Thursday, June 10, 2010

Canada, Check Your Privacy Settings [notes] #ncwk

Canada, Check Your Privacy Settings
Ann Cavoukian IPC
Ronald Deibert
Mod Jesse Hirsh

Ann Cavoukian
Need to get rid of zero sum game notion: functionality verus privacy is a bad news game.
Privacy relates to personally identifiable identifiers (PII) name address, social insrance number
Open access – re public information, non-PII.
Fundamental essence is that user controls PII. User in control. For non-PII, there should be little if any control.
State censorship the antithesis of privacy.
Human condition thrives on freedom.
Informational Self-Determination. Individual determines the fate of their information. Germany a world leader.
Privacy does not equal security.
Can have strong security without privacy.
You must have both.
Privacy is the first to go out the window e.g. 9/11.
We need to change the paradigm.
Need to prevent harms. Must prevent data breaches.
Change paradigm from zero-sum to positive sum, win-win.
Privacy must be embedded into the design of a system.
Add-on does not work as well as intrinsic methods.
End-to-end lifecycle protection – data destruction.
Respect for individuals.

Tracking Ghostnet
Shadows in the Cloud

Victims of cyber espionage dozens of governments media, UN, Deloitte, Associated Press
Advanced social engineering using email – Well written, real details malicious attachments /payload
One of the computers compromised was an antivirus service in Taiwan.

Indian govt compromised – 700 documents recovered that had been stolen. e.g. Armed Forces. Defense contract information.

Ghostnet and Shadows a disturbing arms race in cyberspace.
Disturbing geopolitical competition. Domain that is carved up, colonized and militarized.

  1. Global Treaty of Cyberspace needed. Because the web is a valuable commons.

  2. Global Monitoring and Early Warning System International Information sharing Mechanisms.

  3. Support Cyberspace Openness

European Privacy leadership and FTC and FCC leaders are embracing privacy by design.
Younger generations value privacy as much as older.
R. Deibert discusses ethical and legal framework of University and Canada. Citizenlab workers risk being declared spies by other countries.
Anything you put out, be mindful -- it could end up anywhere, without control.
Cloud computing/social network data does exist on real servers which may exist in jurisdictions where privacy legislation is different than here.
Many parts of the world there is no oversight, e.g. anonymous web surfing service hands over data to a research lab's request.
Smartgrid – will have privacy-by-design embedded in its development.

R. Deibert laments metamorphsois of word hacking. Hacking was originally about tinkering, not lawlessness. #hacktivism Now we have a litigious culture of fear. e.g. Don't open this digital lock, have a lawyer with you when you read your EULA.

Question re emerging models of Electronic Health Records. Cavoukian Answer – Ontario is tied for last, at the bottom, with Nunavut, for EHR use. Cavoukian wants EHRs with privacy, the positive sum game. Says this as a patient who has had procedures. Cavoukian contacted Telus re HealthSpace, wanted to test it.

Q: The power government and capital have in benefiting from a lack of privacy.
A. Cavoukian and others influenced Google to make default gmail account secure.
Biometric encryption – there is no representation of your actual biometric – in Netherlands and Israel.

Cavoukian to @cavoukian: “Have the guts to put your own name on it . . . Appalling.”

No comments: