View
0
Download
0
Category
Preview:
Citation preview
1
Presentation at the AAAS 2010 Conference – San Diego, February 20, 2010
Information and Communication Technologies (ICT)Royal Institute of Technology (KTH)
Sead MufticProfessorSchool of ICT Royal Institute of Technology (KTH)Stockholm, Sweden
CEO/CTOSETECS, Inc.Silver Spring, MD, USA
sead.muftic@setecs.comCell: (240) 535-2095
Privacy Issues and Solutionsin Real and in Digital Worlds
2
Presentation at the AAAS 2010 Conference – San Diego, February 20, 2010
Information and Communication Technologies (ICT)Royal Institute of Technology (KTH)
Definition / Concept :“Privacy is the ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively. Privacy is sometimes related to anonymity, the wish to remain unnoticed or unidentified in the public realm.
Privacy can be seen as an aspect of security — one in which trade-offs between the interests of one group and another can become particularly clear.” (Wikipedia)
Issues / Problems :Financial damages
Personal damages
Competitive disadvantages
Family consequences
Threats to social status
3
Presentation at the AAAS 2010 Conference – San Diego, February 20, 2010
Information and Communication Technologies (ICT)Royal Institute of Technology (KTH)
Personal Attitudes :Some are not aware, some are not interested, some are oblivious,and some are concerned, but helpless . . .
Technical (IT tools)
Organizational (Policies)
Legal (laws)
International (conventions)
Solutions (if needed !) :
Financial data
Medical data
Personal data
Categories :
4
Presentation at the AAAS 2010 Conference – San Diego, February 20, 2010
Information and Communication Technologies (ICT)Royal Institute of Technology (KTH)
Real vs. Digital Worlds :
Sead Mufticsead.muftic@setecs.comPC IP number, Cookies
5
Presentation at the AAAS 2010 Conference – San Diego, February 20, 2010
Information and Communication Technologies (ICT)Royal Institute of Technology (KTH)
Protection of data (stored and transmitted)
Protection of actions (transactions and access)
Consent for sharing of data
Authorizations / approvals
Issues :
Secure personal storage of sensitive data
Trusted – Third Parties
Authorization Roles and Policies
Innovative Solutions :. . . Smart cards (standards and technologies)
. . . Servers, organizations, regulations
. . . Tools, procedures, organizational andregulatory solutions
6
Presentation at the AAAS 2010 Conference – San Diego, February 20, 2010
Information and Communication Technologies (ICT)Royal Institute of Technology (KTH)
Protection of data – credit card numbers, account numbers,financial data in databases
Protection of actions (secure payment transactions)
Financial Data :
Merchant PaymentGateway
Order CCCC
ME PGW
Cardholder
Order Sign Payment (CC) Sign DoubleSign
7
Presentation at the AAAS 2010 Conference – San Diego, February 20, 2010
Information and Communication Technologies (ICT)Royal Institute of Technology (KTH)
Protection of data (stored in EMR databases)
Protection of actions (sharing through HIEs)
Consent for sharing of data (HIPAA requirements)
Authorizations / approvals (new medical exchanges)
Medical Data :
The Status of HIEsin the US
Accumulation of data (in hospitals and PCP units)
Sharing of data through HIEs
Storage of data (medical data banks)
Access to data (portals)
8
Presentation at the AAAS 2010 Conference – San Diego, February 20, 2010
Information and Communication Technologies (ICT)Royal Institute of Technology (KTH)
Patient medical smart cards (with fingerprint verification)
Providers security card (with roles and profiles)
Secure transfer of data between hospitals
Authorized access to data (authorization policies)
Project in Michigan :
Medical DB
Patient
Portal
9
Presentation at the AAAS 2010 Conference – San Diego, February 20, 2010
Information and Communication Technologies (ICT)Royal Institute of Technology (KTH)
Protection of Personal Data and Actions :
PC IP numberCookies
WebProxy
10
Presentation at the AAAS 2010 Conference – San Diego, February 20, 2010
Information and Communication Technologies (ICT)Royal Institute of Technology (KTH)
Technical recommendations and standards
National / international regulations
Codes of practice (policies)
Digital signature acts
Data privacy acts
HIPAA and other medical regulations
National laws
Court cases
Organizational and Legal Solutions :
11
Presentation at the AAAS 2010 Conference – San Diego, February 20, 2010
Information and Communication Technologies (ICT)Royal Institute of Technology (KTH)
Conclusions :
Civilization is the progress toward a society of privacy.
Civilization is the process of setting man free from men.
The savage's whole existence is public, ruled by the laws of his tribe.
Some are not aware, some are not interested, some are oblivious,and some are concerned, but helpless . . .
Ayn Rand“Fountainhead”
Civilized use of Internet(as a free man !)
Recommended