engineering privacy by design
play

Engineering Privacy By Design Seda Grses COSIC, ESAT K.U. Leuven - PowerPoint PPT Presentation

Oct 06, 2022 •838 likes •1.48k views

Engineering Privacy By Design Seda Grses COSIC, ESAT K.U. Leuven Belgium 1 Outline - Introduction and Approach - Privacy Requirements Definition Problem - Privacy Requirements Analysis Problem - Policy and Compliance - Privacy By Design -

  1. Engineering Privacy By Design Seda Gürses COSIC, ESAT K.U. Leuven Belgium 1

  2. Outline - Introduction and Approach - Privacy Requirements Definition Problem - Privacy Requirements Analysis Problem - Policy and Compliance - Privacy By Design - Data Minimization - Conclusion 2 2

  3. privacy? - what is privacy? - what are privacy requirements? - in security engineering: confidentiality 3 3

  4. online social networks (SNS) 4 4

  5. 100m 350m 500m 680m 50m 12m 5m 1m universal 1 in 5 divorces User “ comment ” and telephone due to numbers and “ send ” buttons on facebook data addresses 50K sites in addition revealed to Third Parties to “ like ” NHS Discriminatory Behavioral Profiling reveals data to Facebook User IDs revealed to Homeland Security cyberbullying bans Third Parties protests friends Aliens protests Canadian Privacy Commissioner protests FACECLOAK user 50.000 in 3 days NOYB BEACON friends lists 740.000 SCRAMBLE voting newsfeed chat protests Mobile facebook unlimited leak google xss attacks Facebook API 1.600.000 CONNECTIONS license to Highschools LIVE FEED Facebook PUBLIC user content 2011 2004 2005 2006 2007 2008 2009 2010 5 5

  6. - all of these are (somehow) about privacy and the design of the system - how do we deal with these issues when developing systems? - specifically: during requirements engineering 6 6

  7. Zave and Jackson Model of RE ENVIRONMENT SYSTEM - domain assumptions describe the behavior of the environment as it is - requirements are statements about the desired conditions in an environment - specification is a restricted form of requirement providing enough information for the engineer to implement the system 7 7

  8. requirements - functional requirements state the desired behavior of the environment - non-functional requirements either constrain the behavior of the environment or define certain desired qualities of the environment 8 8

  9. multilateral privacy requirements engineering - reconcile: - privacy notions (legal & surveillance studies) - privacy solutions (computer science) - in a social context - multilaterally - during requirements engineering 9 9

  10. data protection privacy 10 10

  11. data protection privacy non-absolute contextual relational opacity of the individual 10 10

  12. data protection privacy non-absolute contextual procedural safeguards relational accountability transparency opacity of the individual personal data 10 10

  13. surveillance studies 11 11

  14. surveillance studies surveillance 11 11

  15. surveillance studies surveillance dataveillance covaillance sousveillance 11 11

  16. privacy requirements definition subjectivity lack of contrivability lack of satisfiability universality legal compliance agonism negotiability counter - factuality environmental factors temporality 12 12

  17. multilateral privacy requirements engineering - reconcile: - privacy notions (legal & surveillance studies) - privacy solutions (computer science) - in a social context - multilaterally - during requirements engineering 13 13

  18. solutions from privacy research data Differential confidentiality anonymous Privacy database communications anonymization anonymous Discrimination certificates aware data mining IDMS anonymous Feedback and certificates Awareness Systems Privacy Policy Languages 14 14

  19. privacy research paradigms hiding information and identity the right to be let alone. Warren & Brandeis (1890) privacy as confidentiality 15 15

  20. privacy research paradigms hiding information and identity right of the individual to decide what information about himself should be communicated to the right to be let alone. others and under what Warren & Brandeis (1890) circumstances. (Westin 1970) privacy as separation of privacy confidentiality identities, data as control protection principles 16 16

  21. privacy research paradigms hiding information and identity right of the individual to decide what information about himself should be communicated to the right to be let alone. others and under what Warren & Brandeis (1890) circumstances. (Westin 1970) privacy as separation of privacy confidentiality identities, data as control protection principles privacy as practice the freedom from unreasonable constraints on the construction of one’s own identity (Agre, 1999) transparency and feedback 17 17

  22. privacy research paradigms hiding information and identity privacy as separation of privacy confidentiality identities, data as control protection principles privacy as practice transparency and feedback 18 18

  23. security engineering & paradigms SECURITY ENGINEERING privacy privacy as control as confidentiality privacy as practice 19 19

  24. multilateral privacy requirements engineering - reconcile: - privacy notions (legal & surveillance studies) - privacy solutions (computer science) - in a social context - multilaterally - during requirements engineering 20 20

  25. privacy and the Zave & Jackson Model - Zave and Jackson model is limited: - does not account for requirements that are not absolutely satisfiable - does not facilitate subjective articulations of domain assumptions, requirements or specifications - does not express stakeholder attitudes and emotions (only beliefs, desires and intentions) 21 21

  26. Zave and Jackson Model of RE ENVIRONMENT SYSTEM - domain assumptions describe the behavior of the environment as it is - requirements are statements about the desired conditions in an environment - specification is a restricted form of requirement providing enough information for the engineer to implement the system 22 22

  27. requirements - functional requirements state the desired behavior of the environment - non-functional requirements either constrain the behavior of the environment or define certain desired qualities of the environment 23 23

  28. privacy requirements ontology quality ill-defined well-defined quality subjective structured space privacy privacy concern constraint Σ Q 24 24

  29. privacy requirements ontology quality ill-defined well-defined quality subjective structured space privacy privacy concern constraint Σ Q munsell color notation: 10 red color: red hue 7 chroma 8 25 25

  30. quality ill-defined well-defined quality subjective structured space privacy privacy concern constraint justified approximation Σ Q evaluation 26 26

  31. privacy requirements ontology stakeholder surveillance functionality arbitration information privacy concerns due to experiences or expectations of harms due to informational constraints on info. self-determination due to significance of information 27 27

  32. privacy requirements ontology stakeholder surveillance functionality functionality arbitration information privacy concerns due to experiences or expectations of harms due to informational constraints on info. self-determination due to significance of information 27 27

  33. privacy requirements ontology stakeholder surveillance functionality arbitration information privacy concerns justified designation privacy goals control confidentiality SECURITY ENGINEERING practice 28 28

  34. privacy requirements ontology stakeholder surveillance functionality arbitration information privacy concerns justified designation privacy goals justified approximation privacy constraints 29 29

  35. privacy requirements ontology stakeholder surveillance functionality arbitration information privacy concerns justified designation communication analysis privacy goals justified confidentiality approximation privacy strength of anonymity constraints 30 30

  36. role of security engineering SECURITY ENGINEERING privacy privacy as control as confidentiality privacy as practice 31 31

  37. data protection trust stakeholder privacy concerns assumptions adversary privacy goals functionality information threats privacy usability constraints justified approximation justified designation 32 32

  38. privacy engineering - requires learning skills (craft) - complicated practice - market incentives - assume functionality vs. privacy - policy and regulation 33 33

  39. Policy and Privacy By Design communication of the ec data protection compliance throughout the entire life cycle of technologies and procedures FTC report data security, reasonable collection limits, sound retention practices, data accuracy 34 34

  40. Policy and Privacy By Design define the purpose further legitimize collection generally to collect any through consent and “technical data control” vulnerabilities of PbyD as compliance limit the scope of “personal data” 35 35

  41. centralized engineer introduces databases PbyD symbolic mimicry of bureaucracy as compliance leaves out security “trust us, we engineering do not do increase consumer evil” confidence 36 36

  42. the Cavoukian PbyD principles privacy by design is privacy embedded into design 37 37

Recommend

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy Commissioner of Ontario https://www.ipc.on.ca/images/resources/7foundationalprinciples.pdf Privacy by Design Let's have it! Article 25 European

1.32k views • 118 slides
Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering & Public Policy Lorrie Faith Cranor October 29, 2013 y & c S a e v c i u r P r i t e y l b L a a s

245 views • 20 slides
Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering & Public Policy Lorrie Faith Cranor November 11, 2014 y & c S a e v c i u r P r i t e y l b L a a s

555 views • 21 slides
Privacy engineering, privacy by design, and privacy governance Engineering & Public Policy

Privacy engineering, privacy by design, and privacy governance Engineering & Public Policy

CyLab Privacy engineering, privacy by design, and privacy governance Engineering & Public Policy Lorrie Faith Cranor November 17, 2015 y & c S a e v c i u r P r i t e y l b L a a s b U o 8-533 / 8-733 /

539 views • 22 slides
Privacy Engineering Objectives and Risk Model Objective-Based Design for Improving Privacy in

Privacy Engineering Objectives and Risk Model Objective-Based Design for Improving Privacy in

Privacy Engineering Objectives and Risk Model Objective-Based Design for Improving Privacy in Information Systems 1 NIST research has a broad impact shutterstock.com shutterstocom G. Hooijer/ D. Stork/ Facilitates trade and fair Improves

405 views • 18 slides
Paradigms of Privacy Research & Privacy Engineering Seda Grses f.s.gurses@tudelft.nl TU

Paradigms of Privacy Research & Privacy Engineering Seda Grses f.s.gurses@tudelft.nl TU

Paradigms of Privacy Research & Privacy Engineering Seda Grses f.s.gurses@tudelft.nl TU Delft/ KU Leuven 18. June 2019 GDPR requires data protection by design and by default (Article 25) A complex law with many requirements. More

950 views • 58 slides
Privacy by Design Deirdre K. Mulligan Privacy by design, why now? Legal Drivers E- Government

Privacy by Design Deirdre K. Mulligan Privacy by design, why now? Legal Drivers E- Government

Privacy by Design Deirdre K. Mulligan Privacy by design, why now? Legal Drivers E- Government Act of 2002 and OMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002 Resolution on Privacy by Design, Data Protection

556 views • 41 slides
Privacy and Security by Design: Regulatory Compliance Will Not be Enough to Preserve our Privacy

Privacy and Security by Design: Regulatory Compliance Will Not be Enough to Preserve our Privacy

Privacy and Security by Design: Regulatory Compliance Will Not be Enough to Preserve our Privacy Ann Cavoukian, Ph.D. Distinguished Expert-in-Residence Privacy by Design Centre of Excellence Ryerson University Ryerson CSR Institute / PPOCIR

3.12k views • 64 slides
Privacy by Design Principles of Privacy-Aware Ubiquitous Systems Marc Langheinrich Privacy by

Privacy by Design Principles of Privacy-Aware Ubiquitous Systems Marc Langheinrich Privacy by

Privacy by Design Principles of Privacy-Aware Ubiquitous Systems Marc Langheinrich Privacy by Design ETH Zurich, Switzerland www.inf.ethz.ch/~langhein Ubicomp 2001, Atlanta Contents Ubicomp 2001, Atlanta ! Privacy primer Does privacy

680 views • 22 slides
Privacy by Design in EUs GDPR Botjan Brumen University of Maribor Faculty of Electrical

Privacy by Design in EUs GDPR Botjan Brumen University of Maribor Faculty of Electrical

Privacy by Design in EUs GDPR Botjan Brumen University of Maribor Faculty of Electrical Engineering and Computer Science Slovenia Background Respect for privacy: Not a new phenomenon: the polis (gr. ): the public area of

389 views • 6 slides
PET Semetary: Privacys return from the dead and the Future of Privacy Engineering Seda

PET Semetary: Privacys return from the dead and the Future of Privacy Engineering Seda

PET Semetary: Privacys return from the dead and the Future of Privacy Engineering Seda Grses CITP , Princeton University COSIC, University of Leuven getting privacy engineering right? getting privacy engineering right? software

471 views • 20 slides
2016 International Workshop on Privacy Engineering IWPE 16 Tools in support of

2016 International Workshop on Privacy Engineering IWPE 16 Tools in support of

2016 International Workshop on Privacy Engineering IWPE 16 Tools in support of privacy engineering methodologies Tools for privacy communications Aleecia M. McDonald, PhD Non-resident Fellow, Stanford Center for Internet &

902 views • 15 slides
Privacy by Design A technical perspective Carmela Troncoso Gradiant The usual privacy

Privacy by Design A technical perspective Carmela Troncoso Gradiant The usual privacy

PR eparing I ndustry to P rivacy-by-design by supporting its A pplication in RE search Privacy by Design A technical perspective Carmela Troncoso Gradiant The usual privacy scenario Protect personal data from third parties Data

359 views • 9 slides
From Privacy Protection to Interface Design: Implementing Information Privacy in Human-Computer

From Privacy Protection to Interface Design: Implementing Information Privacy in Human-Computer

From Privacy Protection to Interface Design: Implementing Information Privacy in Human-Computer Interactions Andrew S. Patrick Steve Kenny Independent Consultant National Research Council of Canada stephen_mh_kenny@yahoo.com

407 views • 22 slides
www.privitar.com Engineering Privacy London, UK WHY ARE ORGANISATIONS SLOW TO ADOPT PETS?

www.privitar.com Engineering Privacy London, UK WHY ARE ORGANISATIONS SLOW TO ADOPT PETS?

www.privitar.com Engineering Privacy London, UK WHY ARE ORGANISATIONS SLOW TO ADOPT PETS? Differential Privacy as a case study Theresa Stadler, SuRI at EPFL 2018 What are you talking about? Everybody wants data privacy as fast as

604 views • 38 slides
Towards Privacy by Design in Personal e-Health Systems George Drosatos Pavlos S. Efraimidis,

Towards Privacy by Design in Personal e-Health Systems George Drosatos Pavlos S. Efraimidis,

Towards Privacy by Design in Personal e-Health Systems George Drosatos Pavlos S. Efraimidis, Garrath Williams and Eleni Kaldoudi School of Medicine Dept. of Electric and Computer Engineering Democritus University of Thrace This work was

486 views • 14 slides
The Vital Need for Privacy and Security by Design Ann Cavoukian, Ph.D. Executive Director

The Vital Need for Privacy and Security by Design Ann Cavoukian, Ph.D. Executive Director

The Vital Need for Privacy and Security by Design Ann Cavoukian, Ph.D. Executive Director Global Privacy & Security by Design Centre Technion Summer School on Cyber Security Haifa, Israel September 9, 2020 Lets Dispel The Myths

929 views • 55 slides
Privacy Enhancing T echnologies Carmela Troncoso, Gradiant PRIPARE Workshop on Privacy by Design

Privacy Enhancing T echnologies Carmela Troncoso, Gradiant PRIPARE Workshop on Privacy by Design

T rialog, Atos, T rilateral, Inria , AUP, Gradiant, UPM, UUlm, Fraunhofer SIT, WIT , KU Leuve Privacy Enhancing T echnologies Carmela Troncoso, Gradiant PRIPARE Workshop on Privacy by Design Ulm 9 th -10 th March 2015 11/03/2015 Privacy

668 views • 48 slides
Lightning Introductions PRIVACY ENABLING DESIGN May 7-8, 2015 Brian Anderson / IBM Where does

Lightning Introductions PRIVACY ENABLING DESIGN May 7-8, 2015 Brian Anderson / IBM Where does

Lightning Introductions PRIVACY ENABLING DESIGN May 7-8, 2015 Brian Anderson / IBM Where does privacy end and security begin? What are the responsibilities of an organization to protect their assets while balancing the privacy of those who

980 views • 52 slides
Do Not Beg: Moving Beyond Do Not Track with Privacy By Design Mike Perry W3C DNT Nov 28, 2012

Do Not Beg: Moving Beyond Do Not Track with Privacy By Design Mike Perry W3C DNT Nov 28, 2012

Do Not Beg: Moving Beyond Do Not Track with Privacy By Design Mike Perry W3C DNT Nov 28, 2012 Do Not Track as Privacy By Design The meat of the initial IETF DNT Draft: A server acting in a third-party capacity MUST NOT track a user or

293 views • 10 slides
Discussion of Privacy as a Tool for Robust Mechanism Design

Discussion of Privacy as a Tool for Robust Mechanism Design

Discussion of Privacy as a Tool for Robust Mechanism Design in Large Markets Leeat Yariv General Theme Interpret differenAal privacy as a

275 views • 25 slides
The Norwegian Blue A lesson in Privacy Engineering Eivind Arvesen, Aug. 7th 2020 Crypto &

The Norwegian Blue A lesson in Privacy Engineering Eivind Arvesen, Aug. 7th 2020 Crypto &

The Norwegian Blue A lesson in Privacy Engineering Eivind Arvesen, Aug. 7th 2020 Crypto & Privacy Village: Glitched (at DEF CON 28: SAFE MODE) $ whoami Eivind Arvesen Consultant @ Bouvet (Oslo, Norway) Privacy and security Senior

1.18k views • 63 slides
Privacy and data protection by design cross-over of multiple disciplines Marit Hansen

Privacy and data protection by design cross-over of multiple disciplines Marit Hansen

Privacy and data protection by design cross-over of multiple disciplines Marit Hansen Privacy and Information Commissioner Schleswig-Holstein, Germany marit.hansen@datenschutzzentrum.de Annual Privacy Forum 2015 Luxembourg, 7 October,

551 views • 29 slides
Privacy Design Patterns and Anti-Patterns Patterns Misapplied and Unintended Consequences Nick

Privacy Design Patterns and Anti-Patterns Patterns Misapplied and Unintended Consequences Nick

Privacy Design Patterns and Anti-Patterns Patterns Misapplied and Unintended Consequences Nick Doty & Mohit Gupta UC Berkeley, School of Information Privacy-by-Design ... in practice for designers and developers of technologies document

266 views • 11 slides

More recommend