The internet and social networking sites like Facebook are redefining privacy in the world today. Privacy means that people are able to control what information about themselves is made available to other people.
There is no universal agreement on what is private - different cultures hold different views and what is considered private changes over time. For example, while in the UK the tax returns of individuals are private, in Norway the earnings of every citizen are publicly available. This openness is good to ensure that people are correctly taxed but could put people with high incomes at risk of theft, kidnapping and extortion. Therefore privacy is a balance.
Governments have recognized the importance of privacy and have legislated on this issue. The European Convention on Human Rights was adopted by the UK in 1998 and Article 8 of this convention guarantees a right to privacy. In Europe, privacy of personal information is principally covered by Directive 95/46/EC on personal data processing and Directive 2002/58/EC on privacy of electronic communications. These two directives provide a common approach, although their implementation varies in detail from country to country.
However, this legislation is primarily aimed at governments and organisations holding personal data. It does not protect the individual from themselves or the organisation from the employee acting as a private individual. The person using a social networking site is at liberty to give away personal information about themselves – even to their own detriment. They can also deliberately or inadvertently pass information or make comments that could damage their employer. They can also send ill-judged messages that are publicly visible using services like Twitter.
The problem of policing trust
Trust is important since it forms the basis upon which personal and commercial transactions take place. Trust is, in some ways, in conflict with privacy. Privacy can be the friend of the confidence trickster and criminal by allowing them to conceal their identity and their previous activities.
What happens when there is a breach of trust - how is trust policed? Commerce is based upon legal enforcement of agreements, which can be very fast and effective. However, Internet commerce has challenged this because it is not always easy to identify individuals and because transactions may take place across geographical boundaries.
An alternative approach is that adopted by eBay where each buyer and seller has a feedback rating. This is an example of a trust metric where participants in a transaction rate each other and these ratings are publicly visible. If an eBay seller consistently behaves in a trustworthy manner, their rating increases. Conversely, if they do not, it decreases. People can chose whether or not to transact with another individual based on this rating.
Identity in the Cloud
In the Cloud, no-one knows who you are. A self-created user identity is no longer adequate and the threat of impersonation is very real. Individuals have had their Facebook identities stolen and adult criminals pose as children to groom and lure children.
One solution to this is through “claims-based” authentication. Traditionally the authentication and authorisation system is co-located with application and the organisation controls the provision of credentials. In the Cloud, the authentication may be performed remotely from the Cloud application. The remote authentication system then makes a “claim” of identity to the Cloud system which relies upon this claim. This is similar to a citizen of one country using a passport to enter another country.
Identity federation is a technology for claims-based authentication between organisations. The user is authenticated by logging into their organisation when they access a Cloud application and their identity is passed to the Cloud provider. This typically uses SAML (Security Assertion Markup Language) or ADFS (Active Directory Federation Services). The technology is secure, but identity federation depends upon trust between the two organisations which needs to be underpinned by legal agreements.
Identity 2.0 provides the means for individuals to build their own electronic identity independently of their employment based around their personal associations (school, college, interests, etc). This also contains the mechanisms for these individuals to use trusted third parties to substantiate their claims.
Identity and access management (IAM) normally controls access to specific resources. This form of access control does not help where data is unstructured and messages are being created on the fly. Mandatory access control (MAC) or, more recently, Digital rights management (DRM) allow the owner of certain information to retain control over how this information is used. But both of these solutions are limited to special cases.
Content-sensitive IAM extends control to cover data based on its content. The control is enforced at the time that the data is created, discovered, or transmitted.
The Cloud now provides many services that are used by individuals to network and to buy services. This has created new challenges relating to privacy, trust and identity. Privacy legislation is principally aimed at protecting the individual’s personal information from misuse by governments and organisations. It does not help to protect the individual against their own misjudgements or the organisation against the mistakes of their employees.
Identity 2.0 allows individuals to create and manage their own identities, but this raises the risk for others unless these identities can be affirmed by trusted third parties. Content-sensitive controls may provide a solution to some of the issues.
(ISACA has produced a book, “IT Control Objectives for Cloud Computing: Controls and Assurance in the Cloud”, which looks at controls and countermeasures that can be used in the Cloud, also closely examining how to use the Cloud to create value in systems. It is available at www.isaca.org/bookstore)