Moderated by Sébastien Taveau, CTO, Validity

Problem Outline:

Taveau describes privacy with regards to the cloud as existing in 5 realms, or The Rule of 5 P’s for the Cloud. These P’s are described as Personal, Private, Professional, Proprietary and Public clouds.  Part of the modern privacy issue revolves around, in Taveau’s opinion, the bleeding of the first four P’s into the public cloud, or the making public of information over which an individual seeks to maintain control.  How can we maintain a sense of privacy when so many forms of technology and social networking that we use on a regular basis can be made public?

Key points of discussion:

-Europe tends to see freedom as the “freedom from” whereas North America perceives freedom in terms of the “freedom to”.  This is reflected in the emerging European idea of the “Right to disappear”

-Social networks, which are seen by individuals as part of a “private cloud” are regularly infringed upon and made public (think companies firing individuals based on Facebook profiles).

-“We’ve got this bleeding right now between work and personal life.  We used to think in terms of work-life balance, now we have a work-life blend […] It all seems to be melting together now.”–Mary Branscombe, Freelance Technology Journalist

-“For a long time people have considered the mobile device to be part of the cloud.  What people need to realize is that a mobile device is just a lock, equipped with a natural ID.  You become the key, the phone is the lock, and you use both to access the data on the cloud.  So the recently coined idea that identity is the new money is absolutely correct.”-Sebastian Taveau

-Major tech companies are trying more than ever to move from the Pin and Password security model to more advanced models, because breaches are becoming unsustainable.

-Biometrics are increasing in popularity, and the tech industry is seeking to decentralize the databases that hold the identity information required to secure companies and their workforce.

-Biometrics have the ability to create one-time passwords in order to verify that an individual has checked out on a device without actually placing their identity on the cloud.

-“We have to worry about the number of people who will sign a page to get a free pen.”–Mary Branscombe

-Facebook is “boiling the frog of privacy” so that you get “privacy exhaustion” (Mary Branscombe), and also divides privacy agreements and settings into so many “slices of privacy”(Sebastian Taveau) that you cannot track which peices of information are accessible to the company.

-The issue with security using soon-to-be available technology is that it may require the removal of personal privacy through observation of location (proximity to devices) and biometric verification.  This will make hacking much harder, but will require a sacrifice of convenience, location and biological identity.

It will become important that consumers understand what they are being asked to sacrifice in the name of security.  Mary suggests that “we have trained the monkey to press that button” and that people are already prepared to give up whatever they are asked to.  However, Sebastian notes that companies have a vested interest in attempting to train their clients to more carefully assess these compromises, and that Fido, among others, has actually begun trying to do so.

In summary, there are a number of privacy issues that come with using the cloud.  However, there are possibilities using Biometrics and location services (matching proximity to a device with the personal signal used to access it) to create far more secure templates which verify identity. If the biometric account on a device is set up only in a secure situation (such as a local bank branch, using identity cards etc) that secure template could be maintained and transferred to additional devices by the consumer.  This would allow for a much more secure set of mobile devices and security of private information stored on the cloud, which could only be accessed biometrically.