[PDF] évolution cours de l'or sur 5 ans
[PDF] prévision cours de l or 2020
[PDF] cours de l'or en 1987
[PDF] cours du lingot d or
[PDF] réinitialiser ti 83 premium ce
[PDF] niveau batterie ti 83 plus
[PDF] cours barycentre 1ere s
[PDF] barycentre partiel
[PDF] exercice corrigé barycentre 1ere s pdf
[PDF] le barycentre exercices corrigés
[PDF] barycentre cours
[PDF] comment construire un barycentre
[PDF] barycentre parallélogramme
[PDF] barycentre triangle
[PDF] barycentre formule
Privacy-Enhancing Technologies: The Path to
Anonymity
Volume 1
Information and Privacy
Commissioner/Ontario
Canada
80 Bloor Street West, Suite 1700
Toronto, Ontario, Canada M5S 2V1
416-326-3333
1-800-387-0073
Fax: 416-325-9195
TTY (Teletypewriter): 416-325-7539
Registratiekamer
The Netherlands
Sir Winston Churchilllaan 362
P.O. Box 3011
2280 GA Rijswijk, Netherlands
Tel. 011 (31) 70-3190190
Fax 011 (31) 70-3940460
August 1995
Table of Contents
Foreword
1.0 Introduction
1.1 Joint International Report: The Netherlands and Ontario, Canada
1.2 Theoretical Basis for the Joint Report
1.3 Background
1.4 Privacy Laws and Codes of Conduct
1.5 Information Systems
1.6 The Identity Protector
1.7 Implementation Techniques
2.0 IPC-RGK Joint Survey
2.1 Methodology
2.2 Findings
2.3 General Observations
2.4 Discussion of Findings
3.0 Conclusions and Recommendations
3.1 Recommendations
Appendix A: Survey Questionnaire
Appendix B: Table of Contents, Volume II
Appendix C: Project Team
Foreword
Enormous advances in information and communications technology around th e world have meant an equally enormous growth in the amount of personal data accumulated by organizations in every jurisdicti on. This development has increasingly jeopardized the privacy of those whose information is being collected. We believe this r eport will demonstrate the merits of minimizing personal ly identifying data, in a way that will help to restore individual privacy. This is the first joint study ever undertaken by two organizations charg ed with the mandate of privacy protection in their own jurisdictions. Not only does it demonstrate the benefits of internationa l cooperation on a subject that touches the lives of cit izens in both Ontario and the Netherlands, it also shows clearly that issues of p rivacy protection are not bound by national borders. This has been an opportunity to explore an exciting new area of study, t o shed some light on an important issue where the future of privacy protection may lie. We hope the discussion and conclusions herei n will be of benefit to organizations beyond our two jurisdictions, where measures to protect privacy are also being studied and debated.
Tom Wright,
Information and Privacy Commissioner
Ontario, CanadaPeter Hustinx, President Registratiekamer, The Netherlands
Back to Table of Contents
1.0 Introduction
At the present time, you are almost always required to reveal your ident ity when engaging in a wide range of activities. Every t ime you use a credit card, make a telephone call, pay your taxes, subscribe to a magazine, or buy something at the grocery store usi ng a credit or debit card, an identifiable record of each transaction is crea ted and recorded in a computer database somewhere. In or der to obtain a service or make a purchase (using something other than cash), organizations require that you identify yourself. This pr actice is so widespread that it is simply treated as a given - an individual 's identity must be collected and recorded in association w ith services rendered or purchases made. But must this always be the case? A re there no situations where transactions may be conduct ed anonymously, yet securely? We believe that there are and will outline a number of methods and technologies by which anonymous yet authentic transactions may be conducted.
Back to Table of Contents
1.1 Joint International Report: The Netherlands and Ontario, Canada
The Dutch Data Protection Authority (the "Registratiekamer" or RGK) an d the Information and Privacy Commissioner for the Province of Ontario, Canada (IPC) are both privacy protection agencies that oversee compliance with their respective jurisdictio n's privacy laws. The RGK and IPC decided to pool their resources and collab orate in the production of a report exploring privacy technologies that permit transactions to be conducted anonymously. The f irst international paper of its type includes a survey o f companies that might be expected to offer such technologies, and organiz ations that might use them. In addition to anonymous transactions, the range of security features commercially available for use and the types of services actually being used by var ious organizations were also examined (see 2.1, Methodology). The RGK and I PC felt that a joint report outlining the practices follow ed in their respective jurisdictions would shed some light on this little-stud ied but extremely important area where the future of pri vacy- protection in an electronic world may lie.
Back to Table of Contents
1.2 Theoretical Basis for the Joint Report
Prior to this joint report with the IPC, the Registratiekamer, within it s legally vested scope of powers and duties, conducted a study on the possibilities offered by conventional information systems and commun ications technologies for curbing the use of identifying data, particularly within information systems. This study, conducted in collaboration with the TNO Physics and Electronics Laboratory of the Netherlands Institute for Applied Scientific Research (TNO-FEL), formed the theoretical basis for the internat ional study. The results of the Registratiekamer/TNO-FEL study are detailed in the companion volume to this report (Volume II).
Back to Table of Contents
1.3 Background
Consumer polls have repeatedly shown that individuals value their privac y and are concerned with its potential loss when so much of their personal information is routinely stored in computer databases, ov er which they have no control. Protecting one's identity goes hand in hand with preserving one's ability to remain anonymous - a ke y component of privacy. While advances in information and communications technology have fuelled the ability of organizations to k eep massive amounts of personal data, this has increasin gly jeopardized the privacy of those whose information is being collected. M inimizing identifying data would restore privacy considerably, but would still permit the collection of needed informatio n. When assessing the need for identifiable data during the course of a tra nsaction, the key question one must start with is: how m uch personal information/data is truly required for the proper functioning o f the information system involving this transaction? Thi s question must be asked at the outset - prior to the design and develo pment of any new system. But this is not the case today. Th is question is rarely asked at all since there is such a clear preference i n favour of collecting identifiable data, "the more the better." However, with the growth of networked communications and the ability to link large numbers of diverse databases electronically, individuals will become more and more reluctant to leave behind a trail of identifiable data. What is needed is a paradigm shift away from a "more is better" mindset to a minimalist one. Is it possible to m inimize the amount of identifiable data presently collec ted and stored in information systems, but still meet the needs of those collect ing the information? We believe that it is. The technology needed to achieve this goal exists today. We will describ e some of the privacy technologies that permit one to en gage in transactions without revealing one's identity by introducing the conc ept of an "identity protector." The notion of "pseudonym ity" will also be introduced as an integral part of protecting one's identity . These technologies are available now and are within ou r reach; what is needed is the will to implement privacy technologies over the tracking technologies that a re in use today. When organizations are asked what measures they have in place to protect privacy, they usually point to their efforts at keeping information secure. While the use of security measures to prevent unauth orized access to personal data is a very important compo nent of privacy, it does not equal privacy protection. The latter is a much b roader concept which starts with the questioning of the initial collection of the information to ensure there is a good reason for doing so and that its uses will be restricted to legitimate o nes that the data subject has been advised of. Once the data have been collected, sec urity and confidentiality become paramount. Effective security and confidentiality will depend on the implementation of measur es to create a secure environment. Alternatively, instead of restricting the focus to security alone, a mor e comprehensive approach would be to seek out ways in wh ich technology may be used to enhance the protection of informational privac y or data protection. We use the term "privacy technolog ies" to refer to a variety of technologies that safeguard personal privacy by minimizing or eliminating the collection of identifiabl e data. Not only are measures that safeguard privacy becoming an important mark of quality, but increasingly, consumers are demanding th at organizations pay attention to their privacy concerns. Social acceptance of demands for one's personal information, without adeq uate assurances of protection, appears to be on the decline. Not only do cons umers wish to maintain control over their personal data and be informed of its uses, but insufficient protection will be reason enough for consumers to take their business elsewhere - to comp anies that follow privacy-protective practices.
Back to Table of Contents
1.4 Privacy Laws and Codes of Conduct
Respect for individuals' privacy, particularly with respect to the compu ter processing of personal data concerning one's self, i s a fundamental principle underlying data protection. In Europe, data protec tion principles may be found in several instruments such as the Council of Europe's Convention 108 (Treaty for the protection of pe rsons with regard to automated processing of personal dat a, Council of Europe, January 1981 (1988 Official Journal of Treaties, 7) . One of the objectives of these principles is to ensure t hat personal privacy is safeguarded when new information technology applicat ions are developed. The principles are reflected in vari ous European laws and regulations such as the Dutch Data Protection Act (WP R) and the draft EU-directive SYN 287. In addition, the OECD's Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (September, 1980) is internationally acclaimed as a "code of fair information practices" with respect to the treatment of personal information. One of the basic principles in both the OECD guidelines and Convention 1
08 is the principle of "purpose specification." The quan
tity and nature of personal data that an organization is permitted to collect is limited by the purpose of the collection. The primar y rule is that the data be relevant and sufficient, but not excessive for the stat ed purpose. In other words, the personal information to be collected must be needed to carry out the stated purpose. This principle also seeks to ensure that restraint is exercised when per sonal data are collected. In accordance with this princi ple, one may question when identifying data is being sought from individuals wher e it is not necessary to do so. This is associated with the "use limitation principle," where the purpose specified to the data subj ect at the time of the collection restricts the use of t he information collected. Thus, the information collected may only be used for the specified purpose (unless consent has been obtai ned for additional uses). Another important data protection principle is "transparency" or "openne ss." People have the right to know what data about them have been collected, who has access to that data, and what the data are being used for. The principle of transparency simply means th at people must be made aware of the conditions under which their informatio n is being kept and used. The principle of transparency may also be used to explain the logic behi nd the data processing underlying a collection - asking for identifying information in a situation that does not strictly require it , must be questioned. Indeed, the collection and use of personalquotesdbs_dbs15.pdfusesText_21
Anonymous and Secure electronic Transaction Protocol – ASET