Klebe Designing for Privacy
•
0 likes•554 views
This presentation was provided by Skott Klebe of EBSCO during the NISO Virtual Conference, Information Freedom, Ethics and Integrity, held on Wednesday, April 18, 2018.
More Related Content
Similar to Klebe Designing for Privacy
Similar to Klebe Designing for Privacy (20)
More from National Information Standards Organization (NISO)
More from National Information Standards Organization (NISO) (20)
Recently uploaded
Recently uploaded (20)
Klebe Designing for Privacy
- 1. z Designing for Privacy Skott Klebe Platform Security Architect EBSCO Information Services
- 2. z EBSCO Information Services § About EBSCO § Because EBSCO Information Services is a part of the information technology community, our needs are those of our customers. We’re dedicated to developing customizable services, supporting the technology needs of our customers and creating strong user experiences to help libraries and other institutions support their end users and improve access to information.
- 3. z Intro § Skott Klebe § Platform Security Architect § More than twenty years’ experience in security and compliance in academic publishing
- 4. z Importance of Privacy § Safety in ourselves § The identity trade – it’s forever § You may trust the first recipient, but you can’t trust everyone they trust § Example: Facebook § Accumulated a valuable asset: our online lives § Exposed it to any partner that signed an agreement § Seems to have made no attempt to enforce the agreement for years § Partner allegedly breached the agreement
- 5. z Attitudes toward personal information § US – personaldata is property* § You contract away use of it on almost every web page you look at § To the site owner § to partners of the site owner § to partners’ partners * SpecialCOPPA exception for children under 13 § EU – personaldata is like your body § Can’t contract it away – it’s always yours § GDPR forces processing information in ways that the owners continue to control it § Report § Correct § Forget § Sentiment derives from recent experience with repressive regimes
- 6. z Privacy in the News
- 7. z z How do we do better? Software doesn’t meet requirements without design, implementation,and testing Security and privacy are requirements Therefore, we must design, implement, and test for them
- 10. z Identification § Must be globally unique § Not my name § Must be able to be presented by me § A string I know – “skott” or “dude1879” § An object, like my computer or my phone § My fingerprint, face, or DNA § An IP address from a range associated with my institution § A cookie stored in my browser’s database Institutional identity
- 11. z Authentication § Something that only I can present § A secret § My fingerprint, retina, face, or DNA § My unlocked phone § Address from my institution’s IP range Institutional authentication
- 12. z Interaction § How a service communicates with me § Phone numbers § Email addresses § Screen name § Real name § How I communicate with other people who use the service § Screen name § Real name § E-mail address
- 13. z Personalization § My favorite… § Color scheme § Background image § My stored… § Shopping cart § Bookmarks § Saved searches § Folders
- 14. zz Enrichment § Search improvements § What do I mean by “apache”? § Recommendations § Books by which Stephen King?
- 15. zz Enrichment § History § What was I looking at yesterday? § Who said that to me?
- 16. z z z Real Product, By the Way
- 18. z Identity – the Tripartite Identity Pattern § 2008 design codified at Yahoo § Separation of concerns § Don’t display login ID’s as a name § Don’t use the login ID as the root key of every part of identity Internal Identifier 5271009 Login ID sklebe Screen Name “Skott from MA”
- 19. z Why We Try #1: The Buzz Disclosures § Before Google Plus, there was Google Buzz § If you had GMail, Google offered you a public Buzz identity § If you declined, they still turned parts of Buzz on for you § E.g., your friend graph § It you accepted, your e-mail contacts became your public social network
- 20. z Why We Try #1: The Buzz Disclosures § Private became Public § Your relationship to your therapist § Your current contact information to your ex or stalker § FTC consent order https://www.ftc.gov/news- events/press-releases/2011/10/ftc- gives-final-approval-settlement- google-over-buzz-rollout
- 21. z TIP in Practice – the core Internal Identifier 5271009 Login ID sklebe Screen Name “Skott from MA” Must be optional Session Token f123ab456fde Institution ID 159 Must be optional Demographics Home address, e.g. In libraries, we’re usually adding one or more layers of institution, and also authenticating the institution via IP.
- 22. z TIP in Practice: other associations Internal Identifier 5271009 Login ID sklebe Screen Name “Skott from MA” Session Token f123ab456fde Institution ID 159 Demographics Home address, e.g. We tie a number of other kinds of data to the identity as well.
- 23. z TIP in Practice: other associations Internal Identifier 5271009 Login ID sklebe Screen Name “Skott from MA” Session Token f123ab456fde Institution ID 159 Shopping cart 5271009 Toothbrush Toothpaste … Demographics Home address, e.g. We tie a number of other kinds of data to the identity as well.
- 24. z TIP in Practice: other associations Internal Identifier 5271009 Login ID sklebe Screen Name “Skott from MA” Session Token f123ab456fde Institution ID 159 Shopping cart 5271009 Toothbrush Toothpaste … Search History 5271009 helicopters web servers … Demographics Home address, e.g. We tie a number of other kinds of data to the identity as well.
- 25. z TIP in Practice: other associations Internal Identifier 5271009 Login ID sklebe Screen Name “Skott from MA” Session Token f123ab456fde Institution ID 159 Shopping cart 5271009 Toothbrush Toothpaste … Search History 5271009 helicopters web servers … Patron usage logs 5271009 Article 1 Article 2 … 6655321 Article 21 Article 22 … … Article 1 Article 2 … Demographics Home address, e.g. We tie a number of other kinds of data to the identity as well.
- 26. z TIP in Practice: other associations Internal Identifier 5271009 Login ID sklebe Screen Name “Skott from MA” Session Token f123ab456fde Institution ID 159 Shopping cart 5271009 Toothbrush Toothpaste … Search History 5271009 helicopters web servers … Patron usage logs 5271009 Article 1 Article 2 … 6655321 Article 21 Article 22 … … Article 1 Article 2 … Demographics Home address, e.g. Published Usage reports Journal 1 5 unique readers Journal 2 15 unique readers We tie a number of other kinds of data to the identity as well.
- 27. z TIP in Practice: forget me! Institution ID 159 Shopping cart 5271009 Toothbrush Toothpaste … Search History 5271009 helicopters web servers … Patron usage logs 5271009 Article 1 Article 2 … 6655321 Article 21 Article 22 … … Article 1 Article 2 … Internal Identifier 5271009 Login ID sklebe Screen Name “Skott from MA” Session Token f123ab456fde Demographics Home address, e.g. Usage reports Journal 1 5 unique readers Journal 2 15 unique readers Published
- 28. z TIP in Practice: forget me! Institution ID 159 Shopping cart 5271009 Toothbrush Toothpaste … Search History 5271009 helicopters web servers … Patron usage logs 5271009 Article 1 Article 2 … 6655321 Article 21 Article 22 … … Article 1 Article 2 … Internal Identifier 5271009 Login ID sklebe Screen Name “Skott from MA” Session Token f123ab456fde Demographics Home address, e.g. Usage reports Journal 1 5 unique readers Journal 2 15 unique readers Published
- 29. z TIP in Practice: forget me! Institution ID 159 Shopping cart 5271009 Toothbrush Toothpaste … Search History 5271009 helicopters web servers … Patron usage logs 5271009 Article 1 Article 2 … 6655321 Article 21 Article 22 … … Article 1 Article 2 … Internal Identifier 5271009 Usage reports Journal 1 5 unique readers Journal 2 15 unique readers Published
- 30. z TIP in Practice: forget me! Institution ID 159 Shopping cart 5271009 Toothbrush Toothpaste … Search History 5271009 helicopters web servers … Patron usage logs 5271009 Article 1 Article 2 … 6655321 Article 21 Article 22 … … Article 1 Article 2 … Internal Identifier 5271009 Usage reports Journal 1 5 unique readers Journal 2 15 unique readers Published We may want to avoid tying the cart and the search results
- 31. z TIP in Practice: additional diligence Internal Identifier 5271009 Login ID sklebe Screen Name “Skott from MA” Session Token f123ab456fde Institution ID 159 Shopping cart 330bd811f Toothbrush Toothpaste … Search History 0aef18542 helicopters web servers … Patron usage logs 5271009 Article 1 Article 2 … 6655321 Article 21 Article 22 … … Article 1 Article 2 … Demographics Home address, e.g. Published Usage reports Journal 1 5 unique readers Journal 2 15 unique readers hash(“cart-5271009”) hash(“search-5271009”) Mathematically impossible to tie to each other or the key Do we need to be concerned about the sensitivity of this kind of data?
- 32. z § AOL released a large set of anonymized user search history § Intended for researchers to improve understanding of search behaviors § Solving the ”Apache” problem, e.g. § The New York Times easily identified individuals § https://www.nytimes.com/2006/08/09/technolo gy/09aol.html § AOL apologized, deleted the data within days § Defended a class action lawsuit § The data is still available online Why We Try #2:
- 33. z z Takeaways
- 34. zObligations of System Design Understand the data • Could it harm the user? • When combined with something else? • When shared with a partner? 1 Think about privacy from the start • Can we delete this data without breaking? • Can we minimize retention? • Can we confine it in one place? • Can we involve a partner? 2 Don’t forget costs & risks of retention • Compliance • Liability • Keeping that data may be more expensive than deleting it 3