Seeking Solutions to the Privacy Challenges of Emerging Technologies

1
Seeking Solutions to the Privacy Challenges of
Emerging Technologies

• Blair Stewart, Assistant Privacy Commissioner
• Presentation to NZ Computer Society, Wellington,
  24 November 2005

2
Office of the Privacy CommissionerTechnology Team
3
Origins of Privacy laws bound up with technology

• 1960s/70s public concerns at computers and
  networks led to regulation of databases and
  automatic processing of data
• NZ Example Wanganui Computer Centre Act 1976

4
Origins of Privacy laws contd

• 1980s/90s risks of inconsistent national
  privacy laws impeding transborder data flows led
  to common international principles
• NZ Example Privacy Act 1993 repealed
  prescriptive 1976 Act and implements broad 1980
  OECD principles

5
Origins of Privacy laws contd

• 1990s/2000s new converging technologies give
  rise to new wave of public concerns
• Consumer citizen trust central e.g. consumer
  mistrust as an inhibitor to e-commerce
• NZ Example Governments 2000 e-vision
  acknowledged concerns that government might know
  too much about people and use that information
  inappropriately (safeguards were promised)
• NZ Privacy Act also provides data matching
  safeguards
• See also OPC UMR survey (September 2001, next
  slide)

6
(No Transcript)
7
Some current and emerging technology challenges
to privacy

• Privacy issues can arise wherever personal
  information is processed, e.g.
• micro-level (e.g. genetic information)
• national databases (e.g. the forthcoming
  e-census)
• global (e.g. GPS, EPC/RFID, WHOIS)
• The International Working Group on Data
  Protection in Telecommunications offers a glimpse
  of technology and privacy issues

8
IWGDPT papers (2001/02/03)

• Data Protection aspects of digital certificates
  and public-key infrastructures
• Online Voting in Parliamentary and other
  Elections
• Privacy and location information in mobile
  communications services
• Web-based Telemedicine
• Use of unique identifiers in telecommunication
  terminal equipments the example of Ipv6
• Childrens Privacy On Line The Role of Parental
  Consent
• Telecommunications surveillance
• Intrusion Detection systems (IDS)
• Privacy risks associated with introduction of
  ENUM service

9
IWGDPT papers (2004)

• Cyber Security Curricula Integrating National,
  Cultural and Jurisdictional (Including Privacy)
  Imperatives
• Means Procedures to Combat Cyber-Fraud in a
  Privacy-Friendly Way
• Privacy location information in mobile
  communications services
• Freedom of expression right to privacy
  regarding on-line publications
• Privacy risks associated with wireless networks
• Privacy and processing of images and sounds by
  multimedia messaging services
• A future ISO privacy standard

10
IWGDPT some current topics (2005)

• Web browser caching in multi-user public access
  environments (cyber cafés)
• Speaker recognition and voice analysis technology
• Internet governance e.g. WSIS, WGIG, WHOIS
• Electronic health records
• Web-services
• Blogging
• Spam, Spy-ware
• RFID
• IP telephony (Voice over IP)
• Satellite technology for everybodys desktop,
  geo-location technology

11
How are privacy commissioners (and others)
responding to these challenges?

• The privacy commissioner model is a
  multi-functional regulator combining
• Researcher and policy adviser
• Educator
• Rule maker
• Investigator and dispute mediator (complaints
  ombudsman)

12
How are commissioners (and others) responding to
these challenges?

• The elastic character of privacy, dynamic nature
  of technology and globalisation of information
  handling, make rigid and prescriptive solutions
  very difficult (and usually undesirable)
• Instead good privacy outcomes in the technology
  area are fostered by
• Better understanding the issues
• Educating those involved
• Building in privacy from the start

13
Understanding the issues

• Emerging technologies raise novel issues
• Commissioners try to understand the issues as
  early as possible by
• Keeping abreast of literature
• Maintaining networks with technologists (one task
  of technology team)
• Discussing issues, sharing experience (e.g.
  IWGDPT), using overseas commissioners as an
  advanced warning system
• Promoting or undertaking research e.g. into
  privacy enhancing technologies (PETs)

14
Understanding issues, contd

• Others also researching the issues, and
  commissioners may collaborate e.g
• With academia e.g. UK ICO links with UMIST VPC
  links with RMIT
• With industry e.g. UK ICO links with HiSPEC
  Ontario IPC work with PETTEP, IBM Privacy
  Research Institute External Advisory Board, joint
  projects with PWC

15
Educating those involved

• Privacy commissioners active in training and
  education e.g. Technology Team runs an occasional
  lunchtime Technology Privacy Forum (open to
  the public) and convenes an Information Matching
  Interest Group (public sector only)
• UK Commissioner had UMIST develop Best Practice
  Guidance on Data Protection for Systems
  Designers (see HiSPEC site)

16
Privacy by design building privacy in from the
start

• Privacy commissioners internationally have called
  upon hardware and software manufacturers to
  incorporate privacy enhancing technologies it
  is not just an issue for governments

17
Privacy by design contd

• Privacy impact assessment is recommended for new
  systems affecting the handling of personal
  information

18
Conclusions

• Technology and privacy are closely bound together
• We all want to make the most of new technologies
• However, we also want to preserve our privacy
  (some more than others) and protect our personal
  information
• Computer professionals have an important part to
  play in finding solutions to the new challenges

19
Some resources

• Office of the Privacy Commissioner
  www.privacy.org.nz
• IWGDPT Working Papers www.datenschutz-berlin.de/do
  c/int/iwgdpt/
• HiSPEC (Human issues in security and privacy in
  e-commerce) www.hispec.org.uk
• Privacy Enhancing Technology Testing Evaluation
  Project (PETTEP) www.ipc.on.ca/scripts/index_.asp?
  action31N_ID1P_ID15495U_ID0

20
Any Questions?