Data Privacy Day in Canada: First annual Privacy By Design Challenge a major success

Yesterday I participated in the first Privacy By Design Challenge held in downtown Toronto. My presentation is in a pdf here or in the original 2MB PPT here. This event is the brainchild of Dr. Ann Cavoukian, the Information and Privacy Commissioner of Ontario. A long-time advocate of privacy technologies, Ann coined the term "privacy by design" in the mid nineties and subsequently wrote two books relating to the subject. Since then, she has worked relentlessly to put privacy technologies front and center on the agenda of government and industry stakeholders involved in rolling out IT systems with a society-wide impact.

For this first annual edition of the event, Ann and her staff had assembled a stellar cast. With over 200 attendees the event was sold out.

Following Ann's welcome speech, in which she introduced the panel topics and shared her optimism about the real-world adoption of privacy technologies, I headed up to the podium with my co-panelists. IBM's Jeff Jonas kicked off our session with an engaging talk on his thoughts on the future of privacy. Intel's David Hoffman followed by emphasizing Intel's commitment to privacy-by-design and briefly reviewing the company's technologies for safeguarding personal data on laptops and other devices. My presentation focused on Microsoft's contributions to creating an open standards-based identity architecture for the Internet, including an overview of our Geneva platform and the U-Prove technology. Facebook's Chris Kelly discussed the measures that Facebook has taken to enable users to adequately express their privacy preferences, and touched on Facebook Connect and the lessons learned from the beacon debacle. Last but not least, HP's Victor Garcia lucidly explained how technological progress is eroding privacy; he also briefly reviewed an array of HP technologies, ranging from encryption to privacy-protecting identity management to quantum cryptography.

The second panel started off with Dr. Khaled El Emam, who discussed the role of de-identification techniques in healthcare and talked about his work on the topic at the University of Ottawa and at Privacy Analytics. (On a comical note, the panel moderator playfully referred to Khaled as "the Latanya Sweeney of the North"; right after the event this lead a noted member of the audience to refer to Latanya as the "Khaled El Emam of the South".) Next, Eileen MacDonald of GSI Canada discussed her organization's efforts in relation to an on-off switch for embedded RFID chips. Peratech's Philip Taysom followed up on the same topic and demonstrated how easy it is to read the contents of an RFID-enabled passport using a cheap reader and free software. Michelle Dennedy of Sun Micrososystems, formerly the company's Chief Privacy Officer and since very recently its Chief Governance Officer for Cloud Computing, discussed the Sun Ray technology for cloud computing and its access protections via secure portable user devices. Thomas Marinelly of the Ontario Lottery and Gaming Corporation concluded the panel session by discussing his organization's efforts to apply biometric encryption technologies to facial recognition systems.

In all, this was a highly successful event, and I am already looking forward to next year's edition.

My slide deck as a PDF is here, and in the original 2MB PPT here

 -- Dr. Stefan Brands,  Principal Architect, Identity & Security Division for Microsoft