1 the interplay of stopping computer crime while protecting privacy svein yngvar willassen...
TRANSCRIPT
1
The interplay of stopping computer crime while protecting privacy
Svein Yngvar Willassen
Department of Telematics,
Norwegian University of Science and Technology
2
It is already far too late to prevent the invasion of cameras and databases. The djinn cannot be crammed back into its bottle. No matter how many laws are passed, it will prove quite impossible to legislate away the new surveillance tools and databases. They are here to stay.
Accountability is the one fundamental ingredient on which liberty thrives. Without the accountability that derives from openness -- enforceable upon even the mightiest individuals and institutions -- how can freedom survive?
D. Brin, The transparent society, 1998
3
Definitions: Privacy
Privacy is the claim of individuals, groups, or institutions to determine for
themselves when, how, and to what extent information about them is
communicated to others.
A. Westin, Privacy and Freedom, 1967
4
Definitions: Computer Crime
A crime in which a computer was directly and significantly instrumental
J. Taber, One Computer Crime, Computer Law Journal, 1979
Action directed against the confidentiality, integrity and availability of computer systems, networks and computer data as well as misuse of such systems, network and data
Preamble, Council of Europe Cybercrime Convention, Budapest 2001
5
Consequence of Definitions
Computer crime is a threat against computers and the information stored therein. The rightful owners of information are thereby deprived of their ability to decide for themselves how this information is spread to others.
Computer crime is harmful to privacy.
Stopping Computer Crime is Preserving Privacy!
3
6
Protecting Privacy from Computer Crime, Options
- Protect
- Protect, detect and stop
- Protect, detect, stop and investigate
- Don’t use computers
- Protect, detect, stop, investigate and prosecute
4
7
Event Data
Stored
Retained
Presented
Seized
Investigated
Reported
Relied on
Information flow
Detection and investigation of Computer Crime must be based on information about the occurred events.
Detection, investigation and prosecution relies on information (evidence) distilled from the pool of data that has been recorded about the events that occured.
8
Event Data
Stored
Retained
Presented
Seized
Investigated
Reported
Relied on
Information flow
9
Event Data
Stored
Retained
Presented
Seized
Investigated
Reported
Relied on
Information flow
The amount of information available in each step is determined by various considerations, among them privacy:
- by regulations (statutory requirements, recommendations, standards)
- by policy
This affects the outcome of the investigation and prosecution.
Terminology from [Breaux, Anton et.al 2007]
10
Event Data
Stored
Retained
Presented
Seized
Investigated
Reported
Relied on
Event Data generation
Data about occurring events is generated on computers involved in the occurring events.
End users may use Privacy Enhancing Technologies to control the visibility of the event information to others.
11
Event Data
Stored
Retained
Presented
Seized
Investigated
Reported
Relied on
Event Data generation
Anonymization:
- Decouples the event data from an individual, so attribution becomes impossible.
- Enhances privacy but reduces the investigative
value of the data
- Examples of statutory provisions outlawing
anonymization.
12
Event Data
Stored
Retained
Presented
Seized
Investigated
Reported
Relied on
Event Data generation
Encryption:
- Hides data content from anyone not in possession of a key.
- Enhances privacy but reduces the investigative
value of the data
- Examples of government efforts to prevent
effective encryption for investigative reasons
13
Event Data
Stored
Retained
Presented
Seized
Investigated
Reported
Relied on
Storage/Retention
Storage and retention of event data is to a very little extent determined by users themselves:
- Local storage/retention determined by applications and operating systems
- Event data is retained on computers controlled by others than the end user
14
Event Data
Stored
Retained
Presented
Seized
Investigated
Reported
Relied on
Storage/Retention
Privacy provisions:
- Provisions that do not allow data processors to store data without “informed consent” from the data owner. (Directive 95/46/EC)
- Example: Logs of internet usage shall not be
stored or retained unless needed for invoicing.
(Effectively anonymization)
15
Event Data
Stored
Retained
Presented
Seized
Investigated
Reported
Relied on
Storage/Retention
Storage/retention requirements:
- Provisions that require the storage and retention of specific types of data.
- Example: Financial accounts
- Example: EU Directive on Data Retention
4
16
Event Data
Stored
Retained
Presented
Seized
Investigated
Reported
Relied on
Seizure
- Seizure of data for investigation purposes is in most jurisdictions restricted to crimes of a certain seriousness
- Must be decided by an independent party (court) after having reviewed the information that leads to the seizure request.
- Protect the privacy of third parties as well as the accused in cases where the suspicion is too weak.
5
17
Event Data
Stored
Retained
Presented
Seized
Investigated
Reported
Relied on
Investigation
Investigation aims at extracting the information of interest in the case from the seized data. (Evidence)
Provisions may disallow investigation of certain material for privacy reasons:
- Records from certain professions such as lawyers, physicians
- Trade secrets
6
18
Event Data
Stored
Retained
Presented
Seized
Investigated
Reported
Relied on
Reporting/Presentation
The investigator includes in his report what he finds relevant to the case.
The results may be presented in public hearings. Thus, details never meant for the public will be publicly disclosed. This has privacy implications for those involved in the case.
19
Event Data
Stored
Retained
Presented
Seized
Investigated
Reported
Relied on
Evidence relied on by fact finder
A fact finder (court) is obliged to comply with statutory requirements.
- Evidence admissibility
- Unlawfully acquired evidence
7
20
Event Data
Stored
Retained
Presented
Seized
Investigated
Reported
Relied on
Investigation / Privacy
The investigation process is harmful for privacy
- Details about individuals will be publicly revealed without consent
- The process is to a large extent outside of control by the individual
21
Event Data
Stored
Retained
Presented
Seized
Investigated
Reported
Relied on
Investigation / Privacy
Computer crime is even more harmful for privacy
- Investigating and prosecuting crimes prevents crime harmful to privacy.
- Legal protection should limit the privacy harm done by investigations, at least to third persons.
- Do perpetrators have an expectation of privacy?
22
The interplay of stopping computer crime while protecting privacy
Svein Yngvar Willassen
Department of Telematics,
Norwegian University of Science and Technology
23
A proposed middle ground
- Separate knowledge of behavior from knowledge of identity
- Privacy is only compromised by knowledge of both behavior and identity
- Proposed default rule: knowledge of behavior is visible but knowledge of identify is concealed, and will only be revealed under legal procedures.
- Correspond to the Internet (with data retention)
C. Demchak, K. Fenstermacher,
Balancing Security and Privacy in the 21st century, 2004