Dwyer "Privacy by Design: Can It Work?"

  • 393 views
Uploaded on

 

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
393
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
5
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Privacy by Design: Can itWork?Catherine DwyerSeidenberg School ofComputer Science & Information SystemsPace UniversityNew York, NY Pitney Bowes Privacy and Security Conference 6/26/2012 © Catherine Dwyer 2012 1
  • 2. Gehry Building 8 Spruce StreetPitney Bowes Privacy and Security Conference6/26/2012 © Catherine Dwyer 2012 2
  • 3. Lawyers Technologists Online PrivacyOrganization Citizens s Pitney Bowes Privacy and Security Conference 6/26/2012 © Catherine Dwyer 2012 3
  • 4. Privacy Research Group – NYU Law Pitney Bowes Privacy and Security Conference 6/26/2012 © Catherine Dwyer 2012 4
  • 5. What is Privacy by Design?Ann Cavoukian, Information& Privacy Commissioner, Ontario, Canada Privacy and Security Conference Pitney Bowes 6/26/2012 © Catherine Dwyer 2012 5
  • 6. Principles of Privacy byDesign1. Proactive not Reactive; Preventative not Remedial2. Privacy as the Default Setting3. Privacy Embedded into Design4. Full Functionality — Positive-Sum, not Zero-Sum5. End-to-End Security — Full Lifecycle Protection6. Visibility and Transparency — Keep it Open7. Respect for User Privacy — Keep it User- CentricFrom www.privacybydesign.ca Pitney Bowes Privacy and Security Conference 6/26/2012 © Catherine Dwyer 2012 6
  • 7. Legal perspective 4th Amendment: ―The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.‖ Pitney Bowes Privacy and Security Conference 6/26/2012 © Catherine Dwyer 2012 7
  • 8. Third party doctrine ―The Supreme Court has repeatedly held, however, that the Fourth Amendment does not protect information revealed to third parties.‖ (Kerr, 2004) Third party – any business, organization, ISP, cloud service providers Once you ―share‖ data with a third party, you lose 4th amendment protection 4th amendment standard is ―probable cause,‖ 3rd party standard is ―relevant to an investigation‖ and ―not overbroad‖ (Kerr, 2004) Pitney Bowes Privacy and Security Conference 6/26/2012 © Catherine Dwyer 2012 8
  • 9. Source: Google transparency report, more than18,000 requests from governments around theglobe to Google user data (7/11-12/11) and Security Conference Pitney Bowes Privacy 6/26/2012 © Catherine Dwyer 2012 9
  • 10. Source: WikiLeak sPitney Bowes Privacy and Security Conference6/26/2012 © Catherine Dwyer 2012 10
  • 11. Problems With PbD ―Privacy by design is an amorphous concept… it is not clear … what regulators really have in mind when they urge firms developing products to build in privacy.‖ (Rubinstein, 2011) Requirements engineering is needed to transform privacy by design from a vague admonitions into a structured design process with tangible outcomes (Rubinstein, 2011) Pitney Bowes Privacy and Security Conference 6/26/2012 © Catherine Dwyer 2012 11
  • 12. Excerpt from FTC Staff Report, March 2012, which uses ―reasonamore than 50 times in a 112 page report. Pitney Bowes Privacy and Security Conference 6/26/2012 © Catherine Dwyer 2012 12
  • 13. Design & Model Pitney Bowes Privacy and Security Conference 6/26/2012 © Catherine Dwyer 2012 13
  • 14. Engineer & BuildPitney Bowes Privacy and Security Conference6/26/2012 © Catherine Dwyer 2012 14
  • 15. Tangible Outcome Pitney Bowes Privacy and Security Conference 6/26/2012 © Catherine Dwyer 2012 15
  • 16. Gehry building – 8 Spruce Street Pitney Bowes Privacy and Security Conference 6/26/2012 © Catherine Dwyer 2012 16
  • 17. Design versus engineering  Design focuses on models  Engineering focuses on requirements  Requirements must be measurable and verifiable Pitney Bowes Privacy and Security Conference 6/26/2012 © Catherine Dwyer 2012 17
  • 18. Moving to privacy engineering Need to move from ―privacy by design‖ to ―privacy requirements engineering‖ Design can capture broad objectives (―buildings should be constructed with fireproof materials‖) Engineering makes those objectives tangible (―fireproof material must be able to bear weight for four hours of fire at 1000 degrees F‖) Pitney Bowes Privacy and Security Conference 6/26/2012 © Catherine Dwyer 2012 18
  • 19. Example: Privacy Principle ―Companies should incorporate substantive privacy protections into their practices, such as data security, reasonable collection limits, sound retention practices, and data accuracy.‖ (source: FTC Staff Report, March 2012) Pitney Bowes Privacy and Security Conference 6/26/2012 © Catherine Dwyer 2012 19
  • 20. Engineering Requirements ―The risk of data exposure can be further minimized by reducing the sensitivity of stored data wherever possible … for example, when using the customer‘s IP address to determine location for statistical analysis, discard the IP address after mapping it to a city or town.‖ source: Microsoft Privacy Guidelines for Developers, 2008 Pitney Bowes Privacy and Security Conference 6/26/2012 © Catherine Dwyer 2012 20
  • 21. How can this beaccomplished? Qualitiative – focus groups/interviews with domain experts/stakeholders Quantitative – formal analysis of statutes and regulations (see Breaux and Anton, 2007) Pitney Bowes Privacy and Security Conference 6/26/2012 © Catherine Dwyer 2012 21
  • 22. Privacy RequirementsEngineering Source: ―A Framework for Modeling Privacy Requirements in Role Engineering,‖ He and Anton, 2003 RBAC = Role Based Access Control Pitney Bowes Privacy and Security Conference 6/26/2012 © Catherine Dwyer 2012 22
  • 23. Development tools areneeded Can‘t manage the complexity of describing privacy engineering requirements ―by hand,‖ takes too long Can‘t audit privacy of information systems ‗by hand,‘ not comprehensive enough Pitney Bowes Privacy and Security Conference 6/26/2012 © Catherine Dwyer 2012 23
  • 24. Ghostery: Tracking tools found on Dictionary.co Pitney Bowes Privacy and Security Conference 6/26/2012 © Catherine Dwyer 2012 24
  • 25. Firefox Collusion: Graph of tracking entities and flow of data Pitney Bowes Privacy and Security Conference 6/26/2012 © Catherine Dwyer 2012 25
  • 26. Network traffic visualization Pitney Bowes Privacy and Security Conference 6/26/2012 © Catherine Dwyer 2012 26
  • 27. Recommendations Emphasize privacy requirements engineering Develop data visualization tools (enterprise level) that model information flows and identify privacy weaknesses Model information flow within business processes and determine if privacy requirements are being met Pitney Bowes Privacy and Security Conference 6/26/2012 © Catherine Dwyer 2012 27
  • 28. Questions? Thank you! Catherine Dwyer Seidenberg School of Computer Science and Information Systems Pace University Twitter: @ProfCDwyer Pitney Bowes Privacy and Security Conference 6/26/2012 © Catherine Dwyer 2012 28