![Page 1: Privacidade e Cibersegurança na era Snowden Veríssimo... · 2018-03-11 · Without proper “cyber-Geneva” and “anti-Proliferation of cyber weapons”treaties, this can scale-up](https://reader035.vdocuments.pub/reader035/viewer/2022063003/5f75d7d6658e65071e4b001d/html5/thumbnails/1.jpg)
07/10/16
1
Privacidade e Cibersegurança
na era Snowden
Paulo Esteves VeríssimoUniversity of Luxembourg, SnT
http://wwwen.uni.lu/snt/people/paulo_verissimo
15º Fórum da Arrábida
Privacidade, CiberSegurança e Regulação Económica
Convento da Arrábida, 7 de outubro de 2016
«Neverbeforehaditbeenpossibletocaptureand storeand processand correlatequickly,i.e innear-real-time,somuchdataonsomanypeopleororganizations.»
![Page 2: Privacidade e Cibersegurança na era Snowden Veríssimo... · 2018-03-11 · Without proper “cyber-Geneva” and “anti-Proliferation of cyber weapons”treaties, this can scale-up](https://reader035.vdocuments.pub/reader035/viewer/2022063003/5f75d7d6658e65071e4b001d/html5/thumbnails/2.jpg)
07/10/16
2
Google had a beautiful academic idea about data ...
Google had a beautiful academic idea about data ... and elegant algorithms …
![Page 3: Privacidade e Cibersegurança na era Snowden Veríssimo... · 2018-03-11 · Without proper “cyber-Geneva” and “anti-Proliferation of cyber weapons”treaties, this can scale-up](https://reader035.vdocuments.pub/reader035/viewer/2022063003/5f75d7d6658e65071e4b001d/html5/thumbnails/3.jpg)
07/10/16
3
Google had a beautiful academic idea about data ...
Then more data ...
• GmailandDocs• Translate• VoiceRecognition• GoogleHealth,R.I.P.• GoogleDrive
![Page 4: Privacidade e Cibersegurança na era Snowden Veríssimo... · 2018-03-11 · Without proper “cyber-Geneva” and “anti-Proliferation of cyber weapons”treaties, this can scale-up](https://reader035.vdocuments.pub/reader035/viewer/2022063003/5f75d7d6658e65071e4b001d/html5/thumbnails/4.jpg)
07/10/16
4
What if we also do Metadata? ...
What if we also do Metadata? ...
• GmailandDocs• Translate• VoiceRecognition• GoogleHealth,R.I.P.• GoogleDrive• GoogleAndroid Services• Hangouts• Maps• Google+• GoogleNow
![Page 5: Privacidade e Cibersegurança na era Snowden Veríssimo... · 2018-03-11 · Without proper “cyber-Geneva” and “anti-Proliferation of cyber weapons”treaties, this can scale-up](https://reader035.vdocuments.pub/reader035/viewer/2022063003/5f75d7d6658e65071e4b001d/html5/thumbnails/5.jpg)
07/10/16
5
Google Now: Your intelligent knows-all-about-you personal assistant
GGooooggllee KKnnoowwss YYoouu BBeetttteerr TThhaann
YYoouu KKnnooww YYoouurrsseellff……
![Page 6: Privacidade e Cibersegurança na era Snowden Veríssimo... · 2018-03-11 · Without proper “cyber-Geneva” and “anti-Proliferation of cyber weapons”treaties, this can scale-up](https://reader035.vdocuments.pub/reader035/viewer/2022063003/5f75d7d6658e65071e4b001d/html5/thumbnails/6.jpg)
07/10/16
6
WHEN BIG DATA STARTS GETTING TOO INVASIVE …
![Page 7: Privacidade e Cibersegurança na era Snowden Veríssimo... · 2018-03-11 · Without proper “cyber-Geneva” and “anti-Proliferation of cyber weapons”treaties, this can scale-up](https://reader035.vdocuments.pub/reader035/viewer/2022063003/5f75d7d6658e65071e4b001d/html5/thumbnails/7.jpg)
07/10/16
7
Smartphones: a privacy nightmare or, justbusiness as usual?
![Page 8: Privacidade e Cibersegurança na era Snowden Veríssimo... · 2018-03-11 · Without proper “cyber-Geneva” and “anti-Proliferation of cyber weapons”treaties, this can scale-up](https://reader035.vdocuments.pub/reader035/viewer/2022063003/5f75d7d6658e65071e4b001d/html5/thumbnails/8.jpg)
07/10/16
8
![Page 9: Privacidade e Cibersegurança na era Snowden Veríssimo... · 2018-03-11 · Without proper “cyber-Geneva” and “anti-Proliferation of cyber weapons”treaties, this can scale-up](https://reader035.vdocuments.pub/reader035/viewer/2022063003/5f75d7d6658e65071e4b001d/html5/thumbnails/9.jpg)
07/10/16
9
![Page 10: Privacidade e Cibersegurança na era Snowden Veríssimo... · 2018-03-11 · Without proper “cyber-Geneva” and “anti-Proliferation of cyber weapons”treaties, this can scale-up](https://reader035.vdocuments.pub/reader035/viewer/2022063003/5f75d7d6658e65071e4b001d/html5/thumbnails/10.jpg)
07/10/16
10
WHEN BIG DATA STARTS GETTING TOO
GOOD …
![Page 11: Privacidade e Cibersegurança na era Snowden Veríssimo... · 2018-03-11 · Without proper “cyber-Geneva” and “anti-Proliferation of cyber weapons”treaties, this can scale-up](https://reader035.vdocuments.pub/reader035/viewer/2022063003/5f75d7d6658e65071e4b001d/html5/thumbnails/11.jpg)
07/10/16
11
Photo metadataGeolocationFace tagging
Hi!Canyoutelluswhothispersonis?
Is automated computer-based facial recognition around the corner?
DeepFace@Facebook: Closing the Gap to Human-Level Performance in Face Verification, Yaniv Taigman et al.
![Page 12: Privacidade e Cibersegurança na era Snowden Veríssimo... · 2018-03-11 · Without proper “cyber-Geneva” and “anti-Proliferation of cyber weapons”treaties, this can scale-up](https://reader035.vdocuments.pub/reader035/viewer/2022063003/5f75d7d6658e65071e4b001d/html5/thumbnails/12.jpg)
07/10/16
12
Removing identifying information is notsufficient for anonymityThe Netflix Prize Dataset problem
Robust De-anonymization of Large Datasets (How to Break Anonymity of the Netflix Prize Dataset), Arvind Narayanan and Vitaly Shmatikov, 2006
Re-identifying de-identified dataOn the reidentifiability of credit card metadata
On the re-identifiability of credit card metadataYves-Alexandre de Montjoye et al., 2015
![Page 13: Privacidade e Cibersegurança na era Snowden Veríssimo... · 2018-03-11 · Without proper “cyber-Geneva” and “anti-Proliferation of cyber weapons”treaties, this can scale-up](https://reader035.vdocuments.pub/reader035/viewer/2022063003/5f75d7d6658e65071e4b001d/html5/thumbnails/13.jpg)
07/10/16
13
Target has got you in its aim
February 2012
Re-identifying de-identified dataWhen ZIP code says a lot about you
Simple Demographics Often Identify People Uniquely,Latania Sweeny, 2000
![Page 14: Privacidade e Cibersegurança na era Snowden Veríssimo... · 2018-03-11 · Without proper “cyber-Geneva” and “anti-Proliferation of cyber weapons”treaties, this can scale-up](https://reader035.vdocuments.pub/reader035/viewer/2022063003/5f75d7d6658e65071e4b001d/html5/thumbnails/14.jpg)
07/10/16
14
Re-identifying de-identified dataIdentifying individuals from the anonymous 1000-Genomes Project database
Identifying Personal Genomes by Surname InferenceMelissa Gymrek et al., 2013
Are anonymisation schemes working?
![Page 15: Privacidade e Cibersegurança na era Snowden Veríssimo... · 2018-03-11 · Without proper “cyber-Geneva” and “anti-Proliferation of cyber weapons”treaties, this can scale-up](https://reader035.vdocuments.pub/reader035/viewer/2022063003/5f75d7d6658e65071e4b001d/html5/thumbnails/15.jpg)
07/10/16
15
BRINGING IT ALL TOGETHER
…
Computing and communications are becoming pervasive commodities
ISP
ISP
“buying computing and communications asbuying electricity”
CLOUD COMPUTING AND
COMMUNICATIONS
![Page 16: Privacidade e Cibersegurança na era Snowden Veríssimo... · 2018-03-11 · Without proper “cyber-Geneva” and “anti-Proliferation of cyber weapons”treaties, this can scale-up](https://reader035.vdocuments.pub/reader035/viewer/2022063003/5f75d7d6658e65071e4b001d/html5/thumbnails/16.jpg)
07/10/16
16
Is the world becoming net-centric?Let’s dare a vision of the near future
ISP
ISP
CLOUD COMPUTING AND
COMMUNICATIONS
Internet minute
www.intel.com/.../internet-minute-infographic.html
![Page 17: Privacidade e Cibersegurança na era Snowden Veríssimo... · 2018-03-11 · Without proper “cyber-Geneva” and “anti-Proliferation of cyber weapons”treaties, this can scale-up](https://reader035.vdocuments.pub/reader035/viewer/2022063003/5f75d7d6658e65071e4b001d/html5/thumbnails/17.jpg)
07/10/16
17
36
THE ROLE OF NATION-STATES …
in some
DANGEROUS STEPS …
![Page 18: Privacidade e Cibersegurança na era Snowden Veríssimo... · 2018-03-11 · Without proper “cyber-Geneva” and “anti-Proliferation of cyber weapons”treaties, this can scale-up](https://reader035.vdocuments.pub/reader035/viewer/2022063003/5f75d7d6658e65071e4b001d/html5/thumbnails/18.jpg)
07/10/16
18
THE ALL-SEEING-EYE a.k.a. BLANKET DATA COLLECTION
http://www.digitaljournal.com
1exabyte=1018
“Wekill peoplebasedonmetadata …butthat’snotwhatwedowith thismetadata.”
“It’sonlymetadata …They'renotlooking atcontent.”
President Obama. Gen. Michael Hayden, former NSA and CIA Director @ (JHU/ David Cole), 2014
![Page 19: Privacidade e Cibersegurança na era Snowden Veríssimo... · 2018-03-11 · Without proper “cyber-Geneva” and “anti-Proliferation of cyber weapons”treaties, this can scale-up](https://reader035.vdocuments.pub/reader035/viewer/2022063003/5f75d7d6658e65071e4b001d/html5/thumbnails/19.jpg)
07/10/16
19
“Inourcountry,dowewanttoallowameansofcommunicationbetweenpeoplewhich[…]we
cannotread?”
AND WHAT ABOUT
PORTUGAL …
![Page 20: Privacidade e Cibersegurança na era Snowden Veríssimo... · 2018-03-11 · Without proper “cyber-Geneva” and “anti-Proliferation of cyber weapons”treaties, this can scale-up](https://reader035.vdocuments.pub/reader035/viewer/2022063003/5f75d7d6658e65071e4b001d/html5/thumbnails/20.jpg)
07/10/16
20
![Page 21: Privacidade e Cibersegurança na era Snowden Veríssimo... · 2018-03-11 · Without proper “cyber-Geneva” and “anti-Proliferation of cyber weapons”treaties, this can scale-up](https://reader035.vdocuments.pub/reader035/viewer/2022063003/5f75d7d6658e65071e4b001d/html5/thumbnails/21.jpg)
07/10/16
21
The Snowden era…
![Page 22: Privacidade e Cibersegurança na era Snowden Veríssimo... · 2018-03-11 · Without proper “cyber-Geneva” and “anti-Proliferation of cyber weapons”treaties, this can scale-up](https://reader035.vdocuments.pub/reader035/viewer/2022063003/5f75d7d6658e65071e4b001d/html5/thumbnails/22.jpg)
07/10/16
22
Tailored Subversion and Intrusion
![Page 23: Privacidade e Cibersegurança na era Snowden Veríssimo... · 2018-03-11 · Without proper “cyber-Geneva” and “anti-Proliferation of cyber weapons”treaties, this can scale-up](https://reader035.vdocuments.pub/reader035/viewer/2022063003/5f75d7d6658e65071e4b001d/html5/thumbnails/23.jpg)
07/10/16
23
What about the others?
Is UDC (Utah Data Center) inexpugnable?
http://www.digitaljournal.com
“That general is skillful in defense whose opponent does not know what to attack.”
[SunTzu, The Art of War]
![Page 24: Privacidade e Cibersegurança na era Snowden Veríssimo... · 2018-03-11 · Without proper “cyber-Geneva” and “anti-Proliferation of cyber weapons”treaties, this can scale-up](https://reader035.vdocuments.pub/reader035/viewer/2022063003/5f75d7d6658e65071e4b001d/html5/thumbnails/24.jpg)
07/10/16
24
… WITH A LITTLE HELP
FROM MY FRIENDS (us all) …
![Page 25: Privacidade e Cibersegurança na era Snowden Veríssimo... · 2018-03-11 · Without proper “cyber-Geneva” and “anti-Proliferation of cyber weapons”treaties, this can scale-up](https://reader035.vdocuments.pub/reader035/viewer/2022063003/5f75d7d6658e65071e4b001d/html5/thumbnails/25.jpg)
07/10/16
25
«Is private informationunder control?»
![Page 26: Privacidade e Cibersegurança na era Snowden Veríssimo... · 2018-03-11 · Without proper “cyber-Geneva” and “anti-Proliferation of cyber weapons”treaties, this can scale-up](https://reader035.vdocuments.pub/reader035/viewer/2022063003/5f75d7d6658e65071e4b001d/html5/thumbnails/26.jpg)
07/10/16
26
What must change in people’s attitudes“Ihavenothingtohide“Whatdoyouhavetohide?”“”They”cannotfolloweverybody! (notmethen…)”“Idon’tworry,only 2%ofpeoplearepersonsofinterest(the“others”)”“Theygivemecoupons, evencars”
Some shystart…
SOME ENCOURAGING
SIGNS OF CHANGE?
![Page 27: Privacidade e Cibersegurança na era Snowden Veríssimo... · 2018-03-11 · Without proper “cyber-Geneva” and “anti-Proliferation of cyber weapons”treaties, this can scale-up](https://reader035.vdocuments.pub/reader035/viewer/2022063003/5f75d7d6658e65071e4b001d/html5/thumbnails/27.jpg)
07/10/16
27
![Page 28: Privacidade e Cibersegurança na era Snowden Veríssimo... · 2018-03-11 · Without proper “cyber-Geneva” and “anti-Proliferation of cyber weapons”treaties, this can scale-up](https://reader035.vdocuments.pub/reader035/viewer/2022063003/5f75d7d6658e65071e4b001d/html5/thumbnails/28.jpg)
07/10/16
28
![Page 29: Privacidade e Cibersegurança na era Snowden Veríssimo... · 2018-03-11 · Without proper “cyber-Geneva” and “anti-Proliferation of cyber weapons”treaties, this can scale-up](https://reader035.vdocuments.pub/reader035/viewer/2022063003/5f75d7d6658e65071e4b001d/html5/thumbnails/29.jpg)
07/10/16
29
• seeks‘…toensureahighcommonlevelofnetworkandinformationsecurityacrosstheEU’byvariousmeansofregulation…’
• NISseekstoharmonisecybercapabilities inMS:– designingandimplementingnationalNISstrategies– settingupNIScompetentauthorities(cybersec centers)– institutingComputerEmergencyResponseTeams (CERTs)– Mandatorymonitoringandreportingofsecurityonregulateddomesticpublicandprivatecompanies(or‘marketoperators’)
• collaborationwithandwithinEuropeancounterparts,(ENISA,CERT-EU).
AnalysisofEUcybersecuritystrategiesNetwork and Information Security Directive
![Page 30: Privacidade e Cibersegurança na era Snowden Veríssimo... · 2018-03-11 · Without proper “cyber-Geneva” and “anti-Proliferation of cyber weapons”treaties, this can scale-up](https://reader035.vdocuments.pub/reader035/viewer/2022063003/5f75d7d6658e65071e4b001d/html5/thumbnails/30.jpg)
07/10/16
30
• GeneralDataProtectionRegulation– willenablepeople tobettercontroltheirpersonaldata;willallowbusinesses tobenefitfromsimplerrulesandreinforcedconsumertrust.
• DataProtectionDirective– forthepoliceandcriminaljusticesector- willensurethatthedataofvictims,witnesses,andsuspectsofcrimes,aredulyprotectedinthecontextofacriminalinvestigationoralawenforcementaction;facilitatescross-bordercooperationofpoliceorprosecutorstocombatcrimeand terrorismmoreeffectivelyacrossEurope
AnalysisofEUprivacyanddataprotectionstrategiesandpolicies
• SafeHarbourdeclaredinvalidin2015byECJ• Newregulation,EU-USPrivacyShield (2016),somewhatmendsprevious asymmetryinrelationships betweentheUSandEU,indisfavouroftheEU:– StrongobligationsoncompanieshandlingEuropeans'personaldataandrobustenforcement
– ClearsafeguardsandtransparencyobligationsonU.S.governmentaccess
– EffectiveprotectionofEUcitizens'rightswithseveralredresspossibilities
TopicmattersindataprotectionSafe Harbour vs. Privacy Shield
![Page 31: Privacidade e Cibersegurança na era Snowden Veríssimo... · 2018-03-11 · Without proper “cyber-Geneva” and “anti-Proliferation of cyber weapons”treaties, this can scale-up](https://reader035.vdocuments.pub/reader035/viewer/2022063003/5f75d7d6658e65071e4b001d/html5/thumbnails/31.jpg)
07/10/16
31
SOME ENCOURAGING
SIGNS OF CHANGE?
That was last year LL ...
Recent developments ...
![Page 32: Privacidade e Cibersegurança na era Snowden Veríssimo... · 2018-03-11 · Without proper “cyber-Geneva” and “anti-Proliferation of cyber weapons”treaties, this can scale-up](https://reader035.vdocuments.pub/reader035/viewer/2022063003/5f75d7d6658e65071e4b001d/html5/thumbnails/32.jpg)
07/10/16
32
… Wrapping-up …
• Securityandprivacyoftenseenascontradictingorconflictingobjectives:– ‘privacy’ concernstheindividualandcanthusbesacrificedtothecollectivegood, supposedlyrepresentedby ‘security’ofthenation.
• Thisstatus-quo gavewaytolawsallowing:– systematic,sometimesunwarranted,monitoringbynationstates
– andpermissivede-regulationsanctioningpervasivedatacollectionbycorporations,ofcitizensandcorporations,nationalandforeign.
Security vs. privacy
![Page 33: Privacidade e Cibersegurança na era Snowden Veríssimo... · 2018-03-11 · Without proper “cyber-Geneva” and “anti-Proliferation of cyber weapons”treaties, this can scale-up](https://reader035.vdocuments.pub/reader035/viewer/2022063003/5f75d7d6658e65071e4b001d/html5/thumbnails/33.jpg)
07/10/16
33
• Western(democratic) governmentsareincreasingtheamount,coverageanddepthofsurveillance ofcitizensandcompanies,notalwaysonlyinsideborders.
• Insomecases,thereisample(voluntaryorforced)cooperationofprivatecompanieswithgovernmentagencies, ineasingandamplifyingharvestingthisdata.
• Twokeyaspects havepolitically sustainedthistrend:– “only(harmless)meta-dataarecollected”– “blanketdatacollectionnecessarytoensurenationsecurity”
Mass vs. Targeted Surveillance
• Securitary trendsmakeSecurity andPrivacy lookcontradicting:
• ‘Privacy’is ‘security’ fromtheperspectiveofanindividualorcollective person’sdataand/ormetadata
• Incasesofblanketdatacollection, wecannolongertalkabout‘oneindividual’,butpotentially,mostinhabitantsandbusinessesofanation.
Security vs. privacy: wrong equation
![Page 34: Privacidade e Cibersegurança na era Snowden Veríssimo... · 2018-03-11 · Without proper “cyber-Geneva” and “anti-Proliferation of cyber weapons”treaties, this can scale-up](https://reader035.vdocuments.pub/reader035/viewer/2022063003/5f75d7d6658e65071e4b001d/html5/thumbnails/34.jpg)
07/10/16
34
• Conclusions ofarecentE.P.study:– meta-dataisbynomeansharmless,andinwhatconcernsequatingtheprivacy risksofsurveillance,whateverthegovernments’strategiesinthisareamaybe,itmustbeconsideredthat “meta-dataAREdata”.
Mass vs. Targeted Surveillance: weak excuses
• Schemeslike:escrowsecuritysystems;systematiccommunications interception,orwiretapping;systematicsubversionofcommunicationsandcomputingsystemssecurity,or“backdoor”,havebeenusedorproposedby lawenforcementorintelligenceagencies
• Thisisaproblematicdebatewheredecisionmakersareoftentimeseitherill-informedorhavevestedinterests
• Eveninthecaseofjusttechnicallyenablinglawfultargetedinterception,anymeasures(liketheiPhoneor theWhatsAppcases)whichimplyglobalweakening,mayhavemanymorerisksthangains.
Deliberate weakening of systems: shooting one’s own foot
![Page 35: Privacidade e Cibersegurança na era Snowden Veríssimo... · 2018-03-11 · Without proper “cyber-Geneva” and “anti-Proliferation of cyber weapons”treaties, this can scale-up](https://reader035.vdocuments.pub/reader035/viewer/2022063003/5f75d7d6658e65071e4b001d/html5/thumbnails/35.jpg)
07/10/16
35
Some reflections
• Inthishigh-techworld,anymeasuresthatseemsociallyandpoliticallyright(liketargetedsurveillance)mustbeseriouslyassessedforfeasibility,magnitudeofnegativeimpacts
• Seenfromthislogicalviewpoint,itisinevitabletoputinperspective:– (i)thepotentialgainsofblanketdatacollection forthenation’ssecurity
– (ii)versusthemagnitudeofthevaluedestruction occurring bymassivecapture, analysis,archive,useandmisuseofinformationforawholenation ofindividual andcollective persons
Geopolitical status-quo
• Generalisedtrendtowardblanketdataand“meta-data”collection
• Deliberateweakeningofcommunicationandcomputingsystemsinfrastructures
• Experimentalstate-sponsored sabotageandkineticcyberattacks
• Escalationincyberweapondevelopment,passive andactive
• Loomingorganisedcrimeandcyber-terrorism
![Page 36: Privacidade e Cibersegurança na era Snowden Veríssimo... · 2018-03-11 · Without proper “cyber-Geneva” and “anti-Proliferation of cyber weapons”treaties, this can scale-up](https://reader035.vdocuments.pub/reader035/viewer/2022063003/5f75d7d6658e65071e4b001d/html5/thumbnails/36.jpg)
07/10/16
36
We live a non-declared low-intensity cyber-war, under a cyber-weapons proliferation ambience.Without proper “cyber-Geneva” and “anti-Proliferation of cyber weapons” treaties, this can scale-up unexpectedlythreatsbecameglobal,persistent,andperpetratedbypowerful,
motivated,competentandnon-regulatedadversaries
itisimpossibletodopervasiveandblanketdatacollectionwithoutdamagingsocietyanddemocracyasawhole
undermining integrityand trustworthinessoftheinfosocietyandinfrastructurecanbedisastrous
Epilogue: some key strategic measures for a global cyber détente
threatsbecameglobal,persistent,andperpetratedbypowerful,motivated,competentandnon-regulatedadversaries
itisimpossibletodopervasiveandblanketdatacollectionwithoutdamagingsocietyanddemocracyasawhole
undermining integrityand trustworthinessoftheinfosocietyandinfrastructurecanbedisastrous
Before it is too late,we must:setclearmissionsforcybersecurityandcyberdefense
redefineprivacyasaformofsecuritygobacktotargetedsurveillanceunderdemocraticruleoflawregulate the commercial rights foracquisition of private info
regulate international trade in ICT
![Page 37: Privacidade e Cibersegurança na era Snowden Veríssimo... · 2018-03-11 · Without proper “cyber-Geneva” and “anti-Proliferation of cyber weapons”treaties, this can scale-up](https://reader035.vdocuments.pub/reader035/viewer/2022063003/5f75d7d6658e65071e4b001d/html5/thumbnails/37.jpg)
07/10/16
37
“Arewegoingto[…]allowthegovernments todomoreandmorecontrol[…and]surveillance?[…becausewithout]anopen,neutralinternetwecanrelyonwithoutworryingaboutwhat'shappeningatthebackdoor,wecan'thaveopengovernment,gooddemocracy,…”
[SirTimBernersLeeonBBCRadio,Mar2014]
“Peacecannotbekeptbyforce;itcanonlybeachievedbyunderstanding.”
[AlbertEinstein]
Thank You!Paulo Esteves-Veríssimo, University of Luxembourg, [email protected]