Privacy, human rights and Location Based ServicesPresentation Transcript
Privacy, human rights and Location Based Services Dr Ian Brown, UCL Computer Science
Who cares about human rights?
Citizens – who want to be treated with dignity and respect
Regulators – who want to make sure law is being followed
Legislators – who will be pressured to create new legislation by unhappy voters
What is privacy?
Is privacy incompatible with location-based services?
Designing in privacy
“ The right to be let alone” – Supreme Court Justice Louis Brandeis, 1898
“ A free and democratic society requires respect for the autonomy of individuals, and limits on the power of both state and private organisations to intrude on that autonomy... Privacy is a key value which underpins human dignity and other key values such as freedom of association and freedom of speech” –Australian Privacy Charter
Dimensions of privacy (Simon Davies)
collection of personal information
control over the use of personal data
access to personal files
search warrants of the home
electronic sensor surveillance
Data Protection Act 1998
Personal data shall be processed fairly and lawfully
Personal data shall be obtained only for one or more specified and lawful purposes , and shall not be further processed in any manner incompatible with that purpose or those purposes.
Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
Personal data shall be accurate and, where necessary, kept up to date.
Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
Personal data shall be processed in accordance with the rights of data subjects under this Act.
Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
European Convention for the protection of human rights and fundamental freedoms
Reaffirming their profound belief in those fundamental freedoms which are the foundation of justice and peace in the world:
Everyone has the right to respect for his private and family life, his home and his correspondence.
Everyone has the right to freedom of peaceful assembly and to freedom of association with others
Everyone has the right to freedom of expression.
Need to address social impacts to ensure trust in new systems
Just like security, privacy is much easier to design in from the start than to lump on at the end
Privacy disasters (see RFIDs) are hard to recover from
“ How would you like it if, for instance, one day you realized your underwear was reporting on your whereabouts?”
California State Senator Debra Bowen , at a 2003 hearing
Security not enough
Security is necessary but not sufficient for privacy
Magical crypto fairy dust will not solve your privacy problems
"those who think that their problem can be solved by simply applying cryptography don't understand cryptography and don't understand their problem" (Needham/Lampson)
Government data sinks
If data can be collected about individuals, there will always be government pressure to store and access that information
E.g. PATRIOT Act National Security Letters, NSA activities within the US, EU data retention directive
Data minimisation is a key requirement for privacy in this legislative environment
Encryption is no protection if governments can compel decryption
“ Snooper’s charter”
The Department for Environment, Food and Rural Affairs.
The Department of Health.
The Home Office.
The Department of Trade and Industry.
The Department for Transport, Local Government and the Regions.
The Department for Work and Pensions.
The Department of Enterprise, Trade and Investment for Northern Ireland.
Any local authority within the meaning of section 1 of the Local Government Act 1999.
Any fire authority as defined in the Local Government (Best Value) Performance Indicators Order 2000
The Scottish Drug Enforcement Agency.
The Scottish Environment Protection Agency.
The United Kingdom Atomic Energy Authority Constabulary.
A Universal Service Provider within the meaning of the Postal Services Act 2000
A council constituted under section 2 of the Local Government etc. (Scotland) Act 1994.
A district council within the meaning of the Local Government Act (Northern Ireland) 1972.
The Common Services Agency of the Scottish Health Service.
The Northern Ireland Central Services Agency for the Health and Social Services.
The Environment Agency.
The Financial Services Authority.
The Food Standards Agency.
The Health and Safety Executive.
The Information Commissioner.
The Office of Fair Trading.
The Postal Services Commission.
Insider fraud Source: “What price privacy?”, Information Commissioner, May 2006
Designing for privacy
Data minimisation key: is your data really necessary?
Limit personal data collection, storage, access and usage
Phone location data
Does phone or network carry out triangulation?
What resolution location can network access?
How long is that data stored?
Who has access?
For what purpose?
Monitor all traffic (London) or deduct payment from anonymous toll cards (Singapore)?
Link all payment card usage (Oyster) or use unlinkable RFID tokens (Shenzen)?
Source: Technology Review, 2006
Anonymisation harder than it looks
Buried in a list of 20 million Web searches collected by AOL and recently released on the Internet is user No. 4417749. The number was assigned by the company to protect the searcher's anonymity, but it was not much of a shield.
N o.4417749 conducted hundreds of searches over a three-month period on topics ranging from "numb fingers" to "60 single men" to "dog that urinates on everything”.
S earch by search, click by click, the identity of AOL user No.4417749 became easier to discern. There are queries for several people with the last name Arnold, for "landscapers in Lilburn," Georgia, and for "homes sold in shadow lake subdivision gwinnett county georgia”.
I t did not take much investigating to follow that data trail to Thelma Arnold, a 62-year-old widow who lives in Lilburn, frequently researches her friends' medical ailments and loves her three dogs. "Those are my searches," she said, after a reporter read part of the list to her over the phone
Privacy is key to human dignity and autonomy in the information age
Customers, regulators and legislators all have an interest in privacy
Privacy can and should be designed into systems by minimising personal data collection, storage, access and usage