(Joint work with Tanya Berger-Wolf)

As mobile phone masts went up across the world’s jungles, savannas and mountains, so did poaching. Wildlife crime syndicates can not only coordinate better but can mine growing public data sets, often of geotagged images. Privacy matters for tigers, for snow leopards, for elephants and rhinos – and even for tortoises and sharks. Animal data protection laws, where they exist at all, are oblivious to these new threats, and no-one seems to have started to think about information security policy. The issues sprawl across many of the technical and policy areas of classical security and privacy. Our work is targeted at wildlife aggregation sites that enable conservationists, scientists, and citizens to upload large numbers of images and other observations, which are then analysed to discover facts about endangered species. In this talk we first set out the threat model, describing the modern wildlife crime environment. We then present a security policy framework we are evolving for the aggregation site Wildbook and others like it. At least two emerging issues may be of wider interest. The first is context: we have a small number of roles, but a large number of quite complex contexts which determine access decisions. So we describe a new kind of context-aware role-based access control, with the context based on the data rather than the system state; it has some interesting parallels with the more traditional access control models used to manage insider threats in government, corporations and healthcare. The second is situational awareness. We want to use logs not just to investigate crimes after the fact, but to forestall them. But in a sprawling heterogeneous system, how do we engineer incentives for vigilance?