Itu ics-pii


Published on

Privacy ITU

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Itu ics-pii

    1. 1. ITU-T Security and Privacy International Cloud Symposium Washington DC October 2012Abbie Barbir, Ph.D.Rapporteur, Q10/17Identity Management International Telecommunication Union
    2. 2. ITU-T Objectives International Telecommunication Union Develop and publish standards for global ICT interoperability Identify areas for future standardization Provide an attractive and effective forum for the development of international standards Promote the value of ITU standards Disseminate information and know-how Cooperate and collaborate Provide support and assistance
    3. 3. ITU-T Key Features Truly global public/private partnership 95% of work is done by private sector Continuously adapting to market needs Pre-eminent global ICT standards body
    4. 4. ITU-T Study Groups TSAGSG 2 Numbering SG 12 QualitySG 3 Tariffs SG 13 Future Networks Climate ChangeSG 5 & EMC Access & SG 15 Transport NetworksSG 9 Cable TV SG 16 Multimedia ProtocolsSG 11 & Testing SG 17 Security 4/48
    5. 5. Personally Identifiable Information (PII) Aspects of privacy and protection of PII data is a key concern to the ITU-T (SG 17 ) Recommendations published have identified security threats and provide guidelines in that area.  Recommendation ITU-T X.1171 identifies threats and requirements for PII protection in application using tag-based identification.  Recommendation ITU-T X.1275 standardizes a possible, privacy impact assessment (PIA) process for the entire RFID system Joint Coordination Activity on Internet of Things (JCA-IoT) Focus Group on Machine-to-Machine Service Layer
    6. 6. SG 17 Questions involved in “privacy” studies Question 3/17 “Telecommunications information security management” Question 4/17 “Cybersecurity” Question 6/17 “Security aspects of ubiquitous telecommunication services” Question 7/17 “Secure application services” Question 9/17 “Telebiometrics” Question 10/17 “Identity management architecture and mechanisms” Further candidate Questions could be  Question 8/17 “Cloud computing security”  Question 11/17 “Directory services, Directory systems, and public- key/attribute certificates”
    7. 7. Definitions of Privacy in ITU-T RecommendationsPrivacy ITU-T X.1252 (04/2010) “Baseline identity management terms and definitions”  The right of individuals to control or influence what personal information related to them may be collected, managed, retained, accessed, and used or distributed. ITU-T Y.2720 (01/2009) “NGN identity management framework”  The protection of personally identifiable information.
    8. 8. Recommendation X.1171Threats and requirements for protection of PII in applications using tag-based identification Basic model of a B2C application 8/48
    9. 9. X.1171 ThreatsPII infringement through information leakage 9/48
    10. 10. ITU-T X.1275 Guidelines on protection of personally identifiable information in the application of RFID technology Privacy principles (based on privacy principles of: Council of Europe], EC Directive 95/46, EC Directive 2002/58/EC, OECD, and UNHCR) Threats and infringements of PII in RFID Typical RFID applications and possible threats to PII  Supply-chain management  Transportation and logistics  Healthcare and medical application  e-government  Information service Guidelines on protection for personally identifiable information 10/48
    11. 11. X.1275 RFID applications and threats to PII Information Field Typical applications Possible privacy threats in RFID tag Tracking, profiling of persons Inventory management Product performing of inventorySupply chain Tracking, profiling Retail (e.g., supermarket) Product (after purchasing good) Public transportation Users ID, charging, etc. Tracking, profiling ticket Highway toll Users ID, charging, etc. Tracking, profilingTransportation andlogistics Vehicle tracking Product Tracking, profiling Fleet/container Tracking, profiling of persons Product management handling of containers Patients ID, medical history, Tracking patients Tracking, profiling, invisibility etc. Preventing medication Patients ID, medical history, Tracking, profilingHealthcare errors prescription, etc. Blood or medicines tracking for anti- Product × counterfeiting Peoples ID, nationality, Tracking, profiling,e-government e-passport biometric counterfeiting PIIInformation services Smart poster Product × 11/48
    12. 12. Other Work X.gpim  Draft Recommendation, Guideline for management of personally identifiable information for telecommunication organizations  Big Data view Scope  provides a guideline of management PII in the context of telecommunications Possibly joint work Liaison cooperation with ISO/IEC JCT 1/SC 27/WG 1
    13. 13. Summary Internet-of-Things (IoT), ubiquitous sensor networks (USN), Machine- to-Machine (M2M) and network aspects of identification systems, including RFID (NID) play an important role in ITU-T’s standardization activities. Various ITU-T Study Groups and ITU-T initiatives are addressing RFID/NID, IoT, USN and M2M including the security aspects thereof; an initial suite of ITU-T Recommendations has already been developed in that domain and serves as a tool set for standard developers and implementers; yet the comprehensive subject is still emerging and forthcoming drafts are in preparation by the ITU-T Global Standards Initiative (GSI-IoT) where those standards are being developed in cooperation among the experts. Aspects of privacy and protection of PII (personally identifiable information) data is a key concern and first set of ITU-T Recommendations published have identified security threats and provide guidelines in that area. Recommendation ITU-T X.1171 identifies threats and requirements for PII protection in application using tag-based identification. Recommendation ITU-T X.1275 standardizes a possible, privacy 13/48 impact assessment (PIA) process for the entire RFID system.
    14. 14. THANK YOUFor further information T/studygroups/com17 14/48