This talk focuses on the problems of managing privacy on the Internet. It continues by presenting an alternative to how information is managed, a method that not only helps protect privacy on the Internet, it also provides a mechanism to define and control ownership of information. This naturally leads to a method to define the value of information. The presentation ends with a short analysis on the security implications of this new architecture.
3. What is privacy?
A fundamental human right:
The right to have confidential conversations.
The ability to select with whom we communicate.
Protection against unwarranted monitoring or
searches.
4. Does privacy extend to the IoT?
Who can communicate with devices around you,
and about what?
Do you want uninvited to know:
When you’re home?
If you’re in the shower?
What places you visit?
Your health status?
Or be able to:
Control your vehicle?
Turn off your pacemaker?
5. Does privacy extend to Social Networks?
Who can access your information?
Do you want uninvited to know:
What you think?
What you like?
Who you know?
What you’ve done?
Spy on you?
Or be able to:
Steal your ideas?
Utilize your confidential information?
6. E.U. privacy legislation (GDPR)
Concerns any data:
Directly related to individuals
Indirectly related to individuals
(any level of indirection)
About any E.U. citizen (globally).
Global citizens (systems in E.U.)
Based on consent & information.
Severe fines:
20 MEUR up to 4% of global turnover.
8. Who owns the data?
Who is the owner of data?
The person/entity generating (inventing) the data?
The person/entity storing (controlling) the data?
The person about whom the data relates to?
Is it important?
9. Legislation
Which law is applicable?
Copyright?
Trade secrets?
Intellectual Property?
Privacy?
Enforcing ownership through legal means
is difficult.
10. Ownership of things
How is normal ownership enforced?
Protection behind lock & key.
Access only to trusted parties.
Monitoring.
Demonstration of ownership.
11. Ownership of data
Why treat data differently?
Local storage (decentralization) allows:
Protection behind lock & key.
Limiting access to trusted parties.
Monitoring access.
Demonstrating ownership.
Enforcing ownership of data.
Added benefit:
Intrinsic value of data through access.
12. New paradigm – “WWW 3.0”
Privacy & Ownership concerns raise
awareness that existing architecture
paradigms (centralization in the cloud) not
suitable.
Centralized storage has become a risk.
Decentralized architecture better protect privacy
& ownership.
Advances in standards and communication
technologies eliminate need for centralized
processing.
14. Decentralization & security
Decentralization has security implications:
More attack surfaces.
But value of each node is small.
Value/Effort ratio small.
Easier to protect.
Massive data breaches difficult.
You don’t put all your eggs into the same basket.
More resilient.
End-to-end encryption.
15. Anonymization vs. Strong Identities
Anonymization:
Protects whistle blower or dissident
(or criminal or terrorist)
Makes security decisions difficult.
Strong identities (pseudonyms):
Protect information owners.
Allows selective responses.
Both protect privacy, in different ways.
16. Peter Waher
Founder of Little Sister®, a
standards based distributed
social network, based on the
principles of privacy &
information ownership, for
organizations, individuals and
machines. Peter also works on
standardization for the IoT and
the Smart City/Society. Author.
Smart City Architect. Internet
Philosopher.
peterwaher@hotmail.com
Twitter: PeterWaher
LinkedIn: http://waher.se/