Preserving Privacy and Security

1
Preserving Privacy and Security

• Ann Cavoukian, Ph.D.
• Information Privacy Commissioner/Ontario

• Imperial Oil Limited
• Toronto, Ontario
• March 1, 2005

2
Impetus for Change

• Growth of Privacy as a Global Issue.
• (EU Directive on Data Protection)
• Convergence of growth in bandwidth, sensors, data
  storage and computing power.
• Exponential growth of personal data collected,
  transmitted and exploited.
• Consumer Backlash heightened consumer
  expectations.

3
And then came 9/11

• U.S. Patriot Act and series of anti-terrorism
  laws introduced.
• Served to expand powers of surveillance on the
  part of the state, and reduce judicial oversight.

4
The Aftermath

• Its business as usual
• Clear distinction between public safety and
  business issues make no mistake.
• NO reduction in consumer expectations.
• Increased value of trusted relationships.

5
Consumer Attitudes

• Business is not a beneficiary of the post-9/11
  Trust Mood
• Increased trust in government has not been
  paralleled by increased trust in business
  handling of personal information.
• Privacy On and Off the Internet What Consumers
  Want
• Harris Interactive, November 2001
• Dr. Alan Westin

6
Information Privacy Defined

• Information Privacy Data Protection
• Freedom of choice control informational
  self-determination.
• Personal control over the collection, use and
  disclosure of any recorded information about an
  identifiable individual.

7
What Privacy is Not

• Security ? Privacy

8
The Foundation of Information Security

• The control of information on the part of data
  holders or their surrogates.
• Functions
• Authentication
• Authorization
• Confidentiality
• Data Integrity
• Non-repudiation
• Availability

9
The Privacy/Security Relationship

• Privacy relates to personal control over ones
  personal information.
• Security relates to organizational control over
  information.
• These represent two overlapping, but distinct
  activities.

10
Risk Management

• Security Risk Management
• Owner of the data is assumed to be trusted.
• System design is trusted.
• Privacy Risk Management
• Custodian of data not considered trusted.
• System design not to be trusted.
• - Eg. CAPPS II

11
Privacy and Security The Difference

• Authentication
• Data Integrity
• Confidentiality
• Non-repudiation
• Privacy Data Protection
• Fair Information Practices

• Security
• Organizational control of information through
  information systems

12
Summary of Fair Information Practices

• Accuracy
• Safeguards
• Openness
• Individual Access
• Challenging Compliance

• Accountability
• Identifying Purposes
• Consent
• Limiting Collection
• Limiting Use, Disclosure, Retention

13
The Bottom Line
Privacy should be viewed as a business issue, not
a compliance issue.
14
The Promise

• Electronic Commerce projected to reach 220
  billion by 2001.
• WTO, 1998

Estimates revised downward to reflect lower
expectations

• Electronic Commerce projected to reach 133
  billion by 2004.
• Wharton Forum on E-Commerce, 1999

15
The Reality of E-Commerce

• United States e-commerce sales were only 1.6 of
  total sales -- 54.9 billion in 2003.
• U.S. Dept. of Commerce, Census Bureau, February
  2004
• Canada Online sales were only 0.8 of total
  revenues -- 18.6 billion in 2003.
• Statistics Canada, April 2004

16
Lack of Privacy Lack of Sales

• Consumer privacy apprehensions continue to
  plague the Web. These fears will hold back
  roughly 15 billion in e-commerce revenue.
• Forrester Research, September 2001
• Privacy and security concerns could cost online
  sellers almost 25 billion by 2006.
• Jupiter Research, May 2002

17
The Business Case

• Our research shows that 80 of our customers
  would walk away if we mishandled their personal
  information.
• CPO, Royal Bank of Canada, 2003
• Nearly 90 of online consumers want the right to
  control how their personal information is used
  after it is collected.

18
ISF Highlights Damage done by Privacy Breaches

• The Information Security Forum reported that a
  companys privacy breaches can cause major damage
  to brand and reputation
• 25 of companies surveyed experienced some
  adverse publicity due to privacy.
• 1 in 10 had experienced civil litigation, lost
  business or broken contracts.
• Robust privacy policies and staff training were
  viewed as keys to avoiding privacy problems.
• The Information Security Forum, July 7, 2004

19
Its all about Trust

• Trust is more important than ever online Price
  does not rule the Web Trust does.
• Frederick F. Reichheld, Loyalty Rules
• How Todays Leaders Build Lasting Relationships

20
Translating Privacy Requirements into Technology
21
Technology and Privacy

• The most effective means to counter technologys
  erosion of privacy is technology itself.

Alan Greenspan, Federal Reserve Chairman
22

• RFID Technology

23
Benefits of RFID Technology

• More efficient management and tracking of goods
  and inventory through the supply chain process.
• Reduced labour costs (e.g., no manual scanning of
  individual items is required).
• Better post-sale service for consumers, warranty
  servicing, etc.

24
Privacy and RFIDs

• RFID tags contain information about a product,
  not an individual (e.g., EPC, price, size,
  colour, manufacture date).
• Despite that, many consumers perceive a threat to
  privacy
• why is that?

25
Implementing RFIDs

• A failure to build privacy into the design and
  implementation of RFIDs can produce a consumer
  backlash.
• This will have an adverse impact on a companys
  reputation and ultimately, its bottom line.

26
Consumer Backlash

• How real are consumer concerns?
• Could privacy issues potentially deter the
  roll-out of RFIDs?

27
SpeedPass

• Today, there are more than 6 million active
  Speedpass devices in the U.S.
• Speedpass uses a radio frequency system located
  in the pump/register to "talk"with the miniature
  transponder located in the Speedpass device.
• Each device has a unique security code that is
  transmitted to the reader when a purchase is
  made.
• Credit card numbers and personal information are
  never stored in the Speedpass device.
• Speedpass can also be used by customers at more
  than 1,600 locations in Canada, Singapore and
  Japan.

28
Cracking the RFID Code

• January 2005, Researchers at Johns Hopkins
  University discover cryptographic vulnerabilities
  in the RFID SpeedPass technology.
• Using a black-box reverse engineering method, the
  research team were able to unravel the algorithm
  used in the DST tag.
• The information allowed them to program a 200
  commercial microchip to find the secret key in a
  SpeedPass tag.
• Full report Security Analysis of a
  Cryptographically-Enabled RFID Device
  http//www.rfidanalysis.org/

29
Vulnerability and Recommendation

• Researchers warned that tech-savvy criminals
  could wirelessly probe a key tag in close
  proximity, download the unique code number, and
  load it onto a similar homemade device.
• Millions of tags that are in use by consumers
  can be cracked without requiring direct contact.
• Researchers recommended a simple and inexpensive
  solution A metallic sheath that can cover RFID
  tags when they are not in use.

30
Free Ride

• To validate our attack, we extracted the key
  from our own SpeedPass token and simulated it in
  our own RF device. We purchased gasoline
  successfully at an ExxonMobil station multiple
  times in a single day.
• Johns Hopkins RFID analysis team,
• January 28, 2005

31
Building Privacy Safeguards into RFIDs

• RFIDs will continue to produce a consumer
  backlash unless both RFID manufacturers and
  business users adopt privacy safeguards.
• Privacy is not a concern at most stages of the
  supply chain (e.g., tracking items in a
  warehouse).
• However, privacy concerns are triggered at the
  point when a consumer comes into contact with a
  product with an RFID.

32
Possible Privacy Solutions

• RFID tags should be deactivated at the point of
  sale, or when the consumer comes into contact
  with the tag (e.g., through blocking technology
  carried by the consumer or pervasive in the
  vicinity).
• Deactivation at point of sale should be the
  default, but is not without its problems.
• Deactivation limits post-sale benefits of RFIDs.

33
Make Privacy a Corporate Priority

• An effective privacy program needs to be
  integrated into the corporate culture
• It is essential that privacy protection become a
  corporate priority throughout all levels of the
  organization
• Senior Management and Board of Directors
  commitment is critical

34
Good Governance and Privacy

• Privacy and Boards of Directors
• What You Dont Know Can Hurt You
• Guidance to corporate directors faced with
  increasing responsibilities and expectation of
  openness and transparency
• Privacy among the key issues that Boards of
  Directors must address
• Potential risks if Directors ignore privacy
• Great benefits to be reaped if privacy included
  in a companys business plan

35
Privacy Diagnostic Tool

• Simple, plain-language tool (paper and
  e-versions)
• Free self-administered
• CSA model code to examine an organizations
  privacy management practices
• www.ipc.on.ca/PDT

36
Final Thought
Anyone today who thinks the privacy issue has
peaked is greatly mistakenwe are in the early
stages of a sweeping change in attitudes that
will fuel political battles and put once-routine
business practices under the microscope. Forreste
r Research, March 5, 2001
37
How to Contact Us

• Ann Cavoukian, Ph.D.
• Information Privacy Commissioner/Ontario
• 2 Bloor Street East, Suite 1400 Toronto, Ontario
  M4W 1A8
• Phone (416) 326-3333
• Web www.ipc.on.ca
• E-mail commissioner_at_ipc.on.ca