Your SlideShare is downloading. ×
0
Privacy by Design: Can itWork?Catherine DwyerSeidenberg School ofComputer Science & Information SystemsPace UniversityNew ...
Gehry Building                        8 Spruce StreetPitney Bowes Privacy and Security Conference6/26/2012 © Catherine Dwy...
Lawyers                           Technologists               Online PrivacyOrganization                                  ...
Privacy Research Group – NYU            Law                 Pitney Bowes Privacy and Security Conference                 6...
What is Privacy by Design?Ann Cavoukian, Information& Privacy Commissioner, Ontario, Canada Privacy and Security Conferenc...
Principles of Privacy byDesign1.   Proactive not Reactive; Preventative not     Remedial2.   Privacy as the Default Settin...
Legal perspective   4th Amendment: ―The right of the    people to be secure in their persons,    houses, papers, and effe...
Third party doctrine ―The Supreme Court has repeatedly  held, however, that the Fourth  Amendment does not protect inform...
Source: Google transparency report, more than18,000 requests from governments around theglobe to Google user data (7/11-12...
Source:                          WikiLeak                          sPitney Bowes Privacy and Security Conference6/26/2012 ...
Problems With PbD ―Privacy by design is an amorphous  concept… it is not clear … what  regulators really have in mind whe...
Excerpt from FTC Staff Report, March 2012, which uses ―reasonamore than 50 times in a 112 page report.                    ...
Design & Model                 Pitney Bowes Privacy and Security Conference                 6/26/2012 © Catherine Dwyer 20...
Engineer                     &                    BuildPitney Bowes Privacy and Security Conference6/26/2012 © Catherine D...
Tangible Outcome         Pitney Bowes Privacy and Security Conference         6/26/2012 © Catherine Dwyer 2012            ...
Gehry building – 8 Spruce Street                 Pitney Bowes Privacy and Security Conference                 6/26/2012 © ...
Design versus engineering                Design focuses                 on models                Engineering            ...
Moving to privacy engineering Need to move from ―privacy by  design‖ to ―privacy requirements  engineering‖ Design can c...
Example: Privacy Principle   ―Companies should incorporate    substantive privacy protections into    their practices, su...
Engineering Requirements ―The risk of data exposure can be  further minimized by reducing the  sensitivity of stored data...
How can this beaccomplished? Qualitiative – focus groups/interviews  with domain experts/stakeholders Quantitative – for...
Privacy RequirementsEngineering    Source: ―A Framework for Modeling Privacy Requirements    in Role Engineering,‖ He and ...
Development tools areneeded Can‘t manage the complexity of  describing privacy engineering  requirements ―by hand,‖ takes...
Ghostery: Tracking tools found on Dictionary.co                        Pitney Bowes Privacy and Security Conference       ...
Firefox Collusion: Graph of tracking entities and flow of data                                  Pitney Bowes Privacy and S...
Network traffic visualization                                Pitney Bowes Privacy and Security Conference                 ...
Recommendations Emphasize privacy requirements  engineering Develop data visualization tools  (enterprise level) that mo...
Questions?   Thank you!   Catherine Dwyer    Seidenberg School of Computer    Science and Information Systems    Pace Un...
Upcoming SlideShare
Loading in...5
×

Dwyer "Privacy by Design: Can It Work?"

475

Published on

Published in: Technology, News & Politics
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
475
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
6
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Transcript of "Dwyer "Privacy by Design: Can It Work?""

  1. 1. Privacy by Design: Can itWork?Catherine DwyerSeidenberg School ofComputer Science & Information SystemsPace UniversityNew York, NY Pitney Bowes Privacy and Security Conference 6/26/2012 © Catherine Dwyer 2012 1
  2. 2. Gehry Building 8 Spruce StreetPitney Bowes Privacy and Security Conference6/26/2012 © Catherine Dwyer 2012 2
  3. 3. Lawyers Technologists Online PrivacyOrganization Citizens s Pitney Bowes Privacy and Security Conference 6/26/2012 © Catherine Dwyer 2012 3
  4. 4. Privacy Research Group – NYU Law Pitney Bowes Privacy and Security Conference 6/26/2012 © Catherine Dwyer 2012 4
  5. 5. What is Privacy by Design?Ann Cavoukian, Information& Privacy Commissioner, Ontario, Canada Privacy and Security Conference Pitney Bowes 6/26/2012 © Catherine Dwyer 2012 5
  6. 6. Principles of Privacy byDesign1. Proactive not Reactive; Preventative not Remedial2. Privacy as the Default Setting3. Privacy Embedded into Design4. Full Functionality — Positive-Sum, not Zero-Sum5. End-to-End Security — Full Lifecycle Protection6. Visibility and Transparency — Keep it Open7. Respect for User Privacy — Keep it User- CentricFrom www.privacybydesign.ca Pitney Bowes Privacy and Security Conference 6/26/2012 © Catherine Dwyer 2012 6
  7. 7. Legal perspective 4th Amendment: ―The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.‖ Pitney Bowes Privacy and Security Conference 6/26/2012 © Catherine Dwyer 2012 7
  8. 8. Third party doctrine ―The Supreme Court has repeatedly held, however, that the Fourth Amendment does not protect information revealed to third parties.‖ (Kerr, 2004) Third party – any business, organization, ISP, cloud service providers Once you ―share‖ data with a third party, you lose 4th amendment protection 4th amendment standard is ―probable cause,‖ 3rd party standard is ―relevant to an investigation‖ and ―not overbroad‖ (Kerr, 2004) Pitney Bowes Privacy and Security Conference 6/26/2012 © Catherine Dwyer 2012 8
  9. 9. Source: Google transparency report, more than18,000 requests from governments around theglobe to Google user data (7/11-12/11) and Security Conference Pitney Bowes Privacy 6/26/2012 © Catherine Dwyer 2012 9
  10. 10. Source: WikiLeak sPitney Bowes Privacy and Security Conference6/26/2012 © Catherine Dwyer 2012 10
  11. 11. Problems With PbD ―Privacy by design is an amorphous concept… it is not clear … what regulators really have in mind when they urge firms developing products to build in privacy.‖ (Rubinstein, 2011) Requirements engineering is needed to transform privacy by design from a vague admonitions into a structured design process with tangible outcomes (Rubinstein, 2011) Pitney Bowes Privacy and Security Conference 6/26/2012 © Catherine Dwyer 2012 11
  12. 12. Excerpt from FTC Staff Report, March 2012, which uses ―reasonamore than 50 times in a 112 page report. Pitney Bowes Privacy and Security Conference 6/26/2012 © Catherine Dwyer 2012 12
  13. 13. Design & Model Pitney Bowes Privacy and Security Conference 6/26/2012 © Catherine Dwyer 2012 13
  14. 14. Engineer & BuildPitney Bowes Privacy and Security Conference6/26/2012 © Catherine Dwyer 2012 14
  15. 15. Tangible Outcome Pitney Bowes Privacy and Security Conference 6/26/2012 © Catherine Dwyer 2012 15
  16. 16. Gehry building – 8 Spruce Street Pitney Bowes Privacy and Security Conference 6/26/2012 © Catherine Dwyer 2012 16
  17. 17. Design versus engineering  Design focuses on models  Engineering focuses on requirements  Requirements must be measurable and verifiable Pitney Bowes Privacy and Security Conference 6/26/2012 © Catherine Dwyer 2012 17
  18. 18. Moving to privacy engineering Need to move from ―privacy by design‖ to ―privacy requirements engineering‖ Design can capture broad objectives (―buildings should be constructed with fireproof materials‖) Engineering makes those objectives tangible (―fireproof material must be able to bear weight for four hours of fire at 1000 degrees F‖) Pitney Bowes Privacy and Security Conference 6/26/2012 © Catherine Dwyer 2012 18
  19. 19. Example: Privacy Principle ―Companies should incorporate substantive privacy protections into their practices, such as data security, reasonable collection limits, sound retention practices, and data accuracy.‖ (source: FTC Staff Report, March 2012) Pitney Bowes Privacy and Security Conference 6/26/2012 © Catherine Dwyer 2012 19
  20. 20. Engineering Requirements ―The risk of data exposure can be further minimized by reducing the sensitivity of stored data wherever possible … for example, when using the customer‘s IP address to determine location for statistical analysis, discard the IP address after mapping it to a city or town.‖ source: Microsoft Privacy Guidelines for Developers, 2008 Pitney Bowes Privacy and Security Conference 6/26/2012 © Catherine Dwyer 2012 20
  21. 21. How can this beaccomplished? Qualitiative – focus groups/interviews with domain experts/stakeholders Quantitative – formal analysis of statutes and regulations (see Breaux and Anton, 2007) Pitney Bowes Privacy and Security Conference 6/26/2012 © Catherine Dwyer 2012 21
  22. 22. Privacy RequirementsEngineering Source: ―A Framework for Modeling Privacy Requirements in Role Engineering,‖ He and Anton, 2003 RBAC = Role Based Access Control Pitney Bowes Privacy and Security Conference 6/26/2012 © Catherine Dwyer 2012 22
  23. 23. Development tools areneeded Can‘t manage the complexity of describing privacy engineering requirements ―by hand,‖ takes too long Can‘t audit privacy of information systems ‗by hand,‘ not comprehensive enough Pitney Bowes Privacy and Security Conference 6/26/2012 © Catherine Dwyer 2012 23
  24. 24. Ghostery: Tracking tools found on Dictionary.co Pitney Bowes Privacy and Security Conference 6/26/2012 © Catherine Dwyer 2012 24
  25. 25. Firefox Collusion: Graph of tracking entities and flow of data Pitney Bowes Privacy and Security Conference 6/26/2012 © Catherine Dwyer 2012 25
  26. 26. Network traffic visualization Pitney Bowes Privacy and Security Conference 6/26/2012 © Catherine Dwyer 2012 26
  27. 27. Recommendations Emphasize privacy requirements engineering Develop data visualization tools (enterprise level) that model information flows and identify privacy weaknesses Model information flow within business processes and determine if privacy requirements are being met Pitney Bowes Privacy and Security Conference 6/26/2012 © Catherine Dwyer 2012 27
  28. 28. Questions? Thank you! Catherine Dwyer Seidenberg School of Computer Science and Information Systems Pace University Twitter: @ProfCDwyer Pitney Bowes Privacy and Security Conference 6/26/2012 © Catherine Dwyer 2012 28
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×