Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Introduction to Privacy and Privacy Engineering

1,423 views

Published on

Lecture slides on Privacy Engineering from the EIT Summer School held at Aalto University, Espoo, Finland, August 2014

Published in: Technology
  • Be the first to comment

Introduction to Privacy and Privacy Engineering

  1. 1. Introduction  to  Privacy     and  Privacy  Engineering     Dr.  Ian  Oliver   EIT  Summer  School,  August  2014,  Finland  
  2. 2. Contents   –  WHY  learn  about  privacy?   –  PHILOSOPHY  of  privacy   –  LEGAL  aspects  of  privacy   –  ENGINEERING  aspects  of  privacy   –  FOUNDATIONAL  aspects  of  privacy   –  Supporting  Material  
  3. 3. WHY   learn  about   privacy   –  The  dominating  issue  regarding  information  systems  at  the   moment   –  Increased  public  awareness  of  surveillance   –  Business  and  economic  reasons   –  Trust  
  4. 4. WHY   learn  about   privacy   –  The  dominating  issue  regarding  information  systems  at  the   moment   –  Increased  public  awareness  of  surveillance   –  Business  and  economic  reasons   –  Trust  
  5. 5. WHY   learn  about   privacy   –  The  dominating  issue  regarding  information  systems  at  the   moment   –  Increased  public  awareness  of  surveillance   –  Business  and  economic  reasons   –  Trust  
  6. 6. WHY   learn  about   privacy   –  The  dominating  issue  regarding  information  systems  at  the   moment   –  Increased  public  awareness  of  surveillance   –  Business  and  economic  reasons   –  Trust  
  7. 7. PHILOSOPHY  
  8. 8. PHILOSOPHY   –  The  Right  To  Be  Let  Alone   –  “The  Right  to  Privacy”  (Warren  and  Brandeis,  1890)  
  9. 9. PHILOSOPHY     –  From  where  comes  privacy?  
  10. 10. PHILOSOPHY   –  "a  person  may  be  identified  directly  by  name  or  indirectly  by  a   telephone  number,  a  car  registration  number,  a  social  security   number,  a  passport  number  or  by  a  combination  of  significant   criteria  which  allows  him  to  be  recognized  by  narrowing  down   the  group  to  which  he  belongs  (age,  occupation,  place  of   residence,  etc.)”   –  WP29:  Opinion  4/2007  on  the  concept  of  personal  data  
  11. 11. PHILOSOPHY     –  Does  ”privacy”  exist?   –  If  so,  what  does  it  mean?   –  If  not,  what  does  that  mean?  
  12. 12. PHILOSOPHY     –  Does  ”privacy”  exist?   –  If  so,  what  does  it  mean?   –  If  not,  what  does  that  mean?  
  13. 13. PHILOSOPHY     –  Does  ”privacy”  exist?   –  If  so,  what  does  it  mean?   –  If  not,  what  does  that  mean?  
  14. 14. PHILOSOPHY     Wisdom   Knowledge   Information   Data   Noise  
  15. 15. PHILOSOPHY     –  Discuss:   –  Personal  privacy   –  Information  privacy   –  Expectation  of  privacy  within  technology   –  Social  media,  sharing,  surveillance   –  ”Nothing  to  Fear,  Nothing  to  Hide”   –  Limits  of  privacy  and  the  acceptable  loss  of  privacy   –  Privacy  as  an  innovator  
  16. 16. PHILOSOPHY     –  Privacy  as:   –  A  Principle   –  A  Legal  Discipline   –  An  Engineering  Discpline   –  An  Economic  Aspect  
  17. 17. PHILOSOPHY     –  Privacy  by  Design  (PbD)  Principles   1.  Proactive  not  Reactive;  Preventative  not  Remedial   2.  Privacy  as  the  Default  Setting   3.  Privacy  Embedded  into  Design   4.  Full  Functionality  —  Positive-­‐Sum,  not  Zero-­‐Sum   5.  End-­‐to-­‐End  Security  —  Full  Lifecycle  Protection   6.  Visibility  and  Transparency  —  Keep  it  Open   7.  Respect  for  User  Privacy  —  Keep  it  User-­‐Centric   –  Semantic  Gap  Between  PbD  and  Engineering   We  concentrate   here  
  18. 18. LEGAL  
  19. 19. LEGAL       –  Terminology   –  Personal  Data  /  Personally  Identifiable  Data  (PII)   –  Sensitive  Data   –  Traffic  Data  
  20. 20. LEGAL       –  Compliance  and  Laws   –  EU  Data  Protection  /  WP29   –  US  Data  Protection   –  COPPA,  HIPPA,  SOX,  Safe  Harbor   –  Usage  and  Purpose  versus  Collection    
  21. 21. LEGAL       –  Specific  Examples   –  Privacy  Policies   –  Secondary  Data  Collection   –  Opt-­‐in  &  Opt-­‐out   –  Defaults   –  Necessity   –  Tracking   –  Browser  Cookies   –  Data  Transfers   –  Data  Retention   –  Conflicts   –  EU-­‐US  Data  Transfers   –  Encryption  or  not?   –  Trade  Compliance   –  Business  need  versus  Personal  need   –  Information  Assymetry    
  22. 22. ENGINEERING       –  Case  Study   –  Data  Flow  Modelling   –  Ontologies  and  Defintions   –  Requirements   –  Notice  and  Consent   –  Risk   –  PETS   –  Maxims  
  23. 23. ENGINEERING   case  study     Motivating  Example   High-­‐Level  View   Detailed  View  
  24. 24. Motivating  Example   High-­‐Level  View   Detailed  View   ENGINEERING   case  study    
  25. 25. Information  systems   …for  some  definition  of  information   ENGINEERING   an  analogy     Information  is  a  material  
  26. 26. ENGINEERING   data  flow     Data  Flow  Modelling   Basic  Syntax   Annotations:  protocols,  content  
  27. 27. ENGINEERING   data  flow     Data  Flow  Modelling   Basic  Syntax   Annotations:  protocols,  content  
  28. 28.   ENGINEERING   data  flow   example    
  29. 29. ENGINEERING   data  flow   example  
  30. 30. ENGINEERING   data  flow   example  
  31. 31. ENGINEERING   data  flow   example  
  32. 32. ENGINEERING   ontologies     Ontology  and  Terminology     The  mechanisms  by  which  languages  are  agreed  upon     Lawyer  –  Engineer  communication     Terminological  Defintions  
  33. 33. ENGINEERING   ontologies     What  do  the  following  statements  actually  mean?     Personal  Data     Personally  Identifiable  Data     Location  Data     Field     Data  set  
  34. 34. ENGINEERING   ontologies     Semantics  
  35. 35. ENGINEERING   ontologies   -­‐  modelling  
  36. 36. ENGINEERING   ontologies   -­‐  security   (  Unclassified  )   Secret   Confidential   Internal   Public  
  37. 37. ENGINEERING   ontologies   -­‐  information   –  Type  Theory   –  Information  type  vs  Machine  type/ Programming  language  type   –  Structures   –  Example,  is  {  lat:float,  long:float  }  a   –  Location   –  A  struct  of  two  reals?   –  Neither   –  Context  
  38. 38. ENGINEERING   ontologies   -­‐  identifiers  
  39. 39. ENGINEERING   ontologies   -­‐  further…  
  40. 40. ENGINEERING   ontologies   -­‐  identification   Unauthenticated   Observed   Authenticated   (*)   Proven  
  41. 41. ENGINEERING   identifiability  
  42. 42. ENGINEERING   requirements  
  43. 43. ENGINEERING   notice  &  consent  
  44. 44. ENGINEERING   notice  &  consent  
  45. 45. ENGINEERING   notice  &  consent  
  46. 46. ENGINEERING   notice  &  consent   –  Calculation  of  the  Agreement  from  the  DFD  
  47. 47. ENGINEERING   -­‐  risk  
  48. 48. ENGINEERING   -­‐  evaluating  risk   –  Failure  Mode  and  Effect  Analysis   –  Root  Cause  Analysis   –  STRIDE:  Threat  Assessment  
  49. 49. ENGINEERING   -­‐  PETS   –  Hashing   –  Encryption   –  Dataset  Partitioing   –  Tokenisation   –  k-­‐anonymity   –  l-­‐diversity,  t-­‐closeness,  differential  privacy   –  BASIC  GOOD  OLD  FASHIONED  SECURITY  
  50. 50. ENGINEERING   maxims     –  Don't  collect  what  you  don't  use   –  If  it  looks  like  PII,  it  probably  is  PII,  so  treat  it  as  PII   –  Don't  shock  the  user   –  Location  data  isn't  just  GPS  co-­‐ordinates   –  Good  security  does  not  mean  good  privacy,  but  good  privacy   doesn't  come  without  good  security   –  All  information  can  be  transformed  and  cross-­‐referenced  into   whatever  you  need   –  Security  through  Obscurity,  Privacy  through  PowerPoint  and   Policies...        
  51. 51. FOUNDATIONAL       –  Information  Theory   –  Syntax,  Semantics   –  Entopy  
  52. 52. PROJECT   EVALUATION     Demonstrate:     –  Understanding  of  who  the  data  subject  is   –  Where  the  data  is  flowing  for  various  use  cases  through  data  flow  modelling   –  What:   –  is  the  level  of  identification  of  the  data  subject   –  are  the  usages  and  purposes  of   –  are  the  information  types  being  carried   –  is  the  logical  architecture  or  structure  of  the  system   –  A  risk  analysis  based  on  the  given  taxonomy  of  risks  
  53. 53. SUPPORTING   MATERIAL     –  The  Privacy  Engineer's  Manifesto,  Dennedy,  Fox  &  Finneran     –  Understanding  Privacy,  Solove     –  Privacy  in  Context,  Nissenbaum     –  Applied  Cryptograpy,  Schneier  
  54. 54. SUPPORTING   MATERIAL     Ian  Oliver  (2014)     Privacy  Engineering:  A  Dataflow  and  Ontological  Approach     ISBN:9781497569713   Twitter:  @i_j_oliver   Blog:  http://ijosblog.blogspot.fi  
  55. 55. DISCUSSION     <<crossreferencing>> Thinking Local Knowledge References Lecturer<<data subject>> Audience <<speech, email, etc>> <<weird brain processes>> <<reading, listening>> <<neurons>> <<neurons>> <<speech, email, etc>> security class: Public information type: Content, Identity, Location, Temporal Identity: authenticated (1) Provenance: User Purpose: Primary Usage: Product Improvement, Future Human Lecturer YOU   ME  

×