Security Analysis of Subject Access Request Procedures How to authenticate data subjects safely when they request for their data

International audienceWith the GDPR in force in the EU since May 2018, companies and administrations need to be vigilant about the personal data they process. The new regulation denes rights for data subjects and obligations for data controllers but it is unclear how subjects and controllers interact concretely. This paper tries to answer two critical questions: is it safe for a data subject to exercise the right of access of her own data? When does a data controller have enough information to authenticate a data subject? To answer these questions, we have analyzed recommendations of Data Protection Authorities and authentication practices implemented in popular websites and third-party tracking services. We observed that some data controllers use unsafe or doubtful procedures to authenticate data subjects. The most common flaw is the use of authentication based on a copy of the subject's national identity card transmitted over an insecure channel. We define how a data controller should react to a subject's request to determine the appropriate procedures to identify the subject and her data. We provide compliance guidelines on data access response procedures

Known and Unknown, Property and Contract: Comments on Hoofnagle and Moringiello

In addition to gerund-noun-noun titles and a concern with the misaligned incentives of businesses that handle consumers\u27 financial data, Chris Hoofnagle\u27s Internalizing Identity Theft and Juliet Moringiello\u27s Warranting Data Security share something else: hidden themes. Hoofnagle\u27s paper is officially about an empirical study of identity theft, but behind the scenes it\u27s also an exploration of where we draw the line between public information shared freely and secret information used to authenticate individuals. Moringiello\u27s paper is officially a proposal for a new warranty of secure handling of payment information, but under the surface, it invites us to think about the relationship between property and contract in the payment system. Parts I and II, respectively, of this brief essay explore these hidden themes in Hoofnagle\u27s and Moringiello\u27s articles. I hope the exercise tells us something interesting about these two papers, and also about the problems of privacy and security in the payment system. A brief conclusion adds a personal note to the mix

Constructing privacy aware blockchain solutions: design guidelines and threat analysis techniques

Blockchain is an incipient technology that offers many strengths compared to traditional systems, such as decentralization, transparency and traceability. However, if the technology is to be used for processing personal data, complementary mechanisms must be identified that provide support for building systems that meet security and data protection requirements. In this work we study the integration of off-chain capabilities in blockchain-based solutions, moving data or computational operations outside the core blockchain network. Additionally, we develop a thorough analysis of the European and Uruguayan data protection regulation and discuss the weaknesses and strengths, regarding the security and privacy requirements established by that regulation, of solutions built using blockchain technology. Based on this analysis, we present a system architecture for the design of privacy aware solutions that are built using blockchain technology. We also put forward a systematic approach for performing a security and privacy threat analysis of such kind of solutions. Finally, we illustrate the use of the proposed methodological tools, presenting and discussing both the design and the security and privacy assessment of a system that provides services to handle, store and validate digital academic certificates.Blockchain es una tecnología incipiente que ofrece muchas fortalezas en comparación con los sistemas tradicionales, como la descentralización, la transparencia y la trazabilidad. Sin embargo, si se va a utilizar esta tecnología para el procesamiento de datos personales, se deben identificar mecanismos complementarios que brinden soporte a los sistemas de construcción que cumplan con los requisitos de seguridad y protección de datos. En este trabajo estudiamos la integración de capacidades de soluciones offchain en soluciones basadas en blockchain, moviendo datos u operaciones computacionales fuera de blockchain. Adicionalmente, desarrollamos un análisis exhaustivo del reglamento europeo y uruguayo de protección de datos personales y discutimos las debilidades y fortalezas, en cuanto a los requisitos de seguridad y privacidad que establece dicho reglamento, de las soluciones construidas con tecnología blockchain. En base a este análisis, presentamos un marco metodológico para el diseño de soluciones basadas en tecnología blockchain, pensando en la privacidad. También presentamos un enfoque sistemático para realizar un análisis de amenazas a la seguridad y la privacidad de este tipo de soluciones. Finalmente, ilustramos el uso de las herramientas metodológicas propuestas, presentando y discutiendo tanto el diseño como la evaluación de seguridad y privacidad de un sistema que brinda servicios para manejar, almacenar y validar certificados académicos digitales

Security Analysis of Subject Access Request Procedures How to authenticate data subjects safely when they request for their data

International audienceWith the GDPR in force in the EU since May 2018, companies and administrations need to be vigilant about the personal data they process. The new regulation denes rights for data subjects and obligations for data controllers but it is unclear how subjects and controllers interact concretely. This paper tries to answer two critical questions: is it safe for a data subject to exercise the right of access of her own data? When does a data controller have enough information to authenticate a data subject? To answer these questions, we have analyzed recommendations of Data Protection Authorities and authentication practices implemented in popular websites and third-party tracking services. We observed that some data controllers use unsafe or doubtful procedures to authenticate data subjects. The most common flaw is the use of authentication based on a copy of the subject's national identity card transmitted over an insecure channel. We define how a data controller should react to a subject's request to determine the appropriate procedures to identify the subject and her data. We provide compliance guidelines on data access response procedures