Keynote Speakers

Ari Juels is a Professor at Cornell Tech (Jacobs Institute) in New York City. He was the Chief Scientist of RSA (The Security Division of EMC), Director of RSA Laboratories, and a Distinguished Engineer at EMC, where he worked until 2013. He joined RSA in 1996 after receiving his Ph.D. in computer science from U.C. Berkeley. His recent areas of interest include "big data" security analytics, cybersecurity, cloud security, user authentication, privacy, medical-device security, biometric security, and RFID/NFC security. As an industry scientist, Dr. Juels has helped incubate innovative new product features and products and advised on the science behind security-industry strategy. He is also a frequent public speaker, and has published highly cited scientific papers on many topics in computer security. In 2004, MIT's Technology Review Magazine named Dr. Juels one of the world's top 100 technology innovators under the age of 35. Computerworld honored him in its "40 Under 40" list of young industry leaders in 2007. He has received other distinctions, but sadly no recent ones acknowledging his youth.

Title: A Bodyguard of Lies: The Use of Honey Objects in Information Security Decoy objects, often labeled in computer security with the term honey, are a powerful tool for compromise detection and mitigation. There has been little exploration of overarching theories or set of principles or properties, however. This short paper (and accompanying keynote talk) briefly explore two properties of honey systems, indistinguishability and secrecy. The aim is to illuminate a broad design space that might encompass a wide array of areas in information security, including access control, the main topic of this symposium.

---

Andrew Clement is a Professor in the Faculty of Information at the University of Toronto, where he coordinates the Information Policy Research Program. He also holds a cross-appointment (status-only) in the Department of Computer Science. His research, teaching and consulting interests are in the social implications of information technology and human-centred systems development. He has written papers and co-edited books in such areas as: computer supported cooperative work; participatory design; workplace surveillance; privacy; women, work and computerization; end user computing; and the 'information society' more generally. His recent research has focussed on public information policy, internet use in everyday life, digital identity constructions, public participation in information/communication infrastructures development, and community networking.

Title: Re-thinking networked privacy, security, identity and access control in our surveillance states Mass surveillance activities by the security agencies of the Five Eyes countries (e.g. NSA, CSEC, etc) pose a significant challenge to those who care about the privacy, security and other democratic rights related to our burgeoning digitally mediated communications. The on-going media coverage of the Snowden documents has brought unprecedented attention to longstanding concerns about whether and how individuals can exercise effective control over their personal information as we increasingly lead our lives on-line. The revelations are also undermining comfortable assumptions about the institutions and infrastructures we depend on for the efficient and equitable functioning of a democratic society. We've seen agencies mandated to protect our networks compromise once trusted security standards, and secretly hoard vulnerabilities for later exploitation rather than fix them. We are witnesses to government and their corporate partners secretly accessing massive amounts of our data, and grudgingly acknowledge their activities only when forced to by whistleblowers. How can we restore trust in the organizations we interact with and hand our personal data to on a daily basis? How can we require them to be more open, transparent and accountable? What are the technically viable options that can help achieve the reliable protections that many regard as fundamental and wish they could take for granted? Drawing on recent research, this talk will review some of the key surveillance challenges we face in the areas of internet routing and identity authentication. The IXmaps.ca project provides a mapping tool for visualizing the routes data packets take across the internet backbone, and in particular where one's own traffic may be subject to NSA interception at key internet routing choke points. It further documents patterns of 'boomerang routing', whereby domestic Canadian traffic is often routed via the US, exposing it to foreign surveillance, and compares the data privacy transparency of the various carriers which handle this traffic en route. The Proportionate ID project similarly probes typically invisible personal information handling practices with the aim of helping users better understand these practices, their privacy implications and technical alternatives. To illustrate a minimally disclosing token approach to identity authentication, the project developed and makes publicly available plastic overlays that individuals can apply to their existing ID cards, such as driver license and health card, that selectively provides only the information required for particular transactions. These ID card modifications protect both the individual and the organization from illegal excessive data collection, while opening up for discussion the topic of what are legitimate ID requirements. The project also developed the prototype Prop-ID digital wallet smartphone app, available on Google Play, that mimics certifiable anonymous identity authentication. The presentation will conclude with proposed strategies for rendering surveillance practices publicly transparent and the responsible organizations more democratically accountable.