The world is in the midst of a data revolution being fueled by the increasing interconnectedness of data often, data that until now was not connected.

Transcription

1 Slide #1 The world is in the midst of a data revolution being fueled by the increasing interconnectedness of data often, data that until now was not connected. The real value of this revolution cannot be unlocked until we can separate data from the person who generates it anonymity from privacy. At Anonos, we refer to this as taking the person out of personal data. The keyhole on the fingerprint in the Anonos logo represents our ability to unlock the value of interconnected data by disconnecting it. 1

2 Slide #2 Let s assume I m monitoring my blood pressure with a wearabe Internet of Things (or IoT) device that also captures my geolocation information. Real-time data records who I am, what my blood pressure is and where I m located. Unfortunately that data my personal data is subject to: Potential employee misuse (e.g., recent situations with ride sharing companies Uber and Lyft); Sale to - and use by - third parties without my knowing consent; and Security breaches like what recently happened at Sony. That s a problem. We re here today at the request of the Information Accountability Foundation to talk to about Anonos Dynamic Anonymity as an example of a Dynamic Data Obscurity (or DDO) technology tool. Ted and I have dedicated the last 3 years of our lives to research and development on Dynamic Anonymity - leveraging more than ten years of success in developing and deploying risk management technology on a global basis. We re here to talk about how Dynamic Anonymity splits up or disconnects data to solve this problem. Our approach is integrated into the data itself compared to external methods of protection that are contractual or intellectual property based. Dynamic Anonymity takes the person out of personal data while at the same time unlocking even greater value from the data. How? Well, this blood pressure data - rather than just being tied to me - could and should be tied to the greater health of humanity. Why don t more people upload their blood pressure data to the web? One of the problems is that they 2

3 don t want their personal data to be misused or end up in the wrong hands. Application developers are often start-ups who are more focused on sustainability than privacy or security concerns. And even more established companies are subject to data misuse - both internally (a recent survey of IT and security specialist showed that 80% are more concerned about internal threats) as well as externally by hackers. If Sony can t protect private information about their stars, how can people expect anyone to protect their personal data? If people weren t so concerned about their data, they might be more willing to share it. Anonos unlocks the value of data by giving people more trust by providing them more control over the security and privacy of personal data. We do this by introducing dynamic chaos into data ecosystems. And we do that by dynamically changing identifiers associated with a user as well as their activities (give example of Mardi Gras masks one versus changing) multi-layered access controls. We substitute sensitive data with dynamically changing identifiers that we refer to as Dynamic De- Identifiers or DDIDs to emphasize the fact that these identifiers do just the opposite of identifying users or actions they dynamically obscure them. Obscured data and DDIDs are kept in secure Circles of Trust (CoT) under the care of trusted parties and the keys necessary to associate DDIDs with data are kept in separate secure facilities. Without these keys, data cannot be accessed in an identifiable or understandable manner. 3

4 Slide #3 Anonos multi-level access controls separate the person from their personal data - without losing full value of the data. Multi-level access controls prevent data misuse before-the-fact a priori compared to after-the-fact liability for violating contractual terms of service or intellectual property rights that fail to make users whole. Anonos multi-layer access controls separate data from context in a manner that is roughly analogous to Digital Rights Management (or DRM). Anonos multi-layer access controls can be applied to both existing data sets and newly created data sets to achieve Aristotle s Golden Mean - a desirable middle between two extremes, one of excess and the other of deficiency with regard to Data Value and Data Privacy. Taking the analogy to DRM further, DRMD stands for DRM used by a control party for De- Identification purposes; DRMI provides individual users with control over their personal data. We anticipate that the vast majority of applications will be DRMD (this graphic assumes 95% are DRMD) but the existence of the DRMI option via opt out or other means could help reconcile conflicts between US and EU perspectives on data privacy. The question arises who should be trusted parties in charge of Circles of Trust? We have had numerous discussions with Commissioner Brill and others in this room on that very subject. Who has control over DDO tools is highly relevant. But, the existence of tools like Anonos Dynamic Anonymity make such discussions highly relevant and actionable. Circles of Trust leveraging multi-layered access controls store data that is obscured via DDIDs at one location while separate locations serve as lockers for the keys necessary to associate the DDIDs to data with security experts charged with defending both locations. This requires access to more than one place the Circle of Trust plus each separate locker where keys are kept. Requiring access to two separate facilities more than doubles the difficulty of misuse and requires a significantly more sophisticated, coordinated and synchronized multi-prong attack. For example, consider by analogy the requirement for two keys to launch a nuclear warhead. And - this touches upon the mission of the Information Accountability Foundation encouraging development of ethical frameworks, policies and procedures that parse proportionality of the robustness of solutions with the risk. 4

5 Slide #4 Discuss benefits of Anonos-enabled Just-In-Time Identity / JITI which protects the identity of users GENERALLY compared to Just-In-Time Disclosures advocated in the 2013 FTC Mobile Privacy Disclosures: Building Trust Through Transparency Report. Highlight the ability of Just-In-Time Identity / JITI to address the following quote by FTC Chairwoman Edith Ramirez at recent Consumer Electronics Show (CES): To the extent that companies collect information, they should de-identify consumer data where possible. Many of the beneficial big-data uses from the IoT could still be accomplished by using de-identified data. De-identification isn t perfect. There is always the possibility that ostensibly anonymized data can be re-identified. To address this issue, sound technical strategies for making data anonymous should be coupled with administrative safeguards. FTC Chairwoman Edith Ramirez Discuss benefits of Anonos-enabled Do Not Remember over unsuccessful efforts at Do Not Track which is inconsistent with the economic model of a free Internet. Enhanced context from Do Not Remember can actually improve economic models. Discuss benefits of removing barriers to innovation so that data and creativity can flow e.g., certification that IoT and other health-related wearable device manufactures / app providers that use Anonos will be HIPAA exempt (versus compliant) and therefore exempt from costs, obligations and potential liabilities under the HIPAA / HITECH Final Rule that otherwise applies to health related data in the wearables / IoT space. 5

6 Slide #5 We believe that Dynamic Data Obscurity tools - like Anonos Dynamic Anonymity - are superior to other approaches to anonymity or privacy and that innovative opportunities like genomic research and the Internet of Things can better achieve their potential with Dynamic Data Obscurity tools. After the presentations, during the informal lunch and discussion we would welcome to opportunity to speak further on this subject: This Magic Quadrant Chart shows that No Anonymity does not provide maximum value due to overload of information and provides no protection. Static Anonymity masking data by using a single, unchanging anonymous identifier to hide connections between data and a data subject - provides medium privacy and medium value. Scrambled Anonymity hiding the identity of a data subject by means like using Tor to anonymously browse the Internet provides strong protection but reduces value to near zero. We believe the highest value and protection comes from Dynamic Data Obscurity tools like Anonos Dynamic Anonymity multi-level access controls that dynamically obscure data elements. 6