Successfully reported this slideshow.
Your SlideShare is downloading. ×

Privacy PPT by Axel Kloth_March 18 2021

Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Loading in …3
×

Check these out next

1 of 12 Ad
Advertisement

More Related Content

Slideshows for you (20)

Similar to Privacy PPT by Axel Kloth_March 18 2021 (20)

Advertisement

Recently uploaded (20)

Privacy PPT by Axel Kloth_March 18 2021

  1. 1. Privacy IFTBOH Privacy Meeting 2021-03-18 © 2021 Axel Kloth, President & CEO, Abacus Semiconductor Corporation IFTBOH Member
  2. 2. What is Privacy? • Privacy is like time, security and authentication. • Everyone claims they know what it is but in reality they don’t. • My cat says “wash me, but don’t make me wet”. • My cat knows more about privacy than those who claim to know time, security and authentication. • Why? He does not see the conflict until I dunk him in the shower or sink. 2021-03-18 Privacy at IFTBOH, © Axel Kloth 2
  3. 3. What is the definition of privacy? Merriam-Webster • Definition of privacy • 1a : the quality or state of being apart from company or observation: seclusion • b : freedom from unauthorized intrusion one's right to privacy • 2a : secrecy • b : a private matter: secret • 3 archaic: a place of seclusion 2021-03-18 Privacy at IFTBOH, © Axel Kloth 3
  4. 4. Really? Modern times are a bit different… • The M-W definition has got to be one of the worst ever, even before Facebook. • 1a: Seclusion is just plain stupid. • 1b is a circular reference. Black is the color that is black. White is the color that is white… Very useful. • 2a and 2b: Secrecy certainly is NOT privacy. Or the other way round. • 3: Seclusion? Give me a break. See #1. • Let’s look at a few less dumb definitions. 2021-03-18 Privacy at IFTBOH, © Axel Kloth 4
  5. 5. Now really, what is Privacy? • Privacy is the right to determine the fate of the information tied to an individual by that individual. • What does that mean? • The individual has to be able to identify himself or herself, or abuse of any system for individual rights is prone to abuse by impostors. • The information collected and derived about that individual must be provably associated with that individual. • The aggregated information and all derivations of the data collected must be identifiable and be subject to control of the individual. 2021-03-18 Privacy at IFTBOH, © Axel Kloth 5
  6. 6. You are confused? • Google collects data about pretty much anyone who uses Google or any one of its many services. • If you sign up for it, you gave Google permission to collect any data about you and aggregate it to create a profile of you – possibly knowing more about you than you yourself do. • Facebook collects data about you even if you are not signed up. It uses your friend’s, relative’s or other contact’s data to profile you, which is much more malicious than anything Google does. • Neither Google nor Facebook are confused about the data about you. They use it to profile you and to make money. • You exchange a cheap free web page for thousands of Dollars worth of profile info. Don’t do it. Just don’t. It is not worth it… • Get off Facebook! 2021-03-18 Privacy at IFTBOH, © Axel Kloth 6
  7. 7. Now what? • If in fact we define that “Privacy is the right to determine the fate of the information tied to an individual by that individual” then there are a few things that immediately follow. • We need to allow for authentication. Authentication goes with national registration. • Why? If it is not done by the federal government, it will be done by morons or for-profit organizations such as Equifax, Trans Union and Experian. • While I am not big on trusting the federal government, Equifax, Trans Union and Experian have proven that they are even more moronic than any federal government agency could possibly be. 2021-03-18 Privacy at IFTBOH, © Axel Kloth 7
  8. 8. Security, Authentication and Privacy • You want security? Accept the need for authentication. • You want privacy? See above. • Why? • If you think that security is encryption, you are dead wrong. If you encrypt, all it means that it is hard to snoop. It does NOT mean that you know who you talk to. Impostors could communicate, and you might never now. • What is on a post card that you know for sure is correct (or correct enough) if you received it? • It is NOT the stamp. • In fact, for a post card, the USPS does not care about the stamp… 2021-03-18 Privacy at IFTBOH, © Axel Kloth 8
  9. 9. Privacy and Authentication • If you cannot identify yourself with a high degree of certainty, you have no way of securing your privacy rights. • If anyone could assert privacy rights against anyone, including assumed identities, this system would be ripe for abuse. • As a result, to cut abuse down to manageable size, authentication must be good enough to rule out impostors. • In other words, privacy relies on authentication. • Who do you think can and should authenticate you? A national governmental entity that also enrolls you to assert your voting rights, or Equifax, Trans Union, Experian or any wild west outfit claiming to do it right? 2021-03-18 Privacy at IFTBOH, © Axel Kloth 9
  10. 10. Now to the rest of the Privacy debate • Once we have established a national registry and authentication entity, we can finally get to implementing the rest of what constitutes privacy. • Explicitly allow end-to-end encryption for all communication. • Enable device manufacturers to implement end-to-end encryption on all terminal devices that people predominantly use. • Encourage and support the use of strong passwords. • Make all holders of confidential information liable for breaches, with monetary fines that exceed the possible value of the sale of said data. 2021-03-18 Privacy at IFTBOH, © Axel Kloth 10
  11. 11. Summary • If we all want better security (both online and in the real word), we need to understand that authentication is key. • Authentication is better handled by a government entity with VERY strict oversight than by a number of competing and incompetent but for-profit commercial entities that cannot guarantee reimbursement if your identify is stolen. If shit hits the fan, commercial entities just file for bankruptcy. • Very few fake government-issued passports are reported, but certificate authorities on the Internet are continuously breached such that the need for a certificate revocation protocol arose. 2021-03-18 Privacy at IFTBOH, © Axel Kloth 11
  12. 12. Action Items • Very strict laws have to be written and enacted that guarantee security, privacy and authentication. • A government agency should enact measures to guarantee authentication for each individual. That authentication should be usable both in real life and online. It should never give out the equivalent of the SSN, only customized hashes, for verification purposes. • The laws must include fines for misconduct. These fines should be levied against the agency and any negligent government employee. • The fines should be no less than triple the lifetime projected earnings of the breached individual or three times the proven loss, whichever is greater. 2021-03-18 Privacy at IFTBOH, © Axel Kloth 12

×