SlideShare a Scribd company logo

Don't ask, don't tell the virtues of privacy by design

Eleanor McHugh
Eleanor McHugh

This document discusses privacy by design and the virtues of not asking for or revealing unnecessary personal information. It provides a biography of Eleanor McHugh, an expert in privacy architecture, cryptography, and security. It then defines paranoia and discusses how justified suspicion of others is important in information security.

Technology
1 of 41
Download to read offline
DON'T ASK, DON'T TELL THE VIRTUES OF PRIVACY BY DESIGN Eleanor McHugh
Cryptographer Security Architect Physicist Privacy Architecture 1998 PKI elliptic curves satellite PSN 1999 π-calculus VM 2000 control networks 2001 mobile identity secure documents 2003 ENUM 2006 dotTel hybrid encryption 2007 encrypted DNS 2010 concurrent VM 2011 national eID 2012 encrypted SQL privacy by design 2014 uPass 2017 Identity Lab
paranoia Pronunciation: /ˌparəˈnɔɪə/ noun {mass noun} A mental condition characterized by delusions of persecution, unwarranted jealousy, or exaggerated self-importance, typically worked into an organized system. It may be an aspect of chronic personality disorder, of drug abuse, or of a serious condition such as schizophrenia in which the person loses touch with reality. Unjustified suspicion and mistrust of other people: mild paranoia afflicts all prime ministers
Wheneve personal consent f by demandcircling of top-tier law gh=profile test cases for irst rulings likely to be er 2018. Big name ongst those feeling the regulation’s bite. Whenever your organisation If this weren’t on the subjects of pr
he Payment Card ndustry’s PSD2 which aim to safe- uard privacy and educe security reaches. You already nderstand how ou need to use dentity to service he needs of your usiness and ustomers, the uestion is how do ou adapt existing olutions to regulation’s bite. Whenever your organisation processes personal data for individuals living in the EU the GDPR rules and restrictions apply even if that processing happens in another jurisdiction. Personal data "If your organisation can't demonstrate that good data protection is a cornerstone of your business policy and practices, you're leaving your organisation open to enforcement action that can damage both public reputation and bank balance." — Elizabeth Denham, Information Commissioner
9
as an aggressive marketeer I want to access your visitor data to guess who might pay for miracle product X don’t make my life difficult if it affects sales I’m higher up the food chain than you! insider threat
as a disgruntled employee I want to access your service to make you pay for the pain I’m feeling I’ve had privileged access in the past and you’re too dumb to have cancelled it insider threat
as a script kiddie I want to access your service because it’s a rush to break into your stuff I’ve lots of different scripts to play with coz all lolz belong to us external threat
as an online fraudster I want to access your service so I can steal credentials and data if that’s hard I’ll move onto a fresh target there’s always another sucker ripe for scamming external threat
as a malicious attacker I want to access your service to monitor user behaviour and steal identities I’m waaaay more skilled than your team and I’m being paid for results external threat
as a system administration I want to roll-back errors and monitor security breaches so I can protect my users and my business from fraud or loss but it’s okay if I can only see data relevant to a particular incident so that I know the bare minimum about you or any other user
as a law enforcement officer I want to perform lawful interception queries so I can catch criminals and terrorists but it’s okay if you control my access and require court orders so that criminal investigate is never a cover for political oppression
as a regulator I want to ensure this service complies with all applicable rules so I can catch prove that the service is trustworthy and legitimate but it’s okay if you restrict my access to how you operate this service so that I know neither your users nor their interactions
www.inidsol.uk
www.inidsol.uk
www.inidsol.uk
anonymity pseudonymity
anonymity pseudonymity
anonymity pseudonymity
anonymity pseudonymity
anonymity pseudonymity
anonymity pseudonymity
www.inidsol.uk
www.inidsol.uk how not to do end-to-end encryption followthe breadcrumbs
www.inidsol.uk
www.inidsol.uk
paranoia Pronunciation: /ˌparəˈnɔɪə/ noun {mass noun} The perfectly reasonable belief that someone, somewhere is watching your online behaviour with malicious and/or voyeuristic intent. It may be a result of reading a Hacking Exposed or Hacking for Dummies publication, experiencing the fallout from identity theft, or shopping with bitcoin. Justified suspicion and mistrust of other people: chronic paranoia afflicts all information security professionals accute paranoia afflicts the victims of hacking
some basic rules users are only customers if they register and you should know your customers well enough to help them but your customers own their identity so never compromise it secure all transports and storage where their data may exist give them final say over what data you store and for how long and definitely don’t give or sell their data to third parties! http://slides.games-with-brains.net
DON'T ASK, DON'T TELL THE VIRTUES OF PRIVACY BY DESIGN Eleanor McHugh

Recommended

ECSM 2021 - Ce faci dacă ți-au fost sparte conturile de social media
ECSM 2021 - Ce faci dacă ți-au fost sparte conturile de social media ECSM 2021 - Ce faci dacă ți-au fost sparte conturile de social media
ECSM 2021 - Ce faci dacă ți-au fost sparte conturile de social media One-IT
 
ECSM 2021 - Sfaturi pentru a te proteja în mediul online
ECSM 2021 - Sfaturi pentru a te proteja în mediul online ECSM 2021 - Sfaturi pentru a te proteja în mediul online
ECSM 2021 - Sfaturi pentru a te proteja în mediul online One-IT
 
How to incrementally improve Sanctions Screening with AI
How to incrementally improve Sanctions Screening with AIHow to incrementally improve Sanctions Screening with AI
How to incrementally improve Sanctions Screening with AIBLECKWEN
 
ECSM - Ce faci dacă ți-au fost compromise conturile bancare
ECSM - Ce faci dacă ți-au fost compromise conturile bancareECSM - Ce faci dacă ți-au fost compromise conturile bancare
ECSM - Ce faci dacă ți-au fost compromise conturile bancareOne-IT
 
Ian david lazar
Ian david lazarIan david lazar
Ian david lazarIan David Lazar
 
Scams will never stop
Scams will never stopScams will never stop
Scams will never stopOregon Law Practice Management
 
Internet fraud and identity theft
Internet fraud and identity theftInternet fraud and identity theft
Internet fraud and identity theftSara Gallaher Richardson
 
SpyFly Background Checks Services Help Center
SpyFly Background Checks Services Help CenterSpyFly Background Checks Services Help Center
SpyFly Background Checks Services Help CenterSpyfly
 

Recommended

ECSM 2021 - Ce faci dacă ți-au fost sparte conturile de social media
ECSM 2021 - Ce faci dacă ți-au fost sparte conturile de social media ECSM 2021 - Ce faci dacă ți-au fost sparte conturile de social media
ECSM 2021 - Ce faci dacă ți-au fost sparte conturile de social media One-IT
 
ECSM 2021 - Sfaturi pentru a te proteja în mediul online
ECSM 2021 - Sfaturi pentru a te proteja în mediul online ECSM 2021 - Sfaturi pentru a te proteja în mediul online
ECSM 2021 - Sfaturi pentru a te proteja în mediul online One-IT
 
How to incrementally improve Sanctions Screening with AI
How to incrementally improve Sanctions Screening with AIHow to incrementally improve Sanctions Screening with AI
How to incrementally improve Sanctions Screening with AIBLECKWEN
 
ECSM - Ce faci dacă ți-au fost compromise conturile bancare
ECSM - Ce faci dacă ți-au fost compromise conturile bancareECSM - Ce faci dacă ți-au fost compromise conturile bancare
ECSM - Ce faci dacă ți-au fost compromise conturile bancareOne-IT
 
Ian david lazar
Ian david lazarIan david lazar
Ian david lazarIan David Lazar
 
Scams will never stop
Scams will never stopScams will never stop
Scams will never stopOregon Law Practice Management
 
Internet fraud and identity theft
Internet fraud and identity theftInternet fraud and identity theft
Internet fraud and identity theftSara Gallaher Richardson
 
SpyFly Background Checks Services Help Center
SpyFly Background Checks Services Help CenterSpyFly Background Checks Services Help Center
SpyFly Background Checks Services Help CenterSpyfly
 
Privacy is always a requirement
Privacy is always a requirementPrivacy is always a requirement
Privacy is always a requirementEleanor McHugh
 
Cyber crime
Cyber crimeCyber crime
Cyber crimePardeep Kumar
 
Don't Ask, Don't Tell - The Virtues of Privacy By Design
Don't Ask, Don't Tell - The Virtues of Privacy By DesignDon't Ask, Don't Tell - The Virtues of Privacy By Design
Don't Ask, Don't Tell - The Virtues of Privacy By DesignEleanor McHugh
 
Trail Of Tears Persuasive Essay
Trail Of Tears Persuasive EssayTrail Of Tears Persuasive Essay
Trail Of Tears Persuasive EssayRosita Cipriano
 
How to Avoid Crypto Scams - Crypto JBro
How to Avoid Crypto Scams - Crypto JBroHow to Avoid Crypto Scams - Crypto JBro
How to Avoid Crypto Scams - Crypto JBroJared Broker
 
Fraud Awareness Guide for Individuals
Fraud Awareness Guide for IndividualsFraud Awareness Guide for Individuals
Fraud Awareness Guide for IndividualsShred Station
 
Certificates pink programming
Certificates pink programmingCertificates pink programming
Certificates pink programmingJenny Dybedahl
 
Legal and cybersecurity issues in whistleblowing (Panama Papers)
Legal and cybersecurity issues in whistleblowing (Panama Papers)Legal and cybersecurity issues in whistleblowing (Panama Papers)
Legal and cybersecurity issues in whistleblowing (Panama Papers)Benjamin Ang
 
National Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationNational Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationJamie Proctor-Brassard
 
Cyber crime
Cyber crimeCyber crime
Cyber crimeDurban Chamber of Commerce and Industry
 
Slideshow - Lil Rat
Slideshow - Lil RatSlideshow - Lil Rat
Slideshow - Lil Ratmegg16
 
Who is the digital you?
Who is the digital you?Who is the digital you?
Who is the digital you?Tony Fish
 
Internet Security
Internet SecurityInternet Security
Internet SecurityAvnish Jain
 
IST Presentation
IST PresentationIST Presentation
IST Presentationguest1d1ed5
 
Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?JamRivera1
 
E commerce-securityy
E commerce-securityyE commerce-securityy
E commerce-securityyJulianEvangelista1
 
disscussion reply to the question asked from students minimum words .docx
disscussion reply to the question asked from students minimum words .docxdisscussion reply to the question asked from students minimum words .docx
disscussion reply to the question asked from students minimum words .docxjameywaughj
 
Misuse of personal information
Misuse of personal informationMisuse of personal information
Misuse of personal informationZev Aidikoff
 
Why use private proxy presentation
Why use private proxy presentationWhy use private proxy presentation
Why use private proxy presentationFaeriMoon2
 
Cyber crimes & cyber security
Cyber crimes & cyber securityCyber crimes & cyber security
Cyber crimes & cyber securityDR. Hossam Elshenraki
 
[2023] Putting the R! in R&D.pdf
[2023] Putting the R! in R&D.pdf[2023] Putting the R! in R&D.pdf
[2023] Putting the R! in R&D.pdfEleanor McHugh
 
Generics, Reflection, and Efficient Collections
Generics, Reflection, and Efficient CollectionsGenerics, Reflection, and Efficient Collections
Generics, Reflection, and Efficient CollectionsEleanor McHugh
 

More Related Content

Similar to Don't ask, don't tell the virtues of privacy by design

Privacy is always a requirement
Privacy is always a requirementPrivacy is always a requirement
Privacy is always a requirementEleanor McHugh
 
Don't Ask, Don't Tell - The Virtues of Privacy By Design
Don't Ask, Don't Tell - The Virtues of Privacy By DesignDon't Ask, Don't Tell - The Virtues of Privacy By Design
Don't Ask, Don't Tell - The Virtues of Privacy By DesignEleanor McHugh
 
Trail Of Tears Persuasive Essay
Trail Of Tears Persuasive EssayTrail Of Tears Persuasive Essay
Trail Of Tears Persuasive EssayRosita Cipriano
 
How to Avoid Crypto Scams - Crypto JBro
How to Avoid Crypto Scams - Crypto JBroHow to Avoid Crypto Scams - Crypto JBro
How to Avoid Crypto Scams - Crypto JBroJared Broker
 
Fraud Awareness Guide for Individuals
Fraud Awareness Guide for IndividualsFraud Awareness Guide for Individuals
Fraud Awareness Guide for IndividualsShred Station
 
Certificates pink programming
Certificates pink programmingCertificates pink programming
Certificates pink programmingJenny Dybedahl
 
Legal and cybersecurity issues in whistleblowing (Panama Papers)
Legal and cybersecurity issues in whistleblowing (Panama Papers)Legal and cybersecurity issues in whistleblowing (Panama Papers)
Legal and cybersecurity issues in whistleblowing (Panama Papers)Benjamin Ang
 
National Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationNational Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationJamie Proctor-Brassard
 
Slideshow - Lil Rat
Slideshow - Lil RatSlideshow - Lil Rat
Slideshow - Lil Ratmegg16
 
Who is the digital you?
Who is the digital you?Who is the digital you?
Who is the digital you?Tony Fish
 
Internet Security
Internet SecurityInternet Security
Internet SecurityAvnish Jain
 
IST Presentation
IST PresentationIST Presentation
IST Presentationguest1d1ed5
 
Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?JamRivera1
 
disscussion reply to the question asked from students minimum words .docx
disscussion reply to the question asked from students minimum words .docxdisscussion reply to the question asked from students minimum words .docx
disscussion reply to the question asked from students minimum words .docxjameywaughj
 
Misuse of personal information
Misuse of personal informationMisuse of personal information
Misuse of personal informationZev Aidikoff
 
Why use private proxy presentation
Why use private proxy presentationWhy use private proxy presentation
Why use private proxy presentationFaeriMoon2
 

Similar to Don't ask, don't tell the virtues of privacy by design (20)

Privacy is always a requirement
Privacy is always a requirementPrivacy is always a requirement
Privacy is always a requirement
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Don't Ask, Don't Tell - The Virtues of Privacy By Design
Don't Ask, Don't Tell - The Virtues of Privacy By DesignDon't Ask, Don't Tell - The Virtues of Privacy By Design
Don't Ask, Don't Tell - The Virtues of Privacy By Design
 
Trail Of Tears Persuasive Essay
Trail Of Tears Persuasive EssayTrail Of Tears Persuasive Essay
Trail Of Tears Persuasive Essay
 
How to Avoid Crypto Scams - Crypto JBro
How to Avoid Crypto Scams - Crypto JBroHow to Avoid Crypto Scams - Crypto JBro
How to Avoid Crypto Scams - Crypto JBro
 
Fraud Awareness Guide for Individuals
Fraud Awareness Guide for IndividualsFraud Awareness Guide for Individuals
Fraud Awareness Guide for Individuals
 
Certificates pink programming
Certificates pink programmingCertificates pink programming
Certificates pink programming
 
Legal and cybersecurity issues in whistleblowing (Panama Papers)
Legal and cybersecurity issues in whistleblowing (Panama Papers)Legal and cybersecurity issues in whistleblowing (Panama Papers)
Legal and cybersecurity issues in whistleblowing (Panama Papers)
 
National Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationNational Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness Presentation
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Slideshow - Lil Rat
Slideshow - Lil RatSlideshow - Lil Rat
Slideshow - Lil Rat
 
Who is the digital you?
Who is the digital you?Who is the digital you?
Who is the digital you?
 
Internet Security
Internet SecurityInternet Security
Internet Security
 
IST Presentation
IST PresentationIST Presentation
IST Presentation
 
Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?
 
E commerce-securityy
E commerce-securityyE commerce-securityy
E commerce-securityy
 
disscussion reply to the question asked from students minimum words .docx
disscussion reply to the question asked from students minimum words .docxdisscussion reply to the question asked from students minimum words .docx
disscussion reply to the question asked from students minimum words .docx
 
Misuse of personal information
Misuse of personal informationMisuse of personal information
Misuse of personal information
 
Why use private proxy presentation
Why use private proxy presentationWhy use private proxy presentation
Why use private proxy presentation
 
Cyber crimes & cyber security
Cyber crimes & cyber securityCyber crimes & cyber security
Cyber crimes & cyber security
 

More from Eleanor McHugh

[2023] Putting the R! in R&D.pdf
[2023] Putting the R! in R&D.pdf[2023] Putting the R! in R&D.pdf
[2023] Putting the R! in R&D.pdfEleanor McHugh
 
Generics, Reflection, and Efficient Collections
Generics, Reflection, and Efficient CollectionsGenerics, Reflection, and Efficient Collections
Generics, Reflection, and Efficient CollectionsEleanor McHugh
 
The Relevance of Liveness - Biometrics and Data Integrity
The Relevance of Liveness - Biometrics and Data IntegrityThe Relevance of Liveness - Biometrics and Data Integrity
The Relevance of Liveness - Biometrics and Data IntegrityEleanor McHugh
 
The Browser Environment - A Systems Programmer's Perspective [sinatra edition]
The Browser Environment - A Systems Programmer's Perspective [sinatra edition]The Browser Environment - A Systems Programmer's Perspective [sinatra edition]
The Browser Environment - A Systems Programmer's Perspective [sinatra edition]Eleanor McHugh
 
The Browser Environment - A Systems Programmer's Perspective
The Browser Environment - A Systems Programmer's PerspectiveThe Browser Environment - A Systems Programmer's Perspective
The Browser Environment - A Systems Programmer's PerspectiveEleanor McHugh
 
Go for the paranoid network programmer, 3rd edition
Go for the paranoid network programmer, 3rd editionGo for the paranoid network programmer, 3rd edition
Go for the paranoid network programmer, 3rd editionEleanor McHugh
 
An introduction to functional programming with Go [redux]
An introduction to functional programming with Go [redux]An introduction to functional programming with Go [redux]
An introduction to functional programming with Go [redux]Eleanor McHugh
 
An introduction to functional programming with go
An introduction to functional programming with goAn introduction to functional programming with go
An introduction to functional programming with goEleanor McHugh
 
Implementing virtual machines in go & c 2018 redux
Implementing virtual machines in go & c 2018 reduxImplementing virtual machines in go & c 2018 redux
Implementing virtual machines in go & c 2018 reduxEleanor McHugh
 
Identity & trust in Monitored Spaces
Identity & trust in Monitored SpacesIdentity & trust in Monitored Spaces
Identity & trust in Monitored SpacesEleanor McHugh
 
Anonymity, identity, trust
Anonymity, identity, trustAnonymity, identity, trust
Anonymity, identity, trustEleanor McHugh
 
Going Loopy - Adventures in Iteration with Google Go
Going Loopy - Adventures in Iteration with Google GoGoing Loopy - Adventures in Iteration with Google Go
Going Loopy - Adventures in Iteration with Google GoEleanor McHugh
 
Distributed Ledgers: Anonymity & Immutability at Scale
Distributed Ledgers: Anonymity & Immutability at ScaleDistributed Ledgers: Anonymity & Immutability at Scale
Distributed Ledgers: Anonymity & Immutability at ScaleEleanor McHugh
 
Go for the paranoid network programmer, 2nd edition
Go for the paranoid network programmer, 2nd editionGo for the paranoid network programmer, 2nd edition
Go for the paranoid network programmer, 2nd editionEleanor McHugh
 
Going Loopy: Adventures in Iteration with Go
Going Loopy: Adventures in Iteration with GoGoing Loopy: Adventures in Iteration with Go
Going Loopy: Adventures in Iteration with GoEleanor McHugh
 
Finding a useful outlet for my many Adventures in go
Finding a useful outlet for my many Adventures in goFinding a useful outlet for my many Adventures in go
Finding a useful outlet for my many Adventures in goEleanor McHugh
 
Anonymity, trust, accountability
Anonymity, trust, accountabilityAnonymity, trust, accountability
Anonymity, trust, accountabilityEleanor McHugh
 
Implementing Virtual Machines in Go & C
Implementing Virtual Machines in Go & CImplementing Virtual Machines in Go & C
Implementing Virtual Machines in Go & CEleanor McHugh
 
Implementing Virtual Machines in Ruby & C
Implementing Virtual Machines in Ruby & CImplementing Virtual Machines in Ruby & C
Implementing Virtual Machines in Ruby & CEleanor McHugh
 

More from Eleanor McHugh (20)

[2023] Putting the R! in R&D.pdf
[2023] Putting the R! in R&D.pdf[2023] Putting the R! in R&D.pdf
[2023] Putting the R! in R&D.pdf
 
Generics, Reflection, and Efficient Collections
Generics, Reflection, and Efficient CollectionsGenerics, Reflection, and Efficient Collections
Generics, Reflection, and Efficient Collections
 
The Relevance of Liveness - Biometrics and Data Integrity
The Relevance of Liveness - Biometrics and Data IntegrityThe Relevance of Liveness - Biometrics and Data Integrity
The Relevance of Liveness - Biometrics and Data Integrity
 
The Browser Environment - A Systems Programmer's Perspective [sinatra edition]
The Browser Environment - A Systems Programmer's Perspective [sinatra edition]The Browser Environment - A Systems Programmer's Perspective [sinatra edition]
The Browser Environment - A Systems Programmer's Perspective [sinatra edition]
 
The Browser Environment - A Systems Programmer's Perspective
The Browser Environment - A Systems Programmer's PerspectiveThe Browser Environment - A Systems Programmer's Perspective
The Browser Environment - A Systems Programmer's Perspective
 
Go for the paranoid network programmer, 3rd edition
Go for the paranoid network programmer, 3rd editionGo for the paranoid network programmer, 3rd edition
Go for the paranoid network programmer, 3rd edition
 
An introduction to functional programming with Go [redux]
An introduction to functional programming with Go [redux]An introduction to functional programming with Go [redux]
An introduction to functional programming with Go [redux]
 
An introduction to functional programming with go
An introduction to functional programming with goAn introduction to functional programming with go
An introduction to functional programming with go
 
Implementing virtual machines in go & c 2018 redux
Implementing virtual machines in go & c 2018 reduxImplementing virtual machines in go & c 2018 redux
Implementing virtual machines in go & c 2018 redux
 
Identity & trust in Monitored Spaces
Identity & trust in Monitored SpacesIdentity & trust in Monitored Spaces
Identity & trust in Monitored Spaces
 
Anonymity, identity, trust
Anonymity, identity, trustAnonymity, identity, trust
Anonymity, identity, trust
 
Going Loopy - Adventures in Iteration with Google Go
Going Loopy - Adventures in Iteration with Google GoGoing Loopy - Adventures in Iteration with Google Go
Going Loopy - Adventures in Iteration with Google Go
 
Distributed Ledgers: Anonymity & Immutability at Scale
Distributed Ledgers: Anonymity & Immutability at ScaleDistributed Ledgers: Anonymity & Immutability at Scale
Distributed Ledgers: Anonymity & Immutability at Scale
 
Hello Go
Hello GoHello Go
Hello Go
 
Go for the paranoid network programmer, 2nd edition
Go for the paranoid network programmer, 2nd editionGo for the paranoid network programmer, 2nd edition
Go for the paranoid network programmer, 2nd edition
 
Going Loopy: Adventures in Iteration with Go
Going Loopy: Adventures in Iteration with GoGoing Loopy: Adventures in Iteration with Go
Going Loopy: Adventures in Iteration with Go
 
Finding a useful outlet for my many Adventures in go
Finding a useful outlet for my many Adventures in goFinding a useful outlet for my many Adventures in go
Finding a useful outlet for my many Adventures in go
 
Anonymity, trust, accountability
Anonymity, trust, accountabilityAnonymity, trust, accountability
Anonymity, trust, accountability
 
Implementing Virtual Machines in Go & C
Implementing Virtual Machines in Go & CImplementing Virtual Machines in Go & C
Implementing Virtual Machines in Go & C
 
Implementing Virtual Machines in Ruby & C
Implementing Virtual Machines in Ruby & CImplementing Virtual Machines in Ruby & C
Implementing Virtual Machines in Ruby & C
 

Recently uploaded

HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 

Recently uploaded (20)

HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 

Don't ask, don't tell the virtues of privacy by design

  • 1. DON'T ASK, DON'T TELL THE VIRTUES OF PRIVACY BY DESIGN Eleanor McHugh
  • 2. Cryptographer Security Architect Physicist Privacy Architecture 1998 PKI elliptic curves satellite PSN 1999 π-calculus VM 2000 control networks 2001 mobile identity secure documents 2003 ENUM 2006 dotTel hybrid encryption 2007 encrypted DNS 2010 concurrent VM 2011 national eID 2012 encrypted SQL privacy by design 2014 uPass 2017 Identity Lab
  • 3. paranoia Pronunciation: /ˌparəˈnɔɪə/ noun {mass noun} A mental condition characterized by delusions of persecution, unwarranted jealousy, or exaggerated self-importance, typically worked into an organized system. It may be an aspect of chronic personality disorder, of drug abuse, or of a serious condition such as schizophrenia in which the person loses touch with reality. Unjustified suspicion and mistrust of other people: mild paranoia afflicts all prime ministers
  • 4. Wheneve personal consent f by demandcircling of top-tier law gh=profile test cases for irst rulings likely to be er 2018. Big name ongst those feeling the regulation’s bite. Whenever your organisation If this weren’t on the subjects of pr
  • 5. he Payment Card ndustry’s PSD2 which aim to safe- uard privacy and educe security reaches. You already nderstand how ou need to use dentity to service he needs of your usiness and ustomers, the uestion is how do ou adapt existing olutions to regulation’s bite. Whenever your organisation processes personal data for individuals living in the EU the GDPR rules and restrictions apply even if that processing happens in another jurisdiction. Personal data "If your organisation can't demonstrate that good data protection is a cornerstone of your business policy and practices, you're leaving your organisation open to enforcement action that can damage both public reputation and bank balance." — Elizabeth Denham, Information Commissioner
  • 6.
  • 7.
  • 8.
  • 9. 9
  • 10. as an aggressive marketeer I want to access your visitor data to guess who might pay for miracle product X don’t make my life difficult if it affects sales I’m higher up the food chain than you! insider threat
  • 11. as a disgruntled employee I want to access your service to make you pay for the pain I’m feeling I’ve had privileged access in the past and you’re too dumb to have cancelled it insider threat
  • 12. as a script kiddie I want to access your service because it’s a rush to break into your stuff I’ve lots of different scripts to play with coz all lolz belong to us external threat
  • 13. as an online fraudster I want to access your service so I can steal credentials and data if that’s hard I’ll move onto a fresh target there’s always another sucker ripe for scamming external threat
  • 14. as a malicious attacker I want to access your service to monitor user behaviour and steal identities I’m waaaay more skilled than your team and I’m being paid for results external threat
  • 15. as a system administration I want to roll-back errors and monitor security breaches so I can protect my users and my business from fraud or loss but it’s okay if I can only see data relevant to a particular incident so that I know the bare minimum about you or any other user
  • 16. as a law enforcement officer I want to perform lawful interception queries so I can catch criminals and terrorists but it’s okay if you control my access and require court orders so that criminal investigate is never a cover for political oppression
  • 17. as a regulator I want to ensure this service complies with all applicable rules so I can catch prove that the service is trustworthy and legitimate but it’s okay if you restrict my access to how you operate this service so that I know neither your users nor their interactions
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 27.
  • 36. www.inidsol.uk how not to do end-to-end encryption followthe breadcrumbs
  • 39. paranoia Pronunciation: /ˌparəˈnɔɪə/ noun {mass noun} The perfectly reasonable belief that someone, somewhere is watching your online behaviour with malicious and/or voyeuristic intent. It may be a result of reading a Hacking Exposed or Hacking for Dummies publication, experiencing the fallout from identity theft, or shopping with bitcoin. Justified suspicion and mistrust of other people: chronic paranoia afflicts all information security professionals accute paranoia afflicts the victims of hacking
  • 40. some basic rules users are only customers if they register and you should know your customers well enough to help them but your customers own their identity so never compromise it secure all transports and storage where their data may exist give them final say over what data you store and for how long and definitely don’t give or sell their data to third parties! http://slides.games-with-brains.net
  • 41. DON'T ASK, DON'T TELL THE VIRTUES OF PRIVACY BY DESIGN Eleanor McHugh