For several years now, I have been a very vocal proponent of Privacy by Design (PbD) – the concept of engineering privacy directly into the design of new technologies, business processes, and networked infrastructure as a core functionality. I have argued that privacy and security can – and must – co-exist in a positive-sum, not zero-sum relationship.
My office, working with industry leaders, is showing that it is possible. Over the past year, for example, we have worked closely with Ontario’s biggest utility, Hydro One, on building the 7 Foundational Principles of Privacy by Design into Ontario’s emerging Smart Grid. As a result, Ontario is leading the way in Smart Grid privacy! And just last week, we released a joint paper with the Ontario Lottery and Gaming Corporation (OLG) about another very exciting application of PbD that will be rolling out in Spring 2011.
OLG approached us in 2007 about using facial biometrics to help them identify people entering gaming sites despite having enrolled in a voluntary ‘self-exclusion’ program. Strong enforcement of the program is a key disincentive for enrolees who may otherwise be tempted to return to gaming sites. Until recently, however, enforcement relied largely on a labour-intensive and unreliable manual system of checking photographs.
Biometric systems can raise a number of significant privacy concerns, including function creep, data linkages, misuse of personal information, and security vulnerabilities. OLG’s desire to develop a privacy-protective facial recognition system presented an excellent opportunity to practice Privacy by Design, and we agreed to explore with them the application of Biometric Encryption (BE) – an emerging privacy-enhancing technology.
Biometric Encryption uses the principles of PbD to address the privacy and security concerns associated with biometric systems. BE is a process that securely binds a key to, or extracts a key from, a biometric. It does so in such a way that neither the key nor the biometric can be retrieved from the “helper data” (or “private template”) created and stored through this process, except when the correct live biometric sample is presented for verification.
In the OLG scenario, that means that the system will only unlock personal information from the database when the live facial biometric of a self-excluded user is detected as present. At that point, security can do a manual check to confirm the individual’s identity. As each biometric is only associated with one record, no single key can unlock the complete database.
The complete details of how the system works are available in our paper, but the bottom line is that by starting from the principles of PbD, OLG was able to configure a system that not only has significant privacy advantages for casino patrons on and off the self-excluded list, but also improves accuracy and offers enhanced system security.
I think our work with OLG is exciting not only in terms of the specifics of the project, but also as an example of PbD in action. It shows how Privacy by Design fosters innovation by challenging system designers and engineers to think creatively. This kind of breakthrough would never have been possible if OLG had not been open to relinquishing outmoded ways of thinking that position security and privacy as being in conflict.
As a long-time advocate of leveraging technology in support of privacy, it is very energizing to see Privacy by Design continue to gather momentum, and evolve from a conceptual framework into a practical one that is starting to be applied by industry leaders.
I think we can look forward to a lot more good news on this front. Last month, at the International Conference of Data Protection and Privacy Commissioners in Jerusalem, I proposed a Privacy by Design (PbD) Resolution to the full assembly of regulators. The resolution was unanimously adopted and privacy regulators around the world have now recognized PbD as an “essential component of fundamental privacy protection.”
I urge you to look for opportunities to show leadership in your own industries by engineering the principles of PbD into your business practices and technologies. PbD is clearly an idea whose time has come!