privacy technology
DESCRIPTION
Privacy Technology. Analysis and Mechanisms. David Chaum. Privacy is fundamentally important!!!. Is essential for democracy Needed for participation without fear of retribution Is a fundamental human right. Analysis Policy Economic Solution Mechanisms Legal Technological - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Privacy Technology](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816331550346895dd3b4c8/html5/thumbnails/1.jpg)
![Page 2: Privacy Technology](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816331550346895dd3b4c8/html5/thumbnails/2.jpg)
Privacy TechnologyAnalysis and Mechanisms
David Chaum
![Page 3: Privacy Technology](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816331550346895dd3b4c8/html5/thumbnails/3.jpg)
Privacy is fundamentallyimportant!!!
• Is essential for democracy– Needed for participation without fear of retribution
• Is a fundamental human right
![Page 4: Privacy Technology](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816331550346895dd3b4c8/html5/thumbnails/4.jpg)
OUTLINE
• Analysis – Policy– Economic
• Solution Mechanisms– Legal– Technological
• “Privacy Technology”
![Page 5: Privacy Technology](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816331550346895dd3b4c8/html5/thumbnails/5.jpg)
Policy Analysis
The actors and macro considerations
![Page 6: Privacy Technology](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816331550346895dd3b4c8/html5/thumbnails/6.jpg)
Hierarchy of IT Needs of Humans
• Self-Worth—relation to: artificial intelligence, etc.
• Privacy—identity, credential & role protection
• Interaction—communication, exploration, commerce
• Security—uptime, robustness, no hacking
• Processing—storage, interface, crunching
Maslow’s Hierarchy of Needs
![Page 7: Privacy Technology](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816331550346895dd3b4c8/html5/thumbnails/7.jpg)
Policy Issues
![Page 8: Privacy Technology](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816331550346895dd3b4c8/html5/thumbnails/8.jpg)
Economic Analysis
These days, everybody’s an economist!
![Page 9: Privacy Technology](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816331550346895dd3b4c8/html5/thumbnails/9.jpg)
Monetizing privacy
• Various schemes proposed (even 20+ years ago)
1. Consumers pay for privacy protection services
2. Consumers are paid for use of their privacy-related data
3. A brokerage of privacy related data
![Page 10: Privacy Technology](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816331550346895dd3b4c8/html5/thumbnails/10.jpg)
Imbalance in desire for privacy/data
• Individuals discount present value of privacy protection in transactions– Explains anomalous behavior of consumers when
confronted with cost or inconvenience– Practices and potential dangers unknown
• Organizations value personal data– Overestimate future potential of data– Discount exposure to organization– An organization not too concerned about dangers posed
to consumers that it is not accountable for
![Page 11: Privacy Technology](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816331550346895dd3b4c8/html5/thumbnails/11.jpg)
Imbalance in size/power of entities
• Organizations have lots of leverage• Their are few sources of mass products
and services• Consumers don’t have much choice for
many products or services• High relative cost of change of practices
for consumers
![Page 12: Privacy Technology](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816331550346895dd3b4c8/html5/thumbnails/12.jpg)
Legal mechanisms
Powerful but don’t work well directly
![Page 13: Privacy Technology](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816331550346895dd3b4c8/html5/thumbnails/13.jpg)
Legal mechanisms—evolution
1. Originally based on codifying legitimate expectation of privacy
2. People should be able to review and amend data
3. No erosion of privacy due to technology4. Best privacy protection practical
![Page 14: Privacy Technology](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816331550346895dd3b4c8/html5/thumbnails/14.jpg)
Legal mechanisms—capabilities
• Accountability after the fact is ineffective– Hardly able to address
• Covert/clandestine abuse• Abuse of public or leaked data• Corporate shield• Undoing damage done to people
• Can cause creation and use of infrastructure
![Page 15: Privacy Technology](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816331550346895dd3b4c8/html5/thumbnails/15.jpg)
Technological Mechanisms
The directly-effective mechanism
![Page 16: Privacy Technology](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816331550346895dd3b4c8/html5/thumbnails/16.jpg)
Locus of privacy-related control—The critical architectural choice
infomediary
Organization x
![Page 17: Privacy Technology](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816331550346895dd3b4c8/html5/thumbnails/17.jpg)
Locus of control—Three choices:
1. At organizations• Weak benefit/effect for consumers• Clandestine abuse, leaks, reversibility…• Mollify/diffuse the issue – prevent effective solutions
2. At an intermediary• Create infrastructure with single point of failure • Full cost but little true benefit• Dangerous concentration
3. At the individual• Privacy technology – the only good solution
![Page 18: Privacy Technology](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816331550346895dd3b4c8/html5/thumbnails/18.jpg)
Old paradigm—assumptions/model proven false!• Believed to be a zero-sum game,
privacy v. security• ID believed needed for security against
abuse by individuals• ID believed only way to organize data
![Page 19: Privacy Technology](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816331550346895dd3b4c8/html5/thumbnails/19.jpg)
Old Paradigm
J. Doe3834343
J. Doe3834343
J. Doe3834343
J. Doe3834343
J. Doe3834343
raw data raw data
![Page 20: Privacy Technology](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816331550346895dd3b4c8/html5/thumbnails/20.jpg)
New paradigm
• Individuals provide organizations with minimum sufficient information and proof of its correctness
![Page 21: Privacy Technology](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816331550346895dd3b4c8/html5/thumbnails/21.jpg)
Privacy Technology
Win-Win break of the believed tradeoff
![Page 22: Privacy Technology](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816331550346895dd3b4c8/html5/thumbnails/22.jpg)
New Paradigm
![Page 23: Privacy Technology](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816331550346895dd3b4c8/html5/thumbnails/23.jpg)
Feasibility of a comprehensive solution set has been proven
• Payments—eCash payments deployed by major banks on 4 continents
• Communication—Mix nets, onion routing, etc. have been widely deployed
• Credentials—mechanisms implemented on cards and by IBM
![Page 24: Privacy Technology](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816331550346895dd3b4c8/html5/thumbnails/24.jpg)
Benefits to organizations (micro)
• Reduced exposure/liability• Better data
– Cleaner because less deception and garbage– More willingness to provide data because of
protections• All organizations get the data; level playing
field• Better public image (?) – probably wrong!
![Page 25: Privacy Technology](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816331550346895dd3b4c8/html5/thumbnails/25.jpg)
Not easy to get there from here
• Requires lots of users (hard to be anonymous alone!)
• Difficult to get the system “primed”• Consumers don’t want to pay costs• Organizations tend to resist change
![Page 26: Privacy Technology](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816331550346895dd3b4c8/html5/thumbnails/26.jpg)
Really an “infrastructure issue”
• Pseudonymity / Anonymity only “in numbers” (as mentioned)
• Communication infrastructure can nullify protections
• Way to share data pseudonymously is infrastructure
![Page 27: Privacy Technology](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816331550346895dd3b4c8/html5/thumbnails/27.jpg)
CONCLUSION
A “Privacy Technology” infrastructure is the way to go and would be hugely beneficial
![Page 28: Privacy Technology](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816331550346895dd3b4c8/html5/thumbnails/28.jpg)
![Page 29: Privacy Technology](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816331550346895dd3b4c8/html5/thumbnails/29.jpg)
Kinds of Privacy for Payments
Governmentpayments, e.g.
transfer-order systems
pre-paidphone cards bank notes
& coins
eCash™
stored-valuecards
credit cards onthe Internet
No privacy False privacy
Consumer-controlled
privacy
Organization-controlled privacy
privacy / consumer-control
tech
nolo
gy /
time
Protectiononly frommerchantAdvertiseconsumer
privacy
Buy/reload card withoutidentification
![Page 30: Privacy Technology](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816331550346895dd3b4c8/html5/thumbnails/30.jpg)
Consumer Payments Market Space
high value
irregularpayments
scheduledpayments
$10low value
![Page 31: Privacy Technology](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816331550346895dd3b4c8/html5/thumbnails/31.jpg)
Electronic Cash
• You can buy a digital “bearer” instrument from a bank with funds in your account
• You can pay by giving the instrument to the payee, who deposits to an account
![Page 32: Privacy Technology](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816331550346895dd3b4c8/html5/thumbnails/32.jpg)
![Page 33: Privacy Technology](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816331550346895dd3b4c8/html5/thumbnails/33.jpg)
![Page 34: Privacy Technology](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816331550346895dd3b4c8/html5/thumbnails/34.jpg)
zoom in on eCash blinding
![Page 35: Privacy Technology](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816331550346895dd3b4c8/html5/thumbnails/35.jpg)
Privacy and Control over Payments
• Nobody can learn without your cooperation who you pay, how much you pay, or when
• You can always prove who received any payment, for how much, and when
• Payments can only be made by you and they cannot be stopped by others
![Page 36: Privacy Technology](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816331550346895dd3b4c8/html5/thumbnails/36.jpg)
![Page 37: Privacy Technology](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816331550346895dd3b4c8/html5/thumbnails/37.jpg)
![Page 38: Privacy Technology](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816331550346895dd3b4c8/html5/thumbnails/38.jpg)
Credential Mechanisms
• You deal with each organization under a distinct “digital pseudonym”—a public key whose corresponding private key only you know
• You obtain a “credential” as a digital signature formed on one of your digital pseudonyms
• You answer the queries you choose to by proving you have sufficient credentials
![Page 39: Privacy Technology](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816331550346895dd3b4c8/html5/thumbnails/39.jpg)
![Page 40: Privacy Technology](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816331550346895dd3b4c8/html5/thumbnails/40.jpg)
![Page 41: Privacy Technology](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816331550346895dd3b4c8/html5/thumbnails/41.jpg)
Wallet with Observer
• A tamper-resistant chip, issued by a trusted authority, is carried by the individual
• But the chip can only talk to the outside world through the person’s PC/PDA
• The two devices perform a multiparty computation and thus speak to the outside world with a common voice
![Page 42: Privacy Technology](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816331550346895dd3b4c8/html5/thumbnails/42.jpg)
How untraceable-sending works
message 1
message 2
message 3
message 4
The “mix” sever decrypts and re-orders inputs
Mix network
![Page 43: Privacy Technology](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816331550346895dd3b4c8/html5/thumbnails/43.jpg)
Prevents tracing messages back
message 2?
![Page 44: Privacy Technology](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816331550346895dd3b4c8/html5/thumbnails/44.jpg)
Cascade of three Mixes
Server 1 Server 2 Server 3
PK1 PK2PK3
![Page 45: Privacy Technology](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816331550346895dd3b4c8/html5/thumbnails/45.jpg)
Encryption of messagePK1 PK2
PK3
message
Ciphertext = EPK1[EPK2[EPK3[message]]]
![Page 46: Privacy Technology](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816331550346895dd3b4c8/html5/thumbnails/46.jpg)
Processing the messages
Server 1 Server 2 Server 3
m1
m2
m3
m2
m3
m1
decryptand
permutem2
m1
m3
decryptand
permute
decryptand
permutem2
m3
m1
![Page 47: Privacy Technology](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816331550346895dd3b4c8/html5/thumbnails/47.jpg)
Tracing prevented by any mix
Server 1 Server 2 Server 3
m3?
![Page 48: Privacy Technology](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816331550346895dd3b4c8/html5/thumbnails/48.jpg)
![Page 49: Privacy Technology](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816331550346895dd3b4c8/html5/thumbnails/49.jpg)
IAOThe Information Awareness Office (IAO) develops and
demonstrates information technologies and systems to counter asymmetric threats by achieving total information awareness useful for preemption, national security warning and national security decision-making. John Poindexter, national security adviser to former President Reagan, is the director of the new agency. He was a controversial figure both for his role in the Iran-contra scandals and for his efforts to assert military influence over commercial computer security technologies. NSDD 145 & Data Mining.