1 Legal and technical challenges in Legal and technical challenges in the next generation Internet. the next generation Internet. ”Finding the right balance between Data Protection ”Finding the right balance between Data Protection and fighting Cybercrime” and fighting Cybercrime” 12th February 2003, rel 1.0 12th February 2003, rel 1.0 United Nations Economic Commission for Europe (UNECE) United Nations Economic Commission for Europe (UNECE) Workshop on E-Regulations: E-Security and Knowledge Economy Workshop on E-Regulations: E-Security and Knowledge Economy Geneva. Switzerland. Geneva. Switzerland. Dr. Alberto Escudero-Pascual <[email protected]> Dr. Alberto Escudero-Pascual <[email protected]> Isafjordsatan 39 8tr, IMIT Isafjordsatan 39 8tr, IMIT S-16 440 Stockholm S-16 440 Stockholm
29
Embed
1 Legal and technical challenges in the next generation Internet. ”Finding the right balance between Data Protection and fighting Cybercrime” 12th February.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
1
Legal and technical challenges in Legal and technical challenges in the next generation Internet.the next generation Internet.
”Finding the right balance between Data Protection ”Finding the right balance between Data Protection and fighting Cybercrime” and fighting Cybercrime”
12th February 2003, rel 1.012th February 2003, rel 1.0United Nations Economic Commission for Europe (UNECE)United Nations Economic Commission for Europe (UNECE)
Workshop on E-Regulations: E-Security and Knowledge EconomyWorkshop on E-Regulations: E-Security and Knowledge Economy Geneva. Switzerland. Geneva. Switzerland.
BackgroundBackground”The new E-laws””The new E-laws”
e.g. European Union New E-regulatory frameworke.g. European Union New E-regulatory framework
July 2000
- European Commission proposed 5 packages of measures for a new E-regulatory framework
- COM(2000)385: Updates Data Protection Directive (97/66/EC)
July 2002
- ”E”-Data Protection Directive (2002/58/EC)
9
BackgroundBackground(2002/58/EC)(2002/58/EC)
1. Aims to update (97/66/EC) 2. Technology-neutral policy3. Data Protection Directive Areas
Location data processing of traffic data (§6, §9)Security and confidentialityPrivacy-compliant soft and hardwareEx-directory defaultUnsolicited commercial communications
10
The space of things…The space of things…
Information SecurityInformation Security
Before
National OrganisationsNational communication networksCore network securityClose systems
CLOSE InfoSEC
National Bodies
Now
International OrganisationsPublic and private infrastructurePeriphery securityOpen systems
OPEN InfoSEC?
G8, CoE UN, OCDE
EU Cybercrime Forum?
11
Three risks & challenges for Three risks & challenges for privacy privacy
in the nextin the nextgeneration Internetgeneration Internet
1
2
3
12
11
Right balanceRight balance in Identification in Identification
Privacy and SecurityPrivacy and Security
1
13
Implications of Implications of global unique identifiersglobal unique identifiers
While global unique identifiers make things technicaly easier… also
make possible to track a user device and the associated activities
Set of actions associated with
one ”address” can be linked together!
14
22
Right balance in Right balance in Location PrivacyLocation Privacy
2
15
Seamless mobility and location privacySeamless mobility and location privacy
R
R
R
R
Mobility supportLocation Privacy
Right balance in (pseudo)anonymous services
16
33
Legal aspects of Legal aspects of traffic and content traffic and content
DataDataAnalysis of Data Protective Directive Analysis of Data Protective Directive
(2002/58/EC)(2002/58/EC)Location and Traffic DataLocation and Traffic Data
3
17
Legal aspects of “traffic and Legal aspects of “traffic and content data”content data”
The “Current” legal definitions of Internet trafficdata are a threat for privacy
Definitions
a) "traffic data": all data processed which relate to the routing of a communication by an electronic communications network.
b) "communication": all information exchanged or routed between a finite number of parties via an electronic communications network accessible to the public.
c) "Telecommunications service": services which consist in total or in part of the transmission and routing of signals on telecommunications networks, with the exception of radio and television.
18
Technology ITechnology IThe Phone – Call Data RecordsThe Phone – Call Data Records
Calling to: London (UK) 9061000 IP address: 62.188.17.227
Durantion of call: 21 Seconds Type of connection: ASYNC MODEM
Date and time: from Fri Oct 19 11:30:40 2001 to Fri Oct 19 11:31:00 2001
22
Technology IIITechnology IIIWireless radio cell authenticationWireless radio cell authentication
EVENT: User A and B using WLAN network
time GMT=20010810010852 Cell ID=115 MAC ID=00:02:2D:20:47:24 (A)time GMT=20010810010852 Cell ID=115 MAC ID=00:02:2D:04:29:30 (B)time GMT=20010810010852 Cell ID=115 MAC ID=00:60:1D:21:C3:9Ctime GMT=20010810010853 Cell ID=129 MAC ID=00:02:2D:04:29:30time GMT=20010810010854 Cell ID=129 MAC ID=00:02:2D:1F:53:C0time GMT=20010810010854 Cell ID=129 MAC ID=00:02:2D:04:29:30 (B)time GMT=20010810010854 Cell ID=129 MAC ID=00:02:2D:20:47:24 (A)time GMT=20010810010856 Cell ID=41 MAC ID=00:02:2D:0A:5C:D0time GMT=20010810010856 Cell ID=41 MAC ID=00:02:2D:1F:78:00time GMT=20010810010856 Cell ID=41 MAC ID=00:60:1D:1E:D4:53time GMT=20010810010858 Cell ID=211 MAC ID=00:60:1D:F0:E4:D8time GMT=20010810010900 Cell ID=154 MAC ID=00:30:65:00:62:27time GMT=20010810010900 Cell ID=154 MAC ID=00:02:2D:05:0B:25time GMT=20010810010900 Cell ID=154 MAC ID=00:60:1D:22:26:A7time GMT=20010810010900 Cell ID=154 MAC ID=00:02:DD:30:06:90time GMT=20010810010900 Cell ID=154 MAC ID=00:02:2D:0D:27:D3
23
Technology IIITechnology III Wireless radio cell authenticationWireless radio cell authentication
The 2001-08-10 01:08:52 AM (A) was in radio cell 115 with user (B)
and move together at 01:08:54 AM to cell 129.
Radio cell 115 is covering the Electrum C1 (Stockholm)
Radio cell 129 is covering the Electrum Resturant (Stockholm)
24
Technology IVTechnology IVWeb server logsWeb server logs