The Everyday Life of Surveillance (V): Architectures, Spaces, Territories

Privacy by Design?

Marc LangheinrichUniversity of Lugano (USI)

Switzerland

Projects

Privacy Ubiquitous Computing

Patras

Zurich

Gothenburg

Paris

Lancaster

Sevilla

Approaches to Ubicomp Privacy Disappearing Computer Troubadour Project (10/2002 - 05/2003)

• Make it Someone Else’s Problem– “For [my colleague] it is more appropriate to think

about [security and privacy] issues. It’s not really the case in my case“

• Absence of Protection as User Empowerment– “It’s maybe about letting them find their own

ways of cheating“

• Insist that “Good Security“ will Fix It– “All you need is really good firewalls“

Marc Langheinrich: The DC-Privacy Troubadour – Assessing Privacy Implications of DC-Projects. Designing for Privacy Workshop. DC Tales Conference, Santorini, Greece, June 2003.

24

NON PRIVACY BY NON DESIGNExample 1: Make it someone elses problem

“Uses the highest level of encryption allowed by the U.S.

government.”

2006

20 cards

no encryption

Cardholder‘s NameCard Number

Expiration Date

O‘Reilly Conf. 2008

Pablos Holman

“cards incorporate 128-bit encryption”

Cardholder‘s NameCard Number

Expiration Date

*MacBook Air not included

Defcon 2008

Flexilis

Non Privacy By Non Design

NON PRIVACY BY (BAD) DESIGNExample 2: User Empowerment

SECURITY

P<D<<LANGHEINRICH<<MARC<<<<<<<<<<<<<<<<<<<<<123456789?D<<710123?M070101?<<<<<<<<<<<<<<<?

MarcLangheinrich

DD/MMM/1971

P<D<<LANGHEINRICH<<MARC<<<<<<<<<<<<<<<<<<<<<12345678??D<<710123?M0701???<<<<<<<<<<<<<<<?

Protection from Forgery!!

Digital Signature

„ ...cloned and manipulated... “

MustermannChristian0000000000000

?

Proof of Genuine Passport ?

Non Security By Bad Design

PRIVACY BY DESIGN?Example 3: Good Firewalls

Smart Fridge

Smart Stove

Receiptless Returns

Fast Checkout

WhigModel #2342

Material: PolyesterTiger ThongMaker: Woolworth

Last washed: 5 days ago

ViagraMaker: Pfizer

Size: Maxi (60 pills)

Ori

gina

l “RF

ID-M

an”

Art

wor

k (c

) 200

6 A

ri Ju

els,

RSA

Lab

orat

orie

s

Working Hypothesis

People don‘t want privacy tools

People want to get things done!The more secure, private, safe, the better

Getting Things Done?

Vision

Hands Free Privacy

The more secure, private, safe, the better

Example: The Shamir Tag

Langheinrich, Marti: Practical Minimalist Cryptography for RFID Privacy. IEEE Systems Journal, Vol. 1, No. 2, 2007

Example: The Shamir Tag

• Unsolicited read-outs take long time–Difficult (but not impossible) to track

or identify

• Instant Identification for known tags–Owner uses tags without restrictions

Langheinrich, Marti: Practical Minimalist Cryptography for RFID Privacy. IEEE Systems Journal, Vol. 1, No. 2, 2007

Shamir Tags Illustrated

OriginalRFID-Tag:

RFID-Tag contains encrypted ID + Key, but cut in many small pieces. All pieces are needed to decrypt Tag ID.

Shamir Tags Illustrated

OriginalRFID-Tag:

UnknownReader sees:

Only few shares disclosed A few more shares disclosed Still not enough shares…

wait wait wait

RFID-Tag contains encrypted ID + Key, but cut in many small pieces. All pieces are needed to decrypt Tag ID.

time

Shamir Tags Illustrated

+ =

OriginalRFID-Tag:

UnknownReader sees:

Owner‘sReader sees:

Owner checks forknown (cached) tag

Instant IdentificationOnly few shares disclosed

Only few shares disclosed A few more shares disclosed Still not enough shares…

wait wait wait

RFID-Tag contains encrypted ID + Key, but cut in many small pieces. All pieces are needed to decrypt Tag ID.

Consumers receive basicprotection for all tagged goods

Additional security mechanism can be layered above Shamir Tags

Summary

Privacy by Design

• Difficult to do even for technology experts– Industrial (RFID Credit Cards)

– Government (ePassport)

• Difficult if wrong user model– People want to get things done

– Privacy, security often gets in the way

• We need usable security and privacy– Sometimes less security may mean more privacy

Outlook

The wireless century will bring an end to many crimes. It will be a century of morality, since it is known that morality and fear are one and the same.

(Robert Sloss, “The World in 100 Years”, 1910)