MORE THAN COMMUNICATION SURVEILLANCE:DATA PROTECTIONIN THE AGE OF BIG DATAFrontiers Learning Series: Next Generation Technologies for Empowering People — 14 November 2016, Bangkok

@bactArthit Suriyawongkul

INFORMATION SECURITY & PRIVACY

➤ Information Security

➤ Confidentiality

➤ Integrity

➤ Availability

➤ Information Privacy — the situation where we (the owner of the data) can control those C, I, and A — we have power over our own data (and our own life)

OPPORTUNITIES AND CHALLENGES

Data

Network(go across national borders)

Computation

Net neutrality (which activities are

prioritised?)

Infrastructure ownership (who can get connected?)

Sensory citizenship

(whose ‘votes’ got counted?)

Big Data (Volume, Variety,

Velocity)

LinkabilityIdentity (do/how you exist?)

Citizen science

Metadata

Bias / Discrimination

“Precrime”(Predictive crime control, systemic prejudgement,

algorithmic bias)

Anonymity

Peer-to-peer network

Cloud storage

Cloud computing

Consumer rights as Civil rights

Media convergence

Behavior

Re-identification

InterfaceAccessibility

Multicultural environment

VIOLATIONS OVER PERSONAL DATA + PROTECTION MEASURES

➤ Identity theft

➤ Computer-crime prevention, fraud detection

➤ Data breach

➤ Information and network security (cybersecurity)

➤ Re-identification, de-anonymization

➤ Personal data protection

➤ Engineering (compute code)

➤ Policy (legal code)

BIG DATA

➤ Volume

➤ Velocity (update very frequently)

➤ Variety

RE-IDENTIFICATION / DE-ANONYMIZATION

➤ Decrypting

➤ Decoding

➤ Linking

DECRYPTING (SOUTH KOREAN PRESCRIPTION DATABASE)

DECODING (SOUTH KOREAN PRESCRIPTION DATABASE)

LINKING

PROTECTION MECHANISM

User Access Control

Algorithm auditing

OversightBoard

Design for Clarity+Consent

Privacy ImpactAssessment

Software validationand verification

Social engineering prevention

Cryptography

FirewallHardening

Physical Security

ObfuscationTransparency Report

INITIATIVES TO MAKE CONSUMERS/CITIZENS MORE INFORMED

➤ Transparency Report / Law Enforcement Requests Report

➤ Ranking Digital Rights — Corporate Accountability Index

INITIATIVES

➤ Thai Netizen Network studies on privacy policy and technological security measures of 45 websites in 2014

REFERENCES

➤ A Privacy-Preserving eHealth Protocol compliant with the Belgian Healthcare SystemDe Decker, B. et al. Fifth European PKI Workshop. June 16-17, 2008. http://www.item.ntnu.no/europki08/presentations/europki08-layouni.pdf

➤ Advanced Applications for e-ID Cards in Flanders.De Decker, B. et al. ADAPID Deliverable D6. E-Health I. 2007. https://www.cosic.esat.kuleuven.be/adapid/docs/adapid-d6.pdf

➤ Simple Demographics Often Identify People Uniquely.Sweeney, L. Carnegie Mellon University, Data Privacy Working Paper 3. Pittsburgh 2000. http://dataprivacylab.org/projects/identifiability/

➤ De-anonymizing South Korean Resident Registration Numbers Shared in Prescription Data.Sweeney L and Yoo J. Technology Science, 2015092901. September 29, 2015. http://techscience.org/a/2015092901/

➤ Ranking Digital Rights https://rankingdigitalrights.org/

➤ Thai Netizen Privacy Report https://thainetizen.org/privacy-report-2014/

FOLLOW @THAINETIZENThai Netizen Network

Foundation for Internet and Civic Culture

This presentation by Thai Netizen Network is licensed under the Creative Commons Attribution 4.0 International License.