Privacy Engineering Technologies
Ian Oliver
Privacy Officer & Architect, HERE
Research Fellow, University of Brighton
Areas
!  Foundations
!  Privacy by x
◦  Where x in { design, architecture, coding, brute force, surveillance,…}
◦  Metrics...
Foundational Aspects of Privacy
PrivacyLegal
Economic
Engineering
Human
Factors
Foundations
Legal is well-defined and well...
Privacy by <X>
7 Principles
Privacy’s “Agile Manifesto”
No implementation specified
Tools, metrics and techniques for the
...
Metrics
Audits Complete
Complexity
Risk
Compliance
Management
& Process
Metrics
Information
Theory
Metrics
Software
Engine...
Notice and Consent
!  Upfront admission of
all currently known:
◦  Data points
◦  Purposes
◦  Usages
◦  Flows
!  Requires:...
Notice and Consent
!  Upfront admission of all
currently known:
◦  Data points
◦  Purposes
◦  Usages
◦  Flows
!  Requires:...
Notice and Consent
!  Upfront admission of all
currently known
◦  Data points
◦  Purposes
◦  Usages
◦  Flows
!  Requires
◦...
Privacy Engineering
!  Modelling and Methodology
◦  Data Flow
◦  Ontologies for Privacy
◦  Analysis Techniques
◦  Definiti...
Privacy Engineering
!  Modelling and Methodology
◦  Data Flow
◦  Ontologies for Privacy
◦  Analysis Techniques
◦  Definiti...
Privacy Engineering
!  Modelling and Methodology
◦  Data Flow
◦  Ontologies for Privacy
◦  Analysis Techniques
◦  Definiti...
Human Factors
!  90% of Privacy Breaches are
due to humans
!  Phones, USB sticks, unencrypted laptops, poor
access control...
Privacy & Customers
!  Privacy inherent in the system
design and functionality
!  Consumer choice is always present
throug...
Contact
Privacy Engineering – A Data Flow
and Ontological Approach.
Amazon, Early July 2014. ISBN 978-1497569713(print edi...
Upcoming SlideShare
Loading in...5
×

Privacy Engineering Technologies

944

Published on

Published in: Internet
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
944
On Slideshare
0
From Embeds
0
Number of Embeds
28
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Privacy Engineering Technologies

  1. 1. Privacy Engineering Technologies Ian Oliver Privacy Officer & Architect, HERE Research Fellow, University of Brighton
  2. 2. Areas !  Foundations !  Privacy by x ◦  Where x in { design, architecture, coding, brute force, surveillance,…} ◦  Metrics for Privacy !  Notice and Consent to Usage !  Privacy Engineering ◦  Modelling and Methodology ◦  Consent Tracking and Integration ◦  Programming Language Support !  Human Factors
  3. 3. Foundational Aspects of Privacy PrivacyLegal Economic Engineering Human Factors Foundations Legal is well-defined and well represented Economics realities of Privacy are similarly understood if not with absolute certainty Engineering aspects are now, finally, starting to be tackled in detail Human factors are known in the security domain, but less so in privacy engineering, cf: safety-critical system design The mathematical foundations are known but there is a huge semantic gap between this and the rest.
  4. 4. Privacy by <X> 7 Principles Privacy’s “Agile Manifesto” No implementation specified Tools, metrics and techniques for the practicing software engineer Process, metrics and techniques for the software engineering process well-definedundefined
  5. 5. Metrics Audits Complete Complexity Risk Compliance Management & Process Metrics Information Theory Metrics Software Engineering Metrics K-anonymyty L-diversity Differential Privacy Semantics ?Missing link Data set analysis, Data set combination BigData Analytics Metrics Anonymisation and Reidentification The implementation…
  6. 6. Notice and Consent !  Upfront admission of all currently known: ◦  Data points ◦  Purposes ◦  Usages ◦  Flows !  Requires: ◦  Frequent updates ◦  Active consent ◦  Consumer understanding ◦  Supplemental Notices
  7. 7. Notice and Consent !  Upfront admission of all currently known: ◦  Data points ◦  Purposes ◦  Usages ◦  Flows !  Requires: ◦  Frequent updates ◦  Active consent ◦  Consumer understanding ◦  Supplemental Notices !  Move away from N&C to active consumer participation !  Emphasis on usage of data !  Allows more freedom and granularity than N&C !  Consumer oriented
  8. 8. Notice and Consent !  Upfront admission of all currently known ◦  Data points ◦  Purposes ◦  Usages ◦  Flows !  Requires ◦  Frequent updates ◦  Active consent ◦  Consumer understanding ◦  Supplemental Notices !  Move away from N&C to active consumer participation !  Emphasis on usage of data !  Allows more freedom and granularity than N&C !  Consumer oriented !  Problem: ◦  How will this actually work? ◦  Legal Challenges
  9. 9. Privacy Engineering !  Modelling and Methodology ◦  Data Flow ◦  Ontologies for Privacy ◦  Analysis Techniques ◦  Definitions of Risk ◦  Definitions of Information Content ◦  Metrics!
  10. 10. Privacy Engineering !  Modelling and Methodology ◦  Data Flow ◦  Ontologies for Privacy ◦  Analysis Techniques ◦  Definitions of Risk ◦  Definitions of Information Content ◦  Metrics! !  Consent Tracking ◦  DNT 2.0? ◦  Formalisation and Semantics of consent (we have the languages: XACML etc) ◦  Usage based consent
  11. 11. Privacy Engineering !  Modelling and Methodology ◦  Data Flow ◦  Ontologies for Privacy ◦  Analysis Techniques ◦  Definitions of Risk ◦  Definitions of Information Content ◦  Metrics! !  Consent Tracking ◦  DNT 2.0? ◦  Formalisation and Semantics of consent (we have the languages: XACML etc) ◦  Usage based consent !  Programming Language Support ◦  Machine types to Information Types and Aspects ◦  Consent as “Type Checking” ◦  Dynamic Languages, Data Flow Languages (BigData)
  12. 12. Human Factors !  90% of Privacy Breaches are due to humans !  Phones, USB sticks, unencrypted laptops, poor access control, system configuration, misclassification of data, naivety, key management, cloud, data mixing and reidentification, etc etc etc… !  Learnings from Aviation,Anaesthesia, Surgery, Chemical Plant Design !  Privacy is a SAFTEY CRITICAL concern !  Change of culture Boeing Model 299 30 Oct 1935 WHO Surgical Safety Checklist (Provnost, Gawande et al)
  13. 13. Privacy & Customers !  Privacy inherent in the system design and functionality !  Consumer choice is always present through the data flows, by default and on demand: ◦  Identification ◦  Anonymisation ◦  Aggregation ◦  Forgetting !  Privacy is never a zero-sum game! !  Data quality improvement !  Enables the question “Why?!” Image ©2014 Innorange Oy, Used with permission
  14. 14. Contact Privacy Engineering – A Data Flow and Ontological Approach. Amazon, Early July 2014. ISBN 978-1497569713(print edition) PrivacyEngineeringBook.net Facebook.com/privacyengineering i_j_oliver http://ijosblog.blogspot.com Image ©2014 Innorange Oy, Used with permission
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×