Privacy in Real Life: Many Don't Care, Some Guess, and Only Few …€¦ · Presentation at the AAAS 2010 Conference – San Diego, February 20, 2010 Information and Communication

1

Presentation at the AAAS 2010 Conference – San Diego, February 20, 2010

Information and Communication Technologies (ICT)Royal Institute of Technology (KTH)

Sead MufticProfessorSchool of ICT Royal Institute of Technology (KTH)Stockholm, Sweden

CEO/CTOSETECS, Inc.Silver Spring, MD, USA

[email protected]: (240) 535-2095

Privacy Issues and Solutionsin Real and in Digital Worlds

2



Definition / Concept :“Privacy is the ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively. Privacy is sometimes related to anonymity, the wish to remain unnoticed or unidentified in the public realm.

Privacy can be seen as an aspect of security — one in which trade-offs between the interests of one group and another can become particularly clear.” (Wikipedia)

Issues / Problems :Financial damages

Personal damages

Competitive disadvantages

Family consequences

Threats to social status

3



Personal Attitudes :Some are not aware, some are not interested, some are oblivious,and some are concerned, but helpless . . .

Technical (IT tools)

Organizational (Policies)

Legal (laws)

International (conventions)

Solutions (if needed !) :

Financial data

Medical data

Personal data

Categories :

4



Real vs. Digital Worlds :

Sead [email protected] IP number, Cookies

5



Protection of data (stored and transmitted)

Protection of actions (transactions and access)

Consent for sharing of data

Authorizations / approvals

Issues :

Secure personal storage of sensitive data

Trusted – Third Parties

Authorization Roles and Policies

Innovative Solutions :. . . Smart cards (standards and technologies)

. . . Servers, organizations, regulations

. . . Tools, procedures, organizational andregulatory solutions

6



Protection of data – credit card numbers, account numbers,financial data in databases

Protection of actions (secure payment transactions)

Financial Data :

Merchant PaymentGateway

Order CCCC

ME PGW

Cardholder

Order Sign Payment (CC) Sign DoubleSign

7



Protection of data (stored in EMR databases)

Protection of actions (sharing through HIEs)

Consent for sharing of data (HIPAA requirements)

Authorizations / approvals (new medical exchanges)

Medical Data :

The Status of HIEsin the US

Accumulation of data (in hospitals and PCP units)

Sharing of data through HIEs

Storage of data (medical data banks)

Access to data (portals)

8



Patient medical smart cards (with fingerprint verification)

Providers security card (with roles and profiles)

Secure transfer of data between hospitals

Authorized access to data (authorization policies)

Project in Michigan :

Medical DB

Patient

Portal

9



Protection of Personal Data and Actions :

PC IP numberCookies

WebProxy

10



Technical recommendations and standards

National / international regulations

Codes of practice (policies)

Digital signature acts

Data privacy acts

HIPAA and other medical regulations

National laws

Court cases

Organizational and Legal Solutions :

11



Conclusions :

Civilization is the progress toward a society of privacy.

Civilization is the process of setting man free from men.

The savage's whole existence is public, ruled by the laws of his tribe.

Some are not aware, some are not interested, some are oblivious,and some are concerned, but helpless . . .

Ayn Rand“Fountainhead”

Civilized use of Internet(as a free man !)

Documents

Privacy in Real Life: Many Don't Care, Some Guess, and Only Few …€¦ · Presentation at the AAAS 2010 Conference – San Diego, February 20, 2010 Information and Communication