Contact cfp2007@gmail.com for information on CFP2007 sponsorship opportunities.
Important Dates
  • early bird rates for registration until April 10.
  • Special hotel rate of $185 Canadian, taxes not included, expires on April 1
  • US citizens arriving by air require a passport, and passport application processing times are now up to three weeks due to high volume.
  • Contact Us

    Info about conference:

    To sponsor:

    Workshop 1: 9am-12pm and 1-4pm: “A Reasonable Expectation of Privacy? You be the Judge!”
    Presenters: Ian Kerr and colleagues

    Tutorial 1: 9am-12pm: Computer Forensics
    Presenter: Simson L. Garfinkel

    Tutorial 2: 9am-12pm: Cryptography, Security and Privacy on the Internet
    Presenter: Ian Goldberg

    Tutorial 3: 9am-12pm: Fundamental Freedoms: The Global Net and the Canadian Charter of Rights, the US Constitution and European and international human rights law
    Presenters: Stanley Cohen, Peter Leuprecht and Robert Ellis Smith

    Tutorial 4: 9am-12pm: Surveillance, the War on Drugs, the War on Terror
    Presenter: Eugene Oscapella

    Tutorial 5: 1pm-4pm: Wiretapping in the US and the UK
    Presenters: Laura Donahue and Mark Eckenwiler

    Tutorial 6: 1pm-4pm: Data Matters: Technical Aspects of Privacy in Communications and Privacy-Preserving Data Analysis
    Presenters: George Danezis

    Tutorial 7: 1pm-4pm: Security and Privacy Concerns with Electronic Health Information
    Presenters: Patricia Kosseim and Brian O’Higgins

    Tutorial 8: 1pm-4pm An Overview of Identity Management Technologies and Policy Implications
    Presenters: Christian Paquin, Greg Thompson, Tim Bouma (invited), Guy Herriges, Stanley Trepetin (invited)


    Workshop 1:"A Reasonable Expectation of Privacy? You be the Judge!"

    Abstract: This workshop challenges the limitations that the ‘reasonable expectation of privacy’ standard adopted by courts in many jurisdictions across the globe imposes on the privacy that we can expect in public places. In a unique, playful and interactive presentation of twin decisions from the Supreme Courts of Canada and the United States, members of the multi-disciplinary research team, On the Identity Trail (http://idtrail.org), interrogate the use of various technologies to detect evidence of abnormal or illegal activity.  Using FLIR (forward looking infrared) as a case study, this workshop asks fundamental questions about the use of various new technologies to augment the sensory perceptions of law enforcement personnel and considers the impact of new technologies on the privacy that we can reasonably expect in public places.


    Carlisle Adams

    Carlisle Adams is an Associate Professor in the School of Information Technology and Engineering (SITE) at the University of Ottawa.  Prior to his academic appointment in 2003, he worked for 13 years in industry (Nortel, Entrust) in the design and standardization of a variety of cryptographic and security technologies for the Internet.  His research and technical contributions include the CAST family of symmetric encryption algorithms, secure protocols for authentication and management in Public Key Infrastructure (PKI) environments, and a comprehensive architecture and policy language for access control in electronic networks.  Dr. Adams is co-author of Understanding PKI:  Concepts, Standards, and Deployment Considerations, Second Edition (Addison-Wesley, 2003).  He is a Senior Member of the Institute for Electrical and Electronics Engineers (IEEE), a member of the Association for Computing Machinery (ACM) and the International Association for Cryptologic Research (IACR), and is licensed as a Professional Engineer (P.Eng.).


    Jane Bailey

    Jane Bailey is an Assistant Professor at the Faculty of Law, University of Ottawa.  She teaches regulation of Internet communications, civil procedure and contracts. Professor Bailey completed her LL.M. at the University of Toronto in 2002. She was a co-recipient of the Howland Prize for outstanding performance in the LL.M. programme. She served as a law clerk to the Honourable Mr. Justice John Sopinka at the Supreme Court of Canada. Before returning to legal studies, Professor Bailey practised law in Toronto with Torys, where she was an associate in the litigation department. Her litigation experience included acting on matters relating to unlawful search of political protesters, and to the application of existing laws governing hate speech to an Internet website.

    Her primary areas of interest relate to the intersections between law, evolving technology and equity. Professor Bailey’s LL.M. research related to the potential for regulation of Internet hate speech. Her ongoing research focuses on the impact of evolving technology on significant public commitments to equality rights, freedom of expression and multiculturalism, as well as the societal and cultural impact of the Internet and emerging forms of private technological control, particularly in relation to members of socially disadvantaged communities.


    Jacquelyn Burkell

    Jacquelyn Burkell is an Associate Professor at the University of Western Ontario, Faculty of Information and Media Studies.  Dr. Burkell’s research focuses on the empirical study of the interaction between people and technology, with a particular emphasis on the role of cognition in such interactions. Specific aspects of this research include the impact of presentation on information use and understanding, the design of human-computer interfaces, and the social impact of technology. With respect to this latter topic, she is interested in the impact of computer mediation on communication and the perception of self. Much of this work focuses on anonymity in online communication, examining how the psuedonymity offered by online communication is experienced by online communicators, and how this experience changes communication behaviour and interpretation. Dr. Burkell is also involved in research on the credibility of online information and information sources. Part of this work will focus on intelligent agents and virtual representatives as information sources, examining whether the credibility of these sources is assessed according to the same criteria used to establish the credibility of human information sources.

    Dr. Burkell teaches a variety of courses relevant to her research methodology expertise and her research interests. She teaches research methods at both the graduate and undergraduate level, with a focus on both qualitative and quantitative methods. In addition, she teaches courses on the social impact of technology, human-computer interface design and information design.


    Jennifer Chandler

    Jennifer Chandler joined the Faculty of Law, University of Ottawa, in 2002, where she is currently teaching ‘tort law’ and ‘technoprudence-legal theory in the information age’. 
    The overarching theme of Professor Chandler’s research is law, science and technology, particularly with respect to the social and environmental effects of emerging technologies and the interaction of emerging technologies with law and regulation.

    In addition to work fitting within this broad theme, Professor Chandler has also written extensively in the areas of cybersecurity and cybertorts.  Other recent articles have addressed the adequacy of the Canadian regulation of GMOs, pharmacists and conscientious objection, the ethics of non-financial incentives to donate organs, and liability for online reputation systems.

    Ian Kerr

    As Canada Research Chair in Ethics, Law, and Technology, Ian Kerr is Canada’s leading authority on how ethical and legal issues intersect with technology.  Ian plays a significant role in the development of national and international model laws in e-commerce, privacy policy, digital copyright policy, and the delivery of government services online. He has advised various Canadian agencies on legal policy for online activities, and is a Canadian delegate to the United Nations’ Special Working Group on e-Commerce, a project of the United Nations Commission on International Trade Law. Ian is also a member of the Corporate/Commercial Law Group and acts as special counsel in technology law to Ottawa-based law firm Nelligan O’Brien Payne LLP.

    Ian has published numerous articles and papers and has written, edited and contributed to several books and journals on various subjects including the philosophy of law, contract law, information ethics, internet law, automation and intelligent agent technology. In addition to his current work on online intermediaries, Ian is involved in an international, collaborative research project on anonymous communication and is writing a book on the legal and ethical implications of artificial intelligence, robotics and nanotechnology.  Ian previously taught law, philosophy, and new media at the University of Western Ontario. He has won six awards and citations for his teaching.  He now holds the Canada Research Chair in Ethics, Law and Technology at the Faculty of Law, University of Ottawa, where he has co-designed a new graduate program and is building Canada’s first law and technology research laboratory, a facility that will support the work of two Canada Research Chairs and twenty researchers.


    Carole Lucock

    Carole Lucock is the project manager of On the Identity Trail.  Carole Lucock was Senior Legal Counsel and Chief Privacy Officer with the Canadian Medical Association, a not-for-profit corporation where she has acted as counsel for 15 years. During her tenure with CMA, in addition to corporate legal work, Carole worked on numerous health and medical profession policy files and was very active in matters concerning health information privacy. While at CMA, Carole instituted an articling program and has worked with numerous articling students during the course of their training. Carole obtained her LL.B from Queens University and recently completed her LL.M, with a concentration in law and technology, at the University of Ottawa. She began her LL.D at the University of Ottawa in September 2005. Her research interests include the intersection of privacy, anonymity and identity, and the potential distinctions between imposed versus assumed anonymity. Prior to becoming a lawyer, Carole worked for a number of years as a high school teacher in England, where she taught science, social science and physical education.

    David Matheson

    David Matheson is a postdoctoral fellow with the Department of Philosophy at Carleton University.  David received his PhD in philosophy from Brown University in 2003.  As one of the philosophers associated with On the Identity Trail, he is especially interested in the conceptual and moral issues that surround the project’s overall theme.

    Among the specific topics that David has written about are privacy and knowableness, anonymity and responsible testimony, layperson authentication of contested experts, privacy and personal security, the nature of personal information, and the importance of privacy for friendship.


    Valerie Steeves

    Valerie Steeves is an Assistant Professor in the Department of Criminology at the University of Ottawa in Ottawa, Canada. Her main area of research is human rights and technology issues.

    Professor Steeves has written and spoken extensively on privacy from a human rights perspective, and is an active participant in the privacy policy making process in Canada. In 1997, as a Special Advisor to the House of Commons Standing Committee on Human Rights, she organized and facilitated a series of public consultations exploring the meaning of privacy as a human right, and was one of the principal drafters of the Committee’s report, Where Do We Draw the Line? She has appeared as an expert witness before a number of Parliamentary Committees regarding privacy legislation, and was a Special Advisor to Senator Finestone with respect to the Privacy Rights Charter. She is currently a member of the Canadian Standards Association’s Technical Committee on Privacy and the Chair of the National Privacy Coalition.

    Professor Steeves is the author of a number of award-winning educational games designed to teach children how to protect their human rights in cyberspace. Her multi-media game Sense and NonSense won the Canadian Race Relations Foundation’s Award of Excellence in Race Relations Education and her interactive cyberplay about online privacy is used by Girl Guides across the country in the You Go Girl in Technology badge program.


    Tutorial 1:Computer Forensics

    Abstract: Computer forensics is the study of information stored in computer systems for the purpose of learning what happened to that computer at some point in the past---and for making a convincing argument about what was learned in a court of law. Today computer forensics covers five broad categories: hard drive forensics, memory forensics, network forensics, document forensics, and software forensics. This tutorial will give the attendee an in-depth understanding of computer forensics, including: the history of computer forensics (celebrated cases); enough information about operating systems to understand why forensic tools are possible, what they can do, and their limits; modern forensic tools, including both open source and commercial; and the legal environment that governs forensics in the US.


    Simson L. Garfinkel

    Simson L. Garfinkel is an Associate Professor at the Naval  Postgraduate School in Monterey, CA., and a fellow at the Center for Research on Computation at Society at Harvard University. He is also the founder of Sandstorm Enterprises, a computer security firm that develops advanced computer forensic tools used by businesses and  governments to audit their systems.

    Dr. Garfinkel has research interests in computer forensics, the emerging field of usability and security, information policy, and terrorism. He has actively researched and published in these areas for more than two decades.

    Garfinkel writes a monthly column for CSO Magazine, for which he has been awarded four national journalism awards. Garfinkel is the author or co-author of fourteen books on computing, published by Addison-Wesley, IDG Books, MIT Press, O’Reilly and Associates, and Springer-Verlag. He is perhaps best known for his book Database Nation: The Death of Privacy in the 21st Century. Garfinkel’s most successful book, Practical UNIX and Internet Security (co-authored with Gene Spafford), has sold more than 250,000 copies in more than a dozen languages since the first edition was published in 1991.

    Garfinkel received three Bachelor of Science degrees from MIT in 1987, a master’s of science in journalism from Columbia University in 1988, and a Ph.D. in Computer Science from MIT in 2005.



    Tutorial 2:Cryptography, Security and Privacy on the Internet

    Abstract: Users of personal computers are exposed to many threats from Internet-based sources.  Viruses, worms, and spam are a constant annoyance; less well known are the threats of unknowingly becoming part of the botnets which send them.  In addition, all of your online communication is potentially accessible to third parties, and their use of the information they learn about you is beyond your control. In this tutorial, we will look at the cryptographic techniques, the security tools, and the privacy-enhancing technologies you can use to protect yourself online.  We will discuss the principles of useful security and privacy technologies and where these technologies may be headed in the future.


    Ian Goldberg

    Dr. Goldberg is an Assistant Professor of Computer Science at the University of Waterloo, where he is part of the Cryptography, Security, and Privacy (CrySP) research group.  He holds a Ph.D. from the University of California, Berkeley, where he co-founded that university’s Internet Security, Applications, Authentication and Cryptography group.  From 1999 to 2006, he was Chief Scientist of Radialpoint (formerly known as Zero-Knowledge Systems), a company offering security and privacy technologies for Internet users.


    Tutorial 3:Fundamental Freedoms: The Global Net and the Canadian Charter of Rights, the US Constitution and European and international human rights law

    Abstract: This tutorial will explore the Internet and related communication technologies and protected freedoms in Canada, the US and Europe.

    The Canadian analysis will examine whether we live in countries that risk becoming ‘surveillance societies'. Although the orientation of this discussion will be Canada-centric it will draw on comparative examples from other nations that describe themselves as "free and democratic societies". To lend some context to this discussion there will be a short description of Canada's rights- protective constitutional arrangements. Also, this analysis will be refracted through the lens of what has been called the "war on terror" - to some an unending war. The concern will be with how well we are weathering repeated assaults on our personal privacy as our nations are buffeted by threats from dangerous zealots emanating from the far corners of the globe. Among the developments to be surveyed in this session will be the evolution and expansion of surveillance techniques, including: primitive techniques (such as dogs & roadblocks); video cameras; RFID & GPS technology; biometrics & identity cards; and dataveillance (including information acquisition, sharing, data matching & data mining).

    The US analysis will explore which US Constitutional principles protect individuals' activities on the Internet and organizations' collection of personal information. This discussion will explore privacy, free speech, searches and seizures, intellectual property, due process, and equal protection as addressed in the Constitution of the US drafted in 1787 and the first ten amendments enacted in 1791. The discussion will show how courts have applied these principles to new digital technology. It will then examine the relevance of Constitutional rights to the new technologies of identity, including biometrics, ID cards, and personal identification numbers.

    The European analysis will explore the fundamental principles of the Council of Europe and the European Union, i.e. pluralistic democracy, rule of law and human rights. What are, from that point of view, the opportunities and threats posed by Information and Communication Technologies (ICTs)? As far as human rights are concerned, this thread will deal in particular with the right to freedom of expression, information and communication, the right to respect for private life and correspondence and the right to education as well as with the issue of ICT assisted forms of human rights violations. The need for balance between competing rights will be emphasized. There should be a human rights "proofing" of all key actions, decisions and technologies influencing the information society. This discussion will also broach the issue of access to ICTs and the question of whether they are used to promote or to curtail cultural diversity. 


    Stanley A. Cohen

    Stanley A. Cohen is Senior General Counsel with the Department of Justice (Canada) in its Human Rights Law Section.   He has had a varied career as an advisor to government in the areas of criminal justice and national security policy, and the Canadian Charter of Rights and Freedoms.  His duties involve his advising Ministers and senior government officials on legal policy, litigation and issues relative to the Charter and the justice system, and appearing before parliamentary committees on legislative reform.  Mr. Cohen was extensively involved in providing Charter advice pertaining to the policy development process and the drafting of the Anti-terrorism Act as well as other national security policy development initiatives, including the Proceeds of Crime (Money Laundering) and Terrorist Financing Act, and the replacement of the Official Secrets Act with the Security of Information Act.    Mr. Cohen was the 2006 recipient of the Department of Justice's John Tait Award, a signal honour recognizing the individual who best exemplifies the highest standards of ethical, professional conduct and competence, and demonstrates the values of service to the Canadian public and government in the discharge of his or her duties. 

    A member of the Manitoba Bar since 1972, he is the author of numerous widely-cited articles on the criminal justice system and human rights, as well as three texts - Privacy, Crime and Terror: Legal Rights and Security in a Time of Peril; Invasion of Privacy: Wiretapping and Criminal Investigation in Canada; and Due Process of Law: the Canadian System of Criminal Justice.   

    Mr. Cohen is a former academic and law professor at the Faculty of Law at McGill University.  Mr. Cohen's on-going commitment to teaching is also manifest in his over twenty year involvement as an adjunct professor and lecturer at three Canadian law schools (Manitoba, Toronto and Ottawa).  He has also lectured widely on the subject of fundamental freedoms, civil liberties and the criminal justice system before such diverse groups as the National Judicial Institute; the Learned Societies; the Canadian Police College; the Canadian Bar Association; the Canadian Association of Provincial Court Judges; the Canadian Institute for the Administration of Justice; the Canadian Club; the Canadian Council on Social Development; the Canadian Association for the Prevention of Crime; the International Society for the Reform of the Criminal Law; and the Centre for Public Law and Public Policy. 

    Mr. Cohen formerly directed research for nearly a decade at the Law Reform Commission of Canada as the Coordinator of the Commission's Criminal Procedure Project.  He also served as Secretary to the Commission of Inquiry into the Deployment of Canadian Forces to Somalia between 1995 and 1997. 

    Peter Leuprecht

    1958-1961 Assistant lecturer at the Law Faculty of the University of Innsbruck and work at the Bar. 

    1961-1997 official in the Secretariat General of the Council of Europe (Strasbourg, France); 1976-1980 Secretary of the Committee of Ministers; 1980-1993 Director of Human Rights; elected Deputy Secretary-General in 1993; leaves his post before the end of his term because of disagreement with dilution of Council of Europe standards. 

    Has taught at the Universities of Strasbourg and Nancy (France) and at the European Academy of Law in Florence (Italy).  Author of numerous publications in the field of international law and human rights.  1997-1999 Visiting Professor at the Faculty of Law of McGill University and at the Département des sciences juridiques de l'Université du Québec à Montréal (UQAM) and advisor to the Canadian Department of Justice.  From 1999 to 2003 Dean of the Faculty of Law of McGill University. Presently Director of the Montreal Institute of International Studies and Professor at the Département des sciences juridiques de l'UQAM. 

    Was awarded the "Prix du Civisme Européen" in 1991. 

    Member of a committee of four "Sages" which prepared a human rights Agenda for the European Union. 

    2000-2005 Special Representative of the Secretary-General of the UN for human rights in Cambodia. 

    Received the Human Rights Award of the Lord Reading Law Society in 2001.  

    Robert Ellis Smith

    Since 1974, Robert Ellis Smith, a lawyer and journalist in Providence, R.I., has published Privacy Journal newsletter, the world's first and longest lasting publication on individual rights in the computer age.  He has taught at Brown University, University of Maryland, Harvard University, and Tufts University and often appears before trade groups and government bodies and serves as an expert witness in privacy and surveillance cases. 


    Tutorial 4:Surveillance, the War on Drugs, the War on Terror

    Abstract: The privacy intrusions flowing from the “war on drugs” have served as a template for the intrusions associated with the “war on terrorism”.  In addition, the symbiotic relationship that has developed between the war on drugs and the war on terror (“If you use illegal drugs, you are financing terrorist groups.”) is being used as a justification for even greater levels of surveillance.  In both cases, the legal and policy approaches chosen to deal with the issue—illegal drugs or terrorism—has resulted in ever-increasing levels of surveillance.  This tutorial looks at the parallel privacy consequences of adopting a law enforcement/security approach to these issues.


    Eugene Oscapella

    Eugene Oscapella is Barrister and Solicitor of Ottawa.   Mr. Oscapella completed undergraduate studies in economics at the University of Toronto and received his bachelor of laws degree from the University of Ottawa. He obtained his Master of Laws degree from the London School of Economics and Political Science. He was called to the Ontario Bar in 1980.

    From 1980 to 81, Mr. Oscapella served as a commission counsel with the McDonald Commission of Inquiry into the RCMP.  From 1982 to 85, he was Director of Legislation and Law Reform for the Canadian Bar Association.  Since 1985, Mr. Oscapella has been an independent adviser on Canadian legislative and social policy issues.  For more than two decades he has also advised governmental and non-governmental organizations in Canada and abroad on a range of privacy issues. He is the principal author of the Privacy Commissioner’s 1989 study, AIDS and the Privacy Act, its 1990 study, Drug Testing and Privacy, and its 1992 study, Genetic Testing and Privacy.

    He is also a founding member of the Canadian Foundation for Drug Policy and a former chair of the policy committee of the Canadian Criminal Justice Association.  He lectures on drug policy in the Department of Criminology at the University of Ottawa.


    Tutorial 5:Wiretapping in the US and the UK

    Abstract: This tutorial will examine the legal aspects of wiretapping in the United States and the United Kingdom. In the US, the Electronic Communications Privacy Act of 1986 (ECPA) governs the acquisition and disclosure of information--e.g., electronic mail, logs, and subscriber identity--at the core of computer network privacy. Unfortunately, ECPA's intricacies have bedeviled commentators, leading one appeals court to call ECPA "famous (if not infamous) for its lack of clarity."  The US analysis of this tutorial for laypeople will examine ECPA's rules, focusing especially on the rules governing law enforcement eavesdropping. Similarly, the UK analysis will look at the legal authorities governing surveillance in the UK. Until recently, very few laws governed police and intelligence service information-gathering authorities in the United Kingdom.  Extraordinary stop and search powers for terrorist-related offences, and warrants for police interference with property provided exceptions.  But physical searches of property conducted by the intelligence services, the interception of communications, the use of electronic bugs, and the running of covert human intelligence sources operated under the legislative and judicial radars. Beginning in the mid-1980s, the European Court began to raise objections to the lack of safeguards and absence of any statutory framework.  Yet each time the Court has handed down a significant finding against the United Kingdom, the state has responded by, on the surface, meeting the demands of the European Convention of Human Rights, and simultaneously expanding executive surveillance authorities.   


    Laura Donohue

    Dr. Laura Donohue is a fellow at CISAC and at Stanford Law School's Center for Constitutional Law. Donohue's research focuses on national security and counterterrorist law in the United States, United Kingdom, Republic of Ireland, Israel, and the Republic of Turkey. Prior to Stanford, Donohue was a fellow at Harvard University's John F. Kennedy School of Government, where she served on the Executive Session for Domestic Preparedness and the International Security Program. In 2001 the Carnegie Corporation named her to its Scholars Program, funding the project, "Security and Freedom in the Face of Terrorism." At Stanford, Donohue directed a project for the United States Departments of Justice and State and, later, Homeland Security, on mass-casualty terrorist incidents. She has written numerous articles on counterterrorism in liberal, democratic states. Author of Counter-terrorist Law and Emergency Powers in the United Kingdom 1922-2000, she is completing a manuscript for Cambridge University Press analyzing the impact of British and American counterterrorist law on life, liberty, property, privacy, and free speech. Donohue obtained her AB (with honors, in philosophy) from Dartmouth College, her MA (with distinction, in war and peace studies) from University of Ulster, Northern Ireland, her PhD in history from the University of Cambridge, and her JD from Stanford Law School. 

    Mark Eckenwiler

    Mark Eckenwiler is Associate Director of the Office of Enforcement Operations, Criminal Division, U.S. Department of Justice.  He previously worked for 9 years in the Justice Department's Computer Crime Section, where he served as Deputy Chief from 2002 to 2005.

    His areas of responsibility include federal wiretap law and online investigations. An Internet veteran for over two decades, Mark has written and spoken widely (including presentations at CFP in 1998, 1999, 2000, and 2002) on such issues as anonymity and free speech, e-mail stalking laws, Internet jurisdiction, electronic privacy, and the Fifth Amendment implications of cryptographic keys.  His articles have appeared in The National Law Journal, Legal Times, American Lawyer, Civil RICO Report, Internet World, and NetGuide. 

    Mark holds an A.B. cum laude from Harvard in History and Literature and an M.A. in Classics (Ancient Greek) from Boston University.  After receiving his J.D. cum laude from New York University School of Law, he clerked for U.S. District Court Judge I. Leo Glasser in the Eastern District of New York.  In 2002, he received the Exceptional Service Award - the Justice Department's highest honor - for his work on federal cybercrime legislation. 

    Tutorial 6:
    Technical Aspects of Privacy in Communications and Privacy Preserving Data Analysis

    Abstract: This tutorial will present traffic analysis, data mining, and privacy controls. Access to traffic data, such as who is talking to whom, for how long, and how often, is not protected by conventional encryption and can in itself leak privacy sensitive information. Furthermore access to such traffic data is often easier than content: it requires less technical effort, is subject to lower level of legal protection and with data retention regimes such traffic data can also be accessed retrospectively. In the traffic analysis part of this tutorial we will present the technical issues involved in collecting and analyzing traffic data to extract sensitive information, as well as secure communication systems designed to evade such surveillance. The privacy-preserving data analysis aspects of this tutorial will explore approaches to protect data yet retain analytical capabilities. Given a large collection of potentially sensitive information, how can we accurately answer general questions about the data while preserving the privacy of individual data items. We begin with a discussion of how privacy or its loss can be defined and measured, and touch on some theoretical limitations of privacy-preserving data analysis.  Having established a framework and some boundaries, we then evaluate several traditional and emerging approaches. 


    George Danezis

    Dr George Danezis is post-doctoral visiting fellow at the Cosic group, KU Leuven, in Flanders, Belgium. He has been researching anonymous communications, privacy enhancing technologies, and traffic analysis since 2000, at KU Leuven and the University of Cambridge, where he completed his doctoral dissertation. His theoretical contributions to the PET field include the established information theoretic metric for anonymity and the study of statistical attacks against mix systems. On the practical side he is one of the lead designers of Mixminion, the next generation remailer, and has worked on the traffic analysis of deployed protocols such as SSL and Tor. He was the co-chair of the Privacy Enhancing Technologies Workshop in 2005 and 2006, he serves on the PET workshop board and has participated in multiple conference and workshop program committees in the privacy and security field. 

    Tutorial 7:
    Security and Privacy Concerns with Electronic Health Information

    Abstract: This tutorial will present the technology and policy issues of electronic health record (EHR) and other e-health information systems, with the policy issues focusing on the Canadian EHR landscape. Electronic health information systems are currently undergoing rapid deployment, and as they incorporate advances in IT for new features and benefits, risk to patient privacy increases. The technology discussion of this tutorial will consider these new IT risks and how they impact the security and privacy of medical records. Security technologies that are relevant to mitigating these risks will be reviewed. The eHealth Vulnerability Reporting Program, an industry initiative to evaluate some of the new threats and risks to eHealth systems, will also be reviewed and learning results summarized. The policy component of this tutorial will explore in more depth how Pan-Canadian, interoperable electronic health record (EHR) systems present exciting promise and opportunity for payers, managers, providers, researchers and users of the health system. In exploring the associated privacy issues, the following legal and policy challenges will be discussed:

        * jurisdictional issues arising from trans-border data-flows;

        * accountability responsibilities among various players in the system;

        * secondary use of EHR data for multiple purposes; and,

        * practical implementation and compliance measures.  


    Patricia Kosseim

    Patricia Kosseim is General Counsel at the Office of the Privacy Commissioner of Canada (OPC). She provides legal advice on a broad range of policy and legislative initiatives; represents OPC before Federal Court and Parliamentary Committees; directs legal research on emerging privacy issues; and works collaboratively with stakeholders across multiple jurisdictions and sectors.

    Before joining OPC, Patricia spent five years at the Ethics Office of the Canadian Institutes of Health Research, leading initiatives aimed at: developing health policy from an ethical, legal and social perspective; promoting a culture of ethics and integrity in health research; and strengthening Canada's health research capacity in areas of ethics, law and social sciences. During that period, Patricia was temporarily seconded for a few months to Canada Health Infoway Inc. to contribute her legal and privacy expertise as part of a team of expert consultants advising the organization on its inaugural business plan to develop pan-Canadian, electronic health record systems.

    Prior to joining the public service in Ottawa, Patricia practiced in Montreal for over six years with a major national law firm in areas of human rights, health law, labor and employment law, and professional regulation/liability.

    Patricia has served on boards of directors of non-profit community organizations and has participated as volunteer member of hospital ethics committees and several governmental advisory committees. She has published papers and presented at numerous conferences across the country on topics related to health law, privacy and ethics.

    Patricia is a member of the Quebec and Canadian Bar Associations since 1993. She obtained degrees in Business (B.Com '87) and Law (B.C.L. / LL.B. '92) from McGill University, as well as a Master's Degree in Medical Law and Ethics (M.A.'94) from King's College in London, U.K.  

    Brian O'Higgins

    Mr. O'Higgins is seasoned professional in the security industry, and is best known for his role in introducing PKI (Public Key Infrastructure) technology and products to the security landscape. He is also a recognized speaker on IT and Internet security.

    Prior to joining Third Brigade, Mr. O'Higgins was the co-Founder and Chief Technology Officer of Entrust, a leading Internet Security company. While at Entrust he had overall responsibility for the technology vision and direction for the company. He was previously with Nortel where he established the Secure Networks group in 1993, and was instrumental in spinning-out this group as an independent company, Entrust. Prior to this, Mr. O'Higgins was with Bell-Northern Research (BNR) where he was involved in a variety of technology development programs including public key security systems, technology for new telephone products, in-building wireless communications systems and high-performance computing architectures for digital telephone switches.

    Mr. O'Higgins' current list of affiliations includes advisory board positions with Defence R&D Canada, Information Technology Association of Canada, Communications and Information Technology Ontario, Algonquin College, and the Armed Forces Communications and Electronics Association. In addition, he currently serves on the boards of Recognia and Fischer International.


    Tutorial 8: 1pm-4pm: An Overview of Identity Management Technologies and Policy Implications

    Presenters: Tim Bouma (invited), Guy Herriges, Christian Paquin, Greg Thompson, Stanley Trepetin (invited)

    This tutorial will give an overview of current industry initiatives and trends in digital identity management, including policy implications in the government sector. We will discuss the pros and cons with regard to security and privacy of three main trends: centralized identity management, federated identity management, and user-centric identity management. We will also present on the implications of all three approaches at the application level, focusing on e-government, e-health, trusted computing, and consumer identity management. Topics that will be discussed in detail include Windows CardSpace, SAML, the Liberty Alliance efforts, "lightweight" identity management efforts for social networking, and government efforts for government online. For the government context in particular, policy implications of errors, anonymity, and other issues connected to digital identity will be explored.
    The emphasis of this tutorial is to provide an objective review of pros and cons, focusing on implications of the different approaches in different contexts, especially government. As with most technologies, no identity technology is good or bad per se; it is the context in which they are used that determines any negative side effects.

    This tutorial will be moderated and be presented in English and French.


    Christian Paquin 

    Christian Paquin is Credentica's Chief Security Engineer. Christian has been specializing in information security for the last decade; prior to joining Credentica, he worked as a PKI specialist in an electronic signature company and as a security expert in a company providing privacy-enhancing technologies. Christian holds a M.Sc. in computer science from the University of Montreal, where he did research in the field of quantum cryptography.
    Greg Thompson 

    Greg Thompson has fifteen years of experience designing and implementing software systems and ensuring the success of software development teams. Since the late 90's he has focused his career on security-related network services. He was a chief architect of Surety's premier Internet-based document authentication service, featuring a high-performance, scalable, and fault-tolerant design. Prior to this, he was an engineer and project leader for a cross-platform software development tools vendor. Greg holds a B.Sc. in computer engineering from Carnegie Mellon University.  

    Tim Bouma (invited) 

    Tim Bouma is the Acting Director, Identity Management, TBS CIO Branch. Mr. Bouma is leading the efforts to develop Government of Canada-wide Identity Management Strategy. Prior to joining TBS, Mr. Bouma was an Executive Management Consultant with CGI. He also held senior management positions within the software industry with Open Text and Hummingbird. Mr. Bouma has an Executive MBA from the University of Ottawa, and a B.A. Sc. from the University of Waterloo.

    Guy Herriges 

    Guy Herriges is Manager of Strategy and Policy with the Office of the Chief Information and Privacy Officer, Ontario Ministry of Government Services, where he is currently focused on improving the management of information across the public service. Guy has 20 years of experience in information access and privacy as a policy manager and advisor within the Ontario government. In his previous role as Manager of Access and Privacy, Guy also led the development and implementation of Ontario's Lobbyists Registration Act. Prior to joining the Ontario government in 1987, Guy was the Assistant Director of the Saskatchewan Human Rights Commission where he directed Human Rights Code investigations across the province. Guy is a graduate of the University of Saskatchewan with degrees in philosophy and law.

    Stanley Trepetin (invited)

    Stanley Trepetin is the Chief Information Technology Security Officer at the New York City Department of Health and Mental Hygiene (DOHMH). At DOHMH he sets overall IT security strategy and policy. Stanley completed his PhD at MIT in Health Informatics in 2006. At MIT, he designed new ways to anonymously match data and assess the value of information privacy within health organizations. Prior to MIT he worked for IBM for 10 years where he was a project manager and software developer, and provided large systems software support to Fortune 500 clients. He has a Master's Degree from Duke University focusing on patent usage within biotechnology and an undergraduate degree from Cornell.

    Thanks to ACM