NIS Platform Working Group 3 Individuals Digital Rights and Capabilities. Dr. Gisela Meister April

Transcription

1 NIS Platform Working Group 3 Individuals Digital Rights and Capabilities Dr. Gisela Meister April

2 AoI 1: Individuals Digital Rights and Capabilities AoI 1 s vision is that individuals needs and fundamental rights are placed at the very centre of how we design, manage, and control network and information and communications technologies. Networks and ICT should be designed to take into account each of the following from the perspective of the individual: diversity, control (e.g. user empowerment), privacy, fairness, democracy, freedom of expression, safety. The concept of individuality includes being able to individualise according to the differences of people; Individual Rights (and duties) of e.g. citizens and consumers must be respected and transparency (without intrusiveness) must be provided at all times. Date Page 2

3 Description of the issues and challenges Technical challenges e.g. interoperability issues, security + privacy by design,.. Societal challenges Digital divide/inclusion: everything can be googled Political and governance challenges Provide the same rights in the digital rights as in the real physical world Educational challenges Responsibility for continuous education and raising awareness campaigns Date Page 3

4 Enablers (+) and Inhibitors (-) Public authorities and regulation,e.g. ISPs, public authorities and the Internet (+); Lack of incentives for companies (-) Technologies for privacy and security, e.g. End to end trustworthy networks, products, and services (+); Complexity of systems (-) Standardisation and evaluation, e.g. Improving standards services to improve the security level of online services e.g. in banking or retail Date Page 4

5 Gap analysis to achieve the vision Technical, security, standardisation gaps, e.g. Lack of sufficient advanced security and privacy mechanisms together with user friendliness; Lack of complete picture e.g. Use of Mobiles Privacy Metrics; Social, political and governance gaps, e.g. Align regulatory and technological developments User friendliness of technical and IT security interfaces Automated security & privacy surveillance linked to psychological or social user interaction and legal requirement. Date Page 5

6 Collecting the complete picture, e.g. mobile phones Basic Technical Standards are already available ETSI ( SIM / embedded Element) Global Platform ( Device Committee ) NFC Forum ISO/IEC SC 27 ( security Techniques) ISO/IEC SC 17 ( Secure elements / Smart Cards, Privacy) BUT Date Page 6

7 Wallets are migrating into Smartphones Local payment via NFC Mobile banking transactions Ticketing Identification But... Date Page 7

8 Specific Threats for mobile devices - to take care of Mobile devices hold significant amounts of personal information and sensitive credentials, which if stolen can be used for a variety of malicious purposes The mobile eco-system presents some characteristics on which attackers can take benefit Always-on improving accessibility Internet access through Browsers Application markets Wireless interfaces (WiFi, 3G, BT, NFC) vulnerable to Man in the Middle or Relay attacks Date Page 8

9 Security Solutions for Trusted Services around the Mobile Embedded SE Removable SE Trusted Execution Environment Contactless card SIM-based SE SE = Secure Element Date Page 9

10 Summery Building the whole Picture Technical, governmental ( including regulation aspects) social and educational perspectives have to go hand in hand Date Page 10

11 Thank you for your Attention! Dr. Gisela Meister Director Head of Security Consulting Head of Technology Standardisation, Technology Office, Mobile Security Giesecke & Devrient GmbH, Prinzregentenstr. 159, D München Phone: (0) mobile: +49 -(0) fax: +49 -(0) Gisela.Meister@gi-de.com Web: Date Page 11 11