1

Legal and technical challenges in Legal and technical challenges in the next generation Internet.the next generation Internet.

”Finding the right balance between Data Protection ”Finding the right balance between Data Protection and fighting Cybercrime” and fighting Cybercrime”

12th February 2003, rel 1.012th February 2003, rel 1.0United Nations Economic Commission for Europe (UNECE)United Nations Economic Commission for Europe (UNECE)

Workshop on E-Regulations: E-Security and Knowledge EconomyWorkshop on E-Regulations: E-Security and Knowledge Economy Geneva. Switzerland. Geneva. Switzerland.

Dr. Alberto Escudero-Pascual <aep@it.kth.se>Dr. Alberto Escudero-Pascual <aep@it.kth.se>

Isafjordsatan 39 8tr, IMITIsafjordsatan 39 8tr, IMIT

S-16 440 StockholmS-16 440 Stockholm

2

MotivationMotivationBefore (Me)

Alberto Escudero-PascualSpanish30 years oldResearch FellowRoyal Institute of Technology+46 70286 7989

<who:ID> <when:Time> <what:Action> <where:Position>

Mobile Internet and Location PrivacyData Protection and Cybercrime

Identity Management

Now (my E-Me)SP-Y997936721205-8347aep @ it.kth.se192.16.125.240 qwerty.ssvl.kth.se3ffe:200:15:2:260:1dff:fef1:64d400:60:1D:F1:64:D4N59.40.54, E19.094.3VoIP 08 3133732

3

Goal…Goal…

Identify timely important emerging areas for privacy in the development of the next generation Internet.

Study if the new legal provisions are suitable to deal with new telecommunication infrastructures.

Provide recommendations to technical and regulatory bodies to enhance next generation Internet privacy.

4

AgendaAgenda

Living in year 2003… • Next generation Internet • Next generation E-Policy

Three challenges• Right balance in identification, security

and privacy• Right balance in location privacy• Legal threatment of ’Internet traffic data’

Conclusions and recommendations

5

Year 2003…Year 2003…

””Living in an all-IP E-world Living in an all-IP E-world with new E-Laws”with new E-Laws”

6

BackgroundBackground”The All-IP E-world””The All-IP E-world”

The next generation InternetThe next generation Internet

WHAT HOW?

All IP-network IPv6

Convergence of core and wireless 2.5G, 3G ,4G

Native IP mobility and security MobileIPv6 and IPSEC

Self-configurationIPv6 Service discovery and autoconfiguration

7

BackgroundBackgroundIPv6/MobileIPv6IPv6/MobileIPv6

Ethernet IPv6 Header ESP TCP | HTTP

SOURCE ADDRESSCare-of-address(t)

Destination OptionMobile Node

Home network (t1)

Mobile NodeForeign Network

(t2)

DEST. ADDRESSwww.epic.org

HOME ADDRESS

Ethernet IPv6 Header Mobility Header

HOME ADDRESS

Care-of-address(t2)

SPI

Correspondent Node

1. AlwaysAddressable

by home address

2. Native integrity, Authentication,

and confidentiality

3. Self-Configuration 4. Route Optimitation

8

BackgroundBackground”The new E-laws””The new E-laws”

e.g. European Union New E-regulatory frameworke.g. European Union New E-regulatory framework

July 2000

- European Commission proposed 5 packages of measures for a new E-regulatory framework

- COM(2000)385: Updates Data Protection Directive (97/66/EC)

July 2002

- ”E”-Data Protection Directive (2002/58/EC)

9

BackgroundBackground(2002/58/EC)(2002/58/EC)

1. Aims to update (97/66/EC) 2. Technology-neutral policy3. Data Protection Directive Areas

Location data processing of traffic data (§6, §9)Security and confidentialityPrivacy-compliant soft and hardwareEx-directory defaultUnsolicited commercial communications

10

The space of things…The space of things…

Information SecurityInformation Security

Before

National OrganisationsNational communication networksCore network securityClose systems

CLOSE InfoSEC

National Bodies

Now

International OrganisationsPublic and private infrastructurePeriphery securityOpen systems

OPEN InfoSEC?

G8, CoE UN, OCDE

EU Cybercrime Forum?

11

Three risks & challenges for Three risks & challenges for privacy privacy

in the nextin the nextgeneration Internetgeneration Internet

1

2

3

12

11

Right balanceRight balance in Identification in Identification

Privacy and SecurityPrivacy and Security

1

13

Implications of Implications of global unique identifiersglobal unique identifiers

While global unique identifiers make things technicaly easier… also

make possible to track a user device and the associated activities

Set of actions associated with

one ”address” can be linked together!

14

22

Right balance in Right balance in Location PrivacyLocation Privacy

2

15

Seamless mobility and location privacySeamless mobility and location privacy

R

R

R

R

Mobility supportLocation Privacy

Right balance in (pseudo)anonymous services

16

33

Legal aspects of Legal aspects of traffic and content traffic and content

DataDataAnalysis of Data Protective Directive Analysis of Data Protective Directive

(2002/58/EC)(2002/58/EC)Location and Traffic DataLocation and Traffic Data

3

17

Legal aspects of “traffic and Legal aspects of “traffic and content data”content data”

The “Current” legal definitions of Internet trafficdata are a threat for privacy

Definitions

a) "traffic data": all data processed which relate to the routing of a communication by an electronic communications network.

b) "communication": all information exchanged or routed between a finite number of parties via an electronic communications network accessible to the public.

c) "Telecommunications service": services which consist in total or in part of the transmission and routing of signals on telecommunications networks, with the exception of radio and television.

18

Technology ITechnology IThe Phone – Call Data RecordsThe Phone – Call Data Records

Traffic data in POTS

EVENT: Someone makes a phone call

19991003070824178 165 0187611205 46732112106 ----------001------003sth 46 4673000-----0013 1410260

1999100307083041 33 01541011341 46708314801 ----------001------003sth 46 4670000--8 0013 11 10260

1999100307162963 51 0187614815 46739112106 ----------001------003sth 46 4673000-----0013 13 10260

1999100307182788 74 015410124301 46708314801 ----------001------003sth 46 4670000--8 0014 11 10260

1999100307204736 18 0187614805 46739112106 ----------001------003sth 46 4673000-----0013 14 10260

1999100307222326 20 01317023888 46706263087 ----------001------003sth 46 4670000--6 0013 1 10260

1999100300131791 90 0131654200 46854543084 ----------001------002sth 46 46 001-----0014 14 10260

19

Technology ITechnology IThe Phone – Call Data RecordsThe Phone – Call Data Records

Someone makes a phone call for 3 minutes and 20 seconds

1999-10-03 07:08:24 from telephone 46 732112106 to telephone 46

4673000

20

EVENT: Someone dials with a traditional telephone line using a modem to an Internet provider

Fri Oct 19 11:30:40 2001User-Name = "aep@somedomain.org"NAS-IP-Address = 62.188.74.4NAS-Port = 3239NAS-Port-Type = AsyncAcct-Status-Type = StartAcct-Delay-Time = 0Acct-Session-Id = "324546354"Acct-Authentic = RADIUSCalling-Station-Id = "01223461172"Called-Station-Id = "9061000"Framed-Protocol = PPPFramed-IP-Address = 62.188.17.227Proxy-State"PX01\0\0`\0xcdntg\0x13\0xdfV\0xa4\[...]\0xfc\0x8c"

Technology IITechnology II Radius – Internet Dialup recordsRadius – Internet Dialup records

21

Technology IITechnology II Radius – Internet Dialup recordsRadius – Internet Dialup records

User: aep@somedomain.org Place of call: Cambridge (UK) 01223461172

Calling to: London (UK) 9061000 IP address: 62.188.17.227

Durantion of call: 21 Seconds Type of connection: ASYNC MODEM

Date and time: from Fri Oct 19 11:30:40 2001 to Fri Oct 19 11:31:00 2001

22

Technology IIITechnology IIIWireless radio cell authenticationWireless radio cell authentication

EVENT: User A and B using WLAN network

time GMT=20010810010852 Cell ID=115 MAC ID=00:02:2D:20:47:24 (A)time GMT=20010810010852 Cell ID=115 MAC ID=00:02:2D:04:29:30 (B)time GMT=20010810010852 Cell ID=115 MAC ID=00:60:1D:21:C3:9Ctime GMT=20010810010853 Cell ID=129 MAC ID=00:02:2D:04:29:30time GMT=20010810010854 Cell ID=129 MAC ID=00:02:2D:1F:53:C0time GMT=20010810010854 Cell ID=129 MAC ID=00:02:2D:04:29:30 (B)time GMT=20010810010854 Cell ID=129 MAC ID=00:02:2D:20:47:24 (A)time GMT=20010810010856 Cell ID=41 MAC ID=00:02:2D:0A:5C:D0time GMT=20010810010856 Cell ID=41 MAC ID=00:02:2D:1F:78:00time GMT=20010810010856 Cell ID=41 MAC ID=00:60:1D:1E:D4:53time GMT=20010810010858 Cell ID=211 MAC ID=00:60:1D:F0:E4:D8time GMT=20010810010900 Cell ID=154 MAC ID=00:30:65:00:62:27time GMT=20010810010900 Cell ID=154 MAC ID=00:02:2D:05:0B:25time GMT=20010810010900 Cell ID=154 MAC ID=00:60:1D:22:26:A7time GMT=20010810010900 Cell ID=154 MAC ID=00:02:DD:30:06:90time GMT=20010810010900 Cell ID=154 MAC ID=00:02:2D:0D:27:D3

23

Technology IIITechnology III Wireless radio cell authenticationWireless radio cell authentication

The 2001-08-10 01:08:52 AM (A) was in radio cell 115 with user (B)

and move together at 01:08:54 AM to cell 129.

Radio cell 115 is covering the Electrum C1 (Stockholm)

Radio cell 129 is covering the Electrum Resturant (Stockholm)

24

Technology IVTechnology IVWeb server logsWeb server logs

EVENT: User A connects to a webserver B

295.47.63.8 - - [05/Mar/2002:15:19:34 +0000] "GET/cgi-bin/htsearch?config =htdigx&words=startrek HTTP/1.0"20 2225

295.47.63.8 - - [05/Mar/2002:15:19:44 +0000] "GET/cgi-bin/htsearch?config =htdig&words=startrek+avi HTTP/1.0"200x

215.59.193.32 - - [05/Mar/2002:15:20:17 +0000] "GET/cgi-bin/htsearch?config= htdig&words=Modem+HOWTO …

192.77.63.8 - - [05/Mar/2002:15:20:35 +0000] "GET/cgi-bin/htsearch?config =htdig&words=conflict+war HTTP/1.0"200

211.164.33.3 - - [05/Mar/2002:15:21:32 +0000] "GET/cgi-bin/htsearch?confi g=htdigx&words=railway+info …

211.164.33.3 - - [05/Mar/2002:15:21:38 +0000] "GET/cgi-bin/htsearch?confi g=htdigx&words=tickets HTTP/1.0" 200

211.164.33.3 - - [05/Mar/2002:15:22:05 +0000] "GET/cgi-bin/htsearch?config =htdigx&words=railway+info+London

212.164.33.3 - - [05/Mar/2002:15:22:35 +0000] "GET/cgi-bin/htsearch?confi g=htdigx&words=union+strike HTTP/1.0…

82.24.237.98 - - [05/Mar/2002:15:25:29 +0000] "GET/cgi-bin/htsearch?confi g=htdigx&words=blind+date HTTP/1.0

25

Technology IVTechnology IVWeb server logsWeb server logs

The 2002-04-05 at 15:21:32PMUser 211.164.33.3 searches for info about:

railway, tickets, London, union, strike

26

Where is the content?Where is the content?Where is traffic? Where is traffic?

SIGNALINGPhone numbers/Time

CONTENTThe Conversation

INTERNETOpen architecture

POTSClose System

27

Conclusions…Conclusions…

• Unique identifiers are a threat for privacy.

• We need models for strong content/location privacy in the Mobile world.

• IP addresses should be considered personal Identifiable Information and protected as such.

• The traditional division of content and traffic (as in telephone networks) is not longer valid.

• Traditional powers applied to new technologies break the right balance between data protection and fighting Crime.

28

RecommendationRecommendation

• The Internet brings an open architecture where close security models are no longer valid.

• The Internet Open architecture requires also open discussion forums.

There is still a need for an ”open” discussion forum in InfoSEC

That brings together Law enforcement agencies, services providers, network operators, consumer groups, civil society and data protection authorities

29

Thanks!Thanks!Electronic version:http://www.it.kth.se/~aep/PhD

Dr. Alberto Escudero-PascualIsafjordsgatan, 39 tr8KTH/IMIT/TSLABSE-16440 Kista – Stockholmaep@it.kth.se +46702867989

Also Google (Alberto Escudero)