Tag: Privacy

Posted on by Leave a comment

EU-US data agreement an important milestone for data protection, Microsoft is committed to doing our part

Today, the European Commission and the U.S. government announced an important agreement governing the transfer of data between the EU and the U.S. This new Trans-Atlantic Data Privacy Framework is designed to rebuild and strengthen the data protection bridge between the EU and the U.S. by addressing the concerns of the Court of Justice of the European Union when it invalidated the original Privacy Shield framework in 2020. Microsoft applauds the European Commission and the U.S. government for achieving this important milestone. We greatly appreciate the enormous effort required for this important step, and we look forward to doing our full part to support these new measures and ensure that the new framework’s fundamental privacy protections are fully realized.

Microsoft is committed to embracing the new framework and will go beyond it by meeting or exceeding all the requirements this framework outlines for companies. We will do this through enhancements to how we handle legal requests for customer data and providing further support for individuals concerned about their rights.

This is how it will work:

First, Microsoft will confirm that any demand for personal data from the U.S. government complies with the newly announced Trans-Atlantic Data Privacy and Security Framework. If we believe the demand is not compliant, we will use all lawful means to challenge it.

Second, Microsoft will support the redress process under the new agreement by putting our full legal resources to work and seeking to actively participate in the judicial review of an individual’s claim of harm related to Microsoft’s public sector and commercial cloud services.

Our new commitments build upon our existing Defending Your Data protections, through which we will challenge – on all legal bases – any government demand for personal data we hold on behalf of our public sector and commercial customers, and we will provide monetary compensation if such data is disclosed unlawfully in response to a government request.

What’s new in the EU-U.S. framework for trusted data transfers

This framework addresses two concerns of the Court of Justice in the EU related to U.S. surveillance laws: (1) the scope and proportionality of permissible U.S. national security surveillance activities; and (2) the availability of redress mechanisms for Europeans whose personal data is improperly collected and used by U.S. intelligence agencies. The new framework rightfully makes clear that U.S. surveillance practices must be both necessary and proportionate. And critically, it creates an independent data protection review court to provide effective review and redress for Europeans impacted by improper surveillance.

Microsoft’s solutions provide greater customer protection

As a company, we will continue to advance solutions that further strengthen customer trust in our services, particularly for those customers who want more control over their data.

We will offer enhanced residency capabilities for processing and storing our public sector and commercial cloud customers’ personal data through our EU Data Boundary program. We will also continue to offer state-of-the-art encryption for data at rest and in transit for our Microsoft Cloud products in Azure, Microsoft 365, and Dynamics 365. In addition, we will continue to protect customer data through Microsoft’s unparalleled public cloud cybersecurity protections and solutions. By analyzing more than 24 trillion signals daily, Microsoft provides our government and commercial customers with global visibility into cybersecurity threats that cannot be matched by other cloud providers.

Microsoft supports global solutions

Microsoft will continue to support additional efforts to establish consensus around the globe on the appropriate balance between privacy and security, including through engagement at the OECD and in other global forums. We are committed to helping develop durable global solutions.

The new framework agreed to by the EU and the U.S. sets a very high standard for how governments should seek to access Europeans’ personal data and contains important rights for individuals to obtain redress if their data is accessed inappropriately. It is a welcome development and an important achievement for the data protection rights of Europeans.

Tags: , , , , ,

Posted on by Leave a comment

Putting differential privacy into practice to use data responsibly

Data can help businesses, organizations and societies solve difficult problems, but some of the most useful data contains personal information that can’t be used without compromising privacy. That’s why Microsoft Research spearheaded the development of differential privacy, which safeguards the privacy of individuals while making useful data available for research and decision making. Today, I am excited to share some of what we’ve learned over the years and what we’re working toward, as well as to announce a new name for our open source platform for differential privacy – a major part of our commitment to collaborate around this important topic.

Differential privacy consists of two components: statistical noise and a privacy-loss budget. Statistical noise masks the contribution of individual data points within a dataset but does not impact the overall accuracy of the dataset, while a privacy-loss budget keeps track of how much information has been revealed through various queries to ensure that aggregate queries don’t inadvertently reveal private information.

Since differential privacy was created, Microsoft has conducted research and developed and deployed technologies with the goal of enabling more people to participate in, contribute to and benefit from differential privacy. Last year, we partnered with Harvard’s Institute for Quantitative Social Science (IQSS) and School of Engineering and Applied Sciences (SEAS) to announce the OpenDP Initiative, and earlier this year released the initial version of our open source platform. We chose to develop differential privacy technologies in the open to enable increased participation in the creation of tools that empower a larger group of people to benefit from differential privacy.

Introducing SmartNoise

In June, we announced that we would be renaming our open source platform to avoid any potential misunderstanding of our intentions for this project and the community. Language and symbols matter, especially when you are trying to build an inclusive community and responsibly enable AI systems.

I’m thrilled to share that this platform will be renamed SmartNoise. The SmartNoise Platform, powered by OpenDP, captures an essential step in the differential privacy process and follows best practices of renaming terms like whitelist and blacklist to allowlist and blocklist.

By using SmartNoise, researchers, data scientists and others will be able to derive new and deeper insights from datasets that have the potential to help solve the most difficult societal problems in health, the environment, economics and other areas.

How we’re using SmartNoise and differential privacy today at Microsoft

As we apply differential privacy to our own products and begin to work with customers to do so, we’re learning a lot about what works and what we need to explore further.

Our first production use of differential privacy in reporting and analytics at Microsoft was in Windows, where we added noise to users’ telemetry data, enabling us to understand overall app usage without revealing information tied to a specific user. This aggregated data has been used to identify possible issues with applications and improve user experience.

Since then, we’ve applied differential privacy in similar ways to understand data that benefits our customers and helps us improve our products. We’ve learned that differential privacy works best in cases where a query or dataset with a limited set of computations will be refreshed on an ongoing basis – in these cases the work required to apply differential privacy pays off because you can spend the time to optimize it and then reuse that work. An example of this is the Insights for People Managers within Workplace Analytics. These insights enable managers to understand how the people in their team are doing and to learn how to drive change by using aggregated collaboration data without sharing any information about individuals.

An application of differential privacy with limited parameters but that enables interactivity is advertiser queries on LinkedIn. Advertisers can get differentially private answers to their top-k queries (where k is a number representing how many answers the advertiser wants from the query). Each advertiser is allotted a limited number of queries, which helps to ensure that multiple queries can’t be combined to deduce private information. So, for example, an advertiser could find out which articles are being read by software engineers or employees of a particular company, but wouldn’t be able to determine which individual users were reading them.

Another key application area for differential privacy is in machine learning, where the goal is to produce a machine learning model that protects the information about the individual datapoints in the training dataset.

For example, in Office suggested replies, we use differential privacy to narrow the set of responses to ensure that the model doesn’t learn from any replies that might violate an individual user’s privacy.

During the training of a machine learning model, the training algorithm can add differentially private noise and manage the privacy budget across iterations. These algorithms often take longer to train, and often require tuning for accuracy, but this effort can be worth it for the more rigorous privacy guarantees that differential privacy enables.

To take this scenario further, we are also exploring the potential for synthetic data in machine learning, which is currently only an option if we know the specific task or question the algorithm needs to understand. The idea behind synthetic data is that it preserves all the key statistical attributes of a dataset but doesn’t contain any actual private data. Using the original dataset, we would apply a differential privacy algorithm to generate synthetic data specifically for the machine learning task. This means the model creator doesn’t need access to the original dataset and can instead work directly with the synthetic dataset to develop their model. The synthetic data generation algorithm can use the privacy budget to preserve the key properties of the dataset while adding more noise in less essential places.

SmartNoise and differential privacy going forward

We have learned so much about differential privacy, and we’re only scraping the surface of what’s possible – and starting to understand the barriers and limitations that exist.

We continue to make investments in our tools, develop new ones and innovate with new practices and research. On the technical side, there are a few areas we will pursue further. Most production applications are using a known limited set of computations, so we’ll have to go further in making differential privacy work well for a larger set of queries. We will further enable interactivity, which means dynamically optimizing so queries work well without hand-tuning. We will develop a robust budget tracking system that would allow many different people to use the data. And we will adopt security measures that would allow an untrusted analyst to query and use the data without having full access to the dataset.

There are also policy, governance and compliance questions that need to be addressed. For example, if we are allocating budget for a dataset across a diverse set of users and potential projects, how do we decide how much budget each researcher accessing the data gets? Going forward, we will strive to answer these important questions with the help of the open source differential privacy community.

And synthetic data is a particularly exciting area for exploration because anyone could access and use it without privacy ramifications. However, there are still many research questions on how to effectively implement differential privacy – while still providing accurate results – when we don’t know what the analysis will look like in advance.

Many questions remain, and we know we will need help from the community to answer them. With the OpenDP Initiative and SmartNoise project, we announced our commitment to developing differential privacy technologies in the open to enable more people to participate and contribute, and we look forward to collaborating with and learning from all of you.

Gary King, director of the Institute for Quantitative Social Science at Harvard, had this to say: “We created OpenDP to build a far more secure foundation for efforts to ensure privacy for people around the world.  We are proud to release SmartNoise with Microsoft and hope to build an active and vibrant community of researchers, academics, developers and others to fully unlock the power of data to help address some of the most pressing challenges we face.”

If you want to get involved in OpenDP and SmartNoise, find us on GitHub. We will also continue to openly share our technical and non-technical learnings as we deploy differential privacy in production across the company.

Sarah Bird is a principal program manager and the Responsible AI lead for Cognitive Services within Azure AI. Sarah’s work focuses on research and emerging technology strategy for AI products in Azure. Sarah works to accelerate the adoption and impact of AI by bringing together the latest innovations in research with the best of open source and product expertise to create new tools and technologies.

Posted on by Leave a comment

Why privacy is more important than ever in an equitable recovery

What a difficult year this has been. During the past nine months, COVID-19 has disrupted almost every aspect of our lives, our work and our social interactions to a degree most of us never imagined possible. The economic damage may take years to repair.

Here in the United States, the shocking deaths of George Floyd and Breonna Taylor call us to acknowledge and address the systemic racial inequalities that have shaped our nation for too long.

It is a lot to deal with.

But amid all this disruption, we have also experienced an incredible digital transformation. In just a few months, we have jumped forward years in our use of advanced digital tools for interacting with one another, running our businesses, sending our kids to school and understanding what is going on in the world.

Now, as we begin to move from responding to the coronavirus crisis toward recovery, data will play an important role. Data is critical not just in rebuilding our economy but in helping us understand societal inequalities that have contributed to dramatically higher rates of sickness and death among Black communities and other communities of color due to COVID-19. Data can also help us focus resources on rebuilding a more just, fair and equitable economy that benefits all.

Let’s not waste this opportunity. Much of the data needed to make positive progress is personal information – data about our location, our health and our work. To achieve the full benefits that the digital transformation promises, people must trust their information is used responsibly and respectfully.

Trust is fragile, and consumers have plenty of reasons to be wary of how their data is used. This is particularly true in the United States where companies and government are not doing enough to protect the privacy of personal information. Today, it is simply too difficult for people to find out what personal data is collected about them or how it will be used. And there have been more than enough high-profile data breaches and stories about the misuse of personal data in recent years to give people pause about whether companies and government are good stewards of their personal data.

A new study conducted by the international research firm YouGov on behalf of Microsoft makes clear just how tenuous trust is in the United States. In that study, 90% of the people surveyed said they are concerned about sharing their information.1

The United States has fallen far behind the rest of the world in privacy protection

One reason trust is so tenuous in the United States is the lack of a strong national privacy law. Since the European Union’s General Data Protection Regulation (GDPR) was adopted just two years ago, many countries, including Brazil, India, Japan, Kenya, South Africa, South Korea and Thailand, have adopted, revised or proposed new frameworks for privacy protection that recognize people own their personal data and have a right to view, correct and delete it. In total, over 130 countries and jurisdictions have enacted privacy laws.

Yet, one country has not done so yet: the United States. Current laws in the United States govern only limited types of information, and all of them are more than two decades old.

The YouGov survey also found that the American public is overwhelmingly in favor of stronger privacy protection law. Seven out of 10 people surveyed said they don’t think government does enough to keep their personal data private, and the same large majority would like to see privacy regulation addressed during the next administration.

As countries around the world pursue new legal frameworks, global standards are being developed without U.S. involvement. In contrast to the role our country has traditionally played on global issues, the U.S. is not leading, or even participating in, the discussion over common privacy norms.

If the U.S. wants to join the global conversation about how to develop robust privacy and data protection laws that will enable innovation through responsible data use, it will need to act fast. If Congress does not act soon, we will see the balance of power on these critical issues shift away from Washington, D.C., and move to Brussels, Berlin, New Delhi and Tokyo.

The good news is that states are stepping in through legislation such as the California Consumer Privacy Act (CCPA), which includes provisions that reflect some of the individual rights granted by GDPR. Other states are considering their own proposals. There are also signs of real interest among some members of Congress, who have proposed new privacy legislation that would reestablish American leadership in privacy protection and provide the legal framework essential for consumers’ trust that their data will be handled safely.

Placing the responsibility for privacy where it belongs – on companies

Strong privacy legislation is important. But the simple truth is that the onus to create and maintain trust must fall on the companies that collect, process and store personal data. No matter what the law says, if companies aren’t responsible, transparent and accountable when using personal information, their customers will not trust them and they will fail.

Our recent research bears this out. The YouGov study found that significantly more people believe companies bear the primary responsibility for protecting data privacy – not government.

And yet prevailing practices in this country place the vast bulk of responsibility for privacy protection on individuals. Although this approach complies with current U.S. law, it seems almost perfectly designed to undermine trust. The large number of websites, devices and apps that people rely on to remain connected and engaged – a number that has grown even larger during this health crisis – makes it nearly impossible for individuals to navigate the privacy information overload and make informed decisions about how their data is used. Too often, we deliver that information in notices difficult for lawyers and engineers to understand – much less consumers.

Instead of lobbying Congress or state legislatures to water down or block privacy legislation, it is time for businesses to advocate for stronger privacy laws in this country. In addition to engendering greater trust with their customers, a strong privacy law will provide companies with clear guardrails about how they can use data for responsible innovation with greater assurance.

And whether new laws are passed or not, it is essential that companies develop their own strong privacy standards and assume accountability for how they use customers’ data.

Creating a framework of trust – both for congressional action and corporate accountability – should begin with these four principles:

  • Transparency about how companies collect, use and share personal information. Consumers are clamoring to understand what data companies have and how they will interact with it
  • Consumer empowerment that guarantees the right of individuals to access, correct, delete and move personal information
  • Corporate responsibility that requires companies to be good stewards of consumer information
  • Strong enforcement through a strong central regulator and vigilant state’s attorneys general offices that have the authority and funding to enforce the laws and take action to hold violators accountable

I’m confident all this is achievable. The imperative to do so has never been more urgent, and the momentum toward progress has never been stronger.

As difficult as the past nine months have been, they have also been filled with signs of great human resilience and ingenuity. You can see it in the heroic work of frontline health-care workers, the rapid progress made toward creating a vaccine, and the commitment of a new generation of young activists to work toward ending systemic racism. Health-care providers are now using telemedicine to treat patients in ways that protect them from exposure to coronavirus and are finding new ways to deliver care to people who would otherwise have difficulty accessing a doctor. Businesses are using powerful new digital capabilities to foster collaboration, engage with customers and reinvent business models in a world facing unprecedented constraints.

This must be just the start. Now is the time to build on these promising steps forward. But to do so, trust is essential. It is time for government and business to work together to pass laws and reinvent practices to recognize the individual right to own and control personal data and to place the responsibility for protecting privacy where it belongs – on companies.

This is the best and only way to create the conditions that will make trust possible. It is also an essential foundation for building a recovery that is robust and sustainable and serves everyone equally.

1 YouGov Study (2020, October 5). Commissioned study conducted on behalf of Microsoft Corp. by YouGov, an international survey research firm. The poll was conducted between September 28 and October 5, 2020, with a representative sample of 5,000 registered voters nationwide. The margin of error for the poll was +/- 1.5 points.

Tags: , , , , , ,

Posted on by Leave a comment

Use DNS over TLS

The Domain Name System (DNS) that modern computers use to find resources on the internet was designed 35 years ago without consideration for user privacy. It is exposed to security risks and attacks like DNS Hijacking. It also allows ISPs to intercept the queries.

Luckily, DNS over TLS and DNSSEC are available. DNS over TLS and DNSSEC allow safe and encrypted end-to-end tunnels to be created from a computer to its configured DNS servers. On Fedora, the steps to implement these technologies are easy and all the necessary tools are readily available.

This guide will demonstrate how to configure DNS over TLS on Fedora using systemd-resolved. Refer to the documentation for further information about the systemd-resolved service.

Step 1 : Set-up systemd-resolved

Modify /etc/systemd/resolved.conf so that it is similar to what is shown below. Be sure to enable DNS over TLS and to configure the IP addresses of the DNS servers you want to use.

$ cat /etc/systemd/resolved.conf
[Resolve]
DNS=1.1.1.1 9.9.9.9
DNSOverTLS=yes
DNSSEC=yes
FallbackDNS=8.8.8.8 1.0.0.1 8.8.4.4
#Domains=~.
#LLMNR=yes
#MulticastDNS=yes
#Cache=yes
#DNSStubListener=yes
#ReadEtcHosts=yes

A quick note about the options:

  • DNS: A space-separated list of IPv4 and IPv6 addresses to use as system DNS servers
  • FallbackDNS: A space-separated list of IPv4 and IPv6 addresses to use as the fallback DNS servers.
  • Domains: These domains are used as search suffixes when resolving single-label host names, ~. stand for use the system DNS server defined with DNS= preferably for all domains.
  • DNSOverTLS: If true all connections to the server will be encrypted. Note that this mode requires a DNS server that supports DNS-over-TLS and has a valid certificate for it’s IP.

NOTE: The DNS servers listed in the above example are my personal choices. You should decide which DNS servers you want to use; being mindful of whom you are asking IPs for internet navigation.

Step 2 : Tell NetworkManager to push info to systemd-resolved

Create a file in /etc/NetworkManager/conf.d named 10-dns-systemd-resolved.conf.

$ cat /etc/NetworkManager/conf.d/10-dns-systemd-resolved.conf
[main]
dns=systemd-resolved

The setting shown above (dns=systemd-resolved) will cause NetworkManager to push DNS information acquired from DHCP to the systemd-resolved service. This will override the DNS settings configured in Step 1. This is fine on a trusted network, but feel free to set dns=none instead to use the DNS servers configured in /etc/systemd/resolved.conf.

Step 3 : start & restart services

To make the settings configured in the previous steps take effect, start and enable systemd-resolved. Then restart NetworkManager.

CAUTION: This will lead to a loss of connection for a few seconds while NetworkManager is restarting.

$ sudo systemctl start systemd-resolved
$ sudo systemctl enable systemd-resolved
$ sudo systemctl restart NetworkManager

NOTE: Currently, the systemd-resolved service is disabled by default and its use is opt-in. There are plans to enable systemd-resolved by default in Fedora 33.

Step 4 : Check if everything is fine

Now you should be using DNS over TLS. Confirm this by checking DNS resolution status with:

$ resolvectl status
MulticastDNS setting: yes DNSOverTLS setting: yes DNSSEC setting: yes DNSSEC supported: yes Current DNS Server: 1.1.1.1 DNS Servers: 1.1.1.1 9.9.9.9 Fallback DNS Servers: 8.8.8.8 1.0.0.1 8.8.4.4

/etc/resolv.conf should point to 127.0.0.53

$ cat /etc/resolv.conf
# Generated by NetworkManager
search lan
nameserver 127.0.0.53

To see the address and port that systemd-resolved is sending and receiving secure queries on, run:

$ sudo ss -lntp | grep '\(State\|:53 \)'
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:* users:(("systemd-resolve",pid=10410,fd=18))

To make a secure query, run:

$ resolvectl query fedoraproject.org
fedoraproject.org: 8.43.85.67 -- link: wlp58s0 8.43.85.73 -- link: wlp58s0 [..] -- Information acquired via protocol DNS in 36.3ms.
-- Data is authenticated: yes

BONUS Step 5 : Use Wireshark to verify the configuration

First, install and run Wireshark:

$ sudo dnf install wireshark
$ sudo wireshark

It will ask you which link device it have to begin capturing packets on. In my case, because I use a wireless interface, I will go ahead with wlp58s0. Set up a filter in Wireshark like tcp.port == 853 (853 is the DNS over TLS protocol port). You need to flush the local DNS caches before you can capture a DNS query:

$ sudo resolvectl flush-caches

Now run:

$ nslookup fedoramagazine.org

You should see a TLS-encryped exchange between your computer and your configured DNS server:

Poster in Cover Image Approved for Release by NSA on 04-17-2018, FOIA Case # 83661

Posted on by Leave a comment

New differential privacy platform co-developed with Harvard’s OpenDP unlocks data while safeguarding privacy

Data not only drives our modern world; it also bears enormous potential. Data is necessary to shape creative solutions to critical challenges including climate change, terrorism, income and racial inequality, and COVID-19. The concern is that the deeper you dig into the data, the more likely that sensitive personal information will be revealed.

To overcome this, we have developed and released a first-of-its-kind open source platform for differential privacy. This technology, pioneered by researchers at Microsoft in a collaboration with the OpenDP Initiative led by Harvard, allows researchers to preserve privacy while fully analyzing datasets. As a part of this effort, we are granting a royalty-free license under Microsoft’s differential privacy patents to the world through OpenDP, encouraging widespread use of the platform, and allowing anyone to begin utilizing the platform to make their datasets widely available to others around the world.

Cynthia Dwork, Gordon McKay professor of CS at Harvard and Distinguished Scientist at Microsoft said, “Differential privacy, the heart of today’s landmark milestone, was invented at Microsoft Research a mere 15 years ago. In the life cycle of transformative research, the field is still young. I am excited to see what this platform will make possible.”

Differential privacy does this via a complex mathematical framework that utilizes two mechanisms to protect personally identifiable or confidential information within datasets:

  • A small amount of statistical “noise” is added to each result to mask the contribution of individual data points. This noise works to protect the privacy of an individual while not significantly impacting the accuracy of the answers extracted by analysts and researchers.
  • The amount of information revealed from each query is calculated and deducted from an overall privacy budget to halt additional queries when personal privacy may be compromised.

Through these mechanisms, differential privacy protects personally identifiable information by preventing it from appearing in data analysis altogether. It further masks the contribution of an individual, essentially rendering it impossible to infer any information specific to any particular person,­ including whether the dataset utilized that individual’s information at all. As a result, outputs from data computations, including analytics and machine learning, do not reveal private information from the underlying data, which opens the door for researchers to harness and share massive quantities of data in a manner and scale never seen before.

“We need privacy enhancing technologies to earn and maintain trust as we use data. Creating an open source platform for differential privacy, with contributions from developers and researchers from organizations around the world, will be essential in maturing this important technology and enabling its widespread use,” said Julie Brill, Chief Privacy Officer, Corporate Vice President, and Deputy General Counsel of Global Privacy and Regulatory Affairs.

Over the past year, Microsoft and Harvard worked to build an open solution that utilizes differential privacy to keep data private while empowering researchers across disciplines to gain insights that possess the potential to rapidly advance human knowledge.

“Our partnership with Microsoft – in developing open source software and in spanning the industry-academia divide – has been tremendously productive. The software for differential privacy we are developing together will enable governments, private companies and other organizations to safely share data with academics seeking to create public good, protect individual privacy and ensure statistical validity,” said Gary King, Weatherhead University Professor, and Director Institute for Quantitative Social Science, Harvard University.

Because the platform is open source, experts can directly validate the implementation, while researchers and others working within an area can collaborate on projects and co-develop simultaneously. The result is that we will be able to iterate more rapidly to mature the technology. Only through collaboration at a massive scale will we be able to combine previously unconnected or even unrelated datasets into extensive inventories that can be analyzed by AI to further unlock the power of data.

Large and open datasets possess an unimaginable amount of potential. The differential privacy platform paves the way for us to contribute, collaborate and harness this data, and we need your help to grow and analyze the world’s collective data repositories. The resulting insights will have an enormous and lasting impact and will open new avenues of research that allow us to develop creative solutions for some of the most pressing problems we currently face.

The differential privacy platform and its algorithms are now available on GitHub for developers, researchers, academics and companies worldwide to use for testing, building and support. We welcome and look forward to the feedback in response to this historic project.

Tags: , , , , ,

Posted on by Leave a comment

How the new Washington Privacy Act raises the bar for privacy in the US

This month, a bipartisan group of legislators in Washington state presented new legislation that could soon become the most comprehensive privacy law in the country. The centerpiece of this legislation, the Washington Privacy Act as substituted, goes further than the landmark bill California recently enacted and builds on the law Europeans have enjoyed for the past year and a half.

As Microsoft President Brad Smith shared in his blog post about our priorities for the state of Washington’s current legislative session, we believe it is important to enact strong data privacy protections to demonstrate our state’s leadership on what we believe will be one of the defining issues of our generation. People will only trust technology if they know their data is private and under their control, and new laws like these will help provide that assurance. We’re encouraged that privacy legislation in Washington has been welcomed by privacy advocates such as Consumer Reports and the Future of Privacy Forum.

To date, the U.S. has taken the approach of enacting privacy law in just a few key areas, such as financial services, children and some health data. However, on average, people today produce 25 times the online data they did in 2010, and this data no longer just records our medical checkups or banking activities but just about every aspect of our lives. The Washington Privacy Act addresses these significant gaps by creating comprehensive baseline protections. As the United States Congress continues to work on these safeguards, states such as Washington have the opportunity to move faster and give people the protections they deserve.

Washington came close to passing a good bill last year. As I wrote in April 2019, every year we kick the can down the road is another year we’ll spend searching for the perfect legislation rather than starting to provide people with needed protection, and then building on a strong foundation. And people are overwhelmingly voicing their support for the legislature to take action now. In a Crosscut/Elway poll conducted in December 2019, 84% of Washington respondents supported “strengthening consumer protections for personal data online” and placed privacy above issues such as carbon emissions and rent control.

Why the Washington Privacy Act is strong

The Washington Privacy Act, introduced by Senator Reuven Carlyle, has four core components that we believe are critical in any comprehensive privacy bill.

Corporate responsibility: First, it holds companies responsible for ensuring they only use data for the reason they collect it and with the permission of their customers. If a company collects someone’s phone number for the purpose of two-factor authentication, they shouldn’t then be permitted to use that information for targeted ad or search purposes.

Consumer empowerment: Second, it gives people the ability to control their data by providing rights to access, correct, delete and relocate their data, and to limit a company’s ability to use their data.

Transparency: Third, it requires companies to be clear about their intentions for collecting people’s personal data in a way that is easy to understand.

Strong enforcement: Fourth, it enables the state attorney general to ensure companies comply with the law. The state attorney general can take legal action with penalties up to $7,500 per violation, meaning total penalties for a non-compliant company could – depending on the number of people affected – amount to hundreds of millions of dollars. In addition to attorney general enforcement, the Washington Privacy Act requires companies to be responsive to consumer requests for information about what data of theirs companies have and how that data is used.

This year’s bill has significant improvements over last year’s legislation. For example, it now requires companies to tell people why their data is being collected and to use it only for that purpose, ensures companies only collect the minimum data needed for that purpose, and prohibits companies from using data in new ways that are different and distinct from the reasons they collected the information in the first place.

Prevent a “race to the bottom” with facial recognition

In addition to addressing the four privacy principles, the Washington Privacy Act sets standards for how and when companies can use facial recognition technology. This portion of the bill includes a range of steps to protect people from this largely unregulated technology, and we think four are particularly worth discussing.

Fairness: First, suppliers of facial recognition technology must build their technology so that third-party research organizations can test its accuracy and examine it for bias.  When undisclosed problems with the technology are discovered, suppliers must take action.

Consent: Second, the default rule is that people must give permission for companies to add their image to a facial recognition database and this consent must be meaningful, not just a footnote buried in legal jargon.

Notification: Third, in any public place where facial recognition technology is used, companies must post clear notice.

Human Review: Fourth, results of facial recognition must be verified when critical decisions such as mortgage approvals or employment considerations are being made, and humans have to be involved in the decision-making process.

The Washington Legislature will also consider an important proposal to regulate the use of facial recognition by government. A bill proposed by Senator Joe Nguyen contains many of the safeguards the Washington Privacy Act applies to corporate use as well as new rules to be applied to governmental scenarios. For example, the technology can only be used in public places to address serious crimes when a search warrant has been issued or when there’s a genuine emergency such as a terrorist threat or a kidnapped child. Law enforcement must disclose to defendants when facial recognition is being used in a legal case against them.

As Brad Smith has outlined, if we don’t act, we risk waking up five years from now (or even sooner) to find that facial recognition services have spread in ways that exacerbate societal issues. By setting boundaries before, during and after deployment of facial recognition, we hope that these regulations offer the public more opportunity to be involved in the decisions regarding the acceptable use of the technology by commercial actors as well as state and local authorities. Neither the Washington Privacy Act nor the Nguyen bill provide all the answers to the challenges that will arise with this technology, but both bills provide strong baseline standards that will give people meaningful protections for the first time. Passing these bills in this session will allow the legislature to focus future sessions on building and improving upon them.

Open public dialogue

We believe advocating for laws like these are good for our customers and important for holding the industry to higher standards than the law does today. Microsoft has been engaged along with dozens of entities including companies, privacy experts, advocacy groups and legislators invited to comment on early draft proposals leading up to this session. We are committed to working with lawmakers and stakeholders to ensure the final bill provides comprehensive privacy protection for all Washingtonians. You can learn more about our efforts from last week’s testimony.

Tags: , , , , , ,

Posted on by Leave a comment

Introducing more privacy transparency for our commercial cloud customers

At Microsoft, we listen to our customers and strive to address their questions and feedback, because one of our foundational principles is to help our customers succeed. Today Microsoft is announcing an update to the privacy provisions in the Microsoft Online Services Terms (OST) in our commercial cloud contracts that stems from additional feedback we’ve heard from our customers.

Our updated OST will reflect contractual changes we have developed with one of our public sector customers, the Dutch Ministry of Justice and Security (Dutch MoJ). The changes we are making will provide more transparency for our customers over data processing in the Microsoft cloud.

Microsoft is currently the only major cloud provider to offer such terms in the European Economic Area (EEA) and beyond.

We are also announcing that we will offer the new contractual terms to all our commercial customers – public sector and private sector, large enterprises and small and medium businesses – globally. At Microsoft we consider privacy a fundamental right, and we believe stronger privacy protections through greater transparency and accountability should benefit our customers everywhere.

Clarifying Microsoft’s responsibilities for cloud services under the OST update

In anticipation of the General Data Protection Regulation (GDPR), Microsoft designed most of its enterprise services as services where we are a data processor for our customers, taking the necessary steps to comply with the new data protection laws in Europe. At a basic level, this means Microsoft collects and uses personal data from its enterprise services to provide the online services requested by our customers and for the purposes instructed by our customers. As a processor, Microsoft ensures the integrity and safety of customer data, but that data itself is owned, managed and controlled by the customer.

Through the OST update we are announcing today we will increase our data protection responsibilities for a subset of processing that Microsoft engages in when we provide enterprise services. In the OST update, we will clarify that Microsoft assumes the role of data controller when we process data for specified administrative and operational purposes incident to providing the cloud services covered by this contractual framework, such as Azure, Office 365, Dynamics and Intune. This subset of data processing serves administrative or operational purposes such as account management; financial reporting; combatting cyberattacks on any Microsoft product or service; and complying with our legal obligations.

The change to assert Microsoft as the controller for this specific set of data uses will serve our customers by providing further clarity about how we use data, and about our commitment to be accountable under GDPR to ensure that the data is handled in a compliant way.

Meanwhile, Microsoft will remain the data processor for providing the services, improving and addressing bugs or other issues related to the service, ensuring security of the services, and keeping the services up to date.

As noted above, the updated OST reflects the contractual changes we developed with the Dutch MOJ.  The only substantive differences in the updated terms relate to customer-specific changes requested by the Dutch MOJ, which had to be adapted for the broader global customer base.

The work to provide our updated OST has already begun. We anticipate being able to offer the new contract provisions to all public sector and enterprise customers globally at the beginning of 2020.

Working with our customers to strengthen privacy

Before and after GDPR became law in the EU, Microsoft has taken steps to ensure that we protect the privacy of all who use our products and services. We continue to work on behalf of customers to remain aligned with the evolving legal interpretations of GDPR.  For example, customer feedback from the Dutch MoJ and others has led to the global roll out of a number of new privacy tools across our major services, specific changes to Office 365 ProPlus as well as increased transparency regarding use of diagnostic data.

We remain committed to listening closely to our customers’ needs and concerns regarding privacy. Whenever customer questions arise, we stand ready to focus our engineering, legal and business resources on implementing measures that our customers require. At Microsoft, this is part of our mission to empower every individual and organization on the planet to achieve more.

Tags: , ,

Posted on by Leave a comment

Cloning a MAC address to bypass a captive portal

If you ever attach to a WiFi system outside your home or office, you often see a portal page. This page may ask you to accept terms of service or some other agreement to get access. But what happens when you can’t connect through this kind of portal? This article shows you how to use NetworkManager on Fedora to deal with some failure cases so you can still access the internet.

How captive portals work

Captive portals are web pages offered when a new device is connected to a network. When the user first accesses the Internet, the portal captures all web page requests and redirects them to a single portal page.

The page then asks the user to take some action, typically agreeing to a usage policy. Once the user agrees, they may authenticate to a RADIUS or other type of authentication system. In simple terms, the captive portal registers and authorizes a device based on the device’s MAC address and end user acceptance of terms. (The MAC address is a hardware-based value attached to any network interface, like a WiFi chip or card.)

Sometimes a device doesn’t load the captive portal to authenticate and authorize the device to use the location’s WiFi access. Examples of this situation include mobile devices and gaming consoles (Switch, Playstation, etc.). They usually won’t launch a captive portal page when connecting to the Internet. You may see this situation when connecting to hotel or public WiFi access points.

You can use NetworkManager on Fedora to resolve these issues, though. Fedora will let you temporarily clone the connecting device’s MAC address and authenticate to the captive portal on the device’s behalf. You’ll need the MAC address of the device you want to connect. Typically this is printed somewhere on the device and labeled. It’s a six-byte hexadecimal value, so it might look like 4A:1A:4C:B0:38:1F. You can also usually find it through the device’s built-in menus.

Cloning with NetworkManager

First, open nm-connection-editor, or open the WiFI settings via the Settings applet. You can then use NetworkManager to clone as follows:

  • For Ethernet – Select the connected Ethernet connection. Then select the Ethernet tab. Note or copy the current MAC address. Enter the MAC address of the console or other device in the Cloned MAC address field.
  • For WiFi – Select the WiFi profile name. Then select the WiFi tab. Note or copy the current MAC address. Enter the MAC address of the console or other device in the Cloned MAC address field.

Bringing up the desired device

Once the Fedora system connects with the Ethernet or WiFi profile, the cloned MAC address is used to request an IP address, and the captive portal loads. Enter the credentials needed and/or select the user agreement. The MAC address will then get authorized.

Now, disconnect the WiFi or Ethernet profile, and change the Fedora system’s MAC address back to its original value. Then boot up the console or other device. The device should now be able to access the Internet, because its network interface has been authorized via your Fedora system.

This isn’t all that NetworkManager can do, though. For instance, check out this article on randomizing your system’s hardware address for better privacy.

Randomize your MAC address using NetworkManager

Posted on by Leave a comment

Use sshuttle to build a poor man’s VPN

Nowadays, business networks often use a VPN (virtual private network) for secure communications with workers. However, the protocols used can sometimes make performance slow. If you can reach reach a host on the remote network with SSH, you could set up port forwarding. But this can be painful, especially if you need to work with many hosts on that network. Enter sshuttle — which lets you set up a quick and dirty VPN with just SSH access. Read on for more information on how to use it.

The sshuttle application was designed for exactly the kind of scenario described above. The only requirement on the remote side is that the host must have Python available. This is because sshuttle constructs and runs some Python source code to help transmit data.

Installing sshuttle

The sshuttle application is packaged in the official repositories, so it’s easy to install. Open a terminal and use the following command with sudo:

$ sudo dnf install sshuttle

Once installed, you may find the manual page interesting:

$ man sshuttle

Setting up the VPN

The simplest case is just to forward all traffic to the remote network. This isn’t necessarily a crazy idea, especially if you’re not on a trusted local network like your own home. Use the -r switch with the SSH username and the remote host name:

$ sshuttle -r username@remotehost 0.0.0.0/0

However, you may want to restrict the VPN to specific subnets rather than all network traffic. (A complete discussion of subnets is outside the scope of this article, but you can read more here on Wikipedia.) Let’s say your office internally uses the reserved Class A subnet 10.0.0.0 and the reserved Class B subnet 172.16.0.0. The command above becomes:

$ sshuttle -r username@remotehost 10.0.0.0/8 172.16.0.0/16

This works great for working with hosts on the remote network by IP address. But what if your office is a large network with lots of hosts? Names are probably much more convenient — maybe even required. Never fear, sshuttle can also forward DNS queries to the office with the –dns switch:

$ sshuttle --dns -r username@remotehost 10.0.0.0/8 172.16.0.0/16

To run sshuttle like a daemon, add the -D switch. This also will send log information to the systemd journal via its syslog compatibility.

Depending on the capabilities of your system and the remote system, you can use sshuttle for an IPv6 based VPN. You can also set up configuration files and integrate it with your system startup if desired. If you want to read even more about sshuttle and how it works, check out the official documentation. For a look at the code, head over to the GitHub page.

Photo by Kurt Cotoaga on Unsplash.

Posted on by Leave a comment

Microsoft acquires BlueTalon, simplifying data privacy and governance across modern data estates

The data landscape has changed rapidly over the past few years, enabling tremendous opportunity for enterprises to digitally transform. Data estates are increasingly diverse with fit-for-purpose systems (NoSQL, RDBMs, Data Lakes & Big Data, SaaS apps, etc.) spanning on-premises and cloud environments capable of processing data of all shapes and sizes. This rapid evolution has empowered data professionals including data engineers, data scientists and data analysts to do much more, but at the same time has vastly increased the size and diversity of data estates, making data management and governance harder than ever. In fact, 57 percent of Gartner survey respondents cited “supporting data governance and data security” as one of the biggest challenges for their data management practice.1

At the heart of any digital transformation is making data discovery, access and use simple, secure, compliant and trustworthy. Data privacy is one of the defining issues of our time, as evidenced by the introduction and evolution of privacy laws across the globe (e.g., GDPR, CCPA, etc.). As technology becomes more engrained in our lives and our work, it must be simple to understand and control what data is collected and easily manage who has access to that data and for what purpose.

Today we are excited to announce the acquisition of BlueTalon, a leading provider of Unified Data Access Control solutions for modern data platforms. BlueTalon works with leading Fortune 100 companies to eliminate data security blind spots and gain visibility and control of data. BlueTalon provides a customer-proven, data-centric solution for data access management and auditing across the diverse systems resident in modern data estates.

The IP and talent acquired through BlueTalon brings a unique expertise at the apex of big data, security and governance. This acquisition will enhance our ability to empower enterprises across industries to digitally transform while ensuring right use of data with centralized data governance at scale through Azure.

Together with BlueTalon, we are committed to help enterprises become data-driven companies in a secure and compliant manner. We’re excited to welcome the BlueTalon team to Microsoft and can’t wait to get started. For more information, please see BlueTalon CEO Eric Tilenius’ blog post.

¹ Gartner Survey Analysis: Data Management Is Pressed Between Support for Analytics — and Data Governance, Risk and Compliance, Figure 3, Roxane Edjlali, March 22, 2018

Tags: