Making Privacy Work in the Mobile, Wireless - PowerPoint PPT Presentation

1 / 19
About This Presentation
Title:

Making Privacy Work in the Mobile, Wireless

Description:

... crime and other related criminal activities (especially using the ... Lax controls over personal information used for customer profiling and surveillance ... – PowerPoint PPT presentation

Number of Views:20
Avg rating:3.0/5.0
Slides: 20
Provided by: patrickf6
Category:

less

Transcript and Presenter's Notes

Title: Making Privacy Work in the Mobile, Wireless


1
Making Privacy Work in the Mobile, Wireless
Pervasive Computing EnvironmentPresentation by
Dr. Larry PonemonSustainability Research
Consortium Meeting, Phoenix, March 31, 2003
Page 1
2
Proposed Agenda
Page 2
  • Drivers to Privacy
  • Privacy in the Mobile, Wireless and Pervasive
    Computing Environment
  • Questions and Answers

Ponemon Institute. Please Do Not Share Without
Express Permission
3
Page 3
Do You Have a Right to Control information
collected about you and your family? Control how
that information is being used? Have access to
review your personal information? Have the
ability to change incorrect information?
Ponemon Institute. Please Do Not Share Without
Express Permission
4
Page 4
A Case About Bad Privacy
  • Story In Arizona, about 100 members of a
    retirement community were given free personal
    computers, full access to the Internet and a
    basic hands-on training program.
  • Sounds too good to be true?
  • Real deal is about providing significant
    information about yourself and your immediate
    family (children, grandchildren and so forth).
  • So, who has the choice now? What recourse do
    these people have. And, how about our relatives
    who had their privacy violated?

Ponemon Institute. Please Do Not Share Without
Express Permission
5
A Case About Poor Wireless Security?
Page 5
  • Story A major supermarket chain headquartered
    in California has a strategic partnership with a
    major retail pharmacy. Customers can now buy
    their prescription drugs and other personal
    medical items in the store (and use the regular
    store check-out line).
  • Whats the Problem?
  • Confidential patient information (such as
    prescription drug histories) are now co-mingled
    with individual shopping history. This
    information is now linked to the individual
    profile through loyalty card program.
  • Poorly designed security architecture over data
    warehouse and point of entry (wireless 802.11
    systems), allowed unsophisticated hackers to gain
    full access to sensitive customer data.
    Furthermore, practice is a violation of
    California regulations on patient information
    protection.

Ponemon Institute. Please Do Not Share Without
Express Permission
6
Factoid . . .
Page 6
  • A recent analysis of major business organizations
    shows that less than 24 of companies in the
    United States are in reasonable compliance with
    their stated Internet privacy and data protection
    policies.
  • Proposition Far fewer companies would be able to
    comply with the requirements for privacy and data
    protection in the mobile, wireless and pervasive
    computing environment.

Ponemon Institute. Please Do Not Share Without
Express Permission
7
Why Does Privacy Remain a Hot Issue?
Page 7
  • Rise of cyber crime and other related criminal
    activities (especially using the Internet and
    wireless Web as primary channels)
  • Post 9/11 New surveillance requirements with
    focus on cyber terrorism
  • Lack of consumer trust, especially use of
    wireless Web for electronic purchases and
    payments
  • New enabling technologies (fastest growing
    industry sub-sector, especially new
    authentication tools)
  • Growing fear about identity theft among consumers
  • Additional regulatory requirements such as new
    FTC Rules and Homeland Security requirements
  • Continued press and media coverage

Ponemon Institute. Please Do Not Share Without
Express Permission
8
Page 8
The Privacy Principles
Notice and Awareness Information collection
practices Usage and sharing Choice and
Consent Opt-in and opt-out policies and
methods Access and Accuracy Right to view,
modify or delete relevant information Reasonable
Security Ensuring the integrity and protection
of data Redress and Enforcement Including
dispute resolution mechanism
Ponemon Institute. Please Do Not Share Without
Express Permission
9
Post 9/11 Impact on Privacy
Page 9
  • Authentication has become major focus
  • Something that the company has about you usually
    in the form of individuated data (mothers maiden
    name)
  • Something that your carry in your wallet,
    computer or PDA (smart chip)
  • Something that defines you such as a finger
    print, and facial scan, (biometrics)

Better authentication reduces both privacy and
security risks, but only if the credentialing
process is nearly perfect.
Ponemon Institute. Please Do Not Share Without
Express Permission
10
Page 10
Post 9/11 Impact on Security and Surveillance
  • Security dominates the privacy issue
  • The focus on knowing the customer and stopping
    the bad guy from getting inside the critical
    infrastructure or gaining access to financial
    assets.
  • Privacy rights are still important, but not at
    the cost of diminishing security and public
    safety.
  • New surveillance methods draw upon multiple
    sources of customer-centric information creating
    a potential privacy blow-up if this personal
    information is not protected or managed properly.

Ponemon Institute. Please Do Not Share Without
Express Permission
11
Factors Increasing Security and Privacy Risks in
Corporate America
Page 11
  • Growing use for personal information for
    secondary purposes
  • Over reliance on new authentication and
    surveillance technologies (increasing
    misclassification risk, false positives)
  • Lax controls over personal information used for
    customer profiling and surveillance
  • New information sharing practices among various
    organizations, without proper knowledge of due
    process and consistency
  • Limited or fragmented oversight of data
    protection, security and privacy risk management

Ponemon Institute. Please Do Not Share Without
Express Permission
12
The New Surveillance Society
Page 12
  • Growing concerns for most people
  • Who is watching me?
  • Who is watching the watchers?
  • Do individuals have a choice?
  • How will surveillance data (negative data) be
    used and/or shared?
  • What are the long-term consequences to our
    privacy rights
  • What are the costs to business and society?

Ponemon Institute. Please Do Not Share Without
Express Permission
13
Beyond Regulation
Page 13
  • Consumer concerns are costing business in lost
    sales, market value and potential litigation.
  • Media coverage of security and privacy blow-ups
    have major impact on corporate brand and
    reputation.
  • Security and privacy concerns are not independent
    of national boundary and culture.
  • Regulatory requirements are creating large demand
    for new enabling technologies (such as preference
    management tools on wireless devices).
  • Security and privacy issues create real social
    and ethical risks for companies, especially those
    in high reputation industries.

Ponemon Institute. Please Do Not Share Without
Express Permission
14
General Consequences . . .
Page 14
  • Many companies have become paralyzed by the
    proverbial fire storm caused by new security and
    privacy requirements.
  • Advocates and regulators are still focused on
    Internet and Wireless activities, with the belief
    that technology companies are the weakest link in
    the security chain.
  • The largest area for potential abuse concerns
    wireless devices, which many face large public
    resistance and regulatory groundswells.
  • But, most companies are still complacent about
    data protection risk (not putting ample resources
    into preventive programs).

Ponemon Institute. Please Do Not Share Without
Express Permission
15
Consequences in the Mobile, Wireless
and Pervasive Computing Environment
Page 17
16
Page 16
What are the Privacy Challenges
  • Despite improved authentication features built
    into many new devices, mobile, wireless and
    pervasive computing environments create privacy
    risks. Why?
  • Privacy issues often result from human error.
    While authentication and improved access control
    may alleviate some of the error, people will
    still make mistakes using new technologies (for
    example, allowing others to use their wireless
    PDA or picture phone device).
  • Security controls are not perfect. Even WAP
    Level 3 security controls on wireless devices can
    be susceptible to penetration risks.
  • The always on feature of many devices creates
    real possibility that technology is open for
    abusive practices by unscrupulous companies and
    government, especially with respect to location
    tracking.

Ponemon Institute. Please Do Not Share Without
Express Permission
17
Page 17
What are the Privacy Opportunities
  • Mobile, wireless and pervasive computing
    environments lend themselves to improved 1-to-1
    relationships between senders and receivers of
    communications. Why not use new mobile or
    wireless devices to capture individual privacy
    preferences in one, compact location?
  • Using P3P-like methodology, privacy preferences
    can be incorporated directly into the mobile or
    wireless device providing sender with strict
    instructions on acceptable or unacceptable modes
    of communication (such as preferred product
    offers and perceptions about spam).
  • Privacy preferences can be changed or updated
    instantly by the end-user in a safe and secure
    fashion.
  • Privacy preference framework can be standardized
    to conform with multiple applications (hence,
    multiple senders can rely on one uniform platform
    rather than individuated databases to manage
    privacy).

Ponemon Institute. Please Do Not Share Without
Express Permission
18
What Should Companies Do to Engender Trust?
Page 18
  • Develop critical privacy protections into the
    device as an integral part of the product design
    (such as using anonymization and suppression
    management tools to reduce privacy risks).
  • Educate consumers of this new technology about
    the human risks associated with unintended uses
    or sharing of the mobile or wireless device.
  • Develop common privacy and data protection
    standards for mobile and wireless technology
    manufacturers and software companies to make it
    more efficient to manage data protection risks in
    a holistic way.
  • Use new mobile and wireless technology as a means
    to engender greater privacy protections such as
    embedding P3P preference management tools into
    the device.

Ponemon Institute. Please Do Not Share Without
Express Permission
19
Page 19
Questions Answers
Presentation by Dr. Larry Ponemon 520.290.3400 Lar
ry_at_ponemon.org
Write a Comment
User Comments (0)
About PowerShow.com