Workshop 1: 9am-12pm and 1-4pm: “A Reasonable
Expectation of Privacy? You be the Judge!”
Presenters: Ian Kerr and colleagues
Tutorial 1: 9am-12pm: Computer Forensics
Presenter: Simson L. Garfinkel
Tutorial 2: 9am-12pm: Cryptography, Security and
Privacy on the Internet
Presenter: Ian Goldberg
Tutorial 3: 9am-12pm: Fundamental Freedoms: The Global
Net and the Canadian Charter of Rights, the US Constitution and European and
international human rights law
Presenters: Stanley Cohen, Peter Leuprecht and Robert
Tutorial 4: 9am-12pm: Surveillance, the War on Drugs,
the War on Terror
Presenter: Eugene Oscapella
Tutorial 5: 1pm-4pm: Wiretapping in the US and the UK
Presenters: Laura Donahue and Mark Eckenwiler
Tutorial 6: 1pm-4pm: Data Matters: Technical
Aspects of Privacy in Communications and Privacy-Preserving Data
Presenters: George Danezis
Tutorial 7: 1pm-4pm: Security and Privacy Concerns
with Electronic Health Information
Presenters: Patricia Kosseim and Brian O’Higgins
Tutorial 8: 1pm-4pm An Overview of
Identity Management Technologies and Policy Implications
Presenters: Christian Paquin,
Greg Thompson, Tim Bouma (invited), Guy Herriges, Stanley Trepetin (invited)
Workshop 1:"A Reasonable Expectation of Privacy? You be the Judge!"
Abstract: This workshop challenges the limitations
that the ‘reasonable expectation of privacy’ standard adopted by courts in many
jurisdictions across the globe imposes on the privacy that we can expect in
public places. In a unique, playful and interactive presentation of twin
decisions from the Supreme Courts of Canada and the United States, members of
the multi-disciplinary research team, On the Identity Trail (http://idtrail.org),
interrogate the use of various technologies to detect evidence of abnormal or
illegal activity. Using FLIR (forward
looking infrared) as a case study, this workshop asks fundamental questions
about the use of various new technologies to augment the sensory perceptions of
law enforcement personnel and considers the impact of new technologies on the
privacy that we can reasonably expect in public places.
Carlisle Adams is an Associate Professor in the
School of Information Technology and Engineering (SITE) at the University of
Ottawa. Prior to his academic appointment in 2003, he worked for 13 years
in industry (Nortel, Entrust) in the design and standardization of a variety of
cryptographic and security technologies for the Internet. His research
and technical contributions include the CAST family of symmetric encryption
algorithms, secure protocols for authentication and management in Public Key
Infrastructure (PKI) environments, and a comprehensive architecture and policy
language for access control in electronic networks. Dr. Adams is
co-author of Understanding PKI: Concepts, Standards, and Deployment
Considerations, Second Edition (Addison-Wesley, 2003). He is a Senior
Member of the Institute for Electrical and Electronics Engineers (IEEE), a
member of the Association for Computing Machinery (ACM) and the International
Association for Cryptologic Research (IACR), and is licensed as a Professional
Jane Bailey is an Assistant Professor at the Faculty
of Law, University of Ottawa. She
teaches regulation of Internet communications, civil procedure and contracts.
Professor Bailey completed her LL.M. at the University of Toronto in 2002. She
was a co-recipient of the Howland Prize for outstanding performance in the
LL.M. programme. She served as a law clerk to the Honourable Mr. Justice John
Sopinka at the Supreme Court of Canada. Before returning to legal studies,
Professor Bailey practised law in Toronto with Torys, where she was an
associate in the litigation department. Her litigation experience included
acting on matters relating to unlawful search of political protesters, and to
the application of existing laws governing hate speech to an Internet website.
Her primary areas of interest relate to the intersections between
law, evolving technology and equity. Professor Bailey’s LL.M. research related
to the potential for regulation of Internet hate speech. Her ongoing research
focuses on the impact of evolving technology on significant public commitments
to equality rights, freedom of expression and multiculturalism, as well as the
societal and cultural impact of the Internet and emerging forms of private
technological control, particularly in relation to members of socially
Jacquelyn Burkell is an Associate Professor at the
University of Western Ontario, Faculty of Information and Media Studies. Dr. Burkell’s research focuses on the
empirical study of the interaction between people and technology, with a
particular emphasis on the role of cognition in such interactions. Specific
aspects of this research include the impact of presentation on information use
and understanding, the design of human-computer interfaces, and the social
impact of technology. With respect to this latter topic, she is interested in
the impact of computer mediation on communication and the perception of self.
Much of this work focuses on anonymity in online communication, examining how
the psuedonymity offered by online communication is experienced by online
communicators, and how this experience changes communication behaviour and
interpretation. Dr. Burkell is also involved in research on the credibility of
online information and information sources. Part of this work will focus on
intelligent agents and virtual representatives as information sources,
examining whether the credibility of these sources is assessed according to the
same criteria used to establish the credibility of human information sources.
Dr. Burkell teaches a variety of courses relevant to her research methodology
expertise and her research interests. She teaches research methods at both the
graduate and undergraduate level, with a focus on both qualitative and
quantitative methods. In addition, she teaches courses on the social impact of
technology, human-computer interface design and information design.
Jennifer Chandler joined the Faculty of Law,
University of Ottawa
in 2002, where she is currently teaching ‘tort law’ and ‘technoprudence-legal
theory in the information age’.
The overarching theme of Professor Chandler’s research is law, science and
technology, particularly with respect to the social and environmental effects
of emerging technologies and the interaction of emerging technologies with law
In addition to work fitting within this broad theme, Professor Chandler has
also written extensively in the areas of cybersecurity and cybertorts.
Other recent articles have addressed the adequacy of the Canadian regulation of
GMOs, pharmacists and conscientious objection, the ethics of non-financial
incentives to donate organs, and liability for online reputation systems.
As Canada Research Chair in Ethics, Law, and
Technology, Ian Kerr is Canada’s leading authority on how ethical and legal
issues intersect with technology. Ian
plays a significant role in the development of national and international model
of government services online. He has advised various Canadian agencies on
legal policy for online activities, and is a Canadian delegate to the United
Nations’ Special Working Group on e-Commerce, a project of the United Nations
Commission on International Trade Law. Ian is also a member of the Corporate/Commercial
Law Group and acts as special counsel in technology law to Ottawa-based law
firm Nelligan O’Brien Payne LLP.
Ian has published numerous articles and papers and
has written, edited and contributed to several books and journals on various
subjects including the philosophy of law, contract law, information ethics,
internet law, automation and intelligent agent technology. In addition to his
current work on online intermediaries, Ian is involved in an international,
collaborative research project on anonymous communication and is writing a book
on the legal and ethical implications of artificial intelligence, robotics and
nanotechnology. Ian previously taught
law, philosophy, and new media at the University of Western Ontario. He has won
six awards and citations for his teaching.
He now holds the Canada Research Chair in Ethics, Law and Technology at
the Faculty of Law, University of Ottawa, where he has co-designed a new
graduate program and is building Canada’s first law and technology research
laboratory, a facility that will support the work of two Canada Research Chairs
and twenty researchers.
Carole Lucock is the project manager of On the
Identity Trail. Carole Lucock was Senior
Legal Counsel and Chief Privacy Officer with the Canadian Medical Association,
a not-for-profit corporation where she has acted as counsel for 15 years.
During her tenure with CMA, in addition to corporate legal work, Carole worked
on numerous health and medical profession policy files and was very active in
matters concerning health information privacy. While at CMA Carole
instituted an articling program and has worked with numerous articling students
during the course of their training. Carole obtained her LL.B from Queens
University and recently completed her LL.M, with a concentration in law and
technology, at the University of Ottawa. She began her LL.D at the
University of Ottawa in September 2005. Her research interests include the
intersection of privacy, anonymity and identity, and the potential distinctions
between imposed versus assumed anonymity. Prior to becoming a lawyer, Carole
worked for a number of years as a high school teacher in England, where she
taught science, social science and physical education.
David Matheson is a postdoctoral fellow with the
Department of Philosophy at Carleton University. David received his PhD in philosophy from
Brown University in 2003. As one of the philosophers associated with On
the Identity Trail, he is especially interested in the conceptual and moral
issues that surround the project’s overall theme.
Among the specific topics that David has written
about are privacy and knowableness, anonymity and responsible testimony,
layperson authentication of contested experts, privacy and personal security,
the nature of personal information, and the importance of privacy for
Valerie Steeves is an Assistant Professor in the
Department of Criminology at the University of Ottawa in Ottawa, Canada. Her
main area of research is human rights and technology issues.
Professor Steeves has written and spoken extensively
on privacy from a human rights perspective, and is an active participant in the
House of Commons Standing Committee on Human Rights, she organized and
facilitated a series of public consultations exploring the meaning of privacy
as a human right, and was one of the principal drafters of the Committee’s
report, Where Do We Draw the Line? She has appeared as an expert witness before
a number of Parliamentary Committees regarding privacy legislation, and was a
Special Advisor to Senator Finestone with respect to the Privacy Rights
Charter. She is currently a member of the Canadian Standards Association’s
Technical Committee on Privacy and the Chair of the National Privacy Coalition.
Professor Steeves is the author of a number of
award-winning educational games designed to teach children how to protect their
human rights in cyberspace. Her multi-media game Sense and NonSense won the
Canadian Race Relations Foundation’s Award of Excellence in Race Relations
Education and her interactive cyberplay about online privacy is used by Girl
Guides across the country in the You Go Girl in Technology badge program.
Abstract: Computer forensics is the study of
information stored in computer systems for the purpose of learning what
happened to that computer at some point in the past---and for making a
convincing argument about what was learned in a court of law. Today computer
forensics covers five broad categories: hard drive forensics, memory forensics,
network forensics, document forensics, and software forensics. This tutorial
will give the attendee an in-depth understanding of computer forensics,
including: the history of computer forensics (celebrated cases); enough
information about operating systems to understand why forensic tools are
possible, what they can do, and their limits; modern forensic tools, including
both open source and commercial; and the legal environment that governs
forensics in the US.
Simson L. Garfinkel
Simson L. Garfinkel is an Associate Professor at the
School in Monterey, CA., and a fellow at the Center for Research on Computation
at Society at Harvard University. He is also the founder of Sandstorm
Enterprises, a computer security firm that develops advanced computer forensic
tools used by businesses and governments to audit their systems.
Dr. Garfinkel has research interests in computer
forensics, the emerging field of usability and security, information policy,
and terrorism. He has actively researched and published in these areas for more
than two decades.
Garfinkel writes a monthly column for CSO Magazine,
for which he has been awarded four national journalism awards. Garfinkel is the
author or co-author of fourteen books on computing, published by
Addison-Wesley, IDG Books, MIT Press, O’Reilly and Associates, and
Springer-Verlag. He is perhaps best known for his book Database Nation: The
Death of Privacy in the 21st Century. Garfinkel’s most successful
book, Practical UNIX and Internet Security (co-authored with Gene Spafford),
has sold more than 250,000 copies in more than a dozen languages since the
first edition was published in 1991.
Garfinkel received three Bachelor of Science degrees
from MIT in 1987, a master’s of science in journalism from Columbia University
in 1988, and a Ph.D. in Computer Science from MIT in 2005.
Security and Privacy on the Internet
Abstract: Users of personal computers are exposed to
many threats from Internet-based sources.
Viruses, worms, and spam are a constant annoyance; less well known are
the threats of unknowingly becoming part of the botnets which send them. In addition, all of your online communication
is potentially accessible to third parties, and their use of the information
they learn about you is beyond your control. In this tutorial, we will look at
the cryptographic techniques, the security tools, and the privacy-enhancing
technologies you can use to protect yourself online. We will discuss the principles of useful
security and privacy technologies and where these technologies may be headed in
Dr. Goldberg is an Assistant Professor of Computer
Science at the University of Waterloo, where he is part of the Cryptography,
Security, and Privacy (CrySP) research group.
He holds a Ph.D. from the University of California, Berkeley, where he co-founded
that university’s Internet Security, Applications, Authentication and
Cryptography group. From 1999 to 2006,
he was Chief Scientist of Radialpoint (formerly known as Zero-Knowledge
Systems), a company offering security and privacy technologies for Internet
Freedoms: The Global Net and the Canadian Charter of Rights, the US
Constitution and European and international human rights law
Abstract: This tutorial will
explore the Internet and related communication technologies and protected
freedoms in Canada, the US and Europe.
analysis will examine whether we live in countries that risk becoming
‘surveillance societies'. Although the orientation of this discussion
will be Canada-centric it will draw on comparative examples from other
nations that describe themselves as "free and democratic societies". To
lend some context to this discussion there will be a short description
of Canada's rights- protective constitutional arrangements. Also, this
analysis will be refracted through the lens of what has been called
the "war on terror" - to some an unending war. The concern will
be with how well we are weathering repeated assaults on our personal
privacy as our nations are buffeted by threats from dangerous zealots
emanating from the far corners of the globe. Among the developments to
be surveyed in this session will be the evolution and expansion of surveillance
techniques, including: primitive techniques (such as dogs & roadblocks);
video cameras; RFID & GPS technology; biometrics & identity
cards; and dataveillance (including information acquisition, sharing,
data matching & data mining).
The US analysis will explore
which US Constitutional principles protect individuals' activities on
the Internet and organizations' collection of personal information.
This discussion will explore privacy, free speech, searches and seizures,
intellectual property, due process, and equal protection as addressed
in the Constitution of the US drafted in 1787 and the first ten amendments
enacted in 1791. The discussion will show how courts have applied these
principles to new digital technology. It will then examine the relevance
of Constitutional rights to the new technologies of identity, including
biometrics, ID cards, and personal identification numbers.
The European analysis will
explore the fundamental principles of the Council of Europe and the
European Union, i.e. pluralistic democracy, rule of law and human rights.
What are, from that point of view, the opportunities and threats posed
by Information and Communication Technologies (ICTs)? As far as human
rights are concerned, this thread will deal in particular with the right
to freedom of expression, information and communication, the right to
respect for private life and correspondence and the right to education
as well as with the issue of ICT assisted forms of human rights violations.
The need for balance between competing rights will be emphasized. There
should be a human rights "proofing" of all key actions, decisions
and technologies influencing the information society. This discussion
will also broach the issue of access to ICTs and the question of whether
they are used to promote or to curtail cultural diversity.
Stanley A. Cohen
Stanley A. Cohen is Senior
General Counsel with the Department of Justice (Canada) in its Human
Rights Law Section. He has had a varied career as an advisor
to government in the areas of criminal justice and national security
policy, and the Canadian Charter of Rights and Freedoms.
His duties involve his advising Ministers and senior government officials
on legal policy, litigation and issues relative to the Charter
and the justice system, and appearing before parliamentary committees
on legislative reform. Mr. Cohen was extensively involved in providing
Charter advice pertaining to the policy development process and
the drafting of the Anti-terrorism Act as well as other national
security policy development initiatives, including the Proceeds of
Crime (Money Laundering) and Terrorist Financing Act, and the replacement
of the Official Secrets Act with the Security of Information
Act. Mr. Cohen was the 2006 recipient of the Department
of Justice's John Tait Award, a signal honour recognizing the individual
who best exemplifies the highest standards of ethical, professional
conduct and competence, and demonstrates the values of service to the
Canadian public and government in the discharge of his or her duties.
A member of the Manitoba Bar
since 1972, he is the author of numerous widely-cited articles on the
criminal justice system and human rights, as well as three texts -
Privacy, Crime and Terror: Legal Rights and Security in a Time of Peril;
Invasion of Privacy: Wiretapping and Criminal Investigation in Canada;
and Due Process of Law: the Canadian System of Criminal Justice.
Mr. Cohen is a former academic
and law professor at the Faculty of Law at McGill University.
Mr. Cohen's on-going commitment to teaching is also manifest in his
over twenty year involvement as an adjunct professor and lecturer at
three Canadian law schools (Manitoba, Toronto and Ottawa). He
has also lectured widely on the subject of fundamental freedoms, civil
liberties and the criminal justice system before such diverse groups
as the National Judicial Institute; the Learned Societies; the Canadian
Police College; the Canadian Bar Association; the Canadian Association
of Provincial Court Judges; the Canadian Institute for the Administration
of Justice; the Canadian Club; the Canadian Council on Social Development;
the Canadian Association for the Prevention of Crime; the International
Society for the Reform of the Criminal Law; and the Centre for Public
Law and Public Policy.
Mr. Cohen formerly directed
research for nearly a decade at the Law Reform Commission of Canada
as the Coordinator of the Commission's Criminal Procedure Project.
He also served as Secretary to the Commission of Inquiry into the Deployment
of Canadian Forces to Somalia between 1995 and 1997.
1958-1961 Assistant lecturer
at the Law Faculty of the University of Innsbruck and work at the Bar.
1961-1997 official in the Secretariat
General of the Council of Europe (Strasbourg, France); 1976-1980 Secretary
of the Committee of Ministers; 1980-1993 Director of Human Rights; elected
Deputy Secretary-General in 1993; leaves his post before the end of
his term because of disagreement with dilution of Council of Europe
Has taught at the Universities
of Strasbourg and Nancy (France) and at the European Academy of Law
in Florence (Italy). Author of numerous publications in the field
of international law and human rights. 1997-1999 Visiting Professor
at the Faculty of Law of McGill University and at the Département des
sciences juridiques de l'Université du Québec à Montréal (UQAM)
and advisor to the Canadian Department of Justice. From 1999 to
2003 Dean of the Faculty of Law of McGill University. Presently Director
of the Montreal Institute of International Studies and Professor at
the Département des sciences juridiques de l'UQAM.
Was awarded the "Prix du
Civisme Européen" in 1991.
Member of a committee of four
"Sages" which prepared a human rights Agenda for the European Union.
2000-2005 Special Representative
of the Secretary-General of the UN for human rights in Cambodia.
Received the Human Rights Award
of the Lord Reading Law Society in 2001.
Robert Ellis Smith
Since 1974, Robert Ellis Smith,
a lawyer and journalist in Providence, R.I., has published Privacy Journal
newsletter, the world's first and longest lasting publication on individual
rights in the computer age. He has taught at Brown University,
University of Maryland, Harvard University, and Tufts University and
often appears before trade groups and government bodies and serves as
an expert witness in privacy and surveillance cases.
the War on Drugs, the War on Terror
Abstract: The privacy intrusions flowing from the
“war on drugs” have served as a template for the intrusions associated with the
“war on terrorism”. In addition, the
symbiotic relationship that has developed between the war on drugs and the war
on terror (“If you use illegal drugs, you are financing terrorist groups.”) is
being used as a justification for even greater levels of surveillance. In both cases, the legal and policy
approaches chosen to deal with the issue—illegal drugs or terrorism—has
resulted in ever-increasing levels of surveillance. This tutorial looks at the parallel privacy
consequences of adopting a law enforcement/security approach to these issues.
Eugene Oscapella is Barrister and Solicitor of
Ottawa. Mr. Oscapella completed
undergraduate studies in economics at the University of Toronto and received
his bachelor of laws degree from the University of Ottawa. He obtained his
Master of Laws degree from the London School of Economics and Political
Science. He was called to the Ontario Bar in 1980.
From 1980 to 81, Mr. Oscapella served as a commission
counsel with the McDonald Commission of Inquiry into the RCMP. From 1982 to 85, he was Director of
Legislation and Law Reform for the Canadian Bar Association. Since 1985, Mr. Oscapella has been an
independent adviser on Canadian legislative and social policy issues. For more than two decades he has also advised
governmental and non-governmental organizations in Canada and abroad on a range
of privacy issues. He is the principal author of the Privacy Commissioner’s
1989 study, AIDS and the Privacy Act, its 1990 study, Drug Testing and Privacy,
and its 1992 study, Genetic Testing and Privacy.
He is also a founding member of the Canadian
Foundation for Drug Policy and a former chair of the policy committee of the
Canadian Criminal Justice Association.
He lectures on drug policy in the Department of Criminology at the
University of Ottawa.
in the US and the UK
Abstract: This tutorial will
examine the legal aspects of wiretapping in the United States and the
United Kingdom. In the US, the Electronic Communications Privacy Act
of 1986 (ECPA) governs the acquisition and disclosure of information--e.g.,
electronic mail, logs, and subscriber identity--at the core of computer
network privacy. Unfortunately, ECPA's intricacies have bedeviled commentators,
leading one appeals court to call ECPA "famous (if not infamous)
for its lack of clarity." The US analysis of this tutorial
for laypeople will examine ECPA's rules, focusing especially on the
rules governing law enforcement eavesdropping. Similarly, the UK analysis
will look at the legal authorities governing surveillance in the UK.
Until recently, very few laws governed police and intelligence service
information-gathering authorities in the United Kingdom. Extraordinary
stop and search powers for terrorist-related offences, and warrants
for police interference with property provided exceptions. But
physical searches of property conducted by the intelligence services,
the interception of communications, the use of electronic bugs, and
the running of covert human intelligence sources operated under the
legislative and judicial radars. Beginning in the mid-1980s, the European
Court began to raise objections to the lack of safeguards and absence
of any statutory framework. Yet each time the Court has handed
down a significant finding against the United Kingdom, the state has
responded by, on the surface, meeting the demands of the European Convention
of Human Rights, and simultaneously expanding executive surveillance
Dr. Laura Donohue is a fellow
at CISAC and at Stanford Law School's Center for Constitutional Law.
Donohue's research focuses on national security and counterterrorist
law in the United States, United Kingdom, Republic of Ireland, Israel,
and the Republic of Turkey. Prior to Stanford, Donohue was a fellow
at Harvard University's John F. Kennedy School of Government, where
she served on the Executive Session for Domestic Preparedness and the
International Security Program. In 2001 the Carnegie Corporation named
her to its Scholars Program, funding the project, "Security and
Freedom in the Face of Terrorism." At Stanford, Donohue directed
a project for the United States Departments of Justice and State and,
later, Homeland Security, on mass-casualty terrorist incidents. She
has written numerous articles on counterterrorism in liberal, democratic
states. Author of Counter-terrorist Law and Emergency Powers in the
United Kingdom 1922-2000, she is completing a manuscript for Cambridge
University Press analyzing the impact of British and American counterterrorist
law on life, liberty, property, privacy, and free speech. Donohue obtained
her AB (with honors, in philosophy) from Dartmouth College, her MA (with
distinction, in war and peace studies) from University of Ulster, Northern
Ireland, her PhD in history from the University of Cambridge, and her
JD from Stanford Law School.
Mark Eckenwiler is Associate
Director of the Office of Enforcement Operations, Criminal Division,
U.S. Department of Justice. He previously worked for 9 years in
the Justice Department's Computer Crime Section, where he served as
Deputy Chief from 2002 to 2005.
His areas of responsibility
include federal wiretap law and online investigations. An Internet veteran
for over two decades, Mark has written and spoken widely (including
presentations at CFP in 1998, 1999, 2000, and 2002) on such issues as
anonymity and free speech, e-mail stalking laws, Internet jurisdiction,
electronic privacy, and the Fifth Amendment implications of cryptographic
keys. His articles have appeared in The National Law Journal,
Legal Times, American Lawyer, Civil RICO Report, Internet World, and
Mark holds an A.B. cum laude
from Harvard in History and Literature and an M.A. in Classics (Ancient
Greek) from Boston University. After receiving his J.D. cum laude
from New York University School of Law, he clerked for U.S. District
Court Judge I. Leo Glasser in the Eastern District of New York.
In 2002, he received the Exceptional Service Award - the Justice Department's
highest honor - for his work on federal cybercrime legislation.
Tutorial 6:Technical Aspects of Privacy in Communications and Privacy Preserving
Abstract: This tutorial will
present traffic analysis, data mining, and privacy controls. Access
to traffic data, such as who is talking to whom, for how long, and how
often, is not protected by conventional encryption and can in itself
leak privacy sensitive information. Furthermore access to such traffic
data is often easier than content: it requires less technical effort,
is subject to lower level of legal protection and with data retention
regimes such traffic data can also be accessed retrospectively. In the
traffic analysis part of this tutorial we will present the technical
issues involved in collecting and analyzing traffic data to extract
sensitive information, as well as secure communication systems designed
to evade such surveillance. The privacy-preserving data analysis aspects
of this tutorial will explore approaches to protect data yet retain
analytical capabilities. Given a large collection of potentially sensitive
information, how can we accurately answer general questions about the
data while preserving the privacy of individual data items. We begin
with a discussion of how privacy or its loss can be defined and measured,
and touch on some theoretical limitations of privacy-preserving data
analysis. Having established a framework and some boundaries,
we then evaluate several traditional and emerging approaches.
Dr George Danezis is post-doctoral
visiting fellow at the Cosic group, KU Leuven, in Flanders, Belgium.
He has been researching anonymous communications, privacy enhancing
technologies, and traffic analysis since 2000, at KU Leuven and the
University of Cambridge, where he completed his doctoral dissertation.
His theoretical contributions to the PET field include the established
information theoretic metric for anonymity and the study of statistical
attacks against mix systems. On the practical side he is one of the
lead designers of Mixminion, the next generation remailer, and has worked
on the traffic analysis of deployed protocols such as SSL and Tor. He
was the co-chair of the Privacy Enhancing Technologies Workshop in 2005
and 2006, he serves on the PET workshop board and has participated in
multiple conference and workshop program committees in the privacy and
Tutorial 7: Security
and Privacy Concerns with Electronic Health Information
Abstract: This tutorial will
present the technology and policy issues of electronic health record
(EHR) and other e-health information systems, with the policy issues
focusing on the Canadian EHR landscape. Electronic health information
systems are currently undergoing rapid deployment, and as they incorporate
advances in IT for new features and benefits, risk to patient privacy
increases. The technology discussion of this tutorial will consider
these new IT risks and how they impact the security and privacy of medical
records. Security technologies that are relevant to mitigating these
risks will be reviewed. The eHealth Vulnerability Reporting Program,
an industry initiative to evaluate some of the new threats and risks
to eHealth systems, will also be reviewed and learning results summarized.
The policy component of this tutorial will explore in more depth how
Pan-Canadian, interoperable electronic health record (EHR) systems present
exciting promise and opportunity for payers, managers, providers, researchers
and users of the health system. In exploring the associated privacy
issues, the following legal and policy challenges will be discussed:
issues arising from trans-border data-flows;
responsibilities among various players in the system;
use of EHR data for multiple purposes; and,
implementation and compliance measures.
Patricia Kosseim is General
Counsel at the Office of the Privacy Commissioner of Canada (OPC). She
provides legal advice on a broad range of policy and legislative initiatives;
represents OPC before Federal Court and Parliamentary Committees; directs
legal research on emerging privacy issues; and works collaboratively
with stakeholders across multiple jurisdictions and sectors.
Before joining OPC, Patricia
spent five years at the Ethics Office of the Canadian Institutes of
Health Research, leading initiatives aimed at: developing health policy
from an ethical, legal and social perspective; promoting a culture of
ethics and integrity in health research; and strengthening Canada's
health research capacity in areas of ethics, law and social sciences.
During that period, Patricia was temporarily seconded for a few months
to Canada Health Infoway Inc. to contribute her legal and privacy expertise
as part of a team of expert consultants advising the organization on
its inaugural business plan to develop pan-Canadian, electronic health
Prior to joining the public
service in Ottawa, Patricia practiced in Montreal for over six years
with a major national law firm in areas of human rights, health law,
labor and employment law, and professional regulation/liability.
Patricia has served on boards
of directors of non-profit community organizations and has participated
as volunteer member of hospital ethics committees and several governmental
advisory committees. She has published papers and presented at numerous
conferences across the country on topics related to health law, privacy
Patricia is a member of the
Quebec and Canadian Bar Associations since 1993. She obtained degrees
in Business (B.Com '87) and Law (B.C.L. / LL.B. '92) from McGill University,
as well as a Master's Degree in Medical Law and Ethics (M.A.'94) from
King's College in London, U.K.
Mr. O'Higgins is seasoned professional
in the security industry, and is best known for his role in introducing
PKI (Public Key Infrastructure) technology and products to the security
landscape. He is also a recognized speaker on IT and Internet security.
Prior to joining Third Brigade,
Mr. O'Higgins was the co-Founder and Chief Technology Officer of Entrust,
a leading Internet Security company. While at Entrust he had overall
responsibility for the technology vision and direction for the company.
He was previously with Nortel where he established the Secure Networks
group in 1993, and was instrumental in spinning-out this group as an
independent company, Entrust. Prior to this, Mr. O'Higgins was with
Bell-Northern Research (BNR) where he was involved in a variety of technology
development programs including public key security systems, technology
for new telephone products, in-building wireless communications systems
and high-performance computing architectures for digital telephone switches.
Mr. O'Higgins' current list
of affiliations includes advisory board positions with Defence R&D
Canada, Information Technology Association of Canada, Communications
and Information Technology Ontario, Algonquin College, and the Armed
Forces Communications and Electronics Association. In addition, he currently
serves on the boards of Recognia and Fischer International.
Tutorial 8: 1pm-4pm: An Overview of Identity Management Technologies and Policy Implications
Presenters: Tim Bouma (invited), Guy Herriges, Christian Paquin, Greg Thompson, Stanley Trepetin (invited)
This tutorial will give an overview of current industry initiatives and
trends in digital identity management, including policy implications in
the government sector. We will discuss the pros and cons with regard to
security and privacy of three main trends: centralized identity
management, federated identity management, and user-centric identity
management. We will also present on the implications of all three
approaches at the application level, focusing on e-government,
e-health, trusted computing, and consumer identity management. Topics
that will be discussed in detail include Windows CardSpace, SAML, the
Liberty Alliance efforts, "lightweight" identity management efforts for
social networking, and government efforts for government online. For
the government context in particular, policy implications of errors,
anonymity, and other issues connected to digital identity will be
The emphasis of this tutorial is to provide an objective review of pros
and cons, focusing on implications of the different approaches in
different contexts, especially government. As with most technologies,
no identity technology is good or bad per se; it is the context in
which they are used that determines any negative side effects.
This tutorial will be moderated and be presented in English and French.
Christian Paquin is Credentica's Chief Security Engineer. Christian
has been specializing in information security for the last decade;
prior to joining Credentica, he worked as a PKI specialist in an
electronic signature company and as a security expert in a company
providing privacy-enhancing technologies. Christian holds a M.Sc. in
computer science from the University of Montreal, where he did research
in the field of quantum cryptography.
Greg Thompson has fifteen years of experience designing and
implementing software systems and ensuring the success of software
development teams. Since the late 90's he has focused his career on
security-related network services. He was a chief architect of Surety's
premier Internet-based document authentication service, featuring a
high-performance, scalable, and fault-tolerant design. Prior to this,
he was an engineer and project leader for a cross-platform software
development tools vendor. Greg holds a B.Sc. in computer engineering
from Carnegie Mellon University.
Tim Bouma (invited)
Tim Bouma is the Acting Director, Identity Management, TBS CIO
Branch. Mr. Bouma is leading the efforts to develop Government of
Canada-wide Identity Management Strategy. Prior to joining TBS, Mr.
Bouma was an Executive Management Consultant with CGI. He also held
senior management positions within the software industry with Open Text
and Hummingbird. Mr. Bouma has an Executive MBA from the University of
Ottawa, and a B.A. Sc. from the University of Waterloo.
Guy Herriges is Manager of Strategy and Policy with the Office of the
Chief Information and Privacy Officer, Ontario Ministry of Government
Services, where he is currently focused on improving the management of
information across the public service. Guy has 20 years of experience
in information access and privacy as a policy manager and advisor
within the Ontario government. In his previous role as Manager of
Access and Privacy, Guy also led the development and implementation of
Ontario's Lobbyists Registration Act. Prior to joining the Ontario
government in 1987, Guy was the Assistant Director of the Saskatchewan
Human Rights Commission where he directed Human Rights Code
investigations across the province. Guy is a graduate of the University
of Saskatchewan with degrees in philosophy and law.
Stanley Trepetin (invited)
Stanley Trepetin is the Chief Information Technology Security Officer
at the New York City Department of Health and Mental Hygiene (DOHMH).
At DOHMH he sets overall IT security strategy and policy. Stanley
completed his PhD at MIT in Health Informatics in 2006. At MIT, he
designed new ways to anonymously match data and assess the value of
information privacy within health organizations. Prior to MIT he worked
for IBM for 10 years where he was a project manager and software
developer, and provided large systems software support to Fortune 500
clients. He has a Master's Degree from Duke University focusing on
patent usage within biotechnology and an undergraduate degree from