paradigms of privacy research privacy engineering
play

Paradigms of Privacy Research & Privacy Engineering Seda - PowerPoint PPT Presentation

Jan 14, 2023 •365 likes •950 views

Paradigms of Privacy Research & Privacy Engineering Seda Grses f.s.gurses@tudelft.nl TU Delft/ KU Leuven 18. June 2019 GDPR requires data protection by design and by default (Article 25) A complex law with many requirements. More

  1. Paradigms of Privacy Research & Privacy Engineering Seda Gürses f.s.gurses@tudelft.nl TU Delft/ KU Leuven 18. June 2019

  4. GDPR requires data protection by design and by default (Article 25) A complex law with many requirements. More about creating a vision than a checklist

  5. How to of Article 25!? recommendations are abundant

  6. European Data Protection Board https://edpb.europa.eu/edpb_en

  7. European Data Protection Supervisor https://edps.europa.eu

  8. ENISA https://www.enisa.europa.eu/publications

  9. Norwegian Data Protection Authority https://www.datatilsynet.no

  10. Unabhängiges Landeszentrum für Datenschutz https://www.datenschutzzentrum.de/sdm/

  11. Federal Trade Commission https://www.ftc.gov/tips-advice/business-center/privacy-and-security/tech

  12. National Institute of Standards and Technology (NIST) https://www.nist.gov/itl/applied-cybersecurity/privacy-engineering

  13. Data Protection as a Service http://cdn.ttgtmedia.com/informationsecurity/images/vol4iss7/ism_v4i7_f4_DataLifecycle.pdf

  14. getting privacy engineering right?

  15. getting privacy engineering right? software privacy engineering research practice

  16. software privacy engineering research practice

  17. software privacy engineering research practice

  19. can it be that the practices around the production of software are an important element of privacy research? software privacy engineering research practice

  20. matters?

  21. 800

  23. Profiling and ranking is becoming a common practice Tinder decides based on your profile who you see first! LinkedIn uses similar inferences to decide which job ads to show you! Insurance companies, banks, universities, and many others are ready to follow suit!

  24. scenario imagine you want to share a picture on a social network. picture of a meeting with your colleagues discussing the introduction of code commits as a performance metric you want to share the excitement of the moment with your friends (not your manager) How would you use OR design a system to do the following? you would like to tag your colleagues in the picture in an appropriate manner you do not want your managers and 3rd parties (like Tinder) to see the picture you do not want the social network to run facial recognition on the pictures

  25. study: lit review 42 interviews events/papers

  26. PRIVACY RESEARCH PARADIGMS privacy as privacy as privacy as confidentiality control practice

  27. PRIVACY RESEARCH PARADIGMS “the right to be let alone” Warren and Brandeis data minimization privacy as properties with mathematical guarantees confidentiality avoid single point of failure open source - it takes a village to keep it secure

  28. PRIVACY RESEARCH PARADIGMS you are worried that the social privacy as network may run facial recognition confidentiality encrypt the picture before uploading obfuscate the image

  29. PRIVACY RESEARCH PARADIGMS secure messaging privacy as Signal - WhisperSystems confidentiality WhatsApp - Facebook iMessage - Apple Off The Record - Cypherpunks

  33. data minimization

  34. data minimization

  35. Unpacking Data Minimization: Privacy By Design Strategies minimizing privacy risks and trust assumptions placed on other entities Overarching goal Minimize Minimize Minimize Linkability Collection Disclosure strategies Minimize Minimize Replication Minimize Retention Centralization Seda Gurses, Carmela Troncoso, Claudia Diaz. Engineering Privacy by Design Reloaded. Amsterdam Privacy Conference. 2015

  36. PRIVACY RESEARCH PARADIGMS “right of the individual to decide what information about himself should be communicated to others and under what circumstances” Westin transparency and accountability FIPPS/GDPR compliance privacy as control individual participation and control control sharing of picture with managers and 3rd parties FB and CambridgeAnalytica

  37. PRIVACY RESEARCH PARADIGMS privacy policy purpose based privacy as languages access control control Attribute Based Credentials

  40. Android Permissions Remystified: A field study of Contextual Integrity (Wijesekera et al. 2015)

  41. Android Permissions Remystified: A field study of Contextual Integrity (Wijesekera et al.)

  42. Android Permissions Remystified: A field study of Contextual Integrity (Wijesekera et al.)

  43. Android Permissions Remystified: A field study of Contextual Integrity (Wijesekera et al.)

  44. FB and CambridgeAnalytica

  49. Dark Patterns invoked in a case by the Norwegian Consumer Council

  50. CNIL (French Data Protection Authority) already fined Google $50million Euros

  51. PRIVACY RESEARCH PARADIGMS “the freedom from unreasonable constraints on the construction of one’s identity” Agre improve user agency in negotiating privacy privacy as practice privacy integral to collective info practices aid in privacy decision making transparency of social impact

  52. PRIVACY RESEARCH PARADIGMS “the freedom from unreasonable constraints on the construction of one’s identity” Agre enhance design of collective info practices privacy as practice appropriate way to tag your colleagues? try different designs for tagging/ permissions/confirmations/removal

  53. PRIVACY RESEARCH PARADIGMS feedback & privacy as privacy nudges awareness design practice

  55. Shvartzshnaider et al., Crowdsourced, Actionable and Verifiable Contextual Informational Norms, Arxiv 2016. Contextual Integrity: actors type of information transmission principles Liu et al., Follow My Recommendations: A Personalized Privacy Assistant for Mobile App Permission, USENIX, 2016.

  56. PRIVACY RESEARCH PARADIGMS privacy as privacy as privacy as confidentiality control practice

  57. the paradigms are the basis of engineering privacy privacy as confidentiality: especially valuable in current data practices privacy as control: personal data-centric, likely to have great traction with GDPR privacy as practice: fundamental to smart environment and understanding user needs privacy engineering requires rethinking software engineering ideally, all three approaches ought to be considered together good systems engineering includes privacy engineering privacy engineering will be important for GDPR compliance, too

  58. thank you! • Please contact me for further references • f.s.gurses@tudelft.nl • Interdisciplinary Summer School on Privacy • Theme: Dark Patterns • September 2.-6., 2019 Nijmegen, The Netherlands

Recommend

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering & Public Policy Lorrie Faith Cranor October 29, 2013 y & c S a e v c i u r P r i t e y l b L a a s

245 views • 20 slides
Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering & Public Policy Lorrie Faith Cranor November 11, 2014 y & c S a e v c i u r P r i t e y l b L a a s

555 views • 21 slides
Engineering privacy by design Privacy by Design Let's have it! Information and Privacy

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy Commissioner of Ontario https://www.ipc.on.ca/images/resources/7foundationalprinciples.pdf Privacy by Design Let's have it! Article 25 European

1.32k views • 118 slides
Privacy engineering, privacy by design, and privacy governance Engineering & Public Policy

Privacy engineering, privacy by design, and privacy governance Engineering & Public Policy

CyLab Privacy engineering, privacy by design, and privacy governance Engineering & Public Policy Lorrie Faith Cranor November 17, 2015 y & c S a e v c i u r P r i t e y l b L a a s b U o 8-533 / 8-733 /

539 views • 22 slides
$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

Presentation Slides $ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

318 views • 13 slides
Privacy Engineering Objectives and Risk Model Objective-Based Design for Improving Privacy in

Privacy Engineering Objectives and Risk Model Objective-Based Design for Improving Privacy in

Privacy Engineering Objectives and Risk Model Objective-Based Design for Improving Privacy in Information Systems 1 NIST research has a broad impact shutterstock.com shutterstocom G. Hooijer/ D. Stork/ Facilitates trade and fair Improves

405 views • 18 slides
Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; Security and Cooperation in Wireless Networks Georg-August University Gttingen Chapter outline 1 Important privacy related

1.12k views • 33 slides
Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

CISPA Center for IT Security, Privacy and Accountabiltiy Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when,

573 views • 26 slides
$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

Presentation Slides $ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

429 views • 13 slides
CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies

CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies

CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies US Privacy Laws Sources: Baase: A Gift of Fire and Quinn: Ethics for the Information Age Ethics Spring 2010 Privacy 1 Privacy The original

725 views • 45 slides
Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is

1.01k views • 76 slides
Paper review 1 Privacy is a Process, not a PET A Theory for Effective Privacy Practice

Paper review 1 Privacy is a Process, not a PET A Theory for Effective Privacy Practice

Paper review 1 Privacy is a Process, not a PET A Theory for Effective Privacy Practice Accepted at New Security Paradigms Workshop 2012 Paper review 2 Too Close for Comfort: A Study of the Effectiveness and Acceptability of

515 views • 18 slides
Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in

Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in

Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in many ways over the years. Usually privacy is concerned with the individual human being. We may talk about privacy as the control over your own

230 views • 21 slides
Anonymity & Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy.

Anonymity & Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy.

Anonymity & Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy. College Bescherming Persoonsgegevens (CBP) What is privacy? Users must be able to determine for themselves when, how, to what extent and

798 views • 45 slides
Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics

Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics

ECE598NB Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics Course Structure Privacy Define privacy Privacy History Privacy has always existed Cities / large populations have made

173 views • 14 slides
www.privitar.com Engineering Privacy London, UK WHY ARE ORGANISATIONS SLOW TO ADOPT PETS?

www.privitar.com Engineering Privacy London, UK WHY ARE ORGANISATIONS SLOW TO ADOPT PETS?

www.privitar.com Engineering Privacy London, UK WHY ARE ORGANISATIONS SLOW TO ADOPT PETS? Differential Privacy as a case study Theresa Stadler, SuRI at EPFL 2018 What are you talking about? Everybody wants data privacy as fast as

604 views • 38 slides
ISDA Research Area: Privacy and Ethics ISDA Research Description Understanding the privacy and

ISDA Research Area: Privacy and Ethics ISDA Research Description Understanding the privacy and

5/18/2017 ISDA Research Area: Privacy and Ethics ISDA Research Description Understanding the privacy and ethical issues that derive from potential harmful uses of individual data in the pursuit of security. Adaptation of the existing and the

549 views • 5 slides
2016 International Workshop on Privacy Engineering IWPE 16 Tools in support of

2016 International Workshop on Privacy Engineering IWPE 16 Tools in support of

2016 International Workshop on Privacy Engineering IWPE 16 Tools in support of privacy engineering methodologies Tools for privacy communications Aleecia M. McDonald, PhD Non-resident Fellow, Stanford Center for Internet &

902 views • 15 slides
Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy

Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy

Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy Alexandra Wood Berkman Klein Center for Internet & Society at Harvard University DIMACS/Northeast Big Data Hub Workshop on Overcoming Barriers to

964 views • 54 slides
Privacy and Anonymity 1 Privacy Privacy and society Basic individual right & desire

Privacy and Anonymity 1 Privacy Privacy and society Basic individual right & desire

CS 134 Privacy and Anonymity 1 Privacy Privacy and society Basic individual right & desire (Image from geekologie.com) Relevant to corporations & government agencies Recently increased awareness However, general public

171 views • 16 slides
PRIVACY IN UBIQUITOUS PRIVACY IN UBIQUITOUS Understanding Privacy Technical Approaches

PRIVACY IN UBIQUITOUS PRIVACY IN UBIQUITOUS Understanding Privacy Technical Approaches

Marc Langheinrich: Privacy in Ubiquitous Computing 5/29/2010 Todays Menu PRIVACY IN UBIQUITOUS PRIVACY IN UBIQUITOUS Understanding Privacy Technical Approaches COMPUTING Definitions Challenges 1. History and legal aspects 1.

264 views • 13 slides
PET Semetary: Privacys return from the dead and the Future of Privacy Engineering Seda

PET Semetary: Privacys return from the dead and the Future of Privacy Engineering Seda

PET Semetary: Privacys return from the dead and the Future of Privacy Engineering Seda Grses CITP , Princeton University COSIC, University of Leuven getting privacy engineering right? getting privacy engineering right? software

471 views • 20 slides
Satisfy Legal Definitions of Privacy? The Case of FERPA and Differential Privacy CS

Satisfy Legal Definitions of Privacy? The Case of FERPA and Differential Privacy CS

Do Computer Science Definitions of Privacy Satisfy Legal Definitions of Privacy? The Case of FERPA and Differential Privacy CS LAW Kobbi Nissim Ben-Gurion University Center for Research on Computation and Society

865 views • 62 slides
Privacy in Wireless Networks privacy notions and metrics; privacy in RFID systems; location

Privacy in Wireless Networks privacy notions and metrics; privacy in RFID systems; location

Mobile Networks - Module H2 Privacy in Wireless Networks privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; privacy preserving routing in ad hoc networks; Slides adapted from Security and

909 views • 55 slides

More recommend