privacy tools and techniques for developers
play

Privacy Tools and Techniques for Developers -Amber Welch - PowerPoint PPT Presentation

Oct 01, 2023 •208 likes •779 views

Privacy Tools and Techniques for Developers -Amber Welch bit.ly/2x1UXWX Amber Welch MA, CISSP, CISA, CIPP/E, CIPM, FIP, CCSK, and ISO 27001 Lead Auditor linkedin.com/in/amberwelch1 github.com/msamberwelch @MsAmberWelch bit.ly/2WRAGh8

  1. Privacy Tools and Techniques for Developers -Amber Welch bit.ly/2x1UXWX

  2. Amber Welch MA, CISSP, CISA, CIPP/E, CIPM, FIP, CCSK, and ISO 27001 Lead Auditor linkedin.com/in/amberwelch1 github.com/msamberwelch @MsAmberWelch bit.ly/2WRAGh8

  3. ● Privacy Engineering Intro ● Privacy by Design ● Privacy Enhancing Technologies bit.ly/2WXJTcR

  4. First, an apology. bit.ly/2x1UXWX

  5. Legal teams have often kept tech out of privacy. bit.ly/2ZBiEBz

  6. Developers don’t know privacy concepts. Privacy teams haven’t taught them. bit.ly/2J3yEWn

  7. Privacy Impact Assessment bit.ly/2x1UXWX

  8. Description A Privacy Impact Assessment (PIA) is a method to: ● Identify privacy risk ● Map personal data flows ● Document privacy risk mitigations ● Fulfill regulatory requirements bit.ly/2KmuLyI

  9. bit.ly/2x7BlRh

  10. Use Cases ● New applications ● Adding functions and features ● Collecting new sensitive personal data ● Annual reviews or audits

  11. Tasting Notes Benefits ● Legal compliance ● Identify and reduce privacy risks ● Catch privacy errors bit.ly/2qbrnu5

  12. Tasting Notes Benefits Limitations ● Legal compliance ● High time investment ● Identify and reduce ● Ineffective if not privacy risks completed well ● Catch privacy errors ● Not a security risk assessment bit.ly/2qbrnu5

  13. Data Minimization and Retention bit.ly/2x1UXWX

  14. Description Data minimization is: ● Collecting only necessary data ● Maintaining and updating data ● Deleting old data that isn’t needed bit.ly/2KmuLyI

  15. Use Cases ● New applications ● API integrations ● Adding functions and features ● Collecting new personal data ● Customer termination

  16. Tasting Notes Benefits ● Legal compliance ● Minimize volume of data to be breached ● Improve data quality bit.ly/2qbrnu5

  17. Tasting Notes Benefits Limitations ● Legal compliance ● Users may be frustrated ● Minimize volume of data ● Companies like to keep to be breached all the data ● Improve data quality bit.ly/2qbrnu5

  18. Default Settings bit.ly/2x1UXWX

  19. Description Default settings for privacy should: ● Minimize personal data collected ● Prevent default data sharing ● Require enabling of intrusive settings ● Avoid making data public by default bit.ly/2KmuLyI

  20. Less than 5% of general users change any default settings, while programmers change 40% of settings. bit.ly/2UmLXEP

  21. bit.ly/2Hic0qm

  22. bit.ly/2Yg4i9D

  23. Tasting Notes Benefits ● Reputation for privacy ● Reduce user frustration ● Protect less educated users bit.ly/2qbrnu5

  24. Tasting Notes Benefits Limitations ● Legal compliance ● Companies may want to ● Reputation for privacy monetize intrusive apps ● Reduce user frustration ● Requires privacy ● Protect less educated awareness at design users bit.ly/2qbrnu5

  25. Encryption bit.ly/2x1UXWX

  26. Encrypt these: ● TLS ● Email and messaging ● Databases ● Cloud storage ● Backups ● Password management ● Endpoint devices bit.ly/2qbrnu5

  27. Don’t: ● Make your own crypto ● Use deprecated crypto (i.e., SHA1) ● Hard code keys ● Store keys on the same server as the data ● Use one key for everything ● Skip password hash and salt ● Forget to restore certificates after testing ● Use old crypto libraries bit.ly/2qbrnu5

  28. Differential Privacy bit.ly/2x1UXWX

  29. Description Differential privacy: ● Adds statistical noise to a data set ● Prevents identification of one individual’s record ● Provides the same results as the raw data would, with or without one record bit.ly/2KmuLyI

  30. bit.ly/2IwDufR

  31. bit.ly/2Pk7fEG

  32. bit.ly/2Pk7fEG

  33. Tasting Notes Benefits ● Limit insider threats ● Increase data usability ● Allows for collaboration without exposing data bit.ly/2qbrnu5

  34. Tasting Notes Benefits Limitations ● Legal compliance ● Works best on large ● Limit exposure from databases security incidents ● Must be tuned well ● Limit insider threats bit.ly/2qbrnu5

  35. Privacy Preserving Ad Click Attribution bit.ly/2x1UXWX

  36. Description Privacy preserving ad click attribution: ● Allows ad attribution monetization ● Prevents user ad click tracking ● Uses the browser to mediate ad clicks bit.ly/2KmuLyI

  37. bit.ly/30FFBoj

  38. bit.ly/30FFBoj

  39. Available now as an experimental feature bit.ly/30FFBoj

  40. Tasting Notes Benefits ● Allows websites to still monetize content ● Could become a W3C web standard bit.ly/2qbrnu5

  41. Tasting Notes Benefits Limitations ● Allows websites to still ● Needs widespread monetize content adoption to be effective ● Could become a W3C ● Users may not believe web standard any ads respect privacy bit.ly/2qbrnu5

  42. Federated Learning bit.ly/2x1UXWX

  43. Description Federated learning: ● Trains a central model on decentralized data ● Never transmits device data ● Sends iterative model updates to devices which return new results ● Uses secure aggregation to decrypt only the aggregate and no user data bit.ly/2KmuLyI

  44. bit.ly/2J4Fx9H

  45. bit.ly/2J4Fx9H

  46. Use Cases ● Android’s Gboard prediction model ● Health diagnostics ● Behavioral preference learning ● Driver behavior

  47. Tasting Notes Benefits ● Speeds up modeling and testing ● Minimally intrusive ● Individual data is not accessible to the central model bit.ly/2qbrnu5

  48. Tasting Notes Benefits Limitations ● Speeds up modeling ● Errors could cause and testing private data leakage ● Minimally intrusive ● Requires a large user ● Individual data is not base accessible to the central model bit.ly/2qbrnu5

  49. Homomorphic Encryption bit.ly/2x1UXWX

  50. Description Homomorphic encryption: ● Allows computation on ciphertext ● Enables collaboration without disclosing confidential data ● Only the calculation results can be decrypted bit.ly/2KmuLyI

  51. bit.ly/2WWvkB4

  52. Use Cases ● Computations on data shared across organizations ● Research using highly sensitive records ● Processing by employees with a lower clearance ● Google’s open source Private Join and Compute

  53. Tasting Notes Benefits ● Reduces insider threat ● Increases collaboration ● Increases data usability bit.ly/2qbrnu5

  54. Tasting Notes Benefits Limitations ● Reduces insider threat ● Resource-intensive ● Increases collaboration ● Limited functions ● Increases data usability ● No fully homomorphic encryption available yet bit.ly/2qbrnu5

  55. Becoming a Privacy Champion bit.ly/2x1UXWX

  56. Amber Welch MA, CISSP, CISA, CIPP/E, CIPM, FIP, CCSK, and ISO 27001 Lead Auditor linkedin.com/in/amberwelch1 github.com/msamberwelch @MsAmberWelch bit.ly/2WRAGh8

Recommend

Differential Privacy Li Xiong Outline Differential Privacy Definition Basic techniques

Differential Privacy Li Xiong Outline Differential Privacy Definition Basic techniques

CS573 Data Privacy and Security Differential Privacy Li Xiong Outline Differential Privacy Definition Basic techniques Composition theorems Statistical Data Privacy Non-interactive vs interactive Privacy goal: individual is

1.15k views • 64 slides
Differential Privacy Techniques Beyond Differential Privacy Steven Wu Assistant Professor

Differential Privacy Techniques Beyond Differential Privacy Steven Wu Assistant Professor

Differential Privacy Techniques Beyond Differential Privacy Steven Wu Assistant Professor University of Minnesota 1 Differential privacy? Isnt it just adding noise? How to add smart noise to guarantee privacy without sacrificing

592 views • 57 slides
Tools and Techniques for Floating-Point Analysis Ignacio Laguna Jan 7, 2020 @ LLNL Modified

Tools and Techniques for Floating-Point Analysis Ignacio Laguna Jan 7, 2020 @ LLNL Modified

Tools and Techniques for Floating-Point Analysis Ignacio Laguna Jan 7, 2020 @ LLNL Modified version of: IDEAS Webinar Best Practices for HPC Software Developers Webinar Series October 16, 2019 This work was performed under the auspices of

928 views • 47 slides
2016 International Workshop on Privacy Engineering IWPE 16 Tools in support of

2016 International Workshop on Privacy Engineering IWPE 16 Tools in support of

2016 International Workshop on Privacy Engineering IWPE 16 Tools in support of privacy engineering methodologies Tools for privacy communications Aleecia M. McDonald, PhD Non-resident Fellow, Stanford Center for Internet &

902 views • 15 slides
What are Programming Tools? Programs and applications that help developers to create

What are Programming Tools? Programs and applications that help developers to create

Department of Computer Science - COS121 08/30/2012 COS121 Programming Tools Introduction to programming tools for C++ development What are Programming Tools? Programs and applications that help developers to create software debug

414 views • 19 slides
Tools & Techniques Triage Using 99 Business Analyst Techniques to better understand

Tools & Techniques Triage Using 99 Business Analyst Techniques to better understand

Tools & Techniques Triage Using 99 Business Analyst Techniques to better understand your teams skills and training needs. Agenda Introduction The idea explained Round 1: Card sorting techniques Round 2: Visualising

370 views • 10 slides
The Privacy and CyLab Security Behaviors of Smartphone Engineering & App Developers

The Privacy and CyLab Security Behaviors of Smartphone Engineering & App Developers

The Privacy and CyLab Security Behaviors of Smartphone Engineering & App Developers Public Policy Rebecca Balebako, Abigail Marsh, Jialiu Lin, Jason Hong, Lorrie Faith y & c S a e v c i u r P r i t e y l b L a

646 views • 26 slides
22-02-18 Privacy Seminar Basic Techniques I Jaap-Henk Hoepman Privacy & Identity Lab

22-02-18 Privacy Seminar Basic Techniques I Jaap-Henk Hoepman Privacy & Identity Lab

22-02-18 Privacy Seminar Basic Techniques I Jaap-Henk Hoepman Privacy & Identity Lab Radboud University Tilburg University University of Groningen * jhh@cs.ru.nl // 8 www.cs.ru.nl/~jhh // 8 blog.xot.nl // @xotoxot Agenda n Privacy by

322 views • 13 slides
Should I Protect You? Understanding Developers Behavior to Privacy-Preserving APIs Shubham

Should I Protect You? Understanding Developers Behavior to Privacy-Preserving APIs Shubham

Should I Protect You? Understanding Developers Behavior to Privacy-Preserving APIs Shubham Jain and Janne Lindqvist Department of Electrical and Computer Engineering Rutgers University Workshop on Usable Security (USEC14) February 23,

230 views • 21 slides
EU Art.29 Data Protection Users care about privacy Working Party From: Special Eurobarometer

EU Art.29 Data Protection Users care about privacy Working Party From: Special Eurobarometer

28/05/15 Outline Data privacy and the evolving regulation Privacy threats from LBS to geoSN EveryWare Lab Main (location) privacy protection techniques Data Management for Mobile Protecting geo-tagged resource publication

411 views • 7 slides
PRETTY EASY PRIVACY 05-2014 It is called kinko Overview introduction spot the problem

PRETTY EASY PRIVACY 05-2014 It is called kinko Overview introduction spot the problem

PRETTY EASY PRIVACY 05-2014 It is called kinko Overview introduction spot the problem building good crypto tools challenges more than tools get involved Snowden 2013... ...rekindled interest in privacy. Privacy after

643 views • 46 slides
Karl-Johan Dahlstrm Head of Developer Relations developer world sonymobile.com/developer

Karl-Johan Dahlstrm Head of Developer Relations developer world sonymobile.com/developer

Karl-Johan Dahlstrm Head of Developer Relations developer world sonymobile.com/developer @sonyxperiadev 2 2013-02-21 PA1 Confidential Developers Custom ROM Developers Application and Game Developers Tools Tools Support

982 views • 34 slides
CS573 Data Privacy and Security Location Privacy Location Privacy Yonghui (Yohu) Xiao htt //

CS573 Data Privacy and Security Location Privacy Location Privacy Yonghui (Yohu) Xiao htt //

CS573 Data Privacy and Security Location Privacy Location Privacy Yonghui (Yohu) Xiao htt // http://yxiao.info i i f Outline Outline What is Location Privacy Basic Techniques Private Information Retrieval Probabilistic

415 views • 24 slides
Ti e Voice of Reason We have all of these tools and techniques, but are we any better?

Ti e Voice of Reason We have all of these tools and techniques, but are we any better?

And Ti e Voice of Reason We have all of these tools and techniques, but are we any better? PRESENT Modern Software Development Anti-Patterns Reconciliation by Scot A Harvest Note the lack of flu fg y animals in this talk - that's right

349 views • 34 slides
Tools and Techniques to automate the discovery of Zero Day Vulnerabilities A.K.A Fuzzing 101

Tools and Techniques to automate the discovery of Zero Day Vulnerabilities A.K.A Fuzzing 101

Tools and Techniques to automate the discovery of Zero Day Vulnerabilities A.K.A Fuzzing 101 Agenda GEEKZONE Overview of fuzzing techniques Tutorials on specific open-source fuzzers Demonstrations DIY fuzzing! Who

825 views • 50 slides
Privacy-preserving Information Sharing: Crypto Tools and Applications Emiliano De Cristofaro

Privacy-preserving Information Sharing: Crypto Tools and Applications Emiliano De Cristofaro

Privacy-preserving Information Sharing: Crypto Tools and Applications Emiliano De Cristofaro University College London (UCL) https://emilianodc.com Privacy-preserving what ? Parties with limited mutual trust willing or required to share

1.1k views • 66 slides
Privacy preserving data mining multiplicative perturbation techniques Li Xiong CS573 Data

Privacy preserving data mining multiplicative perturbation techniques Li Xiong CS573 Data

Privacy preserving data mining multiplicative perturbation techniques Li Xiong CS573 Data Privacy and Anonymity Outline Review and critique of randomization approaches (additive noise) Multiplicative data perturbations Rotation

526 views • 39 slides
Developers Developers Developers (what about creatives?) Ryan Gorley Designer + Marketer + Art

Developers Developers Developers (what about creatives?) Ryan Gorley Designer + Marketer + Art

Developers Developers Developers (what about creatives?) Ryan Gorley Designer + Marketer + Art Director FOSS: A Developers World? Creatives have abilities to ofer Challenge Ignorance & Bias Feature Gaps Inertia Introduce FOSS

514 views • 34 slides
3 Tools & 3 Techniques in PG Estate Planning Council of SW Washington (sponsored by the Clark

3 Tools & 3 Techniques in PG Estate Planning Council of SW Washington (sponsored by the Clark

3 Tools & 3 Techniques in PG Estate Planning Council of SW Washington (sponsored by the Clark College Foundation) October 2015 Three Main Tools in Planned Giving NUMBER #1: THE BEQUEST! Can Be a Specific Dollar Amount (not common)

456 views • 21 slides
An Evaluation of Edge Modification Techniques for Privacy-Preserving on Graphs Jordi Casas-Roma

An Evaluation of Edge Modification Techniques for Privacy-Preserving on Graphs Jordi Casas-Roma

Introduction Edge Modification Techniques Experimental Set Up Information loss Conclusions An Evaluation of Edge Modification Techniques for Privacy-Preserving on Graphs Jordi Casas-Roma Universitat Oberta de Catalunya Barcelona, Spain

1.09k views • 22 slides
Social Engineering Techniques, Methods, Tools & Mitigation Panagiotis Gkatziroulis, Security

Social Engineering Techniques, Methods, Tools & Mitigation Panagiotis Gkatziroulis, Security

Social Engineering Techniques, Methods, Tools & Mitigation Panagiotis Gkatziroulis, Security Consultant Agenda Social Engineering Methodology Attacks & Techniques Demos Tools of the trade Prevention Methods and Advice

502 views • 27 slides
Patient Experience Webinar Series Part III Capturing the Patient Experience: Tools, Techniques,

Patient Experience Webinar Series Part III Capturing the Patient Experience: Tools, Techniques,

Patient Experience Webinar Series Part III Capturing the Patient Experience: Tools, Techniques, and Methods February 17th, 2016 Todays Objectives Learn about a few tools, techniques and methods you can use to capture / examine the

486 views • 37 slides
Formal Techniques and Tools For Software Health Management John Rushby (for N. Shankar) Computer

Formal Techniques and Tools For Software Health Management John Rushby (for N. Shankar) Computer

Formal Techniques and Tools For Software Health Management John Rushby (for N. Shankar) Computer Science Laboratory SRI International Menlo Park CA USA John Rushby, SR I Formal Tools and Techniques For SWHM 1 Introduction New project,

364 views • 7 slides
Some key ideas, techniques, tools and applica5ons Random

Some key ideas, techniques, tools and applica5ons Random

Some key ideas, techniques, tools and applica5ons Random selec5on choose typical element of a set, avoiding rare bad elements. Example:

288 views • 9 slides

More recommend