Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

6/24 Privacy 2.0 | Identiverse 2018

60 views

Published on

Presenters: Eve Maler, Forgerock; Sal D'Agnostino, OpenConsent; Mike Lizar, OpenConsent.

The privacy notices and rights information, or lack of it, comprise what is becoming the public profile of an organization's privacy transparency or Public Privacy 1.0. The GDPR, coming into force on May 25th 2018, is the Y2K of privacy transparency, as services ‘data controllers and processors’ need to be transparent over data processing or risk being liable for non compliance, less trustworthy and less competitive. This presentation proposed to cover Privacy Transparency & Consent. It will cover how IdM systems need to be transparent. Delving into the standards and data sources that are used to make privacy and notice systematically, usable, transparent and public. Privacy notices and rights information, or lack of it, by default comprises an organization’s public privacy profile. How to build, measure and leverage organizational privacy transparency is the goal and critical outcome of Public Privacy 2.0. Privacy 1.0 is self regulation based on privacy policies. Privacy 2.0 is transparency at a machine readable and granular level, along with options for control. The GDPR (New EU LAW) sets the stage for the ongoing performance of privacy transparency. As services ‘data controllers and processors’ need to be transparent about data processing. The risk is that their privacy transparency and organizational performance is deemed non compliant, untrustworthy and less competitive, translating into fines, lost customer and revenue and brand equity. Join this session to learn about privacy, transparency, consent, and control as they relate to identity systems, standards, and interoperability. We will discuss how the Consent Receipts and User- Managed Access (UMA) standards from the Kantara Initiative and the Open Notice project from MIT can play a role in solving these key challenges.

Join us June 25-28 in Washington D.C, 2019! http://bit.ly/2tGo8NH

Published in: Technology
  • Be the first to comment

6/24 Privacy 2.0 | Identiverse 2018

  1. 1. Privacy 2.0 Masterclass Mark Lizar | co-founder Open Consent | @smartopian Sal D’Agostino |co-founder Open Consent | @idmachines Eve Maler | ForgeRock, founder User-Managed Access | @xmlgrrl 24 June 2018 @KantaraCISWG | @IRMWG | @UMAWG 1
  2. 2. Organizing principles of privacy 2
  3. 3. domain of Privacy 2.0 domain of Privacy 1.0 3 data control data transparency data protection identity openness,usability,relevance most encryption techniques terms and conditions privacy notices breach notifications
  4. 4. The end of Privacy 1.0 and the start of Privacy 2.0 Mark Lizar | @smartopian 4
  5. 5. Transparency & Data Control Conducted longitudinal research of consent in surveillance. Covering privacy transparency and compliance across many different contexts in London, UK. Academic Research • Public CCTV Notice Compliance in London actually decreased from 89% - 92% over a 10 year study • Only 8% compliant with the data protection act • Only 5% useful in context • Very expensive to provide people with personal data control or self-management Privacy Policy • Like CCTV Signs > 90% of Privacy Policies are Fake • Don’t work in context • Contracts Terms are used in Privacy Policies (wrong legal clauses) instead of Rights. • For people in Privacy 1. 0 - Organisation has to be managed one at a time.
  6. 6. CCTV in London Missing basic information • PII Controller Identity • Purpose of Use • Proportionate Contact Information No Contact information • not usable for privacy in context for security services is a fundamental failure of security system . • indicates fake security not covert surveillance and non compliant with GDPR
  7. 7. Surveillance Camera Code of Practice in the UK “The government considers that wherever overt surveillance in public places is in pursuit of a legitimate aim and meets a pressing need, any such surveillance should be characterised as surveillance by consent, and such consent on the part of the community must be informed consent and not assumed by a system operator”. 7
  8. 8. Privacy Policies
  9. 9. Privacy Status
  10. 10. Netflix
  11. 11. Google: Before May 25
  12. 12. Google: Before May 25
  13. 13. 13 Google: After May 25
  14. 14. Facebook To show you better ads we use data that Advertisers, app developers, and publishers provide us about your activity.
  15. 15. 15 https://www.nationalpublicsafetypartnership.org/Documents/The_Fair_Information_Practice_Principles_i n_the_Information_Sharing_Environment.pdf
  16. 16. A Receipt IS A RECIEPT First Recorded Writing in Human History
  17. 17. Consent Across Jurisdictions
  18. 18. Consent Receipt Consent Type
  19. 19. Types of 'Human Understandable’ Consent Consent Types Consent Type: Justification and Authority to Process Example Explicit & Informed Consent Consent for personal data processing Healthcare Open Banking Implied Consent Contract, Legitimate Interest, Vital Interests for processing Personal Data Enter an email address in a form, No Consent with Notice Public Interest, Safety & Security, Consent Exceptions Emergency Health, CCTV Signs No-Consent No Notice Legal Obligation: Published Legislation: Criminal Investigation, Gov Security Services, Taxation, Financial Fraud
  20. 20. The key role for relationship management in Privacy 2.0 Sal D’Agostino | @idmachines 21
  21. 21. Manage a next level of context 22
  22. 22. Requirement 23 Do things in a distributed, multi-faceted, dynamic manner that changes in and over time.
  23. 23. Principles 24https://kantarainitiative.org/confluence/display/irm/Refining+the+Design+Principles+of+Identity+Relationship+Management
  24. 24. GDPR Technical Requirements 25 • Availability: The user should always have access to their data, no matter if it is stored locally or remotely. The data should be protected from leakages or attacks because it affects availability. • Completeness: Data and any event regarding its collection and processing should be recorded. • Confidentiality: Only parties involved in the exchange of data should be able to see details of that transaction. • Correctness: The accuracy of data recorded should be assured. • Immutability: There should be no possibility of changing historical logs. • Integrity: The content of the data store should be protected from malicious or unintentional changes. • Interoperability: Users should be able to combine data coming from various sources. • Non-repudiation: Interaction with any data should not be deniable at later points in time. • Rectification & Erasure: Users must be able to change or erase their personal data. They must also be able to make corrections of erroneous data. • Traceability: Any occurrence of processing data must be traceable and linkable to previous occurrences of processing of that data.
  25. 25. GDPR Actor Operational Relationships 26
  26. 26. Video surveillance as IRM use case 27 • Background (Surveillance 1.0) • 15+ years working for Computer Recognition Systems • First commercial license plate reading system (Dartford Tunnel in London 1979) • Facial recognition system in Heathrow (1986) • Electronic Toll Collection (EZ Pass, SunPass, SR-91, others) • Vehicle Screening US Capitol (post Oklahoma City bombing) • Virtual Weigh Stations (WV, Kentucky), …. • Day to day provide best practice, system configuration guidance and technical automation for physical security supply chain and system lifecycle. • End-user • Integrator • Sub-system provider • Other integrations • 3rd parties
  27. 27. Surveillance 2.0 28 https://www.bbc.com/news/av/embed/p05qb4mw/43751276
  28. 28. Architecture/UX does not consider data subject 29
  29. 29. Let alone manage the relationships 30 Analytics Detection Classification Identification Business Network TLS Radius HTTP(S) Telnet FTP TCP/UDP H-265, Multicast… Mobile Carrier Apps Devices Users Privileges Recorders Server NVR Local (microSD) Databases Server SNMP ONVIF Devices Meta Directory? Control Room Admins Operators Maintenance Management Dashboard Physical Access Interface Server Credentials Devices Users Privileges Groups Schedules Intrusion Interface Sensors Alarms In-house Local Services Life - Safety (Building Controls) Sensors Alarms In-house Local Services IT - Event Management syslog..? bespoke Identity management IT IoT Physical security - org Physical security - integrator Physical security - vendors BYO 3rd party
  30. 30. IRM: operating in context 31 • Privacy 2.0 requires identities to be managed in context, IRM allows this independently of actor, technical implementation, level of service or scale. E.g. it provides a basis to design, build and support privacy status as well as its (this or other status, signals, signs) incorporation in user/device control services, such as UMA.
  31. 31. Offering users control is now key for compliance – and for trust Eve Maler | @xmlgrrl 32
  32. 32. Individuals crave control 33 https://www.flickr.com/photos/angelbattle/16132385879/ | CC BY-ND 2.0 86% agree that “I would like to personally manage how my data are collected and shared” 76% of Americans, vs. 57% of Asia- Pacific residents and 68% of Europe residents, strongly agree with “I am uncomfortable with third parties being able to access my information without my consent”
  33. 33. domain of Privacy 2.0 34 data control data transparency data protection User-Managed Access (UMA) is based on an OAuth grant flow It allows one service to protect digital resources living in many other domains Their owner can dictate the extent to which they’re shared and with whom Central management and control enables central monitoring
  34. 34. Some use cases involving UMA • Financial UK Pensions Dashboard Project Discovering and aggregating UK pension accounts and sharing access to financial advisors • Connected car/new mobility • Sharing vehicle access; sharing vehicle data access • Healthcare • OpenID Foundation’s Health Relationship Trust (HEART) profiles: patient-directed health data exchange with clinicians and others • Part of the new OpenMedReady framework: consent for access to data and control of trustworthy smart health devices, with auditable proof 35
  35. 35. OAuth is for constrained delegation to apps It has helped to kill the “password anti-pattern” 36 Authorization server Resource server Resource owner Client Authorizes (consents) at run time after authenticating, at the AS Standard OAuth endpoints for authorization and access token issuance Some number of API endpoints that deliver the data or other value-add App gets consent based on the API scopes it requested; it has its own identity distinct from the RO’s 36
  36. 36. OAuth is for constrained delegation to apps It has helped to kill the “password anti-pattern” 37 Authorization server Resource server Resource owner Client Authorizes (consents) at run time after authenticating, at the AS Standard OAuth endpoints for authorization and access token issuance Some number of API endpoints that deliver the data or other value-add App gets consent based on the API scopes it requested; it has its own identity distinct from the RO’s (A) Authorization Request (B) Authorization Grant (C) Authorization Grant (D) Access Token (E) Access Token (F) Protected Resource This can come with a refresh token for renewal without the RO’s intervention The RO can revoke the token to withdraw authorization (consent) 37
  37. 37. OpenID Connect does modern-day federation It is an OAuth-protected identity API, plus a bit more 38 Authorization server Resource server Resource owner Client = Federation user = Relying party = Identity provider (“OpenID provider”) Standard UserInfo endpoint can be called with an access token to look up identity claims Along with access and refresh token, this endpoint also typically delivers an “ID token” similar to a SAML assertion
  38. 38. User-Managed Access is for cross-party sharing UMA brings next-generation delegation and consent to OAuth 39 Resource server Client Resource server Resource server Requesting party Resource owner Authorization server A T PR I D C A authorization token D discovery T R resource registration P permission I token introspection C claims interaction
  39. 39. User-Managed Access is for cross-party sharing UMA brings next-generation delegation and consent to OAuth 40 Resource server Client Resource server Resource server Requesting party Resource owner UX Opt in At run time Share Ahead of time Approve After the fact Monitor Anytime Withdraw Anytime Authorization server A T PR I D C A authorization token D discovery T R resource registration P permission I token introspection C claims interaction
  40. 40. Solving cradle-to-grave scenarios by adding IRM • A newborn Data Subject has a legal guardian managing their digital resources • …then grows to start using resources but is too young to consent • …then becomes old enough to consent • …then may wish to share resource rights management with another • …then may wish to designate another to manage resources if they should become mentally incapacitated or die Custodians of digital resources (operators of resource servers) are concerned about the liability and risk of these situations too! 41
  41. 41. Introducing the UMA business model 42
  42. 42. A vision for Privacy 2.0 interoperability 43
  43. 43. UMA + IRM + Consent Receipts can aid in compliance and user control • Model relationships in a graph database • Implement each relationship stage in UMA • The UMA WG has mapped legal devices to auditable technical artifacts: OAuth/UMA tokens, policies, etc. • Develop boilerplate for contracts and licenses to lower friction in deploying UMA-enabled services and record all consents formally • When a relationship changes, technical artifacts can be torn down and new ones can be built up automatically • These changes themselves can be made auditable • Much like operational right-to-erasure workflows, they can be “hardened” 44
  44. 44. Leverage IRM principles to unify “BLT” requirements for Privacy 2.0 An early proposal (e.g. a mapping to GDPR technical) 45 Availability Scalable Completeness Provable Constrainable Mutable Confidentiality Provable Constrainable Correctness Provable Mutable Immutability Mutable Integrity Provable Revocable Interoperability Scalable Provable Delegable Constrainable Mutable Revocable Non-repudiation Provable Rectificiation and Erasure Revocable Delegable Constrainable Traceability Provable Constrainable
  45. 45. Concrete steps you can take 1. Find where digital transformation opportunities and user trust risks intersect 2. Conceive of personal data as a joint asset 3. Lead by consent 4. Take full advantage of identity as a foundational layer 5. Leverage Kantara's solutions to achieve Privacy 2.0: IRM for managing relationships, UMA for directing sharing within them, Consent Receipts for capturing the privacy and relationship status, and combining them for potential Consent Intelligence Idea: Privacy beacon: Combination RFID and QR code that broadcasts the device and system profile 46
  46. 46. domain of Privacy 2.0 47 data control data transparency data protection
  47. 47. Walking map and bus pickup locations can be found in the app.
  48. 48. Thank you! Questions? Join us! 49 Mark Lizar | co-founder, Open Consent | @smartopian Sal D’Agostino | co-founder, Open Consent | @idmachines Eve Maler | ForgeRock, founder User-Managed Access | @xmlgrrl 24 June 2018 @KantaraCISWG | |@IRMWG | @UMAWG

×