privacy engineering from an engineer's view
TRANSCRIPT
![Page 1: Privacy Engineering from an engineer's view](https://reader031.vdocument.in/reader031/viewer/2022030305/587441261a28ab0e6c8b6f3f/html5/thumbnails/1.jpg)
1 © Nokia 2016
Privacy Engineering
from an engineer’s view
Public
Dr. Ian Oliver
Bell Labs, Finland
27 May 2016
A Lecture Given at DSummit, Stockholm, Sweden
![Page 2: Privacy Engineering from an engineer's view](https://reader031.vdocument.in/reader031/viewer/2022030305/587441261a28ab0e6c8b6f3f/html5/thumbnails/2.jpg)
2 © Nokia 2016
Does anyone notice a problem here...
Public
Privacy as legal aspect: From Warren and Brandeis (1895) to the GDPR
![Page 3: Privacy Engineering from an engineer's view](https://reader031.vdocument.in/reader031/viewer/2022030305/587441261a28ab0e6c8b6f3f/html5/thumbnails/3.jpg)
3 © Nokia 2016
Just missing a few things...
Public
Privacy as legal aspect: From Warren and Brandeis (1895) to the GDPRPrivacy as an economic aspect: Ackerlof et al (Lemons!)Privacy as a philisophical aspect: Nissembaum, Solove et alPrivacy as a security aspect: Schneier – to name just one...Privacy as an ideal: Cavoukian and PbDPrivacy as a socioligical construct: Lessig et alPrivacy as a game theoretic construct: Nash et al (+sum games)Privacy as an engineering construct: Dennedy et al, Oliver, ...
![Page 4: Privacy Engineering from an engineer's view](https://reader031.vdocument.in/reader031/viewer/2022030305/587441261a28ab0e6c8b6f3f/html5/thumbnails/4.jpg)
4 © Nokia 2016
and how do we view things...
Public
![Page 5: Privacy Engineering from an engineer's view](https://reader031.vdocument.in/reader031/viewer/2022030305/587441261a28ab0e6c8b6f3f/html5/thumbnails/5.jpg)
5 © Nokia 2016
and how do we view things...
Public
GPDR = $$$ ... get me the lawyers ...
Compliance is everything
![Page 6: Privacy Engineering from an engineer's view](https://reader031.vdocument.in/reader031/viewer/2022030305/587441261a28ab0e6c8b6f3f/html5/thumbnails/6.jpg)
6 © Nokia 2016
Now do you see the problem?
Public
![Page 7: Privacy Engineering from an engineer's view](https://reader031.vdocument.in/reader031/viewer/2022030305/587441261a28ab0e6c8b6f3f/html5/thumbnails/7.jpg)
7 © Nokia 2016
Traditional Compliance Must Go
Public
![Page 8: Privacy Engineering from an engineer's view](https://reader031.vdocument.in/reader031/viewer/2022030305/587441261a28ab0e6c8b6f3f/html5/thumbnails/8.jpg)
8 © Nokia 2016
Public
![Page 9: Privacy Engineering from an engineer's view](https://reader031.vdocument.in/reader031/viewer/2022030305/587441261a28ab0e6c8b6f3f/html5/thumbnails/9.jpg)
9 © Nokia 2016
Public
![Page 10: Privacy Engineering from an engineer's view](https://reader031.vdocument.in/reader031/viewer/2022030305/587441261a28ab0e6c8b6f3f/html5/thumbnails/10.jpg)
10 © Nokia 2016
Compliance
is fragile
Public
Good thing we have this otherwise we’d be in trouble...
Joke:Q: How many lawyers does it take to write a system compliant?
![Page 11: Privacy Engineering from an engineer's view](https://reader031.vdocument.in/reader031/viewer/2022030305/587441261a28ab0e6c8b6f3f/html5/thumbnails/11.jpg)
11 © Nokia 2016
Compliance
is fragile
Public
Good thing we have this otherwise we’d be in trouble...
Joke:Q: How many lawyers does it take to write a system compliant?
A: We value your privacy...
![Page 12: Privacy Engineering from an engineer's view](https://reader031.vdocument.in/reader031/viewer/2022030305/587441261a28ab0e6c8b6f3f/html5/thumbnails/12.jpg)
12 © Nokia 2016
Compliance
is fragile
Public
char collectDataFlag = 'Y'; // Future proofed boolean// Y for yes, N for no
void collectDataFunction(){//collect IMEI, IMSI, MSISDN, TimeStamp and location//and send to the hardcoded IP address...
}
void checkDataCollection(){switch(collectDataFlag){
case 'N' :// don't do anything
case 'Y' :// ok to collect everythingcollectDataFunction();
}}
![Page 13: Privacy Engineering from an engineer's view](https://reader031.vdocument.in/reader031/viewer/2022030305/587441261a28ab0e6c8b6f3f/html5/thumbnails/13.jpg)
13 © Nokia 2016
Public
Question:
how many lines of code between any two points in this model?
![Page 14: Privacy Engineering from an engineer's view](https://reader031.vdocument.in/reader031/viewer/2022030305/587441261a28ab0e6c8b6f3f/html5/thumbnails/14.jpg)
14 © Nokia 2016
Story time ....
Public
![Page 15: Privacy Engineering from an engineer's view](https://reader031.vdocument.in/reader031/viewer/2022030305/587441261a28ab0e6c8b6f3f/html5/thumbnails/15.jpg)
15 © Nokia 2016
Public
A long time ago...
I became our first privacy architect...
Auditing mobile device applications and associated infrastructure from an engineering perspective...
![Page 16: Privacy Engineering from an engineer's view](https://reader031.vdocument.in/reader031/viewer/2022030305/587441261a28ab0e6c8b6f3f/html5/thumbnails/16.jpg)
16 © Nokia 2016
Public
Or...
go and invent how to do this because no-one else has/can/wants to, because...
the engineers don’t want to speak to the lawyers,
the lawyers don’t want to the speak to the engineers,
and we’re in a mess...
![Page 17: Privacy Engineering from an engineer's view](https://reader031.vdocument.in/reader031/viewer/2022030305/587441261a28ab0e6c8b6f3f/html5/thumbnails/17.jpg)
17 © Nokia 2016
We developed:
• Epics and Use cases for Privacy
• Checklists
• Software Development Process Integration
• Audit Procedures
- integrated non-functional areas: privacy, secuity, performance, continuity
and the result was...
![Page 18: Privacy Engineering from an engineer's view](https://reader031.vdocument.in/reader031/viewer/2022030305/587441261a28ab0e6c8b6f3f/html5/thumbnails/18.jpg)
18 © Nokia 2016
Failure
![Page 19: Privacy Engineering from an engineer's view](https://reader031.vdocument.in/reader031/viewer/2022030305/587441261a28ab0e6c8b6f3f/html5/thumbnails/19.jpg)
19 © Nokia 2016
Why didn’t it work?
• Despite highly trained personel
• To much adherence to process
- Processes tell everyone the order of what to do
- Difficulty in handling exceptions and experts
- Processes treat people as idiots
• Replace responsibility and expertise
- with something called ”compliance”
• Tick-box oriented
- Ask questions, Accept answers, TICK!
- Limited understanding and context of naswers
• Limited time-scale
- One-off review
![Page 20: Privacy Engineering from an engineer's view](https://reader031.vdocument.in/reader031/viewer/2022030305/587441261a28ab0e6c8b6f3f/html5/thumbnails/20.jpg)
20 © Nokia 2016
?
![Page 21: Privacy Engineering from an engineer's view](https://reader031.vdocument.in/reader031/viewer/2022030305/587441261a28ab0e6c8b6f3f/html5/thumbnails/21.jpg)
21 © Nokia 2016
We developed:
• Simpler ”Checklists”
• Training Courses
• Realised that no-one understood each other
• Tried to ban the terms ”PII” and ”Personal Data”
• Tried to formulate requirements
• Introduced more risk management ideas, eg: RCA, FMEA
and the result was...
![Page 22: Privacy Engineering from an engineer's view](https://reader031.vdocument.in/reader031/viewer/2022030305/587441261a28ab0e6c8b6f3f/html5/thumbnails/22.jpg)
22 © Nokia 2016
Failure
![Page 23: Privacy Engineering from an engineer's view](https://reader031.vdocument.in/reader031/viewer/2022030305/587441261a28ab0e6c8b6f3f/html5/thumbnails/23.jpg)
23 © Nokia 2016
What’s the problem now?
• Communication
• Process over method
• Lack of understanding of roles
- I am a privacy officer, therefore, I am right
- You are ’just’ an engineer
• Lack of both legal and engineering techniques
• The privacy organisation itself
• Privacy by Design
![Page 24: Privacy Engineering from an engineer's view](https://reader031.vdocument.in/reader031/viewer/2022030305/587441261a28ab0e6c8b6f3f/html5/thumbnails/24.jpg)
24 © Nokia 2016
What’s the problem now...?
Actually it was much worse
So much emphasis on ’compliance’
We the privacy oranisation are right
Engineers don’t know anything....
![Page 25: Privacy Engineering from an engineer's view](https://reader031.vdocument.in/reader031/viewer/2022030305/587441261a28ab0e6c8b6f3f/html5/thumbnails/25.jpg)
25 © Nokia 2016
????!!!
![Page 26: Privacy Engineering from an engineer's view](https://reader031.vdocument.in/reader031/viewer/2022030305/587441261a28ab0e6c8b6f3f/html5/thumbnails/26.jpg)
26 © Nokia 2016
Just 3 simple things to solve...
Communication
Culture
Role
![Page 27: Privacy Engineering from an engineer's view](https://reader031.vdocument.in/reader031/viewer/2022030305/587441261a28ab0e6c8b6f3f/html5/thumbnails/27.jpg)
27 © Nokia 2016
Communication
Public
![Page 28: Privacy Engineering from an engineer's view](https://reader031.vdocument.in/reader031/viewer/2022030305/587441261a28ab0e6c8b6f3f/html5/thumbnails/28.jpg)
28 © Nokia 2016
Probably not personal data/ Probably personal data
![Page 29: Privacy Engineering from an engineer's view](https://reader031.vdocument.in/reader031/viewer/2022030305/587441261a28ab0e6c8b6f3f/html5/thumbnails/29.jpg)
29 © Nokia 2016
Forget process, just get the information about what’s going on...
![Page 30: Privacy Engineering from an engineer's view](https://reader031.vdocument.in/reader031/viewer/2022030305/587441261a28ab0e6c8b6f3f/html5/thumbnails/30.jpg)
30 © Nokia 2016
Forget process, just get the information about what’s going on...
Who in your company does all the innovation and knows what your products or services really do?
![Page 31: Privacy Engineering from an engineer's view](https://reader031.vdocument.in/reader031/viewer/2022030305/587441261a28ab0e6c8b6f3f/html5/thumbnails/31.jpg)
31 © Nokia 2016
Forget process, just get the information about what’s going on...
Who knows if your systems are compliant?
![Page 32: Privacy Engineering from an engineer's view](https://reader031.vdocument.in/reader031/viewer/2022030305/587441261a28ab0e6c8b6f3f/html5/thumbnails/32.jpg)
32 © Nokia 2016
Just 2 simple things to solve...
Communication
Culture
Role
![Page 33: Privacy Engineering from an engineer's view](https://reader031.vdocument.in/reader031/viewer/2022030305/587441261a28ab0e6c8b6f3f/html5/thumbnails/33.jpg)
33 © Nokia 2016
Public
Roles and Culture Already solved...
![Page 34: Privacy Engineering from an engineer's view](https://reader031.vdocument.in/reader031/viewer/2022030305/587441261a28ab0e6c8b6f3f/html5/thumbnails/34.jpg)
34 © Nokia 2016
34
Serendipity
© 2013 HERE | Title | Author | Company confidential
or...how to retain sanity in a rapidly changing, chaotic environment where you don’t know anything and there’s no rule book or process...
![Page 35: Privacy Engineering from an engineer's view](https://reader031.vdocument.in/reader031/viewer/2022030305/587441261a28ab0e6c8b6f3f/html5/thumbnails/35.jpg)
35 © Nokia 2016
35
The Sterile Field
© 2013 HERE | Title | Author | Company confidential
Key:
• Sterile
• Non-sterile
![Page 36: Privacy Engineering from an engineer's view](https://reader031.vdocument.in/reader031/viewer/2022030305/587441261a28ab0e6c8b6f3f/html5/thumbnails/36.jpg)
36 © Nokia 2016
36
The Sterile Field
© 2013 HERE | Title | Author | Company confidential
Key:
• Sterile
• Non-sterile
Movement of materials from one area to the other must be controlled to prevent contamination of the sterile field with non-sterile items
Strict protocols prevent contamination
![Page 37: Privacy Engineering from an engineer's view](https://reader031.vdocument.in/reader031/viewer/2022030305/587441261a28ab0e6c8b6f3f/html5/thumbnails/37.jpg)
37 © Nokia 2016
Public
Culture
![Page 38: Privacy Engineering from an engineer's view](https://reader031.vdocument.in/reader031/viewer/2022030305/587441261a28ab0e6c8b6f3f/html5/thumbnails/38.jpg)
38 © Nokia 2016
Public
Roles
R&D Team Checklist
(before review)
R&D Team Checklist
(post-review)
Audit Team Checklist(sign-in)
Audit Team Checklist
(time-out)
Audit Team Checklist(sign-out)
Project development & processes (time)
System
under
auditPrivacy
Officer
Legal
Security
Architects
![Page 39: Privacy Engineering from an engineer's view](https://reader031.vdocument.in/reader031/viewer/2022030305/587441261a28ab0e6c8b6f3f/html5/thumbnails/39.jpg)
39 © Nokia 2016
Public
Roles
R&D Team Checklist
(before review)
R&D Team Checklist
(post-review)
Audit Team Checklist(sign-in)
Audit Team Checklist
(time-out)
Audit Team Checklist(sign-out)
Project development & processes (time)
System
under
auditPrivacy
Officer
Legal
Security
Architects
the process does not and can not stop because of lack of compliance....
![Page 40: Privacy Engineering from an engineer's view](https://reader031.vdocument.in/reader031/viewer/2022030305/587441261a28ab0e6c8b6f3f/html5/thumbnails/40.jpg)
40 © Nokia 2016
Public
Treat privacy as a safety-critical aspect
![Page 41: Privacy Engineering from an engineer's view](https://reader031.vdocument.in/reader031/viewer/2022030305/587441261a28ab0e6c8b6f3f/html5/thumbnails/41.jpg)
41 © Nokia 2016
Public
Your job as privacy professionals is to understand the state of the system – regardless of whether it is good or bad – before moving on...
There can be no privacy heroes
![Page 42: Privacy Engineering from an engineer's view](https://reader031.vdocument.in/reader031/viewer/2022030305/587441261a28ab0e6c8b6f3f/html5/thumbnails/42.jpg)