SlideShare una empresa de Scribd logo
1 de 25
Overview
1. Challenges to privacy
1. Technological development
2. Market failure
3. Authorised access
2. Designing for privacy
3. Shaping technologies for the public good
Kelvinsong/Wikimedia
Loic Le Meur
Moore’s law
Gordon Moore (1964) Image courtesy
of Computer History Museum
Google Research (2011)
Market failures
 Information asymmetry – data gathered
ubiquitously and invisibly in a way few
understand
 Privacy policies unreadable and difficult to verify/enforce
 Most individuals bad at immediate benefit v
deferred, uncertain cost decisions
 Privacy risks are highly probabilistic, cumulative, and difficult to
calculate
 Information industries highly concentrated
Brown (2014)
Insider threats
Information required Price paid to ‘blagger’ Price charged
Occupant search not known £17.50
Telephone reverse trace £40 £75
Friends and Family £60 – £80 not known
Vehicle check at DVLA £70 £150 – £200
Criminal records check not known £500
Locating a named person not known £60
Ex-directory search £40 £65 – £75
Mobile phone account not known £750
Licence check not known £250
“What price privacy?”, Information Commissioner’s Office (2006)
Overview
1. Challenges to privacy
2. Designing for privacy
1. Principles
2. Targeted advertising
3. Smart meters
4. Congestion charging
5. Privacy-protective robots
3. Shaping technologies for the public good
Designing for privacy
 Data minimisation key: is your
personal data really necessary?
Limit & decentralise personal data
collection, storage, access and
usage – enforced using
cryptography
 Protects against hackers, corrupt
insiders, and function creep
 Users should also be notified and
consent to the processing of data –
easy-to-use interfaces are critical.
What are defaults?
Jedrzejczyk et al. (2010)
Location-based services
 Can we use features of
mobile phone networks to
supply anonymous,
targeted adverts?
Haddadi, Hui, Henderson and Brown (2011)
Privacy-friendly smart meters
Rial and Danezis (2011)
Source: Balasch et al. (2010) p.3
Congestion pricing
Privacy-protective robots
 Video
http://youtu.be/nNbj2G3G
mAo
Overview
1. Challenges to privacy
2. Designing for privacy
3. Shaping technologies for the public good
1. Defining the public good
2. Limits on government surveillance
3. The General Data Protection Regulation
4. Encouraging competition
EU data privacy concerns
Source: Eurobarometer
#225 Data Protection in
the EU, Feb. 2008 p.8
Constitutional protections
ECHR, 1950
Reaffirming their profound belief in
those fundamental freedoms which
are the foundation of justice and
peace in the world…
§8 Everyone has the right to respect
for his private and family life, his home
and his correspondence
§9 Everyone has the right to freedom
of thought, conscience and religion
§10 Everyone has the right to freedom
of expression
§11 Everyone has the right to freedom
of peaceful assembly and to freedom
of association with others
US Bill of Rights, ratified 1791
…extending the ground of public
confidence in the Government, will
best insure the beneficent ends of its
institution…
I: Congress shall make no law
respecting an establishment of
religion, or prohibiting the free
exercise thereof; or abridging the
freedom of speech, or of the press; or
the right of the people peaceably to
assemble
IV: The right of the people to be
secure in their persons, houses,
papers, and effects, against
unreasonable searches and seizures,
shall not be violated
Bulk vs. targeted surveillance
 President Obama’s NSA Review Panel :
"Although we might be safer if the government had ready access to a
massive storehouse of information about every detail of our lives, the impact
of such a program on the quality of life and on individual freedom would
simply be too great… We recommend that the US Government should
examine the feasibility of creating software that would allow the National
Security Agency and other intelligence agencies more easily to conduct
targeted information acquisition rather than bulk-data collection.”
 Deputy Prime Minister, 4 Mar 2014 :
“[O]ur current framework assumes that the collection of bulk data is
uncontroversial as long as arrangements for accessing it are suitably
stringent. I don‟t accept that... [S]trong access controls are vital to prevent
employees from going on „fishing expeditions‟ once a store of data exists.
But the case for collection itself has to be made, not assumed.”
GDPR Art. 23 Data protection by
design and by default
1. …the controller… shall…implement appropriate and proportionate technical
and organisational measures and procedures in such a way that the
processing will meet the requirements of this Regulation and ensure the
protection of the rights of the data subject… data protection by design shall
be a prerequisite for public procurement tenders… [and] procurement by
entities operating in the water, energy, transport and postal services sector
2. The controller shall ensure that, by default, only those personal data are
processed which are necessary for each specific purpose of the processing
and are especially not collected, retained or disseminated beyond the
minimum necessary for those purposes, both in terms of the amount of the
data and the time of their storage. In particular, those mechanisms shall
ensure that by default personal data are not made accessible to an
indefinite number of individuals and that data subjects are able to control
the distribution of their personal data.
See Korff & Brown (2010)
Interoperability requirements
 Data portability may reduce
switching costs, but network effects
will still act as a barrier to entry
 Vertical integration could limit
consumer choice
 To minimise network barriers,
competition authorities could
impose ex ante interoperability
requirements:
 upon dominant social utilities
 between vertically integrated
value chains
Conclusion
 Technology developments can have a significant social
impact – societies can shape the values technologies
embed if they wish (Brown, Clark & Trossen 2010)
 Privacy-protective technologies have been developed
for a range of applications – how do we persuade
companies and governments to use them?
 These are questions not just for computer scientists, but
also lawyers, economists, sociologists – and citizens and
their representatives
References
J. Balasch, A. Rial, C. Troncoso, C. Geuens, B.
Preneel, and I. Verbauwhede (2010) PrETP:
Privacy-Preserving Electronic Toll Pricing, In
Proceedings of the 19th Usenix Security
Symposium, pp. 63-78
I. Brown (2014) The economics of privacy, data
protection and surveillance. In J.M. Bauer and
M. Latzer (eds.) Research Handbook on the
Economics of the Internet. Cheltenham: Edward
Elgar
I. Brown, D. Clark and D. Trossen (2010) Should
Specific Values Be Embedded In The Internet
Architecture? Re-Architecting the Internet
I. Brown and C. Marsden (2013) Regulating
Code: Good Governance and Better
Regulation in the Information Age. Cambridge,
MA: MIT Press.
I. Brown, C. Buckley and D. Harris (2014) Data
Protection: Redress mechanisms and their use in
the UK. EU Fundamental Rights Agency
L. Jedrzejczyk, B. A. Price, A. K. Bandara and B.
Nuseibeh (2010) On The Impact of Real-Time
Feedback on Users’ Behaviour in Mobile
Location-Sharing Applications, Symposium on
Usable Privacy and Security, Redmond
H. Haddadi, P. Hui and I. Brown (2010) MobiAd:
Private and Scalable Mobile Advertising, ACM
International Workshop on Mobility in the
Evolving Internet Architecture, Chicago)
D. Korff and I. Brown (2010) New Challenges to
Data Protection. European Commission DG
Freedom, Security and Justice.
A. McDonald and L.F. Cranor (2008) The Cost of
Reading Privacy Policies. I/S 4 p.543

Más contenido relacionado

La actualidad más candente

Wikileaks freedom of speech on the internet
Wikileaks freedom of speech on the internetWikileaks freedom of speech on the internet
Wikileaks freedom of speech on the internetVincy
 
An Overview of the Battle for the Control of the Internet
An Overview of the Battle for the Control of the InternetAn Overview of the Battle for the Control of the Internet
An Overview of the Battle for the Control of the InternetDibussi Tande
 
Social media impact on freedom of expression and privacy
Social media impact on freedom of expression and privacySocial media impact on freedom of expression and privacy
Social media impact on freedom of expression and privacyYasmin AbdelAziz
 
An Exploratory Study on Mechanisms in Place to Combat Hacking In South Africa...
An Exploratory Study on Mechanisms in Place to Combat Hacking In South Africa...An Exploratory Study on Mechanisms in Place to Combat Hacking In South Africa...
An Exploratory Study on Mechanisms in Place to Combat Hacking In South Africa...AJHSSR Journal
 
Trusted government access to private sector data
Trusted government access to private sector dataTrusted government access to private sector data
Trusted government access to private sector datablogzilla
 
Privacy and data protection in the realm of Internet Governance by Santosh Si...
Privacy and data protection in the realm of Internet Governance by Santosh Si...Privacy and data protection in the realm of Internet Governance by Santosh Si...
Privacy and data protection in the realm of Internet Governance by Santosh Si...Santosh Sigdel
 
ID IGF 2016 - Hukum 3 - Mewujudkan Kedaulatan dan Ketahanan Siber
ID IGF 2016 - Hukum 3 - Mewujudkan Kedaulatan dan Ketahanan SiberID IGF 2016 - Hukum 3 - Mewujudkan Kedaulatan dan Ketahanan Siber
ID IGF 2016 - Hukum 3 - Mewujudkan Kedaulatan dan Ketahanan SiberIGF Indonesia
 
Legal Aspect of the Cloud by Giuseppe Vaciago
Legal Aspect of the Cloud by Giuseppe VaciagoLegal Aspect of the Cloud by Giuseppe Vaciago
Legal Aspect of the Cloud by Giuseppe VaciagoTech and Law Center
 
Investigating cybercrime at the United Nations
Investigating cybercrime at the United NationsInvestigating cybercrime at the United Nations
Investigating cybercrime at the United Nationsblogzilla
 
Contract for the web
Contract for the webContract for the web
Contract for the webMassa Critica
 
The Human Right to Privacy in the Digital Age
The Human Right to Privacy in the Digital Age The Human Right to Privacy in the Digital Age
The Human Right to Privacy in the Digital Age - Mark - Fullbright
 
The Promotion of Access to Information Act for South African Journalists
The Promotion of Access to Information Act for South African JournalistsThe Promotion of Access to Information Act for South African Journalists
The Promotion of Access to Information Act for South African JournalistsGabriella Razzano
 
Introduction to Information Policy
Introduction to Information PolicyIntroduction to Information Policy
Introduction to Information PolicyNiamh Headon
 

La actualidad más candente (19)

Internet governance
Internet governanceInternet governance
Internet governance
 
Wikileaks freedom of speech on the internet
Wikileaks freedom of speech on the internetWikileaks freedom of speech on the internet
Wikileaks freedom of speech on the internet
 
Mobile privacy in Zambia
Mobile privacy in ZambiaMobile privacy in Zambia
Mobile privacy in Zambia
 
cybercrime landscape for moldova
cybercrime landscape for moldovacybercrime landscape for moldova
cybercrime landscape for moldova
 
An Overview of the Battle for the Control of the Internet
An Overview of the Battle for the Control of the InternetAn Overview of the Battle for the Control of the Internet
An Overview of the Battle for the Control of the Internet
 
Social media impact on freedom of expression and privacy
Social media impact on freedom of expression and privacySocial media impact on freedom of expression and privacy
Social media impact on freedom of expression and privacy
 
An Exploratory Study on Mechanisms in Place to Combat Hacking In South Africa...
An Exploratory Study on Mechanisms in Place to Combat Hacking In South Africa...An Exploratory Study on Mechanisms in Place to Combat Hacking In South Africa...
An Exploratory Study on Mechanisms in Place to Combat Hacking In South Africa...
 
Trusted government access to private sector data
Trusted government access to private sector dataTrusted government access to private sector data
Trusted government access to private sector data
 
Privacy and data protection in the realm of Internet Governance by Santosh Si...
Privacy and data protection in the realm of Internet Governance by Santosh Si...Privacy and data protection in the realm of Internet Governance by Santosh Si...
Privacy and data protection in the realm of Internet Governance by Santosh Si...
 
ID IGF 2016 - Hukum 3 - Mewujudkan Kedaulatan dan Ketahanan Siber
ID IGF 2016 - Hukum 3 - Mewujudkan Kedaulatan dan Ketahanan SiberID IGF 2016 - Hukum 3 - Mewujudkan Kedaulatan dan Ketahanan Siber
ID IGF 2016 - Hukum 3 - Mewujudkan Kedaulatan dan Ketahanan Siber
 
Finding balance in the age of open data
Finding balance in the age of open dataFinding balance in the age of open data
Finding balance in the age of open data
 
Hannes astok data protection agency
Hannes astok data protection agencyHannes astok data protection agency
Hannes astok data protection agency
 
Legal Aspect of the Cloud by Giuseppe Vaciago
Legal Aspect of the Cloud by Giuseppe VaciagoLegal Aspect of the Cloud by Giuseppe Vaciago
Legal Aspect of the Cloud by Giuseppe Vaciago
 
Investigating cybercrime at the United Nations
Investigating cybercrime at the United NationsInvestigating cybercrime at the United Nations
Investigating cybercrime at the United Nations
 
Contract for the web
Contract for the webContract for the web
Contract for the web
 
The Human Right to Privacy in the Digital Age
The Human Right to Privacy in the Digital Age The Human Right to Privacy in the Digital Age
The Human Right to Privacy in the Digital Age
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
The Promotion of Access to Information Act for South African Journalists
The Promotion of Access to Information Act for South African JournalistsThe Promotion of Access to Information Act for South African Journalists
The Promotion of Access to Information Act for South African Journalists
 
Introduction to Information Policy
Introduction to Information PolicyIntroduction to Information Policy
Introduction to Information Policy
 

Similar a Keeping our secrets? Shaping Internet technologies for the public good

Data science and privacy regulation
Data science and privacy regulationData science and privacy regulation
Data science and privacy regulationblogzilla
 
Lesson4-Privacy and Data Protection.pptx
Lesson4-Privacy and Data Protection.pptxLesson4-Privacy and Data Protection.pptx
Lesson4-Privacy and Data Protection.pptxadnis1
 
Privacy impact assessment
Privacy impact assessmentPrivacy impact assessment
Privacy impact assessmentSpringer
 
Introduction privacy and drones130902.pptx (alleen lezen)
Introduction privacy and drones130902.pptx (alleen lezen)Introduction privacy and drones130902.pptx (alleen lezen)
Introduction privacy and drones130902.pptx (alleen lezen)schermerbw
 
Urgensi Perlindungan Data Pribadi Menuju ASEAN Community 2015
Urgensi Perlindungan Data Pribadi Menuju ASEAN Community 2015Urgensi Perlindungan Data Pribadi Menuju ASEAN Community 2015
Urgensi Perlindungan Data Pribadi Menuju ASEAN Community 2015ICT Watch
 
Monitoring and controlling the Internet
Monitoring and controlling the InternetMonitoring and controlling the Internet
Monitoring and controlling the Internetblogzilla
 
Christopher Millard Legally Compliant Use Of Personal Data In E Social Science
Christopher Millard   Legally Compliant Use Of Personal Data In E Social ScienceChristopher Millard   Legally Compliant Use Of Personal Data In E Social Science
Christopher Millard Legally Compliant Use Of Personal Data In E Social ScienceChristopher Millard
 
data privacy in digital technology .pptx
data privacy in digital technology  .pptxdata privacy in digital technology  .pptx
data privacy in digital technology .pptxafruafrid5
 
Eu cybersecurity strategy 130207
Eu cybersecurity strategy 130207Eu cybersecurity strategy 130207
Eu cybersecurity strategy 130207Yury Chemerkin
 
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxhttpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxadampcarr67227
 
Privacy, human rights and Location Based Services
Privacy, human rights and Location Based ServicesPrivacy, human rights and Location Based Services
Privacy, human rights and Location Based Servicesblogzilla
 
Ubicomp challenges for privacy law
Ubicomp challenges for privacy lawUbicomp challenges for privacy law
Ubicomp challenges for privacy lawblogzilla
 
Outline D
Outline DOutline D
Outline Dbutest
 
Data protection act
Data protection act Data protection act
Data protection act Iqbal Bocus
 

Similar a Keeping our secrets? Shaping Internet technologies for the public good (20)

Data science and privacy regulation
Data science and privacy regulationData science and privacy regulation
Data science and privacy regulation
 
Lesson4-Privacy and Data Protection.pptx
Lesson4-Privacy and Data Protection.pptxLesson4-Privacy and Data Protection.pptx
Lesson4-Privacy and Data Protection.pptx
 
Privacy impact assessment
Privacy impact assessmentPrivacy impact assessment
Privacy impact assessment
 
Introduction privacy and drones130902.pptx (alleen lezen)
Introduction privacy and drones130902.pptx (alleen lezen)Introduction privacy and drones130902.pptx (alleen lezen)
Introduction privacy and drones130902.pptx (alleen lezen)
 
Urgensi Perlindungan Data Pribadi Menuju ASEAN Community 2015
Urgensi Perlindungan Data Pribadi Menuju ASEAN Community 2015Urgensi Perlindungan Data Pribadi Menuju ASEAN Community 2015
Urgensi Perlindungan Data Pribadi Menuju ASEAN Community 2015
 
Monitoring and controlling the Internet
Monitoring and controlling the InternetMonitoring and controlling the Internet
Monitoring and controlling the Internet
 
Christopher Millard Legally Compliant Use Of Personal Data In E Social Science
Christopher Millard   Legally Compliant Use Of Personal Data In E Social ScienceChristopher Millard   Legally Compliant Use Of Personal Data In E Social Science
Christopher Millard Legally Compliant Use Of Personal Data In E Social Science
 
data privacy in digital technology .pptx
data privacy in digital technology  .pptxdata privacy in digital technology  .pptx
data privacy in digital technology .pptx
 
Privacy in the Modern World. thesis Leiden University
Privacy in the Modern World. thesis Leiden UniversityPrivacy in the Modern World. thesis Leiden University
Privacy in the Modern World. thesis Leiden University
 
Privacy in the developing world
Privacy in the developing worldPrivacy in the developing world
Privacy in the developing world
 
Eu cybersecurity strategy 130207
Eu cybersecurity strategy 130207Eu cybersecurity strategy 130207
Eu cybersecurity strategy 130207
 
IT and Internet Law
IT and Internet LawIT and Internet Law
IT and Internet Law
 
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxhttpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
 
Privacy, human rights and Location Based Services
Privacy, human rights and Location Based ServicesPrivacy, human rights and Location Based Services
Privacy, human rights and Location Based Services
 
Ubicomp challenges for privacy law
Ubicomp challenges for privacy lawUbicomp challenges for privacy law
Ubicomp challenges for privacy law
 
Journal #1
Journal #1 Journal #1
Journal #1
 
Outline D
Outline DOutline D
Outline D
 
Data protection act
Data protection act Data protection act
Data protection act
 
PC213.L3.pdf
PC213.L3.pdfPC213.L3.pdf
PC213.L3.pdf
 
Cie 2 cyber law
Cie 2  cyber lawCie 2  cyber law
Cie 2 cyber law
 

Más de blogzilla

Interoperability for SNS competition
Interoperability for SNS competitionInteroperability for SNS competition
Interoperability for SNS competitionblogzilla
 
Transatlantic data flows following the Schrems II judgment
Transatlantic data flows following the Schrems II judgmentTransatlantic data flows following the Schrems II judgment
Transatlantic data flows following the Schrems II judgmentblogzilla
 
Lessons for interoperability remedies from UK Open Banking
Lessons for interoperability remedies from UK Open BankingLessons for interoperability remedies from UK Open Banking
Lessons for interoperability remedies from UK Open Bankingblogzilla
 
Covid exposure apps in England and Wales
Covid exposure apps in England and WalesCovid exposure apps in England and Wales
Covid exposure apps in England and Walesblogzilla
 
Key issues in data protection policy
Key issues in data protection policyKey issues in data protection policy
Key issues in data protection policyblogzilla
 
Interoperability in the Digital Services Act
Interoperability in the Digital Services ActInteroperability in the Digital Services Act
Interoperability in the Digital Services Actblogzilla
 
Making effective policy use of academic expertise
Making effective policy use of academic expertiseMaking effective policy use of academic expertise
Making effective policy use of academic expertiseblogzilla
 
Introduction to Cybersecurity for Elections
Introduction to Cybersecurity for ElectionsIntroduction to Cybersecurity for Elections
Introduction to Cybersecurity for Electionsblogzilla
 
Cyber Essentials for Managers
Cyber Essentials for ManagersCyber Essentials for Managers
Cyber Essentials for Managersblogzilla
 
Privacy and Data Protection in South Africa
Privacy and Data Protection in South AfricaPrivacy and Data Protection in South Africa
Privacy and Data Protection in South Africablogzilla
 
Human rights and the future of surveillance - Lord Anderson QC
Human rights and the future of surveillance - Lord Anderson QCHuman rights and the future of surveillance - Lord Anderson QC
Human rights and the future of surveillance - Lord Anderson QCblogzilla
 
Regulation and the Internet of Things
Regulation and the Internet of ThingsRegulation and the Internet of Things
Regulation and the Internet of Thingsblogzilla
 
Global Cyber Security Capacity Centre
Global Cyber Security Capacity CentreGlobal Cyber Security Capacity Centre
Global Cyber Security Capacity Centreblogzilla
 
Trust in the Cloud
Trust in the CloudTrust in the Cloud
Trust in the Cloudblogzilla
 
Can the law control Digital Leviathan?
Can the law control Digital Leviathan?Can the law control Digital Leviathan?
Can the law control Digital Leviathan?blogzilla
 
Regulating code
Regulating codeRegulating code
Regulating codeblogzilla
 
Data protection redress in the UK
Data protection redress in the UKData protection redress in the UK
Data protection redress in the UKblogzilla
 
Digital freedoms in international law
Digital freedoms in international lawDigital freedoms in international law
Digital freedoms in international lawblogzilla
 
Exceptions & Limitations in Copyright or Systemic Overhaul?
Exceptions & Limitations in Copyright or Systemic Overhaul?Exceptions & Limitations in Copyright or Systemic Overhaul?
Exceptions & Limitations in Copyright or Systemic Overhaul?blogzilla
 
Internet freedom: a comparative assessment
Internet freedom: a comparative assessmentInternet freedom: a comparative assessment
Internet freedom: a comparative assessmentblogzilla
 

Más de blogzilla (20)

Interoperability for SNS competition
Interoperability for SNS competitionInteroperability for SNS competition
Interoperability for SNS competition
 
Transatlantic data flows following the Schrems II judgment
Transatlantic data flows following the Schrems II judgmentTransatlantic data flows following the Schrems II judgment
Transatlantic data flows following the Schrems II judgment
 
Lessons for interoperability remedies from UK Open Banking
Lessons for interoperability remedies from UK Open BankingLessons for interoperability remedies from UK Open Banking
Lessons for interoperability remedies from UK Open Banking
 
Covid exposure apps in England and Wales
Covid exposure apps in England and WalesCovid exposure apps in England and Wales
Covid exposure apps in England and Wales
 
Key issues in data protection policy
Key issues in data protection policyKey issues in data protection policy
Key issues in data protection policy
 
Interoperability in the Digital Services Act
Interoperability in the Digital Services ActInteroperability in the Digital Services Act
Interoperability in the Digital Services Act
 
Making effective policy use of academic expertise
Making effective policy use of academic expertiseMaking effective policy use of academic expertise
Making effective policy use of academic expertise
 
Introduction to Cybersecurity for Elections
Introduction to Cybersecurity for ElectionsIntroduction to Cybersecurity for Elections
Introduction to Cybersecurity for Elections
 
Cyber Essentials for Managers
Cyber Essentials for ManagersCyber Essentials for Managers
Cyber Essentials for Managers
 
Privacy and Data Protection in South Africa
Privacy and Data Protection in South AfricaPrivacy and Data Protection in South Africa
Privacy and Data Protection in South Africa
 
Human rights and the future of surveillance - Lord Anderson QC
Human rights and the future of surveillance - Lord Anderson QCHuman rights and the future of surveillance - Lord Anderson QC
Human rights and the future of surveillance - Lord Anderson QC
 
Regulation and the Internet of Things
Regulation and the Internet of ThingsRegulation and the Internet of Things
Regulation and the Internet of Things
 
Global Cyber Security Capacity Centre
Global Cyber Security Capacity CentreGlobal Cyber Security Capacity Centre
Global Cyber Security Capacity Centre
 
Trust in the Cloud
Trust in the CloudTrust in the Cloud
Trust in the Cloud
 
Can the law control Digital Leviathan?
Can the law control Digital Leviathan?Can the law control Digital Leviathan?
Can the law control Digital Leviathan?
 
Regulating code
Regulating codeRegulating code
Regulating code
 
Data protection redress in the UK
Data protection redress in the UKData protection redress in the UK
Data protection redress in the UK
 
Digital freedoms in international law
Digital freedoms in international lawDigital freedoms in international law
Digital freedoms in international law
 
Exceptions & Limitations in Copyright or Systemic Overhaul?
Exceptions & Limitations in Copyright or Systemic Overhaul?Exceptions & Limitations in Copyright or Systemic Overhaul?
Exceptions & Limitations in Copyright or Systemic Overhaul?
 
Internet freedom: a comparative assessment
Internet freedom: a comparative assessmentInternet freedom: a comparative assessment
Internet freedom: a comparative assessment
 

Último

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
🐬 The future of MySQL is Postgres 🐘
🐬  The future of MySQL is Postgres   🐘🐬  The future of MySQL is Postgres   🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 

Último (20)

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
🐬 The future of MySQL is Postgres 🐘
🐬  The future of MySQL is Postgres   🐘🐬  The future of MySQL is Postgres   🐘
🐬 The future of MySQL is Postgres 🐘
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 

Keeping our secrets? Shaping Internet technologies for the public good

  • 1.
  • 2. Overview 1. Challenges to privacy 1. Technological development 2. Market failure 3. Authorised access 2. Designing for privacy 3. Shaping technologies for the public good
  • 3.
  • 4.
  • 5.
  • 8. Moore’s law Gordon Moore (1964) Image courtesy of Computer History Museum Google Research (2011)
  • 9. Market failures  Information asymmetry – data gathered ubiquitously and invisibly in a way few understand  Privacy policies unreadable and difficult to verify/enforce  Most individuals bad at immediate benefit v deferred, uncertain cost decisions  Privacy risks are highly probabilistic, cumulative, and difficult to calculate  Information industries highly concentrated Brown (2014)
  • 10. Insider threats Information required Price paid to ‘blagger’ Price charged Occupant search not known £17.50 Telephone reverse trace £40 £75 Friends and Family £60 – £80 not known Vehicle check at DVLA £70 £150 – £200 Criminal records check not known £500 Locating a named person not known £60 Ex-directory search £40 £65 – £75 Mobile phone account not known £750 Licence check not known £250 “What price privacy?”, Information Commissioner’s Office (2006)
  • 11.
  • 12. Overview 1. Challenges to privacy 2. Designing for privacy 1. Principles 2. Targeted advertising 3. Smart meters 4. Congestion charging 5. Privacy-protective robots 3. Shaping technologies for the public good
  • 13. Designing for privacy  Data minimisation key: is your personal data really necessary? Limit & decentralise personal data collection, storage, access and usage – enforced using cryptography  Protects against hackers, corrupt insiders, and function creep  Users should also be notified and consent to the processing of data – easy-to-use interfaces are critical. What are defaults? Jedrzejczyk et al. (2010)
  • 14. Location-based services  Can we use features of mobile phone networks to supply anonymous, targeted adverts? Haddadi, Hui, Henderson and Brown (2011)
  • 16. Source: Balasch et al. (2010) p.3 Congestion pricing
  • 18. Overview 1. Challenges to privacy 2. Designing for privacy 3. Shaping technologies for the public good 1. Defining the public good 2. Limits on government surveillance 3. The General Data Protection Regulation 4. Encouraging competition
  • 19. EU data privacy concerns Source: Eurobarometer #225 Data Protection in the EU, Feb. 2008 p.8
  • 20. Constitutional protections ECHR, 1950 Reaffirming their profound belief in those fundamental freedoms which are the foundation of justice and peace in the world… §8 Everyone has the right to respect for his private and family life, his home and his correspondence §9 Everyone has the right to freedom of thought, conscience and religion §10 Everyone has the right to freedom of expression §11 Everyone has the right to freedom of peaceful assembly and to freedom of association with others US Bill of Rights, ratified 1791 …extending the ground of public confidence in the Government, will best insure the beneficent ends of its institution… I: Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble IV: The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated
  • 21. Bulk vs. targeted surveillance  President Obama’s NSA Review Panel : "Although we might be safer if the government had ready access to a massive storehouse of information about every detail of our lives, the impact of such a program on the quality of life and on individual freedom would simply be too great… We recommend that the US Government should examine the feasibility of creating software that would allow the National Security Agency and other intelligence agencies more easily to conduct targeted information acquisition rather than bulk-data collection.”  Deputy Prime Minister, 4 Mar 2014 : “[O]ur current framework assumes that the collection of bulk data is uncontroversial as long as arrangements for accessing it are suitably stringent. I don‟t accept that... [S]trong access controls are vital to prevent employees from going on „fishing expeditions‟ once a store of data exists. But the case for collection itself has to be made, not assumed.”
  • 22. GDPR Art. 23 Data protection by design and by default 1. …the controller… shall…implement appropriate and proportionate technical and organisational measures and procedures in such a way that the processing will meet the requirements of this Regulation and ensure the protection of the rights of the data subject… data protection by design shall be a prerequisite for public procurement tenders… [and] procurement by entities operating in the water, energy, transport and postal services sector 2. The controller shall ensure that, by default, only those personal data are processed which are necessary for each specific purpose of the processing and are especially not collected, retained or disseminated beyond the minimum necessary for those purposes, both in terms of the amount of the data and the time of their storage. In particular, those mechanisms shall ensure that by default personal data are not made accessible to an indefinite number of individuals and that data subjects are able to control the distribution of their personal data. See Korff & Brown (2010)
  • 23. Interoperability requirements  Data portability may reduce switching costs, but network effects will still act as a barrier to entry  Vertical integration could limit consumer choice  To minimise network barriers, competition authorities could impose ex ante interoperability requirements:  upon dominant social utilities  between vertically integrated value chains
  • 24. Conclusion  Technology developments can have a significant social impact – societies can shape the values technologies embed if they wish (Brown, Clark & Trossen 2010)  Privacy-protective technologies have been developed for a range of applications – how do we persuade companies and governments to use them?  These are questions not just for computer scientists, but also lawyers, economists, sociologists – and citizens and their representatives
  • 25. References J. Balasch, A. Rial, C. Troncoso, C. Geuens, B. Preneel, and I. Verbauwhede (2010) PrETP: Privacy-Preserving Electronic Toll Pricing, In Proceedings of the 19th Usenix Security Symposium, pp. 63-78 I. Brown (2014) The economics of privacy, data protection and surveillance. In J.M. Bauer and M. Latzer (eds.) Research Handbook on the Economics of the Internet. Cheltenham: Edward Elgar I. Brown, D. Clark and D. Trossen (2010) Should Specific Values Be Embedded In The Internet Architecture? Re-Architecting the Internet I. Brown and C. Marsden (2013) Regulating Code: Good Governance and Better Regulation in the Information Age. Cambridge, MA: MIT Press. I. Brown, C. Buckley and D. Harris (2014) Data Protection: Redress mechanisms and their use in the UK. EU Fundamental Rights Agency L. Jedrzejczyk, B. A. Price, A. K. Bandara and B. Nuseibeh (2010) On The Impact of Real-Time Feedback on Users’ Behaviour in Mobile Location-Sharing Applications, Symposium on Usable Privacy and Security, Redmond H. Haddadi, P. Hui and I. Brown (2010) MobiAd: Private and Scalable Mobile Advertising, ACM International Workshop on Mobility in the Evolving Internet Architecture, Chicago) D. Korff and I. Brown (2010) New Challenges to Data Protection. European Commission DG Freedom, Security and Justice. A. McDonald and L.F. Cranor (2008) The Cost of Reading Privacy Policies. I/S 4 p.543

Notas del editor

  1. “Living with Google Glass – not quite useful enough to overcome the dork-factor” http://www.computerweekly.com/opinion/Living-with-Google-Glass-not-quite-useful-enough-to-overcome-the-dork-factor
  2. http://www.computerhistory.org/semiconductor/timeline/1965-Moore.htmlhttp://googleresearch.blogspot.co.uk/2013/11/moores-law-part-1-brief-history-of.html
  3. Imposes cost of future invasive advertising
  4. http://research.microsoft.com/en-us/projects/privacy_in_metering/mainwpes.pdf
  5. http://www.docstoc.com/docs/88760415/PrETP-Privacy-Preserving-Electronic-Toll-Pricing
  6. https://www.gov.uk/government/speeches/security-and-privacy-in-the-internet-age
  7. http://www.pewinternet.org/2013/12/30/social-media-update-2013/http://gs.statcounter.com/#search_engine-eu-monthly-201301-201401http://www.mvfglobal.com/europe