Big Data + Smart City = Weak Privacy + Weak Security?

Similar documents
Guidance for Data Users on the Collection and Use of Personal Data through the Internet 1

Guidance on the Use of Portable Storage Devices 1

(a) the kind of data and the harm that could result if any of those things should occur;

Investigation Report: HKA Holidays Limited Leaked Customers Personal Data through the Mobile Application TravelBud

1. Understanding Big Data

Cloud Computing. Introduction

The Information Commissioner s Office response to HM Treasury s Call for Evidence on Data Sharing and Open Data in Banking

International Working Group on Data Protection in Telecommunications

Last updated: 30 May Credit Suisse Privacy Policy

Formal response to the Consultation Paper: Monitoring and Regulation of Migration

ECSA EuroCloud Star Audit Data Privacy Audit Guide

Data Protection Act. Conducting privacy impact assessments code of practice

Guidance on Personal Data Erasure and Anonymisation 1

Privacy and Data Protection Impact Assessment Framework for RFID Applications. 12 January 2011

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS

How To Respond To The Nti'S Request For Comment On Big Data And Privacy

Procedure for Managing a Privacy Breach

Estate Agents Authority

Do you have a private life at your workplace?

How To Know What You Can And Can'T Do At The University Of England Students Union

California State University, Sacramento INFORMATION SECURITY PROGRAM

Big Data, Not Big Brother: Best Practices for Data Analytics Peter Leonard Gilbert + Tobin Lawyers

Investigation Report: Hospital Authority s Breach of Data Security. in Connection with Disposal of Patient Records

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

Adobe Systems Software Ireland Ltd

The potential legal consequences of a personal data breach

Opinion and recommendations on challenges raised by biometric developments

Understanding the impact of the connected revolution. Vodafone Power to you

Summary of the Dutch Data Protection Authority s guidelines for the Data Breach Notification Act

A Best Practice Guide

CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION. Robert N. Young, Director Carruthers & Roth, P.A. rny@crlaw.com Phone: (336)

DATA PROTECTION AND DATA STORAGE POLICY

PRAIRIE SPIRIT SCHOOL DIVISION NO. 206, BOX 809, 121 KLASSEN STREET EAST, WARMAN, SK S0K 4S0 -- PHONE: (306)

Big Data for Mutuals. Marc Dautlich 25 November 2013

Article 29 Working Party Issues Opinion on Cloud Computing

Central and Eastern European Data Theft Survey 2012

Health Data Governance: Privacy, Monitoring and Research - Policy Brief

Development / Monitoring / Review of this Policy. Schedule for Development / Monitoring / Review

Smart Grid and Privacy An International View

UNILEVER PRIVACY PRINCIPLES UNILEVER PRIVACY POLICY

IT OUTSOURCING SECURITY

PRIVACY BREACH MANAGEMENT POLICY

Procedures on Data Security Breach Management Version Control Date Version Reason Owner Author 16/09/2009 Draft 1 Outline Draft Jackie Groom

SecTor 2009 October 6, Tracy Ann Kosa

UNIVERSITY COLLEGE LONDON CCTV POLICY. Endorsed by the Security Working Group - 17 October 2012

1 Details of Premises to be Insured

Crossing Borders New Guidance on the Transfer of Personal Data outside Hong Kong

POLICY AND PROCEDURE MANUAL

How To Protect Decd Information From Harm

ENA Smart Metering Security & Privacy Control Points

Appendix. Key Areas of Concern. i. Inadequate coverage of cybersecurity risk assessment exercises

Template for Automatic Number Plate Recognition (ANPR) Infrastructure Development Privacy Impact Assessment

POLICY FOR USE OF CCTV SYSTEM AT BOW SCHOOL OF MATHS AND COMPUTING SCHOOL

INERTIA ETHICS MANUAL

SURVEILLANCE AND PRIVACY

14 December 2006 GUIDELINES ON OUTSOURCING

Data and Information Security Policy

Roles and Responsibilities The following section outlines the e-safety roles and responsibilities of individuals and groups within Heath Farm School:

A Q&A with the Commissioner: Big Data and Privacy Health Research: Big Data, Health Research Yes! Personal Data No!

MASSACHUSETTS IDENTITY THEFT RANKING BY STATE: Rank 23, 66.5 Complaints Per 100,000 Population, 4292 Complaints (2006) Updated January 17, 2009

Intelligent Home Automation and Security System

Self assessment tool. Using this tool

IDT Financial Services Limited. Prime Card Privacy Policy

Privacy + Security + Integrity

Lessons Learned from HIPAA Audits

Nine Steps to Smart Security for Small Businesses

Binding Corporate Rules ( BCR ) Summary of Third Party Rights

360 Degree Safe Cymru SELF REVIEW TOOL

Code of Practice on the Identity Card Number and other Personal Identifiers Compliance Guide for Data Users

Data Protection Act Bring your own device (BYOD)

INCIDENT RESPONSE CHECKLIST

Third Party Security Requirements Policy

Remote Working and Portable Devices Policy

Transcription:

Big Data + Smart City = Weak Privacy + Weak Security? Professor John Bacon-Shone Director, Social Sciences Research Centre The University of Hong Kong

Benefits and Risks Is it an inevitable consequence of wanting the significant benefits of a Smart City and Big Data analysis that we must accept weak privacy and security? Who should be responsible for ensuring that this does not happen, if this does not involve data with a direct personal identifier? How should we maximise the benefits while also minimizing the risks? It is important to recognise that many big data and smart city enthusiasts assume that anonymity or consent solves all the problems other than cost

Broad Context: Constitutional Rights HK Basic Law: Article 29 The homes and other premises of Hong Kong residents shall be inviolable. Arbitrary or unlawful search of, or intrusion into, a resident's home or other premises shall be prohibited. Question: e.g. are smart meters an arbitrary intrusion into a resident s home, if the monopoly electricity provider installs it without consent?

Specific Context: Data Protection Principles HK PDPO (like most EU DP laws) DPP1: lawful and fair collection where data subjects are informed of the purpose for which data are collected & used, which must be directly related to function of data user; DPP3: personal data used for purpose originally collected or directly related purpose, unless have prior consent DPP4: all practicable steps to ensure personal data are protected against unauthorized or accidental access, processing or erasure. Questions: how to obtain consent, protect against use for unrelated purposes and against unauthorised access?

Risk Risk has two components: chance of an outcome and consequences of the outcome, so we need to examine the possible outcomes that could have bad consequences

Relevance: Smart meters Fine grained energy consumption data in households allows sophisticated prediction of household (and individual) behaviour that relates to energy use, including working hours, medical needs, media consumption, when the house is empty etc. even if the identity of the individual is unknown

Relevance: Smart cars: Fine grained location and time data means knowing where you are at all times, assuming car is linked with a person. Self-driving cars may even be externally controlled.

Relevance: Smart phones: Fine grained location and time means knowing where you are at all times and possible linkage with your activity, given all the sensors on the phone including microphone, camera etc.

Meter Risk Outcome 1 Direct misuse of personal data collected by the smart meter operator, such as manipulation of charging rates (think of Amazon experiment that manipulated prices based on previous customer behaviour), such as raising prices when that household is most likely to consume electricity (break in favourite TV show or when come home from work) does not require identification.

Meter Risk Outcome 2 Sale of personal data collected from households to third parties (think of the Octopus case) such as appliance providers, home insurers etc. Arguable consumer benefit, e.g. seems you need a new electrical appliance as your fridge consumes too much electricity. Does not require identification.

Meter Risk Outcome 3 Breach of security, allowing unauthorised use of personal data, such as when best to burgle because there is probably nobody at home (based on power consumption). Does not require identification but does require address.

Meter Risk Outcome 4 Use by law enforcement would it be justified to profile likely marijuana growers, or people keeping their public rental flat unoccupied, running an untaxed business, running a brothel, using incandescent bulbs if they become outlawed? Would they need a warrant to obtain the information? Would they be able to search data looking for possible illegal behaviour or must they have good reason in advance?

Car Risk Outcome 1 Breach of security, allowing car jackers to identify when an expensive car is stationary for a long period in a remote location, hence easily stolen - does not require identification of the owner!

Phone Risk Outcome 1 Use by law enforcement meeting of many political activists. Would they need a warrant to obtain the information? Would they be able to search data looking for possible illegal behaviour or must they have good reason? Arguably does not need identification of individuals, just that they are intending to visit a specific location at a specific time

Other Risk Outcomes There are certainly other consequences not considered here the key point is that there certainly are possible outcomes with privacy impact, so a thorough privacy/security impact assessment is essential, indeed privacy & security must be part of the design process

Chances of the Outcomes? Clearly the chances can be minimized through: Well designed security system (e.g. all connections encrypted, 2 factor authentication, full audit trails) to minimise risk of personal data leakage during transfer from home to service supplier, transfer from supplier to consumer and inside service supplier Suitable regulation by regulators of service provider, privacy and law enforcement surveillance to address transfer at systems level and response to any leakage or unauthorised transfer

Existing laws sufficient? Certainly not without a data protection law, but what if you have a data protection law? Still insufficient, because personal data requires a direct personal identifier and much of this data may not have a direct personal identifier or may be shared (e.g. household data, pictures of a group of people etc.). A robber would not care about knowing your name, just whether your car and house are easy targets. A seller only requires knowing that an individual wants to buy, not their identity.

Big data problems? Need to address ability to link to an individual (possible without knowing their identity) if there are possible decisions or outcomes that may disadvantage the individuals. For example, postal codes + age and gender is sufficient to re-identify in most countries, but reidentification may not be that obvious or transparent may not even know who holds the data

Big data problems (more)? If I know you need or want very much to buy an item, I may be able to take advantage of that information in a discriminatory way. Think again about the case of the pregnant teenager identified by big data what if Target realised that she had not made her pregnancy public and offered her anonymous deliveries at a higher price is that a problem?

Public Opinion? Role of public opinion? It is difficult for the general public to assess consequences of new processes Public opinion is essential in understanding how well communication works, but of little value in designing new processes, unless they are a stakeholder group who understand the issues well or have had them explained well (e.g. through deliberative polling).

Lessons from elsewhere? Debate often polarised between technologists and business people who see real benefits and privacy activists and those distrustful of government who fear misuse of the data (or even reject for irrational reasons such as wireless devices causing health risks). Consent must mean a free and fully informed choice, without unfair consequences.

Mitigation of the risks? Some possible mitigation strategies? Discussion?

Some possible risk outcomes Direct misuse of personal data collected by the smart meter operator, such as manipulation of charging rates Sales of personal data Breach of security Use by law enforcement

Some possible mitigation strategies Consumer protection safeguards to guard against negative decisions, e.g. customers charged more when using smart meters Privacy impact assessment that is not limited to direct identifiers, but focuses on individual consequences Security assessment of entire system Access restrictions for law enforcement

More possible mitigation strategies Explicit consent for third party access to identifiable or re-identifiable meter data Data breach notification New crypto solutions which, even with smart meters, break the link of individual households with time of consumption, thanks to grouping of households and purchasing energy tickets.

Thank you!

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information