The Data Privacy Imperative

Last week I presented the concepts from Microsoft's paper, "Digital Playgrounds: Creating Safer Online Environments for Children," at the Internet Safety Technical Task Force (ISTTF) Open Meeting at the Berkman Center for Internet & Society in Cambridge, Mass.

The Digital Playgrounds paper outlines a framework that would enable the creation of optional online "walled gardens," specifically for children and trusted adults. These online sites would only be accessible by folks with trusted and age verified ‘digital identities.'  This framework suggests achieving this by allowing trusted offline parties, who have the ability to meet with a parent and child in real life, examine the appropriate documents and then issue extremely secure digital identities based on these in in-person proofing moments. The framework we have outlined is largely a technical solution to the age verification challenge, but we believe that the nontechnical aspects of the problem will be as difficult to solve as the technical ones, if not more so. For example, government and industry will need to work together on designing the necessary criteria for in-person proofing events as well as the subsequent issuing, auditing and revoking of these digital identity cards.   

My presentation was but one of a number of presentations over the day and half long meeting. Facebook, MySpace, VeriSign, and large number of other companies provided interesting solutions of their own to similar and related online safety challenges.

You can read our whole paper here: Digital Playgrounds: Creating Safer Online Environments for Children              

The rest of the presentations are posted here.

--Jules Cohen 

As many of you know, Microsoft has been at the forefront in fighting the scourge of identity theft.  We've improved our products and created tools to help fight identity theft -- the Internet Explorer Phishing Filter; Windows Defender; Windows Live OneCare; and Windows CardSpace.

Today we are releasing, "Online Identity Theft: Changing the Game Protecting Personal Information on the Internet,"  a new white paper that for the first time describes in detail Microsoft's comprehensive strategy for curbing online identity theft.  In addition to describing current Microsoft initiatives, the paper outlines long-term solutions for "changing the game" by ending reliance on "shared secrets" for authentication.

Relying on "shared secrets," such as usernames, passwords, birthdates and government ID numbers to establish the right to do something online, creates security problems because they are relatively easy to steal and can be difficult to remember, update and manage. We need to employ new identity practices online that are just as reliable but better protect against fraud and abuse, and that's where Information Cards come in, as the paper describes:

Information Cards are not physical cards; rather, they are sets of data pointers that sit on a PC or a mobile phone. They are analogous to tangible cards in a person's wallet. In much the same way that a person might use a student ID card to get free admission to a museum or a frequent-shopper card to get a discount on groceries, a digital Information Card issued by one entity can be used to verify the card owner's identity with another entity, as long as the card includes the necessary data. How does this work? The creation and use of Information Cards involves three parties. The first party is the entity that issues the card. In the case of a card for use in sensitive interactions, the issuer might be a government, business or nonprofit organization. For less sensitive uses, individuals might issue themselves a card. The second party, or relying party, is whoever needs to accept the card during a transaction. The third party is the cardholder, who decides which card to present in a given transaction. How does the use of Information Cards reduce the risk of identity theft? For starters, the person's username and password aren't transmitted when an Information Card is presented to a Web site, so they can't be stolen. Information Card technology also supports a range of robust encryption methods that help prevent tampering with the data on the card or snooping to intercept it in transit. Information Cards also allow relying parties to request the minimum amount of personal information needed to authenticate an identity in a given transaction.

There's lots more, read on...

-- David Burt

Hi, Brendon Lynch here….

Today is an exciting day for privacy and Trustworthy Computing at Microsoft.  One of the main objectives of Microsoft’s privacy strategy is to provide our customers with more control over the collection and use of their personal information.  Today we unveiled the acquisition of an important privacy-enhancing technology that aligns very well with this objective.  Microsoft has acquired Credentica’s U-Prove technology for private and secure identity and access management, together with all of the underlying patents invented by Dr. Stefan Brands.  This technology can, among other things, enable people to prove things about themselves without needing to reveal their identity.

The Internet is rapidly transforming the way that people communicate, work, shop, bank, play and access government services.  Digital identities, most often incorporating personal information, power many of these interactions. Unfortunately, personal information has also become a currency of crime, and some forms of digital identities can be compromised with relative ease. Phishing, fraud and identity theft are undermining trust in the Internet.

Credentica’s U-Prove technology will help people protect their identities by enabling them to disclose only the minimum amount of information needed for a transaction – sometimes no personal information may be needed at all.  When this technology is broadly available in Microsoft products (such as Windows Communication Foundation and Windows Cardspace), enterprises, governments, and consumers all stand to benefit from the enhanced security and privacy that it will enable.  We look forward to a world where people have more control of their personal information and are better protected from harms of online fraud and identity theft.  Stefan Brands has now joined Microsoft’ Identity & Access Group along with his colleagues Christian Paquin, and Greg Thompson.

I first met Stefan Brands a number of years ago when he was at Zero-Knowledge Systems. At the time, I was a business consultant who was beginning to learn the privacy space.  Trying to get my head around his inventions served as valuable crash course for me in privacy-enhancing technologies.  I must say that I am now delighted that Stefan is at Microsoft where his important privacy work will be able to impact our customers and where he can resume my education!

For more information about this acquisition means to Microsoft, Stefan Brands and Kim Cameron, Microsoft’s Identity Architect, will be posting their thoughts on the acquisition at the Identity Corner blog and Kim Cameron's Identity Weblog, respectively.  Also the Credentica Web site provides additional detail on the technology and its potential uses.

Brendon

Hello,

I’m Christopher Budd and I’m a communications program manager in the Trustworthy Computing (TwC) Group. Some of you may know me from my work with the Microsoft Security Response Center (MSRC), but these days I’m working with Peter Cullen, Brendon Lynch and others in our Privacy Group.

Today in Burbank, California Peter delivered a keynote titled “The New Privacy Landscape and Why It Matters” at the Cyber Safe California Summit. He was kind enough to sit down with me for about ten minutes last week to discuss the summit as well as provide some insight into what he would be covering while there. We’ve posted both a podcast and a transcript of our conversation.

In our conversation, Peter talks about how this summit fits in with California’s leading work around privacy education along with how he’ll be sharing some of the lessons that Microsoft has learned in its ongoing work to help protect customer privacy over the years.

Even if you were able to  attend the keynote this year,  my conversation with Peter provides a good, short peek not only into what he covered, but also into some of the ongoing work that he and his team are doing not just at Microsoft, but in partnership with others in the industry.

Thanks.

Christopher

Hi, I’m Tom Gemmell from Microsoft’s privacy strategy team.  I work to implement greater privacy and data governance capabilities in our products. 

As you might imagine, I’m smiling today on account of the newly available Windows Server 2008.  That’s because the product makes available many new capabilities for organizations to better govern and protect the private information they hold and use. 

Taking a step back, it’s worth reviewing why these capabilities are so important to organizations and end-users alike.  The proliferation and broad adoption of Internet and communication technologies that provide so many benefits to commercial, government and end-users alike has also resulted in the generation and accumulation of vast amounts of private information. 

Governance of that information is a tough task, and one that if not performed with confidence is harmful to both real people and to well-meaning organizations.  In this context, governance simply means that an organization applies policy-based controls on collection, use and storage processes. If people can’t trust organizations to protect their information, or if organizations haven’t the tools to meet their expectations or those of government regulators, not only do all parties stand to suffer financial damages but a prime enabler of economic health and growth at personal, organizational, national and global levels will be crippled. 

Trust in the Internet, and associated information technology and communication systems, is crucial to the effective functionality of how many of us have come to conduct our personal lives and business in the modern world.  Windows Server 2008 makes strides to create trust to the benefit of all.  A more detailed case and guidance on creating trust through data governance can be found in our just updated white paper titled Managing and Protecting Personal Information.

Effective data governance requires a methodological approach to securing information – one that encompasses people, processes and technology.  With the availability of Windows Server 2008 we can enjoy new technologies to better implement the data governance processes, policies, and practices needed to be compliant with regulations, and to promote trust and accountability. 

Now, I’d like to provide a sample of specific examples where Windows Server 2008 serves IT organizations data governance needs in four technology areas: secure infrastructure, identity and access control, information protection and auditing and reporting. 

·        Secure infrastructure: Server and Domain Isolation (SDI), another new feature in Windows Server 2008, creates a logical separation of network devices based on policy. SDI limits access to network resources to trusted, managed PCs, thereby reducing the risk of network-borne security threats and safeguarding sensitive data.

·        Identity and access control:  Federated Rights Management Services provides persistent protection for sensitive data; helps reduce risks and support compliance; and provides a platform for comprehensive information protection. Its Read-Only Domain Controller and BitLocker Drive Encryption let the organization more securely deploy Active Directory® Domain Services while restricting replication of the full Active Directory database, to better protect against server theft, corruption or compromise of the system.

·        Information protection:  Combining features in Windows Server 2008 with developer tools and industry security technologies, including encryption, Extensible Rights Markup Language (XrML)-based certificates, and Active Directory authentication, Windows RMS augments any organization’s security strategy by applying persistent usage policies that remain with the information, no matter where it goes. Information Rights Management technology extends the capabilities of RMS into the Microsoft Office system and Microsoft Internet Explorer.

·        Auditing and reporting:  a new global audit policy Audit directory service determines whether events are logged in the Security log when certain operations are carried out on objects in the directory. You can now control what operations to audit by modifying the system access control list (SACL) on an object such as when a successful change is made to an objects attributes.  Also the network policy server (NPS) in can now be used to set audit policies that determine the health of devices connecting to the network.

That’s a start anyway.  So, I’m going to keep smiling for today.  Hope you do too, and as a bonus here’s a heads up that the Windows Server 2008 Security Guide is also now available.  IT and business folks will both find an abundance of additional data governance enabling guidance on using Windows Server 2008 within it.

Thanks

Tom

Hi, I’m Jules Cohen. I work in Microsoft’s Privacy group.  I focus on our privacy strategy and helping our product teams to support our privacy principles.

In his post on July 23, 2007, Peter discussed some of the key aspects of our Privacy Principles for Live Search and Online Ad Targeting. As part of the work our team does around these principles, we’ve written a whitepaper that describes how we protect your privacy when serving ads: “Privacy Protections in Microsoft's Ad Serving System and the Process of "De-identification,"  

In working on this whitepaper, we’ve focused on our first and fourth privacy principles.

Principle I states:

We will be transparent about our policies and practices so that users can make informed choices.

Principle IV states:

We will design our systems and processes in ways that minimize the privacy impact of the data we collect, store, process and use to deliver our products and services.

So, as a part of honoring the first principle we have produced a whitepaper that shares a lot of the details of how we’ve gone about implementing the fourth principle. In particular, the paper spells out the details of how we have designed our online ad targeting platform to select appropriate ads based only on data that does not personally and directly identify individual users.

I encourage you to read the paper but I’ll share the punchline up front. We use an automated one-way hash to associate non-identifying demographic and clickstream data with an ID that isn’t linked to any data that personally and directly identifies any individual user. Our systems then use that ID, rather than one that is directly connected to personal information (like your e-mail address) to serve ads. This means that neither the machines nor the folks who work on the ads systems can identify the people who are getting the ads based on the information in the ads system. We think that this is a strong privacy protection and we hope you agree.

Jules

Hi, I am Brendon Lynch, Director of Privacy Strategy in Microsoft’s Trustworthy Computing group.  Among other things, my team’s work includes engagement with external privacy stakeholders and advising Microsoft product groups on data governance strategies.

I wanted to highlight some interesting research we recently conducted which explores how different roles within organizations are collaborating to protect personal information.

As you are probably aware, there is a lot of concern about personal information today.  Research, including the latest edition of Microsoft’s Security Intelligence Report, shows that criminals are increasingly targeting personal information for financial gain.  Other research shows that consumers are expressing concerns about shopping and banking online.  We are also observing a seemingly endless string of reports of data breaches.

In response to these concerns, many organizations in both the public and private sectors are investing in people, process and technology to better govern the data they collect and manage.  Looking at the people dimension of data governance, three important roles within organizations that standout are information security professionals, the data collectors and users (e.g., marketers) and privacy professionals (the newest role to emerge).  We thought it would be interesting to explore how these roles are working with each other (or not!) to address data governance.

Our survey of over 3600 professionals across these three roles, and across three countries (USA, UK and Germany), was conducted by the Ponemon Institute and provided some very interesting results, including:

·         Marketers consult security and privacy professionals a lot less often than security and privacy professionals think they do

·         Organizations that had better collaboration between the roles reported that they had significantly less data breaches than organizations with poor collaboration

I encourage you to take a deeper look at the research results and  view two related keynote presentations from Microsoft executives last month: Scott Charney, presenting to the International Association of Privacy Professionals (IAPP) annual Privacy Academy in San Francisco; and Ben Fathi presenting to the RSA Security Conference in London.

Trevor Hughes, executive director of IAPP and Peter Cullen, chief privacy strategist for Microsoft, also recorded a video discussing the data protection research and other challenges facing privacy professionals today.

Peter Cullen, Microsoft's Chief Privacy Strategist, here ...

Peter Cullen, Microsoft's Chief Privacy Strategist, here ...

Jerry Fishenden, National Technology Officer for the UK, here ... 

If you think the current problems of online safety and Internet e-crime (or cybercrime if you prefer) appear challenging, what on earth is going to happen when the Internet pervades every aspect of our daily lives?

As the Internet beings to power and monitor health and energy saving devices in our homes, enabling us to live richer, fuller lives in our own communities, will problems of cybercrime and threats to identity, security and privacy scale at the same rate: and thwart our aspirations to use technology to improve society? Will we finally reach Internet meltdown?

Right now, it’s all too likely the answer would be – “Yes.” If we don’t get the foundations right – and address some of the most fundamental issues that currently plague Internet safety – anything else we might construct on top of its inadequate infrastructure is unlikely to be sustainable.

But the Internet is not some autonomous, sentient, self-evolving life form – even if at times it might feel that way. It’s a by-product of decisions technologists took in the past, are taking now and will take in the future. So the problems we see today are fallout from failures in design – failures in technology design and in human-computer interaction design. And cyber-crooks are of course always amongst the quickest to exploit such flaws.  After all, the digital world is no different to the real one – and that includes the preponderance of criminal activities based on exploiting weaknesses in both systems and people.

One of the most obvious contributory causes to our existing Internet problems is the lack of an identity layer. I can’t prove it’s me when I’m online – and I can’t prove to a reasonable level of satisfaction whether the person or thing I’m communicating or transacting with online is who or what they claim to be. Which really isn’t a good place to be. Unless you’re a cyber-crook, in which case, hey, this is great news and highly lucrative with it since it makes online attacks such as phishing and spam email possible.

If we’re serious about realising the Internet’s true potential we need to act now to fix the identity issues we’re seeing.  These issues need to be resolved before we can seriously contemplate letting the Internet move into far more important areas – such as technology-assisted healthcare at home and the whole idea of assisted-living. After all, how are we going to do that if none of the devices can be certain who or what they’re communicating with? In front of us lies a vision where everything and everyone is linked and joined through an all pervading system. Billions of devices and communications happening every second, a complex mesh of systems communicating within and between each other in real time.

Now try to convince me you can build that – and trust it – without first fixing the problem of identity.

Which raises the question: identity, what is it anyway? For the sake of the point I’m making here, identity is about people - and "things": the physical fabric of the Internet and everything in (on) it. And ultimately it’s about safeguarding our security and privacy.

If we're to avoid exponential growth of the issues that plague the current relatively simple Internet as we enter the pervasive, complex, grid age, what principles do we adhere to? How can we have a secure, trusted, privacy-aware Internet that will be able to fulfil its potential – and have our trust too?

The good news is that these problems are being addressed: have you heard of the "laws of identity"? The “laws” are a set of design principles evolved over the last few years by some of the most respected authorities on identity using the crucible of the blogosphere. Kim Cameron (father of meta-directories and now Chief Identity Architect at Microsoft) has gathered together these lessons into a set of powerful guidelines. They help ensure that digital systems exhibit better behaviours than today - particularly around digital identity and ensuring security and privacy. They encompass everything learned about the good and the bad of digital identity systems. Lessons learned the hard way over the last 30 years or so of real world experiences.  And these “laws” are already beginning to gain recognition: the Information and Privacy Commissioner of Ontario for example has issued an independent public endorsement (see http://www.ipc.on.ca/docs/7laws-whitepaper.pdf).

Without the application of underlying principles such as these "laws of identity" the future Internet will suffer entropy, massive breaches of security and privacy – and probably make the scale of today’s cybercrimes look like a golden era of online law and order by comparison. But with the “laws”, we may finally be able to realise the truly transformational benefits of the Internet.

Digital identity - of people and "things" - is a fundamental requirement of the coming pervasive Internet age. Equally clearly, we need consensus on the identity framework required before we go much further. So go and read the “laws” and see what you think: you can find them online at http://www.identityblog.com/?page_id=354.

And then let’s get moving on fixing these issues – before the whole idea of the benefits of the next generation of Internet developments gets a bad name and our dreams end up as just that: dreams, rather than a reality.

- Jerry’s personal blog can be found at http://ntouk.com  

Erik Bratt, Sr. Communications Manager, here ...

Although security and privacy often have the same objective, the focus is different. When it comes to customer data, security focuses on keeping your data safe, while privacy focuses on giving you control. So says Tina Knutson in a great post on the recently launched Security Development Lifecycle (SDL) blog.  

"At privacy conferences and trainings, I’ve run into what I believe is a disturbing trend.  In a lot of the events and conversations I’ve experienced, privacy often ends up being used as a synonym for “data security.”  Data security breaches are clearly a big concern and shouldn’t be taken lightly; but privacy training, policies, and processes should go much deeper than *just* safeguarding the data.  Yes, data security is very important, but privacy should cover so much more."

 Click here to read Tina's entire post ... 

Peter Cullen, Microsoft’s Chief Privacy Strategist, here ...

For more than a decade, Microsoft has had employees dedicated to advancing customer privacy priorities across the company, the industry and society.  We now have more than 40 full-time privacy professionals across the company, as well as a few hundred more with privacy management as a formal part of their job responsibilities.  I thought it is about time you heard directly from them (and me), and have the opportunity to engage in discussion with us on this increasingly important topic.  In this blog, you can expect us to provide perspective on topical privacy issues, as well as information on particular aspects of Microsoft’s unique approach to addressing customer privacy.

Im-per-a-tive [noun].   Something that demands attention or action; an unavoidable obligation or requirement; necessity.  

You may have noted the title of this blog uses the word ‘imperative’.  Is privacy really an imperative?  Yes, and here’s why:

Information technology has dramatically transformed how a large segment of the world’s population works, communicates, learns, shops and plays. Meanwhile, the Internet and increasingly powerful wireless and broadband technologies are carrying the benefits of the Web to virtually every corner of the world, helping to create new opportunities for millions of people and businesses in the global economy.

Yet, as advances in technology simplify and accelerate the flow of information, concerns about the collection and use of personal data, widely publicized security and data breaches, and growing alarm about online fraud and identity theft, threaten to erode public confidence in the computing ecosystem and digital commerce.

Global trends indicate a steady increase in crimes like identity theft and online phishing scams aimed at deceiving individuals into divulging their personal information.  Microsoft’s Security Intelligence Report for the second half of 2006 shows that certain classes of spyware are evolving into more targeted and dangerous threats to privacy. For example, detections of remote control and monitoring software by Windows Defender, Microsoft’s anti-spyware client, were up 277 percent and 135 percent respectively between the first and second half of 2006. This type of software is used to commit data theft or to control large numbers of computer systems.

At the same time, studies worldwide show a decline in confidence that information shared online will remain both secure and private. In light of these developments, as well as an increasingly rigorous regulatory environment and the growing volume of personal information being collected by businesses and government, private and public sector organizations are beginning to understand that managing and helping protect people’s confidential data must be a top priority.  For  organizations , failing to prioritize privacy can prompt heavy financial losses, damage to reputations and loss of consumer and citizen trust.

Helping ensure privacy in today’s digital era is critical to the full realization of the social and economic benefits of technology and the Internet – simply put, it’s an imperative. 

In the coming weeks and months you will hear from a range of Microsoft’s privacy professionals, and the occasional guest, on important matters relating to privacy. We look forward to your readership and participation. If you’d like to find out more about Microsoft’s privacy practices, solutions and engagement, I encourage you to visit our Web site and download our latest whitepaper, ‘The Data Privacy Imperative’.