Tag: privacy

Posted on
by

Some links I thought worth reading the past few days

Posted on
by

To celebrate the launch of the GDPR last week Friday, Jaap-Henk Hoekman released his ‘little blue book’ (pdf)’ on Privacy Design Strategies (with a CC-BY-NC license). Hoekman is an associate professor with the Digital Security group of the ICS department at the Radboud University.

I heard him speak a few months ago at a Tech Solidarity meet-up, and enjoyed his insights and pragmatic approaches (PDF slides here).

Data protection by design (together with a ‘state of the art’ requirement) forms the forward looking part of the GDPR where the minimum requirements are always evolving. The GDPR is designed to have a rising floor that way.
The little blue book has an easy to understand outline, which cuts up doing privacy by design into 8 strategies, each accompanied by a number of tactics, that can all be used in parallel.

Those 8 strategies (shown in the image above) are divided into 2 groups, data oriented strategies and process oriented strategies.

Data oriented strategies:
Minimise (tactics: Select, Exclude, Strip, Destroy)
Separate (tactics: Isolate, Distribute)
Abstract (tactics: Summarise, Group, Perturb)
Hide (tactics: Restrict, Obfuscate, Dissociate, Mix)

Process oriented strategies:
Inform (tactics: Supply, Explain, Notify)
Control (tactics: Consent, Choose, Update, Retract)
Enforce (tactics: Create, Maintain, Uphold)
Demonstrate (tactics: Record, Audit, Report)

All come with examples and the final chapters provide suggestions how to apply them in an organisation.

Posted on
by

At least I think it is…. Personal blogs don’t need to comply with the new European personal data protection regulations (already in force but enforceable from next week May 25th), says Article 2.2.c. However my blog does have a link with my professional activities, as I blog here about professional interests. One of those interests is data protection (the more you’re active in transparency and open data, the more you also start caring about data protection).

In the past few weeks Frank Meeuwsen has been writing about how to get his blog GDPR compliant (GDPR and the IndieWeb 1, 2 and 3, all in Dutch), and Peter Rukavina has been following suit. Like yours, my e-mail inbox is overflowing with GDPR related messages and requests from all the various web services and mailing lists I’m using. I had been thinking about adding a GDPR statement to this blog, but clearly needed a final nudge.

That nudge came this morning as I updated the Jetpack plugin of my WordPress blog. WordPress is the software I use to create this website, and Jetpack is a module for it, made by the same company that makes WordPress itself, Automattic. After the update, I got a pop-up stating that in my settings a new option now exists called “Privacy Policy”, which comes with a guide and suggested texts to be GDPR compliant. I was pleasantly surprised by this step by Automattic.

So I used that to write a data protection policy for this site. It is rather trivial in the sense that this website doesn’t do much, yet it is also surprisingly complicated as there are many different potential rabbit holes to go down. As it concerns not just comments or webmentions but also server logs my web hoster makes, statistics tools (some of which I don’t use but cannot switch off either), third party plugins for WordPress, embedded material from data hungry platforms like Youtube etc. I have a relatively bare bones blog (over the years I made it ever more minimalistic, stripping out things like sharing buttons most recently), and still as I’m asking myself questions that normally only legal departments would ask themselves, there are many aspects to consider. That is of course the whole point, that we ask these types of questions more often, not just of ourselves, but of every service provider we engage with.

The resulting Data Protection Policy is now available from the menu above.

Funny how #datagovernance companies publishing #gdpr compliance guides aren’t compliant themselves when asking personal data for downloads: no explicit opt-ins, hidden opt-ins (such as hitting download also subscribes you to their newsletter), no specific explanations on what data will be used how, asking more personal information than necessary.

Posted on
by

Yesterday my colleague Paul and I visited the annual conference organized by the Flemish government’s information management / IT office. We were there to speak about the open data experiences of the Netherlands.

The upcoming GDPR, Europe’s new privacy regulations, was mentioned and discussed a lot. Such pan-European laws suggest that there is a generic way to approach a topic like privacy, or even an objective one. Nonetheless the actual perception of privacy is strongly culturally determined as well, Toon van Agt remarked during his presentation, and pointing to us Dutchies sitting on the front row. He gave the example of how in the Netherlands real estate transaction prices and mortgages on a house are publicly available (if not yet as open data I must add. Transaction prices are available as open data in the UK, afaik). Where in the Netherlands this is regarded as necessary to be able to determine who you’re dealing with if you buy or sell a house, in Belgium it would be unthinkable. In my own presentation I showed how open data from the license plate register is used in the Netherlands to prevent theft of petrol at gas stations. Again unthinkable in Belgium, mostly because of the fundamental difference that license plates in the Netherlands are connected to a car (and the car to an owner), and in Belgium to the car owner (and the owner to a car). Calvinism was put forward as a determining difference, resulting in Dutch window curtains being open, so everyone can see a) we have nothing to hide and/or b) we have the coolest stuff in the street :). Similarly the tax amounts and incomes of Norwegians are famously public, whereas in the Netherlands asking how much someone earns or even worse touting how much you earn yourself, is frowned upon and not suitable for polite conversation.

It would be interesting to create an overview of socially acceptable and unacceptable forms of transparency across Europe. To learn where further opportunities for open data are to be found, as well as to see where social barriers can be expected.

The wonderful windows open houses on the Dutch( Volendam) 4 2017-09-23_15-15-25_ILCE-6500_DSC03304
The quintessential difference between Belgium (r) and the Netherlands (l): curtains open or closed. Photos by Miguel Discart and magalibobois

Posted on
by

Some disturbing key data points, reported by the Guardian, from a Congressional hearing in the US last week on the usage of facial recognition by the FBI: “Approximately half of adult Americans’ photographs are stored in facial recognition databases that can be accessed by the FBI, without their knowledge or consent, in the hunt for suspected criminals. About 80% of photos in the FBI’s network are non-criminal entries, including pictures from driver’s licenses and passports. The algorithms used to identify matches are inaccurate about 15% of the time, and are more likely to misidentify black people than white people.” It makes you wonder how many false positives have ended up in jail because of this.

At GEGF2014
Me, if you look closely, reflected in an anonymous ‘portrait’ (part of an exhibit on Stalinist repression and disappearances in Kazakhstan, 2014)

I am in favor of mandatory radical transparency of government agencies. Not just in terms of releasing data to the public, but also / more importantly specifying exactly what it is they collect, for what purpose, and what amount of data they have in each collection. Such openness I think is key in reducing the ‘data hunger’ of agencies (the habit of just collecting stuff because it’s possible, and ‘well, you never know’), and forces them to more clearly think about information design and the purpose of the collection. If it is clear up-front that either the data itself, or the fact that you collect such data and in which form you hold them, will be public at a predictable point in time, this will likely lead to self-restraint / self-censorship by government agencies. The example above is a case in point: The FBI did not publish a privacy impact assessment, as legally required, and tried to argue it would not need to heed certain provisions of the US Privacy Act.

If you don’t do such up-front mandatory radical transparency you get scope creep and disturbing collections like above. It is also self-defeating as this type of all encompassing data collection is not increasing the amount of needles found, but merely enlarging the haystack.

Using tech to flip facial recognition in video stories from Iran, at SXSWi
image by Sheila Scarborough, CC-BY

Posted on
by

Getting a SSL/TLS-certificate for your website has always been a hassle as well as costly. However increasing the amount of default encrypted web traffic is important both in terms of website safety as well as in terms of privacy (when you submit information to websites). The cost and hassle kept most non-commercial websites from using certificates however. Until now. Because now there is Let’s Encrypt, which makes it very easy to add certificates to your website. For free.

When I started using a VPS two years ago to serve as my cloud and as a Dropbox replacement, I needed a certificate to make sure the traffic to my cloud was encrypted. The VPS originally came with one, but that expired after a year. Since then I’ve added a renewing certificate from Comodo (the largest provider at the moment), which I got for a one-time payment as a lifetime service from my VPS provider. But for a range of other domains I use, both hosted on my VPS as well as in various hosting packages with a Dutch hosting provider, I never bothered getting a https certificate, because it was too much work and too expensive to keep up. There already were free certificates available, such as through the Israeli StartCom which I used for one or two domains, but I never felt certain it was secure as a service (it turns out it’s small buth 7th globally, and has received some serious criticism).

Symantec has a certificate problem...
Arranging and renewing certificates can be a pain, even if you’re Symantec, the world’s second certificate provider. (image Lars K. Jensen, CC-BY)

Let’s Encrypt changes all that. Because they are strongly community driven, amongst other with support by the Electronic Frontier Foundation, and because they are going the route of getting their root certificate independently recognized and be a full certificate authority. Currently they use IdenTrust’s (5th globally) existing trusted root certificates, but the Let’s Encrypt root certificate has now been recognized by Mozilla, and they’re working to get it recognized by Google, Apple, Microsoft, Oracle et al. This would increase the independency of Let’s Encrypt. Let’s Encrypt says the growth rate of https traffic has quadrupled since the end of 2015, in part through their efforts. Their certificates are used at over 8 million websites now.

I’ve added a range of my own sites to those 8 million. For the domains on my own VPS that didn’t have valid certificates yet, they were easy to install. I used SSLforFree to generate the Let’s Encrypt certificates, based on me providing proof I have full control over the domains I seek to protect. Then I added the certificates to the domains using the WHM control panel of my server. Certificates are valid for 90 days, but I can set them to auto-renew, although I haven’t done that yet.

For the domains not hosted on my VPS, such as this one for my blog, I depend on my Dutch hosting provider (as I don’t have root access to install certificates myself, although I have full control over the domains such as its DNS settings.) Luckily recently they have started offering auto-renewing Let’s Encrypt certificates (link in Dutch) as a free service for each of the domains you host with them, because they recognize the importance of secure web traffic. All it took was opening a ticket with them, listing the domains I was requesting certificates for. Within two hours eleven certificates were created and installed.

So, from now on you can get my blogpostings from https://zylstra.org/blog.

this blog now with https

Posted on
by

Wuala alpha
Wuala: From alpha in 2007, acquisition by LaCie in 2009, to being deadpooled 2015
(Image by Chris Messina, CC-BY-NC-SA)

Wuala, the Swiss cloud storage service, is closing down. You need to switch services by 30 September when Wuala will become read-only, and remove all your data by 15 November when Wuala will shut down. If you need to move and want an alternative that is end-to-end encrypted (and you should) then Wuala suggests another Switzerland based company, Tresorit.

Last year I briefly contemplated and tested Wuala when I wanted to get out of Dropbox (which is unencrypted and under US law). At the time I wrote

“Wuala, incorporated in Switzerland, is owned by LaCie (incorporated in France) which in turn is owned by Seagate (incorporated in Ireland). Their data centers are geo-redundant and in France, Switzerland and Germany. Although that looks good on paper Seagate HQ is in the US, placing Seagate under the Patriot Act, and thus Wuala ultimately too. Wuala for the desktop requires Java, which is a bad thing. Their encryption and syncing however are a plus, as is the ability to work in teams.”

Wuala was my first two steps away from Dropbox, as it provided client side encryption removing most of the key privacy concerns:

For now I have started using Wuala, as it is at least two steps up from Dropbox because of its encryption and their data centers in Switzerland, Germany and France. Their service is not ‘patriot act proof’ (and they know it, judging by their consistently vague and indirect answers in support fora), but the encryption helps address that. Of course there is no real way to check their encryption either.

My Wuala use lasted all of 1 week. Then I switched to OwnCloud through an Austrian provider, OwnCube, and a month later I started running my own VPS with OwnCloud on it, removing me from using third party services except for the server itself. (I must say OwnCloud does not support end-to-end encryption yet, and uses server side encryption. Hoping to see that change in the future.)

Posted on
by

Sometimes it is ok if your government wants to store your fingerprints. Like, when they use them as artwork on city hall.

Last weekend Elmine and I strolled an afternoon through Deventer an old Hanseatic city in the eastern part of the Netherlands. We came across a shop window where a group of people were busy making clay moulds, which had us intrigued.

Deventer Raamwerk

The clay moulds, it turned out, were made from finger prints, to be cast in metal and then used on the facade of the new city hall as window covers/decorations. A project by local artist Loes ten Anscher.

Deventer Raamwerk Deventer Raamwerk

The finger prints are from citizens in Deventer themselves. One in every forty-three, from the city and surrounding villages, from every age, has been asked to provide a finger or toe print, to be cast in metal. The 2.300 prints are cast in metal and used on the newly built city hall. Every metal cast has a number, and the person providing the finger print gets a pendant with that number. They will know where their finger print is on the building, but noone else.

I really love this project, making citizens part of the building where those that provide public service work, and involving them up to the level where they have their fingerprints all over local government. One example where I think government storing my finger prints is actually not so bad!

Posted on
by

At Re:Publica I came across the Tactical Technology Collective (Info_Activism on Twitter), who do great work to teach journalists, activists and anybody else how to act more securely on the internet.

While for me, and possibly for you, a lot of what we do on the internet is currently uncontroversial (which in no way means we should not be concerned), for a lot of people around the world their safety, and lives, quite literally depend on knowing how to be more secure on the internet.

Upon a first internet search of safety measures you very quickly get to all kinds of arcane tech details you can’t really be bothered with if you’re not in the tech scene. Or you may simply lack the knowledge about what you should be aware of in the first place.

The Berlin based Tactical Technology Collective makes sure journalists, citizen activists and NGO’s do have access to the required knowledge. They make both the explanations and the tech instructions on what to do available in easy and beautifully designed ways.

I took a bunch of their leaflets and bought two of their internet security instruction kits for dissemination and personal use.

Why? Maybe not directly for myself. But there is something to be said to make sure that the ones who need protection do not stand out because they are the only ones taking precautions. That would make them targets by default. Privacy is not a crime, was a t-shirt I saw today at the conference, and that applies here. If only the ones who are under threat wear rain coats they are easy to spot. If more of us wear them, the cost of surveillance rises, and those that need protection have a bit of additional safety in the herd.

Re:Publica 2014

Posted on
by

Today I changed the way we use e-mail addresses for identification on-line.

Over time my e-mail address(es) has (have) become the carrier of a lot of important stuff. It’s not just a way to communicate with others, but also serves as generic user name on countless website accounts. And likely quite a few of those have had their security breached over time, or are unscrupulous (or even malicious) in their own right.

As part of a talk on privacy by Brenno de Winter (Dutch investigative journalist) that we went to this weekend (see previous posting), he mentioned using unique e-mail addresses (and pw’s of course) for every site you use. Or disposable e-mail addresses for sites you visit only once. That way when one site gets compromised there is no risk of your user credentials being used elsewhere, and if one site sells your email addresses on it is immediately apparent to you who did that.

I have been aware of this advice for a long time, but never saw an easy way to act on it:

  • Most disposable e-mail address (DEA) services offer a temporary e-mail address, usually enough to quickly confirm an e-mail address, after which it gets deleted automatically. This is useful for one time visits / registration at a website, but not for using unique addresses for services you use more often.
  • Some sites do not accept e-mail addresses that are clearly created by DEA type services
  • I own multiple domains, which I could theoretically use for unique mail addresses, but in practice that is much more unlikely. I would need to either create mail addresses before using them to register somewhere, through the domain’s administration panel, or use a catch-all that would simply accept any incoming mail on that domain, including tons of automatic spam flung out to randomly generated e-mail addresses.

    • What I actually need is:

  • The ability to create new e-mail addresses on the fly, simply by using them
  • The ability to both have more permanent unique addresses, as well as single use addresses
  • Using a domain that is not perceived as a DEA service and not easily associated to me (e.g. by visiting its website)
  • Using a domain that I control so I cannot get cut off from unique addresses connected to important user accounts
  • The ability to recognize any of these unique addresses in my regular inbox
  • Something that still filters out spam, while accepting any incoming address

    • So today I decided to investigate further and act on it.
    This is the solution I came up with:

  • I found 33mail.com, built by Andrew Clark (in Dublin/Ireland so under EU regulations), that allows you to create addresses on the fly, and then through a dashboard simply block the ones that get misused at some point. It also forwards to one of your actual e-mail addresses, including letting you (anonymously) reply from the unique address.
  • 33mail.com allows you to connect any other domain to their service, so that instead of using something@myaccount.33mail.com I can use something@myrandomdomain while still using 33mail. This is very useful as it helps to prevent being filtered out because of using a DEA service domain, and keeps the addresses under my control.
  • I registered two new domains, one for me, one for Elmine, and set up their MX DNS records to point to 33mail. So that anything@ourtwodomains.tld goes to 33mail. These domains are, apart from the records at the registrar, not otherwise easily associated to us.
  • I provided two unique email addresses for 33mail to forward to at two other domains I own and use.
  • I set up two auto-forwards for those addresses that 33mail forwards to, which makes it end up in one of my or Elmine’s regular inboxes. In our inbox we have filters that pick up on anything that comes from those forwarding addresses 33mail sends stuff to.

    • This is not a free solution, but it is cheap. The registration of two domains, plus a service package so I can set my own DNS settings, with our regular hoster comes to 45 Euro or so. 33mail charges 8 or 9 Euros for a premium account, which is needed to add your own domain name to their service, and I created a premium account for each of us, as we will be using two seperate domain names. Total cost: 65 Euro/yr.

    Here’s a drawing of the full set-up:

    33mail

    Posted on
    by

    We went to hear an interesting talk by Dutch investigative journalist Brenno de Winter on privacy and related issues this weekend. It is part of a series of privacy related talks and workshops held in our town in this and coming weeks.

    To me, as I blogged in 2006 after that year’s Reboot Conference privacy is a gift by the commons to the individual, and not so much an intrinsic individual thing. It allows the individual to be part of the commons, to act in the public sphere. It also means to me that privacy is part of what makes the commons work: withouth a certain expectation of privacy no-one can participate in the commons, resulting in the absence of commons.

    privacy in public
    Privacy in Public, photo by Susan Sermoneta, CC-BY

    That doesn’t mean privacy can do without protection. The commons collapses easily, especially when your information is disconnected from your physical presence, as is usually the case in our digital age. Where the commons collapses, because i.e. the social distance increases, or contexts change or fully drop away, there rules and instruments are needed.

    In that light Brenno shared a few notions I wanted to capture and put in this context of the commons:

  • The “If you have nothing to hide, why bother?” argument introduces a false dilemma. It puts the onus on the individual who seeks privacy, and not on whether the other entity complies with existing privacy rules and laws (=a responsible member of the commons). It may also well be what is ok now, will carry dire consequences in the future (e.g. homophobia in Uganda) when the character of the commons changes especially radically.
  • In the Netherlands there are no consequences for disregarding privacy rules around data inside a data-using entity (e.g. staff nosing around in data they have nothing to do with, like doctors looking up medical files from famous patients they are not treating themselves). Others can act as if outside the commons without social scrutiny.
  • Whenever there is a data security breach the data holder is generally portrayed as the victim, and not the people who’s personal data it is, or who are described by the data and who’s expectation of privacy in the commons got damaged. (as well as disregarding the fact that in the EU my personal data at company x is my data.)
  • The Dutch privacy watchdog CBP has 86 staff, compared to 1 million companies and government branches they need to watch. The watch dog has no teeth. The commons is mostly undefended.
  • Privacy has weak anchors in Dutch law. The commons is mostly undefended.
  • Why are there no (routine) impact assesments of measures that erode privacy in the name of security? If erosion of privacy is to be tolerated, the damage it constitutes to the commons needs to be not just balanced but surpassed by the benefits to the commons on other aspects.

    • All of these points are relevant to the question of how to maintain or extend the commons with rules and instruments, so that the gift of privacy can be given. By making sure the ‘infringing’ party is under similar social pressures to behave. By making sure we maintain a realistic balance when privacy needs to be temporarily eroded for the sake of the commons (that is the source of privacy).

    When privacy breaks down also the commons itself breaks down, as privacy is the pathway and the trust base for taking part in the public sphere.