ITU Workshop on “Cloud Computing”
(Tunis, Tunisia, 18-19 June 2012)
Privacy in Cloud Computing
Vijay Mauree,
Programme Coordinator, TSB,
ITU
vijay.mauree@itu.int
Tunis, Tunisia, 18-19 June 2012
Agenda
Cloud Computing Challenges
What is privacy?
What is the data lifecycle?
Key privacy concerns
Privacy by design and PETs
Conclusions
Tunis, Tunisia, 18-19 June 2012
2
Privacy in Cloud Computing
ITU Technology Watch
Report – March 2012
Jointly with Stéphane
Guilloteau, France Telecom
Orange
The report
Surveys privacy issues in cloud
computing and best practices
to meet legal and regulatory
obligations.
Standardization activities
ongoing at international level
Tunis, Tunisia, 18-19 June 2012
3
Cloud Computing Challenges
The cloud is like a big black box, nothing inside
the cloud is visible to the clients
Data in the cloud are easier to manipulate
There could be malicious system admins who can
violate confidentiality and integrity
Clouds are still subject to traditional data
confidentiality, integrity, availability, and privacy
issues, plus some additional attacks
Tunis, Tunisia, 18-19 June 2012
4
Cloud Computing Challenges
Can cloud providers be trusted?
Are cloud servers reliable?
What happens if data get lost?
What about privacy?
Is it easy to switch to another cloud provider?
Tunis, Tunisia, 18-19 June 2012
5
Impact of cloud computing on the
governance structure of IT
organizations
Tunis, Tunisia, 18-19 June 2012
6
What is Privacy?
The concept of privacy varies widely among (and
sometimes within) countries, cultures, and
jurisdictions.
It is shaped by public expectations and legal
interpretations; as such, a concise definition is elusive
if not impossible.
No universally binding legislation covering all
countries
Europe and United States
Privacy
Right to self determination, i.e right of individuals to ‘know
what is known about them’
Be aware what information is stored about them, control how
information is communicated and prevent its abuse.
It is more than just confidentiality of information
7
What is Privacy?
Privacy rights or obligations are related to the
collection, use, disclosure, storage, and destruction of
personal data (or Personally Identifiable Information—
PII).
At the end of the day, privacy is about the
accountability of organizations to data subjects, as
well as the transparency to an organization’s practice
around personal information.
8
What is the data life cycle?
• Personal information should be
managed as part of the data used
by the organization
• Protection of personal
information should consider the
impact of the cloud on each phase
9
What Are the Key Privacy Concerns?
Typically mix security and privacy
Some considerations to be aware of:
Storage
Retention
Destruction
Auditing, monitoring and risk management
Privacy Breaches
Who is responsible for protecting privacy?
10
What Are the Key Privacy Concerns?
Data integrity and availability are essential
elements in the provision of cloud computing
services.
Article 17 EU Data Protection Directive
The controller and its processors must implement
technical and organizational measures to protect
personal data against accidental or unlawful
destruction or accidental loss, alteration,
unauthorized disclosure or access; having regard
to the state of the art and the cost of their
implementation, such measures must ensure a
level of security appropriate to the risks
represented by the processing and the nature of
the data to be protected
11
Example
Odense Municipality Case
use Google Apps within the school system
Danish Data Protection Agency rejected the
municipality plan to use Google Apps
The municipality does not know where the data are
physically located.
It is unclear how the following requirements of the
Danish Data Protection Act will be met:
Deletion of data so that it cannot be recreated.
Transmission and login: the municipality has not
made clear whether encryption will be used when
transferring data between the various data centres.
No information has been provided about what data
are logged or how long the log is stored.
Tunis, Tunisia, 18-19 June 2012
12
What Are the Key Privacy Concerns?
Cloud Deployment Models
Service as a Service (SaaS)
Platform as a Service (PaaS)
Infrastructure as a Service (IaaS)
SaaS
Customer has no influence over input data is processed
Customer can decide if personal data will be input
Customer can secure personal data before it is sent to
the SaaS.
PaaS
Provides tools supported by a cloud provider for
developers to deploy applications
Responsibility lies with the developer to use best
practices and privacy friendly tools
Developer relies on the trustworthiness of the PaaS
13
What Are the Key Privacy Concerns?
IaaS
Provides customer with computing resources to run
applications
IaaS provider will secure data centres, network and also
ensure employees and procedures comply with
applicable laws and procedures
IaaS provider will not provide data-level compliance e.g
geographic restriction of data transfers.
Responsibility lies with the cloud user to maintain
compliance controls
E.g if the IaaS is based on virtualization, it should be
possible for the user to express that IaaS provider
should migrate the virtual machines from EU based data
centres to US based data centres.
14
The Madrid Resolution
Madrid Resolution (2009) approved by data
protection authorities of 50 countries
Framework for international standards on privacy
and data protection
Defines a set of principles and rights
for protecting privacy with regards to processing of
personal data and
Facilitate international flow of personal data
Encourages countries to implement proactive
measures to promote better compliance with data
protection laws and adapt information systems
for processing of personal data
15
Privacy By Design
EU review of Data Protection Directive in 2011
Principle of privacy by design
Implement privacy enhancing technologies (PETs)
Privacy by default settings
EU rules must apply if personal data is handled abroad
by companies active in EU market
Privacy by design binding for
Data controllers
Developers
Business partners
Need for standardized privacy protection
measures
Tunis, Tunisia, 18-19 June 2012
16
Privacy By Design
7 principles
Data minimization
Controllability
Transparency
User friendly systems
Data confidentiality
Data quality
Use limitation
Tunis, Tunisia, 18-19 June 2012
17
Privacy By Design
Data Flow Table
Type of data
Persons entitled to process personal data
Operating platform
Processing application
Purpose of data processing
Protection mode
Storage lifetime and disposal measure
Data recipients
Indicate destination country if data is
transferred outside the country.
Tunis, Tunisia, 18-19 June 2012
18
PETs
No common definition for PETs.
Main characteristics
Reduce the risk of breaching privacy principles
Minimize amount of data held about people
Allow individuals to retain control of information about
themselves
Includes
Opacity tools e.g encryption, anonymization
Transparency enhancing tools which provides users with
information about privacy policies or granting them
online access to their personal data.
Tunis, Tunisia, 18-19 June 2012
19
PETs
Data life cycle
Privacy principles
Collection/Generation Proportionality and
purpose specification
Privacy protection
measures
Examples of PETs
and ICT standards
Data minimization
Anonymous
communication
Anonymous
credential
Group and blind
signatures
ISO/IEC JTC1/SC27
WG2 and WG5
Storage
Sharing and
processing
Deletion
Accountability,
Security measures
Sensitive data
Lawfulness and
fairness, consent,
right of access
Openness, right to
delete
Confidentiality
Encryption
AES NIST (FIPS 197)
Data access control
Privacy dashboard
Confidentiality
OASIS XACML, ITU-T
X.1142
Deletion
Anonymization
protocol
Hash functions
Tunis, Tunisia, 18-19 June 2012
20
Conclusions
Privacy concerns are increasingly important
Privacy issues are different depending on cloud
deployment model used
Madrid Resolution provides an international
framework for privacy standards
A security risk assessment is essential before
switching to cloud based environment.
Embedding privacy by design and PETs for cloud
services is strongly supported by Data Protection
Authorities.
Privacy by design and PETs will play an important
role in cloud services
Tunis, Tunisia, 18-19 June 2012
21