The 5th International Conference on eDemocracy & eGovernment
Digital Hyper-transparency: Leading E-government Against Privacy Ana Rodríguez-Hoyos1,2, José Estrada-Jiménez1,2, Luis Urquiza-Aguiar1, Javier Parra-Arnau3 & Jordi.1 1Electronics,
Telecommunications & Network Dept. Escuela Politécnica Nacional (EPN), Quito, Ecuador 2Network
Engineering Dept. Universitat Politècnica de Catalunya (UPC), Barcelona, Spain 3Department
of Computer Engineering and Mathematics Universitat Rovira i Virgili,Tarragona, Catalonia.
*
[email protected]
Ambato, Ecuador April 2017
2/20
Outline
I.
Introduction
II.
Digital Hyper-transparency in Ecuador
III.
Jeopardazing Privacy
IV.
Privacy protection strategies
V.
Conclusions
3/20
Introduction: Big Data and Privacy
Currently, there are several entities that concentrate big
data, e.g., Internet Service Providers (all kinds of web interactions) Social networks (online profiles and relationships) The State (tax payment, travel records, etc.) Clearly, those big data includes personal information Privacy concerns arise due to
Indiscriminate collection Opaque operation Poor data handling practices
Rodriguez, Estrada, Urquiza, Parra & Forne
ICEDEG 2018
EPN, UPC, URV
4/20
Introduction: Transparency at the State Transparency is an increasing trend in democratic States
It encourages control through open access to public information What is the role of the State?
the State holds information about all the population the information collected is very faithful linked directly to individuals data collection, processing and publication are: enabled BY LAW accessible through e-gov applications
Privacy risks are commonly ignored
A neglected implementation of transparency and e-gov may cause almost unlimited access to large amounts of information, a side effect we call hyper-
transparency We explore these privacy risks in Ecuador Rodriguez, Estrada, Urquiza, Parra & Forne
ICEDEG 2018
EPN, UPC, URV
Hyper-Transparency in Ecuador By LAW In Ecuador, transparency is a democratic principle defined
by law open access to public information is guaranteed
“all the data emerged or held by public institutions” at least 15 items of information have to be published
online monthly both about institutions and employees (~600K in Ecuador) confidential data is not really excluded
Rodriguez, Estrada, Urquiza, Parra & Forne
ICEDEG 2018
EPN, UPC, URV
Hyper-Transparency in Ecuador By LAW Granularity of transparency is not defined in the law Very detailed data is published
Rodriguez, Estrada, Urquiza, Parra & Forne
ICEDEG 2018
EPN, UPC, URV
Hyper-Transparency in Ecuador By E-government A culture of digitization has taken over the public sector in
Ecuador In many cases also motivated by the law Simple but useful services are being offered
appointment scheduling, electronic certificates, payment platforms, but mainly information.
Rodriguez, Estrada, Urquiza, Parra & Forne
ICEDEG 2018
EPN, UPC, URV
Hyper-Transparency in Ecuador: E-gov Traffic Fines – ANT http://sistemaunico.ant.gob.ec:6033/PortalWEB/paginas/cl ientes/clp_criterio_consulta.jsp Phone Service Bill – CNT http://www.andinatel.com/atphpplanillaagrupado/formulari o.php Phone Book – CNT http://micnt.com.ec/cntapp/guia104/php/guia_cntat.php Education History – SENESCYT http://www.senescyt.gob.ec/consulta-titulosweb/faces/vista/consulta/consulta.xhtml Job – Ministerio de Trabajo http://dependenciasectorpublico.trabajo.gob.ec/Dependen ciaLaboralSectorPublico/index.xhtml
Demographic Data - Social Registry http://www.registrosocial.gob.ec/Publico/Frame.jsf Housing Taxes - City Council http://consultas.quito.gob.ec/ Income Taxes – Internal Revenue Service SRI
https://declaraciones.sri.gob.ec/sri-enlinea/#/SriDeclaracionesWeb/ConsultaImpuestoRenta/Con sultas/consultaImpuestoRenta Rodriguez, Estrada, Urquiza, Parra & Forne
ICEDEG 2018
EPN, UPC, URV
Traffic Fines - ANT
http://sistemaunico.ant.gob.ec:6033/PortalWEB/pagina
s/clientes/clp_criterio_consulta.jsp
Rodriguez, Estrada, Urquiza, Parra & Forne
ICEDEG 2018
EPN, UPC, URV
Phone Service Bill - CNT
Rodriguez, Estrada, Urquiza, Parra & Forne
ICEDEG 2018
EPN, UPC, URV
Phone Book - CNT
Rodriguez, Estrada, Urquiza, Parra & Forne
ICEDEG 2018
EPN, UPC, URV
Education History – Senescyt
Rodriguez, Estrada, Urquiza, Parra & Forne
ICEDEG 2018
EPN, UPC, URV
Job – Ministerio de trabajo
Rodriguez, Estrada, Urquiza, Parra & Forne
ICEDEG 2018
EPN, UPC, URV
Demographic Data – Social Registry
Rodriguez, Estrada, Urquiza, Parra & Forne
ICEDEG 2018
EPN, UPC, URV
Housing Taxes – City Council
Rodriguez, Estrada, Urquiza, Parra & Forne
ICEDEG 2018
EPN, UPC, URV
Income Taxes – Internal Revenue Service SRI
Rodriguez, Estrada, Urquiza, Parra & Forne
ICEDEG 2018
EPN, UPC, URV
Jeopardazing Privacy
Some attributes disclosed in the name of transparency National identity numbers
Criminal history
Full names
Education level
Unique identifiers
Shares in companies
Revenue
Work place
Salary
Marital status
Address
Disability condition
Amount of properties Age Movement patterns Rodriguez, Estrada, Urquiza, Parra & Forne
ICEDEG 2018
EPN, UPC, URV
Jeopardazing Privacy Personal microdata is massively and deliberately
published identifiers (identity numbers, full name) quasi-identifiers (marital status, address)
confidential attributes (salary, judicial data, disability condition)
Personal information is released even when not mandated by law universities ministries public service companies
Third-parties could aggregate this personal information through a centralized interface
Rodriguez, Estrada, Urquiza, Parra & Forne
ICEDEG 2018
EPN, UPC, URV
Jeopardazing Privacy Privacy risks Identification attacks through identifiers, citizens can be immediately singled out identifiers link all the rest of attributes, including sensitive ones most of the public interfaces can be queried by identifier Classification attacks privacy attackers could catalogue individuals based on their attributes personal information could be used to detect outliers e.g., criminals could use income information to identify prime targets for robbery other problems may involve discrimination and blackmail Surveillance ongoing observation of “movements” is possible due to very detailed information privacy risk is higher for public employees exposed, e.g., police officers
The privacy risk is massive because millions of citizens are involved
Rodriguez, Estrada, Urquiza, Parra & Forne
ICEDEG 2018
EPN, UPC, URV
Jeopardazing Privacy
Rodriguez, Estrada, Urquiza, Parra & Forne
ICEDEG 2018
EPN, UPC, URV
Privacy Protection Strategies To minimize the open disclosure of personal data Data suppression – not releasing certain values identifiers sensitive attributes reduce the number of quasi-identifiers Data generalization - using less specific values e.g., salary by position instead of by employee more general categories (e.g., 198X, instead of 1983 for the birth year) Access control – focusing the access to personal info much of the information published has sense only for the owner by authentication Informing who access to personal data Chance to opt out
A legal framework for privacy protection to modulate the
legitimate right to public info Rodriguez, Estrada, Urquiza, Parra & Forne
ICEDEG 2018
EPN, UPC, URV
Conclusions
Transparency and e-government are means to massify
democracy. They are built on information (huge amounts of personal) data) Yet, they are subject to mismanagement and manipulation. May lead to hyper-transparency and thus serious privacy risks Very granular personal data Directly published online under de mandate of the law Undefined potential privacy attackers Legal and practical guidelines to protect personal data may help to balance the tradeoff transparency-privacy
Rodriguez, Estrada, Urquiza, Parra & Forne
ICEDEG 2018
EPN, UPC, URV
Yes, but the State is also some of US
Rodriguez, Estrada, Urquiza, Parra & Forne
ICEDEG 2018
EPN, UPC, URV
What about
transparency must end when the privacy of others begin
Rodriguez, Estrada, Urquiza, Parra & Forne
ICEDEG 2018
EPN, UPC, URV
Thanks for your attention 25
while (questions = True){ if (now) Please ask if (later) Send an email to:
[email protected] } Escuela Politécnica Nacional Departamento de Electrónica, Telecomunicaciones y Redes de Información
Rodriguez, Estrada, Urquiza, Parra & Forne
ICEDEG 2018
EPN, UPC, URV
