5. More recent efforts
Web blocking – Newzbin injunction, Digital Economy Act s.18
PROTECT-IP Act/Stop Online Piracy Act
Anti-Counterfeiting Trade Agreement, Trans-Pacific
Partnership
6. Effectiveness of blocking
Ease of masking P2P traffic using encryption
Ease of site and content transfers and replication
Sneakernets and WiFi/Bluetooth sharing
Ease of changing DNS servers, and building alternate directory
systems
“I agree with counsel for the Studios that the order would be
justified even if it only prevented access to Newzbin2 by a
minority of users.” [2011] EWHC 1981 (Ch) §198
7. [2011] EWHC 1021 (Admin) § 232
“Experts can seek to establish a profile of those who
engage in P2P file sharing, and their various reasons for
doing so, and may then attempt to predict how these users
may be likely to respond if confronted with the kind of
regime that the DEA enacts. In theory, some may cease or
substantially curtail their unlawful activities, substituting or
not, for example, lawful downloading of music; others may
simply seek other means to continue their unlawful
activities, using whatever technical means are open. The
final outcome is uncertain because it is notoriously difficult
accurately to predict human behaviour”
8. GDPR Art. 23 Data protection by
design and by default
1. Having regard to the state of the art and the cost of
implementation, the controller shall, both at the time of the
determination of the means for processing and at the time of the
processing itself, implement appropriate technical and
organisational measures and procedures in such a way that the
processing will meet the requirements of this Regulation and
ensure the protection of the rights of the data subject.
2. The controller shall implement mechanisms for ensuring that, by
default, only those personal data are processed which are
necessary for each specific purpose of the processing and are
especially not collected or retained beyond the minimum
necessary for those purposes, both in terms of the amount of the
data and the time of their storage. In particular, those
mechanisms shall ensure that by default personal data are not
made accessible to an indefinite number of individuals.
9. Designing for privacy
Data minimisation key: is your
personal data really necessary?
Limit personal data collection,
storage, access and usage –
enforced using cryptography
Protects against hackers, corrupt
insiders, data loss, as well as function
creep
Users must also be notified and
consent to the processing of data –
easy-to-use interfaces are critical.
What are defaults?
Jedrzejczyk et al. (2010)
10. Mobile data
Is communication uni- or bi-
directional or broadcast?
Oblivious transfer
Does sensor, user agent or
network carry out
triangulation and processing?
What resolution data can
network access?
How long-lived and linkable
are identifiers? IMSIs, TMSIs
and location patterns
11. Location-Based Services
Can we use features of
mobile phone networks to
supply anonymous,
targeted adverts?
Haddadi, Hui, Henderson and Brown (2011)
12. Transport pricing
Monitor all traffic centrally
(London), at kerbside (W
London) or deduct payment
from pay-as-you-go toll cards
(Singapore)? On-board unit
(Balasch et al. 2010)? Or tax
parking spaces?
Link all payment card usage
(Oyster) or use unlinkable RFID
tokens (Shenzen)?
MIT Technology Review (2006)
13. Privacy-friendly smart grids
Personal data should
almost always remain at
customer premises under
their direct control
Network broadcasts tariff
data to meters, which
control appliances
Heavily aggregated
information used for billing
and price comparison
PETs can further reduce
information leakage to
third parties
Rial and Danezis (2011)