Transcript ID by Law - Club of Amsterdam

ID by Law
Is the EC Directive valid in 10 years?
Jan Willem Broekema
Open Source Onderdeel Software Strategie
European Data Protection Directive 95/46
Data Protection in the European Union based on the concept
 of
data regarding identified or identifiable person(s)
 of (automated) processing
 of a processor (person or organisation)
 of a controller (controlling the processor)
Raison d’être
 Early
70’s fear of Domesday Books
 Full population census (know all to better policy)
 1984 scenario (know all to better police)
 All-powerful all-knowing government
 Relational database structures
NOT however
 Internet
/ World Wide Web
 Search engines
 Data mining
Linked to basic human rights
right to be left alone (privacy in 19th C America)
 Human rights charters
 The
Nine basic rules
 1.
Notification
 2. Transparency
 3. Finality
 4. Grounds
 5. Quality
 6. Rights
 7. Data security
 8. Processor
 9. Data transfers
Internet - the new? kid on the block
based on technological & financial efficiency
 re-use
of processing power
 re-use of code
 re-use of information
 more, faster
 limitless
E-mail, Usenet, Talk
 Person
- to - person (vs computer-computer)
 Indirect, store_and_forward, store_and_get
 Direct, “on-line” chat and messenger
 1-2-1, 1-2-N
 address change
from [email protected]
to [email protected]
World Wide Web
 Collection
of client information
 Collection of visitor information
 Cookies
 Trojan Horses
 Bots
 Zombies
 Phishes
 all
aimed at the (unwanted) collection of personal data
New and future developments
 Search
engines
 Waybackmachine
 ID in EXIF
 IP v6
 Personal digital assistant
 Smart phone
 Data storage by and for police forces
 Data storage by and for public transport
 Data storage by and for medicare
 Data storage by and for public sector
 Data storage by and for lending & spending
 Data storage by and for commerce
 Data storage by and for friends & unwanted others
 Data storage by and for (ex) lovers, (ex) wives, (ex) dogs
 Data storage by and for schools & education
 Data storage by and for terrorists, thieves, abductors
 Data storage by and for anybody who wants to know
 Data storage by and for your mother in law
So, what left - or what’s right?
 Anonymity
on internet, tech helps
 Only for ‘hackers’
 There’s nowhere to hide
 There’s no road back
 Any code can be broken
 Everybody leaves a trace; “Toninootje”
 Closed software (=no) solutions, backdoors
 Pigeons on the loose
But what if?
 others
publish your info
 publication is legal but unwanted
Coming to a close
Is there Privacy in the Future?
 No,
for standard society issues not
 No, for governmental procedures not
 No, not for have-nots/know-nots
However
 If
you really want it, yes, by technology/knowledge
 If you really want it, yes, by fraud
 If you really want it, yes, by social engineering
and then it is very successfulllllllllllll!!!!!!!!!!!!!!
Should EC 95/46 be changed?
 EU-wide
general privacy protection framework
 based on human rights (no business interest)
 different value for private and public sectors
 national data protection authorities
 is
a web publication a processing of personal information
 should web visitors be notified of further use
 should police power be controlled / curbed
 should governmental collection be stopped
ID by Law
www.cbpweb.nl or www.ososs.nl
Jan Willem Broekema
Open Source Onderdeel Software Strategie