Privacy Preservation Through Good AIM
Time 10/28/14 04:15PM-05:00PM
The age-old debate of privacy vs security is in the headlines once again, thanks to the NSA, GCHQ, and Edward Snowden.
Access and Identity Management (AIM) services such as federated access federations (e.g. SAML based federations, eduroam, and Moonshot) - are one set of mechanisms by which the privacy of members of the Research and Education communities worldwide can help to be protected. In fact, privacy preservation was a fundamental design goal for many of these services.
In this talk, we will look at how AIM services are helping to achieve the preservation of individual privacy in this specific context – from allowing our users to stay anonymous to services, through allowing multiple pseudonymous identifiers to be associated with a particular identity, to the use of entity tags to show that your entity follows privacy principals.
This will involve a look at the current state of affairs of privacy protection in existing major AIM services (e.g. SAML federations and eduroam) and ongoing developments in these areas, and new developments just appearing on the horizon (e.g. Moonshot).
The deployment styles chosen when starting up an AIM service can have a drastic effect on privacy preservation – for example, whether a SAML federation is decentralised or hub-and-spoke affects the style of privacy preservation that can be achieved. We will look at these options and the impact these options have.
The talk will also look at a major current issue in AIM service operations – the competing issues of privacy protection of an individual’s personal data, and the desire to release such data to external services for a variety of reasons. We will look at various mechanisms by which this problem is being tackled, and also at developments in best practice that are altering the landscape in this area. For example, the latest UK Federation Recommendations on Personal Data suggest that privacy isn’t a simple yes/no choice, but that institutions should instead adopt a risk/benefit approach to handling personal data as an appropriate basis for managing access to research and education services that users want or need. These Recommendations are based on recent developments in the UK Information Commissioner’s Anonymisation Code of Practice that considers the release of pseudonymous identifiers to be less of a privacy risk than either names or public identifiers.
The talk will also attempt to dispel the fallacy that privacy protection and data protection legislation compliance are the same thing – the recent NSA/GCHQ spying revelations are not a data protection issue, but are most certainly a massive intrusion into individual privacy on an industrial scale. We, as designers, operators, and users of AIM services should realise that designing against privacy intrusion is a much better bet than trying to design against the moving target of data protection law. The principals of privacy by design will be discussed.
Having co-authored the Internet Engineering Taskforce (IETF) Privacy Considerations for Internet Protocols RFC 6973, managed an institutional SAML Identity Provider, helped run one of the world’s largest research and education access management federations, helped to design a next generation AIM system (Moonshot) and written a doctoral thesis around Privacy in the context of e-commerce, Rhys is ideally placed to inform you of how good AIM can help protect the privacy of your community - and what you can do to help achieve good AIM.
Primary track Trust and Identity
Secondary tracks Security