Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Privacy Engineering
for
Today
Dr Ian Oliver
Nokia Bell Labs
Cooperation in CyberTrust WP4
1
Ian Oliver
DIMECC 15.11.2016
C...
2
Privacy is Dead
Ian Oliver
DIMECC 15.11.2016
Critical Enabling Technologies
3
Privacy is Dead
considered
harmful
Ian Oliver
DIMECC 15.11.2016
Critical Enabling Technologies
4
Privacy is Dead
Long Live Privacy!
Ian Oliver
DIMECC 15.11.2016
Critical Enabling Technologies
5
GDPR
Ian Oliver
DIMECC 15.11.2016
Critical Enabling Technologies
6
GDPR
Privacy Shield, HIPAA,COPPA,
ePrivacy Directive, EU Telco
Law, SOX...
Ian Oliver
DIMECC 15.11.2016
Critical Enablin...
7
GDPR
Compliance Risk Management
Ian Oliver
DIMECC 15.11.2016
Critical Enabling Technologies
8
GDPR
Compliance Risk Management
More good news: Not a regulated industry
Ian Oliver
DIMECC 15.11.2016
Critical Enabling ...
9
GDPR
Compliance Risk Management
More good news: Not a regulated industry ...... yet
Ian Oliver
DIMECC 15.11.2016
Critica...
10
GDPR
Compliance Risk Management
Bad news: We are not ready as an industry ... still
too focussed on legality, not cross...
11
Question:
how many of you DO NOT have a camera on your phone?
Ian Oliver
DIMECC 15.11.2016
Critical Enabling Technologi...
12
Ian Oliver
DIMECC 15.11.2016
Critical Enabling Technologies
13
Ian Oliver
DIMECC 15.11.2016
Critical Enabling Technologies
ID, LOC, PIC
14
Ian Oliver
DIMECC 15.11.2016
Critical Enabling Technologies
anon(ID, LOC, PIC)
Browser data
Layer 5,6,7
Layer 1,2,3,4
S...
15
Ian Oliver
DIMECC 15.11.2016
Critical Enabling Technologies
Oversharing
(nad privacy options)
”Interesting”
3rd party a...
16
System complexity driving innovation
Data
Collection
CellID->
Location
Data
Storage
Operator
Privacy
Preprocessing
Extr...
17
Nokia – New Business Drivers:
• From Privacy Law to Privacy Engineering
• Systems (of Systems) based approaches
• Commu...
18
Results:
• faster & safer ”legal” product development
• increased cross-discipline interaction => shorter devel time
• ...
19
One more important result:
Ian Oliver
DIMECC 15.11.2016
Critical Enabling Technologies
20
One more important result:
Customer Trust
Ian Oliver
DIMECC 15.11.2016
Critical Enabling Technologies
21
References:
• Ian Oliver (2016) Using Safety-Critical Concepts in Privacy Engineering. CrIM’16, Oulu
• Yoan Miche, Ian ...
Contact
ian.oliver@nokia-bell-
labs.com
ian.oliver@nokia-bell-labs.com
@i_j_oliver
Silke Holtmanns
DIMECC 14.11.2016
Cyber...
Upcoming SlideShare
Loading in …5
×

Privacy Engineering for Today

1,010 views

Published on

Presentation given to DIMECC 2016 conference, Helsinki, Finland on the subject of privacy, privacy engineering, privacy by design, innovation and customer trust.

  • Be the first to comment

  • Be the first to like this

Privacy Engineering for Today

  1. 1. Privacy Engineering for Today Dr Ian Oliver Nokia Bell Labs Cooperation in CyberTrust WP4 1 Ian Oliver DIMECC 15.11.2016 Critical Enabling Technologies
  2. 2. 2 Privacy is Dead Ian Oliver DIMECC 15.11.2016 Critical Enabling Technologies
  3. 3. 3 Privacy is Dead considered harmful Ian Oliver DIMECC 15.11.2016 Critical Enabling Technologies
  4. 4. 4 Privacy is Dead Long Live Privacy! Ian Oliver DIMECC 15.11.2016 Critical Enabling Technologies
  5. 5. 5 GDPR Ian Oliver DIMECC 15.11.2016 Critical Enabling Technologies
  6. 6. 6 GDPR Privacy Shield, HIPAA,COPPA, ePrivacy Directive, EU Telco Law, SOX... Ian Oliver DIMECC 15.11.2016 Critical Enabling Technologies
  7. 7. 7 GDPR Compliance Risk Management Ian Oliver DIMECC 15.11.2016 Critical Enabling Technologies
  8. 8. 8 GDPR Compliance Risk Management More good news: Not a regulated industry Ian Oliver DIMECC 15.11.2016 Critical Enabling Technologies
  9. 9. 9 GDPR Compliance Risk Management More good news: Not a regulated industry ...... yet Ian Oliver DIMECC 15.11.2016 Critical Enabling Technologies
  10. 10. 10 GDPR Compliance Risk Management Bad news: We are not ready as an industry ... still too focussed on legality, not cross-disciplines Ian Oliver DIMECC 15.11.2016 Critical Enabling Technologies
  11. 11. 11 Question: how many of you DO NOT have a camera on your phone? Ian Oliver DIMECC 15.11.2016 Critical Enabling Technologies
  12. 12. 12 Ian Oliver DIMECC 15.11.2016 Critical Enabling Technologies
  13. 13. 13 Ian Oliver DIMECC 15.11.2016 Critical Enabling Technologies ID, LOC, PIC
  14. 14. 14 Ian Oliver DIMECC 15.11.2016 Critical Enabling Technologies anon(ID, LOC, PIC) Browser data Layer 5,6,7 Layer 1,2,3,4 SS7/Diameter/LTE...
  15. 15. 15 Ian Oliver DIMECC 15.11.2016 Critical Enabling Technologies Oversharing (nad privacy options) ”Interesting” 3rd party analytics Information wants to the FREE!! Humans! Marketing... Keeping information forever...somewhere... Do you trust these people? NSA, CIA, FBI, GCHQ, MI5, KGB, 007 etc... Poor software/pri Your privacy policy is bad Device security Highly simplified points of privacy pain.
  16. 16. 16 System complexity driving innovation Data Collection CellID-> Location Data Storage Operator Privacy Preprocessing Extraction Hashing File Storage Raw Data Processing & Enrichment External Data External Cross- referencing Atomic Data Aggregation/ Report Generation Customer Reception Report Storage <<data subject>> Customer Ian Oliver DIMECC 15.11.2016 Critical Enabling Technologies
  17. 17. 17 Nokia – New Business Drivers: • From Privacy Law to Privacy Engineering • Systems (of Systems) based approaches • Communication & Ontologies • Telco, IoT, V2V, Core Network, Wellness, Critical Systems • Big Data to "Slow" Data • Culture: From Compliance to Risk Management to Trust • Machine Learning & Information Reconstruction • Trusted Geolocation and Data Sovereignty • Metrics & Mathematics – A General Theory of Privacy • Humans Ian Oliver DIMECC 15.11.2016 Critical Enabling Technologies
  18. 18. 18 Results: • faster & safer ”legal” product development • increased cross-discipline interaction => shorter devel time • improved data utilisation => better results, simpler compliance Tooling for: • system modelling • anonymisation, encryption – done correctly! • [meaningful] privacy metrics • privacy + machine learning • simpler compliance: ISO 291xx, FIPS, GDPR etc. • future tooling: blockchains, homomorphic encryption Ian Oliver DIMECC 15.11.2016 Critical Enabling Technologies
  19. 19. 19 One more important result: Ian Oliver DIMECC 15.11.2016 Critical Enabling Technologies
  20. 20. 20 One more important result: Customer Trust Ian Oliver DIMECC 15.11.2016 Critical Enabling Technologies
  21. 21. 21 References: • Ian Oliver (2016) Using Safety-Critical Concepts in Privacy Engineering. CrIM’16, Oulu • Yoan Miche, Ian Oliver, Aapo Kalliola, Silke Holtmanns, Anton Akusok, Amaury Lendasse (2016) Data Anonymization as a Vector Quantization Problem: Control over Privacy for Health Data. Privacy and Machine Learning, ARES 2016. • Ian Oliver (2016) Experiences in the Development and Usage of a Privacy Requirements Framework, Requirements Engineering 16, Beijing, Sept 2016 • Ian Oliver, Yoan Miche (2016) On the Development of A Metric for Quality of Information Content over Anonymised Data-Sets, Quatic 16, Portugal, Sept 2016 • Ian Oliver (2015) Privacy as a Safety Critical Concept. Keynote: 1st IEEE Workshop on Privacy Engineering. San Jose, USA • Ian Oliver (2014) Privacy Engineering: A Dataflow and Ontological Approach, ISBN: 978-1497569713 More material via SlideShare (ioliver76) Ian Oliver DIMECC 15.11.2016 Critical Enabling Technologies
  22. 22. Contact ian.oliver@nokia-bell- labs.com ian.oliver@nokia-bell-labs.com @i_j_oliver Silke Holtmanns DIMECC 14.11.2016 CyberTrust WP4 22

×