introduction to privacy and privacy engineering
TRANSCRIPT
Introduction to Privacy and Privacy Engineering Dr. Ian Oliver EIT Summer School, August 2014, Finland
Contents
� WHY learn about privacy?
� PHILOSOPHY of privacy
� LEGAL aspects of privacy � ENGINEERING aspects of privacy
� FOUNDATIONAL aspects of privacy
� Supporting Material
WHY learn about privacy
� The dominating issue regarding information systems at the moment
� Increased public awareness of surveillance
� Business and economic reasons
� Trust
WHY learn about privacy
� The dominating issue regarding information systems at the moment
� Increased public awareness of surveillance
� Business and economic reasons
� Trust
WHY learn about privacy
� The dominating issue regarding information systems at the moment
� Increased public awareness of surveillance
� Business and economic reasons
� Trust
WHY learn about privacy
� The dominating issue regarding information systems at the moment
� Increased public awareness of surveillance
� Business and economic reasons
� Trust
PHILOSOPHY
PHILOSOPHY � The Right To Be Let Alone � “The Right to Privacy” (Warren and Brandeis, 1890)
PHILOSOPHY
� From where comes privacy?
PHILOSOPHY
� "a person may be identified directly by name or indirectly by a telephone number, a car registration number, a social security number, a passport number or by a combination of significant criteria which allows him to be recognized by narrowing down the group to which he belongs (age, occupation, place of residence, etc.)”
� WP29: Opinion 4/2007 on the concept of personal data
PHILOSOPHY
� Does ”privacy” exist?
� If so, what does it mean?
� If not, what does that mean?
PHILOSOPHY
� Does ”privacy” exist?
� If so, what does it mean?
� If not, what does that mean?
PHILOSOPHY
� Does ”privacy” exist?
� If so, what does it mean?
� If not, what does that mean?
PHILOSOPHY
Wisdom
Knowledge
Information
Data
Noise
PHILOSOPHY
� Discuss: � Personal privacy � Information privacy � Expectation of privacy within technology � Social media, sharing, surveillance � ”Nothing to Fear, Nothing to Hide” � Limits of privacy and the acceptable loss of privacy � Privacy as an innovator
PHILOSOPHY
� Privacy as:
� A Principle � A Legal Discipline � An Engineering Discpline � An Economic Aspect
PHILOSOPHY
� Privacy by Design (PbD) Principles 1. Proactive not Reactive; Preventative not Remedial 2. Privacy as the Default Setting 3. Privacy Embedded into Design 4. Full Functionality — Positive-‐Sum, not Zero-‐Sum 5. End-‐to-‐End Security — Full Lifecycle Protection 6. Visibility and Transparency — Keep it Open 7. Respect for User Privacy — Keep it User-‐Centric
� Semantic Gap Between PbD and Engineering
We concentrate here
LEGAL
LEGAL
� Terminology
� Personal Data / Personally Identifiable Data (PII) � Sensitive Data � Traffic Data
LEGAL
� Compliance and Laws
� EU Data Protection / WP29 � US Data Protection
� COPPA, HIPPA, SOX, Safe Harbor
� Usage and Purpose versus Collection
LEGAL
� Specific Examples
� Privacy Policies � Secondary Data Collection
� Opt-‐in & Opt-‐out � Defaults � Necessity
� Tracking � Browser Cookies � Data Transfers � Data Retention
� Conflicts � EU-‐US Data Transfers � Encryption or not? � Trade Compliance � Business need versus Personal need � Information Assymetry
ENGINEERING
� Case Study � Data Flow Modelling
� Ontologies and Defintions
� Requirements
� Notice and Consent
� Risk � PETS � Maxims
ENGINEERING case study
Motivating Example High-‐Level View Detailed View
Motivating Example High-‐Level View Detailed View
ENGINEERING case study
Information systems
…for some definition of information
ENGINEERING an analogy
Information is a material
ENGINEERING data flow
Data Flow Modelling Basic Syntax Annotations: protocols, content
ENGINEERING data flow
Data Flow Modelling Basic Syntax Annotations: protocols, content
ENGINEERING data flow example
ENGINEERING data flow example
ENGINEERING data flow example
ENGINEERING data flow example
ENGINEERING ontologies
Ontology and Terminology
The mechanisms by which languages are agreed upon Lawyer – Engineer communication Terminological Defintions
ENGINEERING ontologies
What do the following statements actually mean?
Personal Data Personally Identifiable Data Location Data Field Data set
ENGINEERING ontologies
Semantics
ENGINEERING ontologies -‐ modelling
ENGINEERING ontologies -‐ security
( Unclassified ) Secret Confidential Internal Public
ENGINEERING ontologies -‐ information
� Type Theory
� Information type vs Machine type/Programming language type
� Structures
� Example, is { lat:float, long:float } a � Location � A struct of two reals? � Neither
� Context
ENGINEERING ontologies -‐ identifiers
ENGINEERING ontologies -‐ further…
ENGINEERING ontologies -‐ identification
Unauthenticated
Observed
Authenticated (*)
Proven
ENGINEERING identifiability
ENGINEERING requirements
ENGINEERING notice & consent
ENGINEERING notice & consent
ENGINEERING notice & consent
ENGINEERING notice & consent
� Calculation of the Agreement from the DFD
ENGINEERING -‐ risk
ENGINEERING -‐ evaluating risk
� Failure Mode and Effect Analysis
� Root Cause Analysis � STRIDE: Threat Assessment
ENGINEERING -‐ PETS
� Hashing � Encryption � Dataset Partitioing � Tokenisation � k-‐anonymity
� l-‐diversity, t-‐closeness, differential privacy
� BASIC GOOD OLD FASHIONED SECURITY
ENGINEERING maxims
� Don't collect what you don't use
� If it looks like PII, it probably is PII, so treat it as PII � Don't shock the user � Location data isn't just GPS co-‐ordinates � Good security does not mean good privacy, but good privacy doesn't come without good security
� All information can be transformed and cross-‐referenced into whatever you need
� Security through Obscurity, Privacy through PowerPoint and Policies...
FOUNDATIONAL
� Information Theory
� Syntax, Semantics
� Entopy
PROJECT EVALUATION
Demonstrate:
� Understanding of who the data subject is � Where the data is flowing for various use cases through data flow modelling � What:
� is the level of identification of the data subject � are the usages and purposes of � are the information types being carried � is the logical architecture or structure of the system
� A risk analysis based on the given taxonomy of risks
SUPPORTING MATERIAL
� The Privacy Engineer's Manifesto, Dennedy, Fox & Finneran
� Understanding Privacy, Solove
� Privacy in Context, Nissenbaum
� Applied Cryptograpy, Schneier
SUPPORTING MATERIAL
Ian Oliver (2014)
Privacy Engineering: A Dataflow and Ontological Approach
ISBN:9781497569713
Twitter: @i_j_oliver
Blog: http://ijosblog.blogspot.fi
DISCUSSION
<<crossreferencing>>Thinking
Local Knowledge
References
Lecturer<<data subject>>Audience
<<speech, email, etc>>
<<weird brain processes>>
<<reading, listening>>
<<neurons>> <<neurons>>
<<speech, email, etc>>
security class: Publicinformation type:Content, Identity, Location, TemporalIdentity: authenticated (1)Provenance: UserPurpose: PrimaryUsage: Product Improvement, Future Human Lecturer
YOU
ME