www.ipc.on.ca

National Security in a Post-9/11 National Security in a Post-9/11 World: The Rise of Surveillance, World: The Rise of Surveillance,

… the Demise of Privacy?… the Demise of Privacy?

Ann Cavoukian, Ph.D.Ann Cavoukian, Ph.D.Information & Privacy Commissioner/Ontario

2004 Osler Hoskin & Harcourt Lecture

Centre for Innovation Law and Policy

February 23, 2004

www.ipc.on.cawww.ipc.on.ca Slide 2

Whither Privacy?

Post September 11th

Enormous impact on privacy

The Security of Freedom: Essays on Canada's Anti-Terrorism Bill

• University of Toronto, 2001 www.utppublishing.com/detail.asp?TitleID=2493

www.ipc.on.cawww.ipc.on.ca Slide 3

September 11, 2001

“Public safety is paramount butbalanced against privacy”

Security measures must be real, not illusory

New powers must be studied and measured to determine effectiveness and utility

Are new security powers truly necessary or are existing powers not fully utilized or effectively deployed?

http://www.ipc.on.ca/userfiles/page_attachments/1517136_pub01-e.pdfhttp://www.cbc.ca/news/indepth/usattacked/essay_privacy.html

www.ipc.on.cawww.ipc.on.ca Slide 4

Anti-terrorism Laws

Canada• Anti-terrorism Act

• Customs Act – Canada Customs & Revenue Agency expanded powers

• Bill C-17 Public Safety Act (first reading)

United States• USA PATRIOT Act

• Transportation Security Administration: CAPPS II

United Kingdom• Anti-terrorism, Crime and Security Act

www.ipc.on.cawww.ipc.on.ca Slide 5

Why be Concerned?

Expanded scope of domestic surveillance

Lack of justification

Weakening of judicial controls

Lack of independent oversight

www.ipc.on.cawww.ipc.on.ca Slide 6

Are These Laws Effective?

Reasons why these laws will not work:

Depend on questionable technology

Too much irrelevant information collected

Create a tempting target

Solving the wrong problem

www.ipc.on.cawww.ipc.on.ca Slide 7

Importance of Privacy to Liberty

Privacy is a vital social value.

“Privacy is at the heart of liberty in the modern state. Grounded in [one's] physical and moral autonomy, privacy is essential for the well-being of the individual. … [I]t also has a profound significance for the public order.”

Dr. Alan Westin

www.ipc.on.cawww.ipc.on.ca Slide 8

Information Privacy Defined

Information Privacy: Data Protection

• Freedom of choice; personal control; informational self-determination

• Personal control over the collection, use and disclosure of any recorded information about an identifiable individual

www.ipc.on.cawww.ipc.on.ca Slide 9

Fair Information Practices:A Brief History

OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data

E.U. Directive on Data Protection

CSA Model Code for the Protection of Personal Information

Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA)

www.ipc.on.cawww.ipc.on.ca Slide 10

The Foundation: Fair Information Practices

AccountabilityIdentifying PurposesConsentLimiting CollectionLimiting Use,

Disclosure, RetentionAccuracy

SafeguardsOpennessIndividual AccessChallenging

Compliance

CSA Model Code for the Protection of Personal Information

www.ipc.on.cawww.ipc.on.ca Slide 11

Submission to the Standing Committee

Submission to the House of Commons Standing Committee on Citizenship and Immigration re: privacy implications of a National Identity Card and Biometric Technology – November 4, 2003

Interim Committee report questioned the value of introducing a national ID card

www.ipc.on.cawww.ipc.on.ca Slide 12

National ID Card Issues

No business case justifying ID Cards

Enormous cost of design and roll-out

Security vulnerabilities: high demand for access to associated databases – increased threat

www.ipc.on.cawww.ipc.on.ca Slide 13

National ID Card

Only one plausible rationale:U.S. requirement for biometric identifiers at border crossings by end of 2004• Enhanced Border Security and Visa Entry

Reform Act of 2002

• Canada currently exempted

www.ipc.on.cawww.ipc.on.ca Slide 14

Biometrics

Definition:

The automated use of physiological or behavioral characteristics to determine or verify identity

Far from foolproof: myths abound (don’t believe the movies)

www.ipc.on.cawww.ipc.on.ca Slide 15

Biometric Applications

Identification:one-to-many comparison

Authentication:one-to-one comparison

www.ipc.on.cawww.ipc.on.ca Slide 16

The Myth of Accuracy

The problem with large databases containing thousands (or millions) of biometric templates:

• False positives

• False negatives

www.ipc.on.cawww.ipc.on.ca Slide 17

Biometric Identification

False Positive Challenge

• Even with a 99.99% accuracy rate, everyone will have at least one false positive match

• “The false alarm rate would overwhelm the system...”

Bruce Schneier, Beyond Fear, p.253

www.ipc.on.cawww.ipc.on.ca Slide 18

The Fallacy of the Accuracy Re: Biometric Identification

If you have a 1 in 10,000 error rate per fingerprint (99.99% accuracy rate), then a person being scanned against a million-record data set will be flagged as positive 100 times. And that’s every person. A system like that would be useless because everyone would be a false positive.

Bruce Schneier, quoted in Ann Cavoukian’s Submission to the Standing Committee on Citizenship and Immigration, November 4, 2003

http://www.ipc.on.ca/docs/110403ac-e.pdf

www.ipc.on.cawww.ipc.on.ca Slide 19

Biometric Identification

False Negative Challenge:

• Attackers could fool the system

• Pay-offs high for compromising the system

• Increased vulnerability to a target once a terrorist succeeds in obtaining a false negative: threat escalates considerably

www.ipc.on.cawww.ipc.on.ca Slide 20

Biometric Strength: Authentication

The strength of one-to-one matches

• Authentication/verification does not require the central storage of templates

• Biometrics can be stored locally, not centrally – on a smart card, bar code, passport etc.

www.ipc.on.cawww.ipc.on.ca Slide 21

Designing Privacy Into Biometrics

The Privacy Challenges:

– Central template databases

– Unacceptable error rates

– Secondary uses

www.ipc.on.cawww.ipc.on.ca Slide 22

Final Thoughts on Biometrics

Current off-the-shelf biometrics will permit the secondary uses of personal information

The Goal: “Technology that allows for informational self-determination and makes good security a by-product of protecting one’s privacy” – George Tomko

Using the biometric to encrypt a PIN or a standard encryption key will meet that goal: Biometric Encryption

www.ipc.on.cawww.ipc.on.ca Slide 23

“I am not a number, I am a human being.

I will not be filed, stamped, indexed or numbered.

My life is my own.”

The Prisoner TV series, 1968

“I am not a number,I am a free man”

www.ipc.on.ca

How to Contact UsHow to Contact Us

Ann Cavoukian, Ph.D.Ann Cavoukian, Ph.D.Information & Privacy Commissioner/Ontario

80 Bloor Street West, Suite 1700

Toronto, Ontario M5S 2V1

Phone: (416) 326-3333

Web: Web: www.ipc.on.cawww.ipc.on.ca

E-mail: commissioner@ipc.on.ca