Keynotes

Title: Privacy by Design, Haute Couture or Ready to Wear?

Abstract: Article 79 of the Draft EU General Data Protection Regulation (GDPR) stipulates that the supervisory authority shall impose a fine up to 1 000 000 EUR or, in case of an enterprise up to 2% of its annual worldwide turnover, to anyone who, intentionally or negligently fails to implement appropriate technical and organizational measures for ensuring and demonstrating compliance pursuant to Article 23 (Privacy by Design & Privacy by Default) (PbD). This will make certain that PbD will become an important item on the management agenda and will greatly increase the need to prevent and reduce privacy risks. Moreover this article implies for auditors that a material risk has arisen for the organization that must be included in their financial and annual audit report. The concept of PbD has been introduced in the law to serve as a guideline how the protection of personal data protection should be addressed. PbD is made up of a number of principles that can be applied in the design of systems to achieve the protection of personal data. However, these principles leave many questions open about their application in the design of systems. Besides this the adoption of PbD and the lack of management commitment to consider privacy issues seriously play an important role. In the absence of a proactive stimulating attitude of the European Commission and the national data protection authorities, it may be years before PbD may become mainstream in the design of information systems, products, services and networks, but one thing is for sure PbD cannot be ignored any longer.

Short biography: Dr Borking is the former Privacy Commissioner and Board Member of the Dutch Data Protection Authority (CBP) in The Hague. He is Of Counsel and external advisor on Privacy-by-Design issues for CMS Derks Star Busmann in Utrecht. He is one of the leading experts on law and privacy in Europe, and advises national and international public and private sector organisations on privacy and computer law and more specifically the deployment of Privacy Enhancing Technologies (PETs) and alternative dispute resolution. He also is involved in several EU funded research projects in the area of privacy enhancing identity management and PETs and acts as ICT arbitrator and mediator. Dr Borking holds a PhD from Leiden University. The title of his PhD-thesis is Privacy Law is Code, About the deployment of privacy enhancing technologies.

Title: Pervasive Autonomous Systems: Challenges in Policy-based Adaptation and Security

Abstract: Pervasive Systems such as Wireless Sensor Networks for infrastructure monitoring, Personal Area Networks for health care, and Mobile Ad-Hoc Networks for autonomous unmanned vehicles need to operate autonomously and adapt to a wide range of requirements and contexts of use. What architectures should such systems have? How should they interact and compose? How do we avoid specifying all the behaviour in advance? How should control be devolved? How do we trust their behaviour and the quality of the information they provide? This talk will report on attempts to answer some of these questions in the context of policy-based systems i.e. where policies are used as the main form of adaptation. In the process the talk will also touch upon aspects of privacy, trust, secure data dissemination, formal verification and crowdsourcing and discuss challenges for future work.

Short biography: Emil Lupu is a Reader in Adaptive Computing Systems in the Department of Computing and an Associate Director with the Institute for Security Science and Technology, where he leads the Academic Centre of Excellence in Cyber Security Research. Dr Lupu also leads the Policy-Based Autonomous Systems Research group as well as several research projects in the areas of pervasive computing, trust and security and policy-based network and systems management. He has numerous publications in these areas, serves on the editorial boards of the IEEE Transactions on Network and Service Management, Journal of Network and Systems Management and the International Journal of Network Management, and on the program committee of several conferences. 

Title: Quantifying Privacy and Anonymity

Abstract: The design of anonymous communication systems is a relatively new field, but the desire to quantify the security these systems offer has been an important topic of research since its beginning. In recent years, anonymous communication systems have evolved from obscure tools used by specialists to mass-market software used by millions of people. In many cases the users of these tools are depending on the anonymity offered to protect their liberty, or more. As such, it is of critical importance that not only can we quantify the anonymity these tools offer, but that the metrics used represent realistic expectations, can be communicated clearly, and the implementations actually offer the anonymity they promise. This talk will discuss how metrics, and the techniques used to measure them, have been developed for anonymous communication tools including low-latency networks (e.g. Tor, AN.ON), high-latency email systems (e.g. Mixmaster, Mixminion). The talk will examine the rapidly developing field of censorship resistance systems and how efforts are progressing to quantify the security they offer. Finally I will discuss lessons learned which will be applicable to the development of other security metrics for other fields.

Short biography: Steven J. Murdoch is a security researcher at the University of Cambridge Computer Laboratory. His research covers privacy-enhancing technology, Internet censorship, and anonymous communication, in particular Tor. He is also known for discovering several vulnerabilities in the EMV bank chipcard payment system (Chip and PIN).