1-introductionjhh/secsem/slides/1-introduction.pdf · 06/02/2020 4 jaap-henk hoepman // student...

06/02/2020

1

Jaap-Henk Hoepman //

Dan Perjovschi

9-2-2017 // Privacy: an overview

Dan Perjovschi, 2007

1

1

Jaap-Henk Hoepman

* [email protected] // 8 www.cs.ru.nl/~jhh // 8 blog.xot.nl // @xotoxot

Privacy & Identity LabRadboud University

Tilburg UniversityUniversity of Groningen

Privacy SeminarIntroduction

2


Agenda

n Course overview

n Privacy: an introduction

30-01-2018 // Privacy by design 3

3

06/02/2020

2

Organsiation

4

Jaap-Henk Hoepman // 9-2-2017 // Privacy Seminar 5

Organisation

n Teachers● Jaap-Henk Hoepman ([email protected]); Erasmus 19.12

n Blackboard not used● Website: https://www.cs.ru.nl/~jhh/secsem.html

● Wiki: http://wiki.science.ru.nl/privacy/

5


Seminar

n Seminar● Student lecture ● Student paper ● Student opposition

n Grade = weighted average● But only if all grades at least 5.5● If not, lowest grade is final grade!

n Working in groups● 2 or 3 people

n Attendance requiredn Lecture rooms

● From February 6 to March 19 in room HFML 0220. From April 16 to June 11 in HG 00.310.

9-2-2017 // Privacy Seminar 6

6

http://cs.ru.nl

https://www.cs.ru.nl/~jhh/secsem.html

http://wiki.science.ru.nl/privacy/

06/02/2020

3

Jaap-Henk Hoepman // 9-2-2017 // Privacy Seminar 7

Course schedule

7


Topics (first come first serve)

n Privacy in databases● How to provide (controlled) access to personal data stored in

databases, without immediately threatening the privacy of the people involved, using mechanisms like differential privacy or statistical disclosure control.

n Privacy friendly search● How to hide the query (i.e. what is searched for) from the

party hosting the database.

n Searching in encrypted databases● How to also hide the underlying data in the database from

the party hosting the database.

n Privacy in machine learning● How to ensure that individual data used to train a machine

learning model is not leaked when using the model.

n Polymorphic encryption● How to protect privacy in e.g. health care where data must be

made conditionally accessible to certain care providers while staying encrypted in general.

n Privacy friendly identity management● How to use e.g. attribute based credentials or other claims

based approaches to make identity management more privacy friendly.

n Privacy friendly revocation of credentials● How to (efficiently) revoke anonymous credentials. I.e. how to

revoke a particular credential, even though individual credentials cannot be traced by definition

n Revocable privacy● How to guarantee privacy while also guaranteeing that all

users of a system abide by some predetermined rules, i.e. how to design systems that are both privacy friendly and secure.

n Privacy friendly location based services● How to provide a service that depends on the user's current

location, without revealing the actual, exact location?

n Privacy in asynchronous messaging● How to establish contact anonymously, and how to

subsequently exchange messages in an unlinkable fashion that prevents the service provider to learn who is communicating with who.

n Anonymous cryptocurrencies● How to make Bitcoin like cryptocurrencies privacy friendly.

n Secure multiparty computation● How to jointly compute the output of a function (e.g. some

aggregate statistic) without revealing the individual inputs.


8


Research

n analyse a particular practical case ● what are the privacy issues (from a societal and legal perspective) and

how are they dealt with

n give a precise and concise problem description● in technical terms: define your model; your assumpions

n investigate possible PETs that apply● summarise your analysis

n pick one and solve the problem (involves a protocol) ● describe this in sufficient detail!

n (informally) prove or argue correctness


9

06/02/2020

4


Student lecture

n Goal of lecture● to inform other students about your research

n Important● make lecture interactive

● add additional material

n Discuss draft● thursday 13:00-13:15 the week before, in my office

● mail slides etc. at least two day before


10


Student lecture: grading

Contentn Argumentation and Depth

● Whether your lecture provides a solid basis and backing of all statements and claims made, and whether it covers all important topics in sufficient detail.

n Intelligibility

● Whether the message comes across, whether your lecture connects to what your audience expects and understands, how well you explain certain topics.

n Comprehensiveness● Whether your lecture covers all important aspects,

and clearly separates important issues from secondary details. Equal attention should be paid to technical and legal/societal issues.

Form and performancen Structure

● Logical ordering of your lecture, the relationship between the topics.

n Attractiveness● Whether your lecture captivates the audience, your

use of supporting materials (e.g. powerpoint).

n Delivery● Level of engagement and contact with the audience,

your presence in front of the class, the liveliness and tone of your lecture

n Interaction● Level of interactivity, the way you respond to

questions.

n Language● Pronunciation, vocabulary, grammar.


11


Student paper

n Goal● Report on research

● Express own perspective and opinion on PETs

n Format● Roughly 12 pages (excluding references)

«A4, reasonable margins, 10-11 pt font

n Beware● Collect your own literature as well

● Use input obtained during presentation in class


12

06/02/2020

5


Student paper

n Typical structure● Context

● Problem description

«Including legal/social analysis ● Proposed solution

● Technical analysis

● Conclusions


13


Student paper: planning

n Average timespan● Literature study: 2 weeks

● Perform research: 2 weeks

● Write skeleton: 1 week

● Write final paper: 3 weeks

n Deadlines● April 23: Skeleton

● June 11: Final paper

n So start as soon as you can!


14


Student paper: grading

Contetn (Technical) quality

● Whether the paper shows an understanding of the (technical) issues involved. Correctness of all (technical) statements and claims.

n Analysis● Whether a proper argumentation is given, and

whether all main aspects of the topic are addressed, with proper regard of what are the main points and what are only secondary points. (This covers the criteria argumentation, depth and intelligibility, and comprehensiveness used for scoring the presentation.)

n Quality of references● Whether you found and cite all relevant literature.

Originality (finding relevant references yourself) is appreciated.

n Own opinion● Whether the paper clearly expresses and argues

your own opinion on the subject matter.

Formn Style

● Clarity of writing, objectiveness, linguistic quality (in terms of spelling and grammar).

n Structure● Logical structure of the paper, helping the reader

understand what he is about to read, giving the paper a natural flow.

n Attractiveness

● Formatting of the paper, including precise formatting of the bibliography.


15

06/02/2020

6


Working in groups

n Everyone responsible for all output● Review each others work!

n Work together, not seperately

n Plan your work

n Equally divide work● And make sure everyone delivers

● If not: notify me before everything escalates….


16


Remaining points

n Contribute to the wiki● http://wiki.science.ru.nl/privacy/


17

Privacy: an overview

2. Privacy: an overview

18


06/02/2020

7


Contents

n Privacy under threat● Government

● Business

● People

n What is privacy?

n The value of privacy● Individual liberty

● Social value

n How the law protects privacy

19


Government surveillance

9-2-2017 // Privacy: an overview 20

20


Fraud detection, policing


21

06/02/2020

8


Commercial surveillance


22

Jaap-Henk Hoepman // // Privacy: an overview 239-2-2017

23


Cambridge Analytica


https://www.theguardian.com/uk-news/cambridge-analytica

24

06/02/2020

9


They know things before you yourself do!

// Privacy: an overview 259-2-2017

25


They track you even in real shops


26


People…

n Online 24 hours/day

n Do many things over the Internet● Social networking

● Communications

● Reading

● Video

● Finance

● Maps

● Platforms (Airbnb, Uber)


27

06/02/2020

10

Jaap-Henk Hoepman // 9-2-2017 // Privacy: an overview

Privacy

what is privacy according to you?

28

28


Privacy typology (Koops et. al. 2017)

bodilyprivacy

spatialprivacy

communicationalprivacy

proprietaryprivacy

intellectualprivacy

decisionalprivacy

associationalprivacy

behavioralprivacy

(emphasis on)freedom from

"being let alone"

(emphasis on)freedom to

"self-development"

personal zone"solitude"

access

control

intimate zone"intimacy"

semi-private zone"secrecy"

public zone"inconspicuousness"

informational privacy


29


7 types of privacy

n privacy of ● the (physical) person,

● behaviour and action,

● personal communication,

● data and image,

● thoughts and feelings,

● location and space, and

● association (including group privacy).


Finn, R.L., Wright, D., and Friedewald, M.: Seven types of privacy. CPDP 2012Clarke, R.: Introduction to Dataveillance and Information Privacy, and Definitions of Terms, 1997

30

06/02/2020

11


Different definitons

n The right to be let alone● [Warren & Brandeis, 1890]

n Informational self-determination: The right to determine for yourself when, how and to what extend information about you is communicated to others● [Westin, 1967]

n The freedom from unreasonable constraints on the construction of one’s identity● [Agre, 1998]

n Contextual integrity: the right to prevent information to flow from one context to another ● [Nissenbaum, 2004]


31


Contextual integrity


[FIDIS project]

32


Don’t confuse these concepts!


securityprivacy

data protection

33

33

06/02/2020

12


Privacy invasions


Collect

Process

Disseminate

Invade/Use

IntrusionInterference

SurveillanceInterrogation

AggregationIdentificationInsecuritySecondary Use

Exclusion

Breach of confidentialityDisclosureExposureIncreased availability

BlackmailAppropriationDistortion

Based on: Daniel J. Solove,"A Taxonomy of Privacy" 2006.

34

34


Privacy

computing(1950-)

•searching becomes efficient•data kept forever

networking(1980-)

•datasharing becomes easy•data accessible on-line

“network effect”

35

35


Transfer

Different types of data/information

n Volunteered● What you reveal explicitly when asked

n Observed● What you reveal implicitly by your behaviour

n Inferred● What is derived from other data about you


[World Economic Forum Report Personal Data: The Emergence of a New Asset Class]

36

06/02/2020

13


Data vs Metadata

n Metadata (= Behavioural data)● Condensed (information rich, easy to process)

● More ”true” (judge a man not on what he says but on what he does)


37


Why is privacy important


38


“Privacy is essential forfreedom, democracy,psychological well-being, individualityand creativity”

Daniel J. Solove. “Understanding Privacy.” Harvard University Press, 2008.

39

39

06/02/2020

14


Moral basis for data protection

n prevention of information-based harm● Like guns, information may kill people

n prevention of informational inequality● The “market” of information

● Non-discrimination

n prevention of informational injustice● Spheres of privacy must be protected

n respect for moral autonomy.● People change


Hoven, Jeroen Van Den and Vermaas, Pieter E.(2007) 'Nano-Technology and Privacy: On ContinuousSurveillance Outside the Panopticon', Journal of Medicine and Philosophy, 32: 3, 283 — 297

40


Searching for the right metaphor

orwell / big brother chandler / little sister kafka / the trial

41

41


Of: the Matrix


42

06/02/2020

15


You’ve got nothing to hide


43


Have you!!??


44


I have nothing to hide....

n Everybody has something to be embarrassed about

n Assumes that the problem is data you want to hide● even “innocent” data can harm you

n Freedom of thought● That job offer looks interesting...● That woman looks “interesting”...

n No distinction between illegal (legal) vs disgraceful (moral) vs …: data is data

n What is the data used for: investigation, anti-terrorism, or …??● Function creep


Wrong assumption

The point is not that there is data thatis apriori “wrong” or illegal

(as seen by the “sender”)

The point is that “innocent” data can(later) be used wrongly

(by the current “receiver”)

Solove, Daniel J., “I’ve got nothing to hide" 2008.

45

45

06/02/2020

16


Beyond privacy: autonomy


46


The GDPR in 5 minutes

26-03-2018 // De blockhain 47

47


Applies when you process personal data?

n But also…● License plate● IP Address

● Likes● Tweets

● Search terms

3-5-2017 // Eight Privacy Design Strategies 48

n So…● Name● Social security number

● Email address

48

06/02/2020

17


Subject / controller / processor

26-03-2018 // De blockhain 49

Data subject Data controller Data processor

personal data

49


Data protection law (core principles)

n Legitimate Processing Grounds ● consent● necessity

n Data Subject Rights ● notification● access

● rectification

● object to profiling

n Data Protection Principles ● purpose limitation ● data minimisation

● duration of retention

● accuracy of the data

n Accountability● risk based-approach

● transparency of processing● data protection by design

● data protection impact assessment

11-2-2016 // Privacy Enhancing Technologies 50

50

Jaap-Henk Hoepman // 26-03-2018 // De blockhain 51

51

06/02/2020

18

Jaap-Henk Hoepman // 9-2-2017 // Privacy: an overview 52

52


Resources

n Websites● http://wiki.science.ru.nl/privacy/● https://www.eff.org/

● https://www.bof.nl

n Books● Agre & Rotenberg: Technology and Privacy: The New Landscape, MIT Press,

1998

● Ilija Trojanow, Juli Zeh “Aanslag op de vrijheid”, de Geus,2010

● Daniel J Solove "Understanding Privacy", Harvard University Press, 2008. ● Bart de Koning "Alles onder controle", Uitgeverij Balans, 2008.


53


Questions / discussie


twitter: @xotoxot8 www.cs.ru.nl/~jhh* [email protected] 8 blog.xot.nl

[Monty Python’s Argument Clinic sketch]

54


https://www.bof.nl/

1-introductionjhh/secsem/slides/1-introduction.pdf · 06/02/2020 4 jaap-henk hoepman // student...

Documents