big Data
Big Data Big Data
Big Data Tony Fish
 
Big Data.... and digital footprint
Big Data.... and digital footprintBig Data.... and digital footprint
Big Data.... and digital footprintTony Fish
 
Jonathan Cave, University of Warwick (Plenary): Agreeing to Disagree About Pr...
Jonathan Cave, University of Warwick (Plenary): Agreeing to Disagree About Pr...Jonathan Cave, University of Warwick (Plenary): Agreeing to Disagree About Pr...
Jonathan Cave, University of Warwick (Plenary): Agreeing to Disagree About Pr...i_scienceEU
 
Iot privacy vs convenience
Iot privacy vs convenienceIot privacy vs convenience
Iot privacy vs convenienceDon Lovett
 
Social life in digital societies: Trust, Reputation and Privacy EINS summer s...
Social life in digital societies: Trust, Reputation and Privacy EINS summer s...Social life in digital societies: Trust, Reputation and Privacy EINS summer s...
Social life in digital societies: Trust, Reputation and Privacy EINS summer s...i_scienceEU
 
Extreme Information - 8 Charts That Tell You Everything You Need to Know
Extreme Information - 8 Charts That Tell You Everything You Need to KnowExtreme Information - 8 Charts That Tell You Everything You Need to Know
Extreme Information - 8 Charts That Tell You Everything You Need to KnowJohn Mancini
 
Engineering Authority
Engineering AuthorityEngineering Authority
Engineering AuthoritySteve Waldman
 
Newrulesforlivinginadigitalage 101101063746-phpapp01
Newrulesforlivinginadigitalage 101101063746-phpapp01Newrulesforlivinginadigitalage 101101063746-phpapp01
Newrulesforlivinginadigitalage 101101063746-phpapp01Lokinos
 
Who and how am I online
Who and how am I onlineWho and how am I online
Who and how am I onlineJISC SSBR
 
Cookies and Data Protection - a Practitioner's perspective
Cookies and Data Protection - a Practitioner's perspectiveCookies and Data Protection - a Practitioner's perspective
Cookies and Data Protection - a Practitioner's perspectiveCastlebridge Associates
 
MindingTheCloud_NPR_Sum2014-no cover
MindingTheCloud_NPR_Sum2014-no coverMindingTheCloud_NPR_Sum2014-no cover
MindingTheCloud_NPR_Sum2014-no coverPJStarr
 
Trust Factory Slides (2015)
Trust Factory Slides (2015)Trust Factory Slides (2015)
Trust Factory Slides (2015)Timothy Holborn
 
Feb 2020 - Senate Submission Financial Technology and Regulatory Technology
Feb 2020 - Senate Submission Financial Technology and Regulatory TechnologyFeb 2020 - Senate Submission Financial Technology and Regulatory Technology
Feb 2020 - Senate Submission Financial Technology and Regulatory TechnologyTimothy Holborn
 
SSI Meetup – interpersonal data, identity and collective minds
SSI Meetup – interpersonal data, identity and collective mindsSSI Meetup – interpersonal data, identity and collective minds
SSI Meetup – interpersonal data, identity and collective mindsPhilip Sheldrake
 
Personal identity Management
Personal identity ManagementPersonal identity Management
Personal identity ManagementGeorge Roberts
 
Security & Privacy of Information Technology
Security & Privacy of Information TechnologySecurity & Privacy of Information Technology
Security & Privacy of Information TechnologyAshish Mathew
 
Privacy, Emerging Technology, and Information Professionals
Privacy, Emerging Technology, and Information ProfessionalsPrivacy, Emerging Technology, and Information Professionals
Privacy, Emerging Technology, and Information ProfessionalsCentre for Advanced Management Education
 
Information Privacy
Information PrivacyInformation Privacy
Information Privacyprimeteacher32
 
Information privacy
Information privacyInformation privacy
Information privacyNicholas Davis
 
Privacy in the Information Age [Q3 2015 version]
Privacy in the Information Age [Q3 2015 version]Privacy in the Information Age [Q3 2015 version]
Privacy in the Information Age [Q3 2015 version]Jordan Peacock
 
Privacy , Security and Ethics Presentation
Privacy , Security and Ethics PresentationPrivacy , Security and Ethics Presentation
Privacy , Security and Ethics PresentationHajarul Cikyen
 
Piecing Together Your Personal Privacy Profile (CPV 2021)
Piecing Together Your Personal Privacy Profile (CPV 2021)Piecing Together Your Personal Privacy Profile (CPV 2021)
Piecing Together Your Personal Privacy Profile (CPV 2021)Margaret Fero
 
Business considerations for privacy and open data: how not to get caught out
Business considerations for privacy and open data: how not to get caught outBusiness considerations for privacy and open data: how not to get caught out
Business considerations for privacy and open data: how not to get caught outtheODI
 
Digital Privacy Revisited
Digital Privacy RevisitedDigital Privacy Revisited
Digital Privacy RevisitedFing
 
How fluently do you speak data
How fluently do you speak dataHow fluently do you speak data
How fluently do you speak dataMary Aviles
 
Algorithms and Fundamental Rights - Jeroen van den Hoven
Algorithms and Fundamental Rights - Jeroen van den HovenAlgorithms and Fundamental Rights - Jeroen van den Hoven
Algorithms and Fundamental Rights - Jeroen van den HovenDelft Design for Values Institute
 
Itri icl 0116_distribute
Itri icl 0116_distributeItri icl 0116_distribute
Itri icl 0116_distributeFuming Shih
 

More Related Content

What's hot

Extreme Information - 8 Charts That Tell You Everything You Need to Know
Extreme Information - 8 Charts That Tell You Everything You Need to KnowExtreme Information - 8 Charts That Tell You Everything You Need to Know
Extreme Information - 8 Charts That Tell You Everything You Need to KnowJohn Mancini
 
Engineering Authority
Engineering AuthorityEngineering Authority
Engineering AuthoritySteve Waldman
 
Newrulesforlivinginadigitalage 101101063746-phpapp01
Newrulesforlivinginadigitalage 101101063746-phpapp01Newrulesforlivinginadigitalage 101101063746-phpapp01
Newrulesforlivinginadigitalage 101101063746-phpapp01Lokinos
 
Who and how am I online
Who and how am I onlineWho and how am I online
Who and how am I onlineJISC SSBR
 
Cookies and Data Protection - a Practitioner's perspective
Cookies and Data Protection - a Practitioner's perspectiveCookies and Data Protection - a Practitioner's perspective
Cookies and Data Protection - a Practitioner's perspectiveCastlebridge Associates
 
MindingTheCloud_NPR_Sum2014-no cover
MindingTheCloud_NPR_Sum2014-no coverMindingTheCloud_NPR_Sum2014-no cover
MindingTheCloud_NPR_Sum2014-no coverPJStarr
 
Trust Factory Slides (2015)
Trust Factory Slides (2015)Trust Factory Slides (2015)
Trust Factory Slides (2015)Timothy Holborn
 
Feb 2020 - Senate Submission Financial Technology and Regulatory Technology
Feb 2020 - Senate Submission Financial Technology and Regulatory TechnologyFeb 2020 - Senate Submission Financial Technology and Regulatory Technology
Feb 2020 - Senate Submission Financial Technology and Regulatory TechnologyTimothy Holborn
 
SSI Meetup – interpersonal data, identity and collective minds
SSI Meetup – interpersonal data, identity and collective mindsSSI Meetup – interpersonal data, identity and collective minds
SSI Meetup – interpersonal data, identity and collective mindsPhilip Sheldrake
 
Personal identity Management
Personal identity ManagementPersonal identity Management
Personal identity ManagementGeorge Roberts
 

What's hot (10)

Extreme Information - 8 Charts That Tell You Everything You Need to Know
Extreme Information - 8 Charts That Tell You Everything You Need to KnowExtreme Information - 8 Charts That Tell You Everything You Need to Know
Extreme Information - 8 Charts That Tell You Everything You Need to Know
 
Engineering Authority
Engineering AuthorityEngineering Authority
Engineering Authority
 
Newrulesforlivinginadigitalage 101101063746-phpapp01
Newrulesforlivinginadigitalage 101101063746-phpapp01Newrulesforlivinginadigitalage 101101063746-phpapp01
Newrulesforlivinginadigitalage 101101063746-phpapp01
 
Who and how am I online
Who and how am I onlineWho and how am I online
Who and how am I online
 
Cookies and Data Protection - a Practitioner's perspective
Cookies and Data Protection - a Practitioner's perspectiveCookies and Data Protection - a Practitioner's perspective
Cookies and Data Protection - a Practitioner's perspective
 
MindingTheCloud_NPR_Sum2014-no cover
MindingTheCloud_NPR_Sum2014-no coverMindingTheCloud_NPR_Sum2014-no cover
MindingTheCloud_NPR_Sum2014-no cover
 
Trust Factory Slides (2015)
Trust Factory Slides (2015)Trust Factory Slides (2015)
Trust Factory Slides (2015)
 
Feb 2020 - Senate Submission Financial Technology and Regulatory Technology
Feb 2020 - Senate Submission Financial Technology and Regulatory TechnologyFeb 2020 - Senate Submission Financial Technology and Regulatory Technology
Feb 2020 - Senate Submission Financial Technology and Regulatory Technology
 
SSI Meetup – interpersonal data, identity and collective minds
SSI Meetup – interpersonal data, identity and collective mindsSSI Meetup – interpersonal data, identity and collective minds
SSI Meetup – interpersonal data, identity and collective minds
 
Personal identity Management
Personal identity ManagementPersonal identity Management
Personal identity Management
 

Viewers also liked

Security & Privacy of Information Technology
Security & Privacy of Information TechnologySecurity & Privacy of Information Technology
Security & Privacy of Information TechnologyAshish Mathew
 
Privacy in the Information Age [Q3 2015 version]
Privacy in the Information Age [Q3 2015 version]Privacy in the Information Age [Q3 2015 version]
Privacy in the Information Age [Q3 2015 version]Jordan Peacock
 
Privacy , Security and Ethics Presentation
Privacy , Security and Ethics PresentationPrivacy , Security and Ethics Presentation
Privacy , Security and Ethics PresentationHajarul Cikyen
 

Viewers also liked (6)

Security & Privacy of Information Technology
Security & Privacy of Information TechnologySecurity & Privacy of Information Technology
Security & Privacy of Information Technology
 
Privacy, Emerging Technology, and Information Professionals
Privacy, Emerging Technology, and Information ProfessionalsPrivacy, Emerging Technology, and Information Professionals
Privacy, Emerging Technology, and Information Professionals
 
Information Privacy
Information PrivacyInformation Privacy
Information Privacy
 
Information privacy
Information privacyInformation privacy
Information privacy
 
Privacy in the Information Age [Q3 2015 version]
Privacy in the Information Age [Q3 2015 version]Privacy in the Information Age [Q3 2015 version]
Privacy in the Information Age [Q3 2015 version]
 
Privacy , Security and Ethics Presentation
Privacy , Security and Ethics PresentationPrivacy , Security and Ethics Presentation
Privacy , Security and Ethics Presentation
 

Similar to RW privacy-technology-outlook

Piecing Together Your Personal Privacy Profile (CPV 2021)
Piecing Together Your Personal Privacy Profile (CPV 2021)Piecing Together Your Personal Privacy Profile (CPV 2021)
Piecing Together Your Personal Privacy Profile (CPV 2021)Margaret Fero
 
Business considerations for privacy and open data: how not to get caught out
Business considerations for privacy and open data: how not to get caught outBusiness considerations for privacy and open data: how not to get caught out
Business considerations for privacy and open data: how not to get caught outtheODI
 
Digital Privacy Revisited
Digital Privacy RevisitedDigital Privacy Revisited
Digital Privacy RevisitedFing
 
How fluently do you speak data
How fluently do you speak dataHow fluently do you speak data
How fluently do you speak dataMary Aviles
 
Itri icl 0116_distribute
Itri icl 0116_distributeItri icl 0116_distribute
Itri icl 0116_distributeFuming Shih
 
01 Introduction atala prism.pdf
01 Introduction atala prism.pdf01 Introduction atala prism.pdf
01 Introduction atala prism.pdfDuongNguyenNgoc10
 
Module 5 - Legislation - Online
Module 5 - Legislation - OnlineModule 5 - Legislation - Online
Module 5 - Legislation - Onlinecaniceconsulting
 
Employee Monitoring DiscussionKindly discuss in 100 words wh
Employee Monitoring DiscussionKindly discuss in 100 words whEmployee Monitoring DiscussionKindly discuss in 100 words wh
Employee Monitoring DiscussionKindly discuss in 100 words whTanaMaeskm
 
Joanna Drake, Global SVP, Technology Services Group - Wood Mackenzie
Joanna Drake, Global SVP, Technology Services Group - Wood MackenzieJoanna Drake, Global SVP, Technology Services Group - Wood Mackenzie
Joanna Drake, Global SVP, Technology Services Group - Wood MackenzieGlobal Business Intelligence
 
Big Data Ethics Cjbe july 2021
Big Data Ethics Cjbe july 2021Big Data Ethics Cjbe july 2021
Big Data Ethics Cjbe july 2021andygustafson
 
Lecture 2 Social Web 2017 (Guest Lecture By Dr. Giulia Ranzini)
Lecture 2 Social Web 2017 (Guest Lecture By Dr. Giulia Ranzini)Lecture 2 Social Web 2017 (Guest Lecture By Dr. Giulia Ranzini)
Lecture 2 Social Web 2017 (Guest Lecture By Dr. Giulia Ranzini)Davide Ceolin
 
Epistemic Responsibility in the IT Society
Epistemic Responsibility in the IT SocietyEpistemic Responsibility in the IT Society
Epistemic Responsibility in the IT SocietyPeerEvaluation
 
The other world of it
The other world of itThe other world of it
The other world of itFing
 
IAC21: Shedding Light on Dark Patterns.pdf
IAC21: Shedding Light on Dark Patterns.pdfIAC21: Shedding Light on Dark Patterns.pdf
IAC21: Shedding Light on Dark Patterns.pdfNoreen Whysel
 
Privacy and data protection primer - City of Portland
Privacy and data protection primer - City of PortlandPrivacy and data protection primer - City of Portland
Privacy and data protection primer - City of PortlandHector Dominguez
 
The future of digital identity 2019 future agenda
The future of digital identity 2019 future agendaThe future of digital identity 2019 future agenda
The future of digital identity 2019 future agendaFuture Agenda
 

Similar to RW privacy-technology-outlook (20)

Piecing Together Your Personal Privacy Profile (CPV 2021)
Piecing Together Your Personal Privacy Profile (CPV 2021)Piecing Together Your Personal Privacy Profile (CPV 2021)
Piecing Together Your Personal Privacy Profile (CPV 2021)
 
Business considerations for privacy and open data: how not to get caught out
Business considerations for privacy and open data: how not to get caught outBusiness considerations for privacy and open data: how not to get caught out
Business considerations for privacy and open data: how not to get caught out
 
Digital Privacy Revisited
Digital Privacy RevisitedDigital Privacy Revisited
Digital Privacy Revisited
 
How fluently do you speak data
How fluently do you speak dataHow fluently do you speak data
How fluently do you speak data
 
Algorithms and Fundamental Rights - Jeroen van den Hoven
Algorithms and Fundamental Rights - Jeroen van den HovenAlgorithms and Fundamental Rights - Jeroen van den Hoven
Algorithms and Fundamental Rights - Jeroen van den Hoven
 
Itri icl 0116_distribute
Itri icl 0116_distributeItri icl 0116_distribute
Itri icl 0116_distribute
 
01 Introduction atala prism.pdf
01 Introduction atala prism.pdf01 Introduction atala prism.pdf
01 Introduction atala prism.pdf
 
Module 5 - Legislation - Online
Module 5 - Legislation - OnlineModule 5 - Legislation - Online
Module 5 - Legislation - Online
 
Employee Monitoring DiscussionKindly discuss in 100 words wh
Employee Monitoring DiscussionKindly discuss in 100 words whEmployee Monitoring DiscussionKindly discuss in 100 words wh
Employee Monitoring DiscussionKindly discuss in 100 words wh
 
Hope x talk
Hope x talkHope x talk
Hope x talk
 
Joanna Drake, Global SVP, Technology Services Group - Wood Mackenzie
Joanna Drake, Global SVP, Technology Services Group - Wood MackenzieJoanna Drake, Global SVP, Technology Services Group - Wood Mackenzie
Joanna Drake, Global SVP, Technology Services Group - Wood Mackenzie
 
Out of Control? Managing our digital reputations
Out of Control? Managing our digital reputationsOut of Control? Managing our digital reputations
Out of Control? Managing our digital reputations
 
Ethics and Data
Ethics and DataEthics and Data
Ethics and Data
 
Big Data Ethics Cjbe july 2021
Big Data Ethics Cjbe july 2021Big Data Ethics Cjbe july 2021
Big Data Ethics Cjbe july 2021
 
Lecture 2 Social Web 2017 (Guest Lecture By Dr. Giulia Ranzini)
Lecture 2 Social Web 2017 (Guest Lecture By Dr. Giulia Ranzini)Lecture 2 Social Web 2017 (Guest Lecture By Dr. Giulia Ranzini)
Lecture 2 Social Web 2017 (Guest Lecture By Dr. Giulia Ranzini)
 
Epistemic Responsibility in the IT Society
Epistemic Responsibility in the IT SocietyEpistemic Responsibility in the IT Society
Epistemic Responsibility in the IT Society
 
The other world of it
The other world of itThe other world of it
The other world of it
 
IAC21: Shedding Light on Dark Patterns.pdf
IAC21: Shedding Light on Dark Patterns.pdfIAC21: Shedding Light on Dark Patterns.pdf
IAC21: Shedding Light on Dark Patterns.pdf
 
Privacy and data protection primer - City of Portland
Privacy and data protection primer - City of PortlandPrivacy and data protection primer - City of Portland
Privacy and data protection primer - City of Portland
 
The future of digital identity 2019 future agenda
The future of digital identity 2019 future agendaThe future of digital identity 2019 future agenda
The future of digital identity 2019 future agenda
 

Recently uploaded

State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!Memoori
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfFIDO Alliance
 
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdfMuhammad Subhan
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...FIDO Alliance
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxFIDO Alliance
 
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Paige Cruz
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewDianaGray10
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe中 央社
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxFIDO Alliance
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightSafe Software
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch TuesdayIvanti
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuidePixlogix Infotech
 
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGDSC PJATK
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data SciencePaolo Missier
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxFIDO Alliance
 
Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxFIDO Alliance
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfFIDO Alliance
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctBrainSell Technologies
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfFIDO Alliance
 

Recently uploaded (20)

State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
 
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
 
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overview
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch Tuesday
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate Guide
 
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 Warsaw
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data Science
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptx
 
Overview of Hyperledger Foundation
Overview of Hyperledger FoundationOverview of Hyperledger Foundation
Overview of Hyperledger Foundation
 
Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptx
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage Intacct
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
 

RW privacy-technology-outlook

  • 1. ICO Data Protection Officer Conference March 2010 Salford A Privacy and Technology Outlook Robin Wilton Director, Future Identity Ltd Director of Privacy and Public Policy, Kantara Initiative Future identity
  • 2. Do any of these strike a chord? “You have zero privacy anyway. “If you have something that you Get over it” (45) don't want anyone to know, maybe you shouldn't be doing it “Privacy in the first place” (56) is no longer a social norm” (25) “People forgive and forget; computers can't do either” [Voiceover: It will be a strange day indeed when the definitive arbiter of social privacy norms is a single white 25-year-old male billionaire college drop-out...] Future identity
  • 3. “Ladders, Onions, and Surfing Naked...” Topics for this session: ● How are identity and privacy related? ● What is privacy anyway, and why is it important? ● Is privacy just a matter of protecting PII? ● What future challenges does online privacy present? This presentation draws on the input of many people, including: ● The Liberty Alliance Privacy Summit participants ● Bob Blakley and Ian Glazer of Burton Group ● Dr Mireille Hildebrandt, Vrije Universiteit Brussel My sincere thanks to all of them Future identity
  • 4. How are identity and privacy related? (The 'Onion' Model) ● The BIS (Basic Identifier Set) is what usually suffices to provide 'proof of uniqueness' ● Credentials usually encapsulate data from multiple 'rings' of the onion ● One 'good practice' approach is for B.I.S credentials to 'gravitate' towards the centre – i.e. not be overloaded with “Other PII” attribute data, but provide: ● the means to link to it; Attributes ● proof of uniqueness. Credentials are not privacy-neutral ● e.g. Using a driver's license to prove your age reveals more than your age; ● By their nature, credentials tend to make transactions 'linkable'; ● Privacy-enhancing systems will (must) be better at attribute-level disclosures, or better still, “Yes/No” answers to attribute-level questions. (cf. Dave Birch's paper on the "Psychic ID" metaphor) http://www.springerlink.com/content/hk1p8r133867x402/fulltext.pdf Future identity
  • 5. Slicing the Onion ● A 'segment' of the onion may correspond to sector-specific data (healthcare, tax, employment...). ● Some sectors are 'informal' – such as the separation between your Flickr and B.I.S MySpace accounts. ● Others, you might prefer to keep strictly “Other PII” separate – such as online banking. Attributes ● One way to look at privacy is as the preservation of “contextual integrity” between sectoral data sets (Helen Nissenbaum, via Piotr Cofta of BT) We become uneasy if our personal data shows up 'out of context'... Future identity
  • 6. What risks does this model suggest? ● Privacy is not a 'state': it's a relationship, often involving multiple parties. And like any relationship: ● Privacy brings interests and motivations into conflict: ● What we tell different people often depends on context; ● There are rules – mostly implicit: ● When third parties exchange data about you, is that co-operation or collusion? B.I.S ● Like any relationship, without maintenance and management it may go awry. “Other PII” Attributes Intuitively we know all these things, because humans are social animals... and yet ... Future identity
  • 7. Beyond the Onion: the DAO of privacy... Increasingly, third parties interact with you based on data at the edge of the Onion and beyond... D.A.O. − Data About You: with enough of your attributes, and/or linkability, you can be identified even if you're not asked for credentials; D.A.P.L.Y. − Data About People Like You: if you can be categorised, third parties will apply inferences from D.A.Y. other 'group' characteristics; − Data About Others: mass data mining makes third party intervention viable without you disclosing any PII. “You don't have to be in the statistics to be affected by the statistics” (Jason Pridmore) Future identity
  • 8. Flawed Perceptions ● The online world neither works nor behaves like the real world; despite occasional appearances to the contrary... ● The online world often presents us with metaphors, but not ones which would help us overcome these differences. ● We therefore frequently – and willingly - base our behaviour on a flawed perception of risks and the reality which gives rise to them. In other words, we could be surfing naked and not even know it. Brrr. Future identity
  • 9. Getting the Privacy 'Big Picture' ● “Privacy management” implies being aware of relationships and contexts, and acting accordingly; ● It means taking diverse, legitimate stakeholder perspectives into account; ● It needs a new set of metaphors, which help build a privacy- enhancing culture: 'protocol rules' are not the same as 'social rules'; ● It will involve privacy-enhancing technologies, but those are doomed without a privacy-enhancing ecosystem of governance, adoption and behaviours which, largely, remain to be developed; ● So: what are some of the challenges, if online privacy is to have a future? Privacy is not about secrecy: it's about disclosure... but disclosure with consent and control appropriate to the context. Future identity
  • 10. Challenges Managing meta-data: − Implied by most governance regimes - strongly indicated for good practice; − Sticky policy: preserving privacy preferences “beyond first disclosure” − Managing revocation as well as disclosure. Finding workable metaphors for online privacy concepts: − Personas, contextual integrity; − Informed consent in social networks. Managing attribute-level assertions:  If credentials are “minimalist”, attribute management becomes critical;  “Yes/No” answers need to be built in from early on;  How to address the “DAO” problem:  “You don't have to be in the statistics to be affected by the statistics” (Pridmore). Future identity
  • 11. Practical next steps Talk to the stakeholders, and reflect their perspectives and their needs in the 'ecosystem': There are tried and tested models for productive multi- stakeholder conversations. Several relevant projects taking principles to practicalities: PrimeLife (EU): whole-life privacy/identity management; VOME and EnCoRe (UK): privacy perception, consent, revocation; The Kantara Initiative (w/w) has work-groups on: ● User-managed access to personal data ● Information-sharing and user preferences ● Privacy and public policy ● Identity assurance ... and would welcome your projects and participation http://kantarainitiative.org Future identity
  • 12. ICO Data Protection Officer Conference March 2010 Salford Thank you... ... any questions? Robin Wilton Director, Future Identity Ltd Director of Privacy and Public Policy, Kantara Initiative mail@futureidentity.eu +44 (0)705 005 2931 http://futureidentity.eu http://futureidentity.blogspot.com Future identity