Schneier on Security
A blog covering security and security technology.
« Teenagers and Risk Assessment |
| Mennonites and Photo IDs »
March 29, 2007
Security Plus Privacy
The Royal Academy of Engineering (in the UK) has just published a report: "Dilemmas of Privacy And Surveillance: Challenges of Technological Change" (press release here) where they argue that security and privacy are not in opposition, and that we can have both if we're sensible about it.
R1 Systems that involve the collection, checking and processing of personal information should be designed in order to diminish the risk of failure as far as reasonably practicable. Development of such systems should make the best use of engineering expertise in assessing and managing vulnerabilities and risks. Public sector organisations should take the lead in this area, as they collect and process a great deal of sensitive personal data, often on a non-voluntary basis.
R2 Many failures can be foreseen. It is essential to have procedures in place to deal with the consequences of failure in systems used to collect, store or process personal information. These should include processes for aiding and compensating individuals who are affected.
R3 Human rights law already requires that everyone should have their reasonable expectation of privacy respected and protected. Clarification of what counts as a reasonable expectation of privacy is necessary in order to protect this right and a public debate, including the legal, technical and political communities, should be encouraged in order to work towards a consensus on the definition of what is a 'reasonable expectation'. This debate should take into account the effect of an easily searchable Internet when deciding what counts as a reasonable expectation of privacy.
R4 The powers of the Information Commissioner should be extended. Significant penalties -- including custodial sentences -- should be imposed on individuals or organisations that misuse data. The Information Commissioner should also have the power to perform audits and to direct that audits be performed by approved auditors in order to encourage organisations to always process data in accordance with the Data Protection Act. A public debate should be held on whether the primary control should be on the collection of data, or whether it is the processing and use of data that should be controlled, with penalties for improper use.
R5 Organisations should not seek to identify the individuals with whom they have dealings if all they require is authentication of rightful access to goods or services. Systems that allow automated access to a service such as public transport should be developed to use only the minimal authenticating information necessary. When organisations do desire identification, they should be required to justify why identification, rather than authentication, is needed. In such circumstances, a minimum of identifying information should be expected.
R6 Research into the effectiveness of camera surveillance is necessary, to judge whether its potential intrusion into people's privacy is outweighed by its benefits. Effort should be put into researching ways of monitoring public spaces that minimise the impact on privacy -- for example, pursuing engineering research into developing effective means of automated surveillance which ignore law-abiding activities.
R7 Information technology services should be designed to maintain privacy. Research should be pursued into the possibility of 'designing for privacy' and a concern for privacy should be encouraged amongst practising engineers and engineering teachers. Possibilities include designing methods of payment for travel and other goods and services without revealing identity and protecting electronic personal information by using similar methods to those used for protecting copyrighted electronic material.
R8 There is need for clarity on the rights and expectations that individuals have over their personal information. A digital charter outlining an individual's rights and expectations over how their data are managed, shared and protected would deliver that clarity. Access by individuals to their personal data should also be made easier; for example, by automatically providing free copies of credit reports annually. There should be debate on how personal data are protected -- how it can be ensured that the data are accurate, secure and private. Companies, or other trusted, third-party organisations, could have the role of data banks -- trusted guardians of personal data. Research into innovative business models for such companies should be encouraged.
R9 Commercial organisations that select their customers or vary their offers to individuals on the basis of profiling should be required, on request, to divulge to the data subjects that profiling has been used. Profiling will always be used to differentiate between customers, but unfair or excessively discriminating profiling systems should not be permitted.
R10 Data collection and use systems should be designed so that there is reciprocity between data subjects and owners of the system. This includes transparency about the kinds of data collected and the uses intended for it; and data subjects having the right to receive clear explanations and justifications for data requests. In the case of camera surveillance, there should be debate on and research into ways to allow the public some level of access to the images captured by surveillance cameras.
The whole thing is worth reading, as is this article from The Register.
Posted on March 29, 2007 at 11:11 AM
• 13 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
"It is not entirely absurd to imagine that supermarket loyalty-card data might one day be used by the government to
identify people who ignored advice to eat healthily"
Not in the least absurd, I have been banging on about this for some time.
If you think back some time ago a large U.S. Store had records of what was purchased by people. A man who had slipped on a wet floor and injured himself got around to trying to get compensation. His representative was told that he was probably a drunk, simply due to the fact that he bought beer in the store on a regular basis.
It is known that Tony Blair / Gorden Brown have approached Equifax for consumer and other information, primarily for the National / Passport ID people to make up an applicant dossiers.
It has also seriously been sugested that the same data be used to assess the relative wealth of individual "micro" areas in an attempt to work out how much council tax (Land Tax) should be paid, so extending the idea would be relativly trivial.
After all local Health Authorities (Primary Care Trusts) are known to currently ration resources to people who are deamed to be overweight or smoke to much if they do not "mend their ways" over a six or more month period.
There are lots of good stuff and considerations in this.
But clearly also many considereations that is almost naive in their approach.
"R10 Data collection and use systems should be designed so that there is reciprocity between data subjects and owners of the system. This includes transparency about the kinds of data collected and the uses intended for it; and data subjects having the right to receive clear explanations and justifications for data requests. In the case of camera surveillance, there should be debate on and research into ways to allow the public some level of access to the images captured by surveillance cameras."
Great - so you are allowed to see whats on the surveillacne camera in your bedroom. This will only have two effects - a) you can see how few rights you have and b) Even more criminals can attack you.
We are only awaiting the first face recognition-triggers assassination or terrorist bomb. It will come .. and UK is the likely first place for it to happen with all this absurd "People love surveillance" propaganda.
Surveillance cameras and any sort of biometrics identification is last resort as these create more abuse and crime than they remove. They have a role to play when the threat alert escalate, but not in ordinary everyday transactions as people (the victims) have no defense against this kind of attacks.
Surveillance cameras should for instance be physically block from filming until a non-invasive sensor (such as an infrared or acustic sensor) has detected an emerging person that refuse to respond to digital challenges for authentication and authentication.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.