SlideShare a Scribd company logo

Don't ask, don't tell the virtues of privacy by design

Eleanor McHugh
Eleanor McHugh

This document discusses privacy by design and the virtues of not asking for or revealing unnecessary personal information. It provides a biography of Eleanor McHugh, an expert in privacy architecture, cryptography, and security. It then defines paranoia and discusses how justified suspicion of others is important in information security.

1 of 41
Download to read offline
DON'T ASK, DON'T TELL THE VIRTUES OF PRIVACY BY DESIGN Eleanor McHugh
Cryptographer Security Architect Physicist Privacy Architecture 1998 PKI elliptic curves satellite PSN 1999 π-calculus VM 2000 control networks 2001 mobile identity secure documents 2003 ENUM 2006 dotTel hybrid encryption 2007 encrypted DNS 2010 concurrent VM 2011 national eID 2012 encrypted SQL privacy by design 2014 uPass 2017 Identity Lab
paranoia Pronunciation: /ˌparəˈnɔɪə/ noun {mass noun} A mental condition characterized by delusions of persecution, unwarranted jealousy, or exaggerated self-importance, typically worked into an organized system. It may be an aspect of chronic personality disorder, of drug abuse, or of a serious condition such as schizophrenia in which the person loses touch with reality. Unjustified suspicion and mistrust of other people: mild paranoia afflicts all prime ministers
Wheneve personal consent f by demandcircling of top-tier law gh=profile test cases for irst rulings likely to be er 2018. Big name ongst those feeling the regulation’s bite. Whenever your organisation If this weren’t on the subjects of pr
he Payment Card ndustry’s PSD2 which aim to safe- uard privacy and educe security reaches. You already nderstand how ou need to use dentity to service he needs of your usiness and ustomers, the uestion is how do ou adapt existing olutions to regulation’s bite. Whenever your organisation processes personal data for individuals living in the EU the GDPR rules and restrictions apply even if that processing happens in another jurisdiction. Personal data "If your organisation can't demonstrate that good data protection is a cornerstone of your business policy and practices, you're leaving your organisation open to enforcement action that can damage both public reputation and bank balance." — Elizabeth Denham, Information Commissioner
9
as an aggressive marketeer I want to access your visitor data to guess who might pay for miracle product X don’t make my life difficult if it affects sales I’m higher up the food chain than you! insider threat
as a disgruntled employee I want to access your service to make you pay for the pain I’m feeling I’ve had privileged access in the past and you’re too dumb to have cancelled it insider threat
as a script kiddie I want to access your service because it’s a rush to break into your stuff I’ve lots of different scripts to play with coz all lolz belong to us external threat
as an online fraudster I want to access your service so I can steal credentials and data if that’s hard I’ll move onto a fresh target there’s always another sucker ripe for scamming external threat
as a malicious attacker I want to access your service to monitor user behaviour and steal identities I’m waaaay more skilled than your team and I’m being paid for results external threat
as a system administration I want to roll-back errors and monitor security breaches so I can protect my users and my business from fraud or loss but it’s okay if I can only see data relevant to a particular incident so that I know the bare minimum about you or any other user
as a law enforcement officer I want to perform lawful interception queries so I can catch criminals and terrorists but it’s okay if you control my access and require court orders so that criminal investigate is never a cover for political oppression
as a regulator I want to ensure this service complies with all applicable rules so I can catch prove that the service is trustworthy and legitimate but it’s okay if you restrict my access to how you operate this service so that I know neither your users nor their interactions
www.inidsol.uk
www.inidsol.uk
www.inidsol.uk
anonymity pseudonymity
anonymity pseudonymity
anonymity pseudonymity
anonymity pseudonymity
anonymity pseudonymity
anonymity pseudonymity
www.inidsol.uk
www.inidsol.uk how not to do end-to-end encryption followthe breadcrumbs
www.inidsol.uk
www.inidsol.uk
paranoia Pronunciation: /ˌparəˈnɔɪə/ noun {mass noun} The perfectly reasonable belief that someone, somewhere is watching your online behaviour with malicious and/or voyeuristic intent. It may be a result of reading a Hacking Exposed or Hacking for Dummies publication, experiencing the fallout from identity theft, or shopping with bitcoin. Justified suspicion and mistrust of other people: chronic paranoia afflicts all information security professionals accute paranoia afflicts the victims of hacking
some basic rules users are only customers if they register and you should know your customers well enough to help them but your customers own their identity so never compromise it secure all transports and storage where their data may exist give them final say over what data you store and for how long and definitely don’t give or sell their data to third parties! http://slides.games-with-brains.net
DON'T ASK, DON'T TELL THE VIRTUES OF PRIVACY BY DESIGN Eleanor McHugh

Recommended

ECSM 2021 - Ce faci dacă ți-au fost sparte conturile de social media
ECSM 2021 - Ce faci dacă ți-au fost sparte conturile de social media ECSM 2021 - Ce faci dacă ți-au fost sparte conturile de social media
ECSM 2021 - Ce faci dacă ți-au fost sparte conturile de social media
One-IT
 
ECSM 2021 - Sfaturi pentru a te proteja în mediul online
ECSM 2021 - Sfaturi pentru a te proteja în mediul online ECSM 2021 - Sfaturi pentru a te proteja în mediul online
ECSM 2021 - Sfaturi pentru a te proteja în mediul online
One-IT
 
How to incrementally improve Sanctions Screening with AI
How to incrementally improve Sanctions Screening with AIHow to incrementally improve Sanctions Screening with AI
How to incrementally improve Sanctions Screening with AI
BLECKWEN
 
ECSM - Ce faci dacă ți-au fost compromise conturile bancare
ECSM - Ce faci dacă ți-au fost compromise conturile bancareECSM - Ce faci dacă ți-au fost compromise conturile bancare
ECSM - Ce faci dacă ți-au fost compromise conturile bancare
One-IT
 
Ian david lazar
Ian david lazarIan david lazar
Ian david lazar
Ian David Lazar
 
Scams will never stop
Scams will never stopScams will never stop
Scams will never stop
Oregon Law Practice Management
 
Internet fraud and identity theft
Internet fraud and identity theftInternet fraud and identity theft
Internet fraud and identity theftSara Gallaher Richardson
 
SpyFly Background Checks Services Help Center
SpyFly Background Checks Services Help CenterSpyFly Background Checks Services Help Center
SpyFly Background Checks Services Help Center
Spyfly
 

Recommended

ECSM 2021 - Ce faci dacă ți-au fost sparte conturile de social media
ECSM 2021 - Ce faci dacă ți-au fost sparte conturile de social media ECSM 2021 - Ce faci dacă ți-au fost sparte conturile de social media
ECSM 2021 - Ce faci dacă ți-au fost sparte conturile de social media
One-IT
 
ECSM 2021 - Sfaturi pentru a te proteja în mediul online
ECSM 2021 - Sfaturi pentru a te proteja în mediul online ECSM 2021 - Sfaturi pentru a te proteja în mediul online
ECSM 2021 - Sfaturi pentru a te proteja în mediul online
One-IT
 
How to incrementally improve Sanctions Screening with AI
How to incrementally improve Sanctions Screening with AIHow to incrementally improve Sanctions Screening with AI
How to incrementally improve Sanctions Screening with AI
BLECKWEN
 
ECSM - Ce faci dacă ți-au fost compromise conturile bancare
ECSM - Ce faci dacă ți-au fost compromise conturile bancareECSM - Ce faci dacă ți-au fost compromise conturile bancare
ECSM - Ce faci dacă ți-au fost compromise conturile bancare
One-IT
 
Ian david lazar
Ian david lazarIan david lazar
Ian david lazar
Ian David Lazar
 
Scams will never stop
Scams will never stopScams will never stop
Scams will never stop
Oregon Law Practice Management
 
Internet fraud and identity theft
Internet fraud and identity theftInternet fraud and identity theft
Internet fraud and identity theftSara Gallaher Richardson
 
SpyFly Background Checks Services Help Center
SpyFly Background Checks Services Help CenterSpyFly Background Checks Services Help Center
SpyFly Background Checks Services Help Center
Spyfly
 
Privacy is always a requirement
Privacy is always a requirementPrivacy is always a requirement
Privacy is always a requirement
Eleanor McHugh
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
Pardeep Kumar
 
Don't Ask, Don't Tell - The Virtues of Privacy By Design
Don't Ask, Don't Tell - The Virtues of Privacy By DesignDon't Ask, Don't Tell - The Virtues of Privacy By Design
Don't Ask, Don't Tell - The Virtues of Privacy By Design
Eleanor McHugh
 
Trail Of Tears Persuasive Essay
Trail Of Tears Persuasive EssayTrail Of Tears Persuasive Essay
Trail Of Tears Persuasive Essay
Rosita Cipriano
 
How to Avoid Crypto Scams - Crypto JBro
How to Avoid Crypto Scams - Crypto JBroHow to Avoid Crypto Scams - Crypto JBro
How to Avoid Crypto Scams - Crypto JBro
Jared Broker
 
Fraud Awareness Guide for Individuals
Fraud Awareness Guide for IndividualsFraud Awareness Guide for Individuals
Fraud Awareness Guide for Individuals
Shred Station
 
Certificates pink programming
Certificates pink programmingCertificates pink programming
Certificates pink programming
Jenny Dybedahl
 
Legal and cybersecurity issues in whistleblowing (Panama Papers)
Legal and cybersecurity issues in whistleblowing (Panama Papers)Legal and cybersecurity issues in whistleblowing (Panama Papers)
Legal and cybersecurity issues in whistleblowing (Panama Papers)
Benjamin Ang
 
National Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationNational Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness Presentation
Jamie Proctor-Brassard
 
Cyber crime
Cyber crimeCyber crime
Cyber crimeDurban Chamber of Commerce and Industry
 
Slideshow - Lil Rat
Slideshow - Lil RatSlideshow - Lil Rat
Slideshow - Lil Ratmegg16
 
Who is the digital you?
Who is the digital you?Who is the digital you?
Who is the digital you?
Tony Fish
 
Internet Security
Internet SecurityInternet Security
Internet Security
Avnish Jain
 
IST Presentation
IST PresentationIST Presentation
IST Presentation
guest1d1ed5
 
Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?
JamRivera1
 
E commerce-securityy
E commerce-securityyE commerce-securityy
E commerce-securityy
JulianEvangelista1
 
disscussion reply to the question asked from students minimum words .docx
disscussion reply to the question asked from students minimum words .docxdisscussion reply to the question asked from students minimum words .docx
disscussion reply to the question asked from students minimum words .docx
jameywaughj
 
Misuse of personal information
Misuse of personal informationMisuse of personal information
Misuse of personal information
Zev Aidikoff
 
Why use private proxy presentation
Why use private proxy presentationWhy use private proxy presentation
Why use private proxy presentationFaeriMoon2
 
Cyber crimes & cyber security
Cyber crimes & cyber securityCyber crimes & cyber security
Cyber crimes & cyber security
DR. Hossam Elshenraki
 
[2023] Putting the R! in R&D.pdf
[2023] Putting the R! in R&D.pdf[2023] Putting the R! in R&D.pdf
[2023] Putting the R! in R&D.pdf
Eleanor McHugh
 
Generics, Reflection, and Efficient Collections
Generics, Reflection, and Efficient CollectionsGenerics, Reflection, and Efficient Collections
Generics, Reflection, and Efficient Collections
Eleanor McHugh
 

More Related Content

Similar to Don't ask, don't tell the virtues of privacy by design

Privacy is always a requirement
Privacy is always a requirementPrivacy is always a requirement
Privacy is always a requirement
Eleanor McHugh
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
Pardeep Kumar
 
Don't Ask, Don't Tell - The Virtues of Privacy By Design
Don't Ask, Don't Tell - The Virtues of Privacy By DesignDon't Ask, Don't Tell - The Virtues of Privacy By Design
Don't Ask, Don't Tell - The Virtues of Privacy By Design
Eleanor McHugh
 
Trail Of Tears Persuasive Essay
Trail Of Tears Persuasive EssayTrail Of Tears Persuasive Essay
Trail Of Tears Persuasive Essay
Rosita Cipriano
 
How to Avoid Crypto Scams - Crypto JBro
How to Avoid Crypto Scams - Crypto JBroHow to Avoid Crypto Scams - Crypto JBro
How to Avoid Crypto Scams - Crypto JBro
Jared Broker
 
Fraud Awareness Guide for Individuals
Fraud Awareness Guide for IndividualsFraud Awareness Guide for Individuals
Fraud Awareness Guide for Individuals
Shred Station
 
Certificates pink programming
Certificates pink programmingCertificates pink programming
Certificates pink programming
Jenny Dybedahl
 
Legal and cybersecurity issues in whistleblowing (Panama Papers)
Legal and cybersecurity issues in whistleblowing (Panama Papers)Legal and cybersecurity issues in whistleblowing (Panama Papers)
Legal and cybersecurity issues in whistleblowing (Panama Papers)
Benjamin Ang
 
National Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationNational Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness Presentation
Jamie Proctor-Brassard
 
Slideshow - Lil Rat
Slideshow - Lil RatSlideshow - Lil Rat
Slideshow - Lil Ratmegg16
 
Who is the digital you?
Who is the digital you?Who is the digital you?
Who is the digital you?
Tony Fish
 
Internet Security
Internet SecurityInternet Security
Internet Security
Avnish Jain
 
IST Presentation
IST PresentationIST Presentation
IST Presentation
guest1d1ed5
 
Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?
JamRivera1
 
E commerce-securityy
E commerce-securityyE commerce-securityy
E commerce-securityy
JulianEvangelista1
 
disscussion reply to the question asked from students minimum words .docx
disscussion reply to the question asked from students minimum words .docxdisscussion reply to the question asked from students minimum words .docx
disscussion reply to the question asked from students minimum words .docx
jameywaughj
 
Misuse of personal information
Misuse of personal informationMisuse of personal information
Misuse of personal information
Zev Aidikoff
 
Why use private proxy presentation
Why use private proxy presentationWhy use private proxy presentation
Why use private proxy presentationFaeriMoon2
 
Cyber crimes & cyber security
Cyber crimes & cyber securityCyber crimes & cyber security
Cyber crimes & cyber security
DR. Hossam Elshenraki
 

Similar to Don't ask, don't tell the virtues of privacy by design (20)

Privacy is always a requirement
Privacy is always a requirementPrivacy is always a requirement
Privacy is always a requirement
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Don't Ask, Don't Tell - The Virtues of Privacy By Design
Don't Ask, Don't Tell - The Virtues of Privacy By DesignDon't Ask, Don't Tell - The Virtues of Privacy By Design
Don't Ask, Don't Tell - The Virtues of Privacy By Design
 
Trail Of Tears Persuasive Essay
Trail Of Tears Persuasive EssayTrail Of Tears Persuasive Essay
Trail Of Tears Persuasive Essay
 
How to Avoid Crypto Scams - Crypto JBro
How to Avoid Crypto Scams - Crypto JBroHow to Avoid Crypto Scams - Crypto JBro
How to Avoid Crypto Scams - Crypto JBro
 
Fraud Awareness Guide for Individuals
Fraud Awareness Guide for IndividualsFraud Awareness Guide for Individuals
Fraud Awareness Guide for Individuals
 
Certificates pink programming
Certificates pink programmingCertificates pink programming
Certificates pink programming
 
Legal and cybersecurity issues in whistleblowing (Panama Papers)
Legal and cybersecurity issues in whistleblowing (Panama Papers)Legal and cybersecurity issues in whistleblowing (Panama Papers)
Legal and cybersecurity issues in whistleblowing (Panama Papers)
 
National Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationNational Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness Presentation
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Slideshow - Lil Rat
Slideshow - Lil RatSlideshow - Lil Rat
Slideshow - Lil Rat
 
Who is the digital you?
Who is the digital you?Who is the digital you?
Who is the digital you?
 
Internet Security
Internet SecurityInternet Security
Internet Security
 
IST Presentation
IST PresentationIST Presentation
IST Presentation
 
Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?
 
E commerce-securityy
E commerce-securityyE commerce-securityy
E commerce-securityy
 
disscussion reply to the question asked from students minimum words .docx
disscussion reply to the question asked from students minimum words .docxdisscussion reply to the question asked from students minimum words .docx
disscussion reply to the question asked from students minimum words .docx
 
Misuse of personal information
Misuse of personal informationMisuse of personal information
Misuse of personal information
 
Why use private proxy presentation
Why use private proxy presentationWhy use private proxy presentation
Why use private proxy presentation
 
Cyber crimes & cyber security
Cyber crimes & cyber securityCyber crimes & cyber security
Cyber crimes & cyber security
 

More from Eleanor McHugh

[2023] Putting the R! in R&D.pdf
[2023] Putting the R! in R&D.pdf[2023] Putting the R! in R&D.pdf
[2023] Putting the R! in R&D.pdf
Eleanor McHugh
 
Generics, Reflection, and Efficient Collections
Generics, Reflection, and Efficient CollectionsGenerics, Reflection, and Efficient Collections
Generics, Reflection, and Efficient Collections
Eleanor McHugh
 
The Relevance of Liveness - Biometrics and Data Integrity
The Relevance of Liveness - Biometrics and Data IntegrityThe Relevance of Liveness - Biometrics and Data Integrity
The Relevance of Liveness - Biometrics and Data Integrity
Eleanor McHugh
 
The Browser Environment - A Systems Programmer's Perspective [sinatra edition]
The Browser Environment - A Systems Programmer's Perspective [sinatra edition]The Browser Environment - A Systems Programmer's Perspective [sinatra edition]
The Browser Environment - A Systems Programmer's Perspective [sinatra edition]
Eleanor McHugh
 
The Browser Environment - A Systems Programmer's Perspective
The Browser Environment - A Systems Programmer's PerspectiveThe Browser Environment - A Systems Programmer's Perspective
The Browser Environment - A Systems Programmer's Perspective
Eleanor McHugh
 
Go for the paranoid network programmer, 3rd edition
Go for the paranoid network programmer, 3rd editionGo for the paranoid network programmer, 3rd edition
Go for the paranoid network programmer, 3rd edition
Eleanor McHugh
 
An introduction to functional programming with Go [redux]
An introduction to functional programming with Go [redux]An introduction to functional programming with Go [redux]
An introduction to functional programming with Go [redux]
Eleanor McHugh
 
An introduction to functional programming with go
An introduction to functional programming with goAn introduction to functional programming with go
An introduction to functional programming with go
Eleanor McHugh
 
Implementing virtual machines in go & c 2018 redux
Implementing virtual machines in go & c 2018 reduxImplementing virtual machines in go & c 2018 redux
Implementing virtual machines in go & c 2018 redux
Eleanor McHugh
 
Identity & trust in Monitored Spaces
Identity & trust in Monitored SpacesIdentity & trust in Monitored Spaces
Identity & trust in Monitored Spaces
Eleanor McHugh
 
Anonymity, identity, trust
Anonymity, identity, trustAnonymity, identity, trust
Anonymity, identity, trust
Eleanor McHugh
 
Going Loopy - Adventures in Iteration with Google Go
Going Loopy - Adventures in Iteration with Google GoGoing Loopy - Adventures in Iteration with Google Go
Going Loopy - Adventures in Iteration with Google Go
Eleanor McHugh
 
Distributed Ledgers: Anonymity & Immutability at Scale
Distributed Ledgers: Anonymity & Immutability at ScaleDistributed Ledgers: Anonymity & Immutability at Scale
Distributed Ledgers: Anonymity & Immutability at Scale
Eleanor McHugh
 
Hello Go
Hello GoHello Go
Hello Go
Eleanor McHugh
 
Go for the paranoid network programmer, 2nd edition
Go for the paranoid network programmer, 2nd editionGo for the paranoid network programmer, 2nd edition
Go for the paranoid network programmer, 2nd edition
Eleanor McHugh
 
Going Loopy: Adventures in Iteration with Go
Going Loopy: Adventures in Iteration with GoGoing Loopy: Adventures in Iteration with Go
Going Loopy: Adventures in Iteration with Go
Eleanor McHugh
 
Finding a useful outlet for my many Adventures in go
Finding a useful outlet for my many Adventures in goFinding a useful outlet for my many Adventures in go
Finding a useful outlet for my many Adventures in go
Eleanor McHugh
 
Anonymity, trust, accountability
Anonymity, trust, accountabilityAnonymity, trust, accountability
Anonymity, trust, accountability
Eleanor McHugh
 
Implementing Virtual Machines in Go & C
Implementing Virtual Machines in Go & CImplementing Virtual Machines in Go & C
Implementing Virtual Machines in Go & C
Eleanor McHugh
 
Implementing Virtual Machines in Ruby & C
Implementing Virtual Machines in Ruby & CImplementing Virtual Machines in Ruby & C
Implementing Virtual Machines in Ruby & C
Eleanor McHugh
 

More from Eleanor McHugh (20)

[2023] Putting the R! in R&D.pdf
[2023] Putting the R! in R&D.pdf[2023] Putting the R! in R&D.pdf
[2023] Putting the R! in R&D.pdf
 
Generics, Reflection, and Efficient Collections
Generics, Reflection, and Efficient CollectionsGenerics, Reflection, and Efficient Collections
Generics, Reflection, and Efficient Collections
 
The Relevance of Liveness - Biometrics and Data Integrity
The Relevance of Liveness - Biometrics and Data IntegrityThe Relevance of Liveness - Biometrics and Data Integrity
The Relevance of Liveness - Biometrics and Data Integrity
 
The Browser Environment - A Systems Programmer's Perspective [sinatra edition]
The Browser Environment - A Systems Programmer's Perspective [sinatra edition]The Browser Environment - A Systems Programmer's Perspective [sinatra edition]
The Browser Environment - A Systems Programmer's Perspective [sinatra edition]
 
The Browser Environment - A Systems Programmer's Perspective
The Browser Environment - A Systems Programmer's PerspectiveThe Browser Environment - A Systems Programmer's Perspective
The Browser Environment - A Systems Programmer's Perspective
 
Go for the paranoid network programmer, 3rd edition
Go for the paranoid network programmer, 3rd editionGo for the paranoid network programmer, 3rd edition
Go for the paranoid network programmer, 3rd edition
 
An introduction to functional programming with Go [redux]
An introduction to functional programming with Go [redux]An introduction to functional programming with Go [redux]
An introduction to functional programming with Go [redux]
 
An introduction to functional programming with go
An introduction to functional programming with goAn introduction to functional programming with go
An introduction to functional programming with go
 
Implementing virtual machines in go & c 2018 redux
Implementing virtual machines in go & c 2018 reduxImplementing virtual machines in go & c 2018 redux
Implementing virtual machines in go & c 2018 redux
 
Identity & trust in Monitored Spaces
Identity & trust in Monitored SpacesIdentity & trust in Monitored Spaces
Identity & trust in Monitored Spaces
 
Anonymity, identity, trust
Anonymity, identity, trustAnonymity, identity, trust
Anonymity, identity, trust
 
Going Loopy - Adventures in Iteration with Google Go
Going Loopy - Adventures in Iteration with Google GoGoing Loopy - Adventures in Iteration with Google Go
Going Loopy - Adventures in Iteration with Google Go
 
Distributed Ledgers: Anonymity & Immutability at Scale
Distributed Ledgers: Anonymity & Immutability at ScaleDistributed Ledgers: Anonymity & Immutability at Scale
Distributed Ledgers: Anonymity & Immutability at Scale
 
Hello Go
Hello GoHello Go
Hello Go
 
Go for the paranoid network programmer, 2nd edition
Go for the paranoid network programmer, 2nd editionGo for the paranoid network programmer, 2nd edition
Go for the paranoid network programmer, 2nd edition
 
Going Loopy: Adventures in Iteration with Go
Going Loopy: Adventures in Iteration with GoGoing Loopy: Adventures in Iteration with Go
Going Loopy: Adventures in Iteration with Go
 
Finding a useful outlet for my many Adventures in go
Finding a useful outlet for my many Adventures in goFinding a useful outlet for my many Adventures in go
Finding a useful outlet for my many Adventures in go
 
Anonymity, trust, accountability
Anonymity, trust, accountabilityAnonymity, trust, accountability
Anonymity, trust, accountability
 
Implementing Virtual Machines in Go & C
Implementing Virtual Machines in Go & CImplementing Virtual Machines in Go & C
Implementing Virtual Machines in Go & C
 
Implementing Virtual Machines in Ruby & C
Implementing Virtual Machines in Ruby & CImplementing Virtual Machines in Ruby & C
Implementing Virtual Machines in Ruby & C
 

Recently uploaded

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 

Recently uploaded (20)

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 

Don't ask, don't tell the virtues of privacy by design

  • 1. DON'T ASK, DON'T TELL THE VIRTUES OF PRIVACY BY DESIGN Eleanor McHugh
  • 2. Cryptographer Security Architect Physicist Privacy Architecture 1998 PKI elliptic curves satellite PSN 1999 π-calculus VM 2000 control networks 2001 mobile identity secure documents 2003 ENUM 2006 dotTel hybrid encryption 2007 encrypted DNS 2010 concurrent VM 2011 national eID 2012 encrypted SQL privacy by design 2014 uPass 2017 Identity Lab
  • 3. paranoia Pronunciation: /ˌparəˈnɔɪə/ noun {mass noun} A mental condition characterized by delusions of persecution, unwarranted jealousy, or exaggerated self-importance, typically worked into an organized system. It may be an aspect of chronic personality disorder, of drug abuse, or of a serious condition such as schizophrenia in which the person loses touch with reality. Unjustified suspicion and mistrust of other people: mild paranoia afflicts all prime ministers
  • 4. Wheneve personal consent f by demandcircling of top-tier law gh=profile test cases for irst rulings likely to be er 2018. Big name ongst those feeling the regulation’s bite. Whenever your organisation If this weren’t on the subjects of pr
  • 5. he Payment Card ndustry’s PSD2 which aim to safe- uard privacy and educe security reaches. You already nderstand how ou need to use dentity to service he needs of your usiness and ustomers, the uestion is how do ou adapt existing olutions to regulation’s bite. Whenever your organisation processes personal data for individuals living in the EU the GDPR rules and restrictions apply even if that processing happens in another jurisdiction. Personal data "If your organisation can't demonstrate that good data protection is a cornerstone of your business policy and practices, you're leaving your organisation open to enforcement action that can damage both public reputation and bank balance." — Elizabeth Denham, Information Commissioner
  • 6.
  • 7.
  • 8.
  • 9. 9
  • 10. as an aggressive marketeer I want to access your visitor data to guess who might pay for miracle product X don’t make my life difficult if it affects sales I’m higher up the food chain than you! insider threat
  • 11. as a disgruntled employee I want to access your service to make you pay for the pain I’m feeling I’ve had privileged access in the past and you’re too dumb to have cancelled it insider threat
  • 12. as a script kiddie I want to access your service because it’s a rush to break into your stuff I’ve lots of different scripts to play with coz all lolz belong to us external threat
  • 13. as an online fraudster I want to access your service so I can steal credentials and data if that’s hard I’ll move onto a fresh target there’s always another sucker ripe for scamming external threat
  • 14. as a malicious attacker I want to access your service to monitor user behaviour and steal identities I’m waaaay more skilled than your team and I’m being paid for results external threat
  • 15. as a system administration I want to roll-back errors and monitor security breaches so I can protect my users and my business from fraud or loss but it’s okay if I can only see data relevant to a particular incident so that I know the bare minimum about you or any other user
  • 16. as a law enforcement officer I want to perform lawful interception queries so I can catch criminals and terrorists but it’s okay if you control my access and require court orders so that criminal investigate is never a cover for political oppression
  • 17. as a regulator I want to ensure this service complies with all applicable rules so I can catch prove that the service is trustworthy and legitimate but it’s okay if you restrict my access to how you operate this service so that I know neither your users nor their interactions
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 27.
  • 36. www.inidsol.uk how not to do end-to-end encryption followthe breadcrumbs
  • 39. paranoia Pronunciation: /ˌparəˈnɔɪə/ noun {mass noun} The perfectly reasonable belief that someone, somewhere is watching your online behaviour with malicious and/or voyeuristic intent. It may be a result of reading a Hacking Exposed or Hacking for Dummies publication, experiencing the fallout from identity theft, or shopping with bitcoin. Justified suspicion and mistrust of other people: chronic paranoia afflicts all information security professionals accute paranoia afflicts the victims of hacking
  • 40. some basic rules users are only customers if they register and you should know your customers well enough to help them but your customers own their identity so never compromise it secure all transports and storage where their data may exist give them final say over what data you store and for how long and definitely don’t give or sell their data to third parties! http://slides.games-with-brains.net
  • 41. DON'T ASK, DON'T TELL THE VIRTUES OF PRIVACY BY DESIGN Eleanor McHugh