privacy engineering
Post on 10-Jan-2017
102 Views
Preview:
TRANSCRIPT
1 © Nokia 2016
Privacy Engineering:Privacy Engineering
Public
Dr. Ian Oliver
Bell Labs, Finland
25 May 2016
A Lecture Given at Klarna, Stockholm, Sweden
2 © Nokia 2016
PRIVACY as a legal construct
Public
•“The Right to Privacy” (Warren and Brandeis, 1890)•EU Data Protection Laws•Human Rights•...
3 © Nokia 2016
PRIVACY as a philisophical construct
Public
•ethics•morals•definition•...
4 © Nokia 2016
PRIVACY as an economic construct
Public
•cost•brand value•$£€
5 © Nokia 2016
PRIVACY as a ...
Public
Privacy by Design
6 © Nokia 2016
PRIVACY as a game theoretic construct
Public
7 © Nokia 2016
Public
Legal Engineering*large* semantic gap
PRIVACY as Systems Engineering
8 © Nokia 2016
Public
From here to here...
9 © Nokia 2016
Public
COMPLIANCE!
10 © Nokia 2016
Public
Privacy compliance
Information assymetry
Compliance
is fragile
11 © Nokia 2016
Compliance
is fragile
Public
char collectDataFlag = 'Y'; // Future proofed boolean// Y for yes, N for no
void collectDataFunction(){//collect IMEI, IMSI, MSISDN, TimeStamp and location//and send to the hardcoded IP address...
}
void checkDataCollection(){switch(collectDataFlag){
case 'N' :// don't do anything
case 'Y' :// ok to collect everythingcollectDataFunction();
}}
12 © Nokia 2016
Public
Engineers
Lawyers
Privacy Engineering Process
How do we address the privacyengineering problem?
13 © Nokia 2016
Public
Engineers
Lawyers
Privacy Engineering Process
How do we address the privacyengineering problem?
Engineers need to speak to privacy lawyers...and vice versa...
The hard bit however is formalising all of this....
14 © Nokia 2016
Public
How do we currently address the privacy engineering problem?
15 © Nokia 2016
Public
How do we address the privacyengineering problem?
• Invent a new Process
16 © Nokia 2016
Public
How do we address the privacyengineering problem?
• Invent a new Process• Method (Technique, Skills)
• Requirements
• Ontology• Modelling• Metrics• Culture
Richard Hamming
1915-1998
The applications of knowledge, especially mathematics,
reveal the unity of all knowledge. In a new situation almost
anything and everything you ever learned might be
applicable, and the artificial divisions seem to vanish.
17 © Nokia 2016
Public
• Requirements• Ontology & Semantics• Modelling• Metrics• Culture
18 © Nokia 2016
Public
• Requirements• Ontology & Semantics• Modelling• Metrics• Culture
Everything you thought information was is wrong...
19 © Nokia 2016
Public
• Requirements• Ontology & Semantics• Modelling• Metrics• Culture
What’s the semantics of an IP address?
20 © Nokia 2016
Public
• Requirements• Ontology & Semantics• Modelling• Metrics• Culture
What’s the semantics of an IP address?
Which interpretation(s) do you want?....and when?....and why?
21 © Nokia 2016
Public
• Requirements• Ontology & Semantics• Modelling• Metrics• Culture
Is this a location?38°N 97°W
22 © Nokia 2016
Public
• Requirements• Ontology & Semantics• Modelling• Metrics• Culture
38°N 97°W
Toto, I've a feeling we're not in Kansas any more.
23 © Nokia 2016
Public
• Requirements• Ontology & Semantics• Modelling• Metrics• Culture
http://fusion.net/story/287592/internet-mapping-glitch-kansas-farm/
Is this a location?38°N 97°W == NULL
24 © Nokia 2016
Public
• Requirements• Ontology & Semantics• Modelling• Metrics• Culture
E-mail address as a login ID....
25 © Nokia 2016
Public
• Requirements• Ontology & Semantics• Modelling• Metrics• Culture
E-mail address as a login ID....
...the proof is left as an exercise to the reader.
26 © Nokia 2016
Public
• Requirements• Ontology & Semantics• Modelling• Metrics• Culture
27 © Nokia 2016
Public
• Requirements
• Ontology & Semantics
• Modelling• Metrics• Culture
28 © Nokia 2016
Public
• Requirements
• Ontology & Semantics
• Modelling• Metrics• Culture
29 © Nokia 2016
Public
• Requirements
• Ontology & Semantics
• Modelling• Metrics• Culture
30 © Nokia 2016
Public
• Requirements
• Ontology & Semantics
• Modelling• Metrics• Culture
Data
Type, Usage, Purpose, Provenance, Identity
Requirements
Risks
classified by
mapped to
mapped to
Risk Metric
calculates
RequirementAspects
31 © Nokia 2016
Public
• Requirements
• Ontology & Semantics
• Modelling• Metrics• Culture
Data
Type, Usage, Purpose, Provenance, Identity
Requirements
Risks
classified by
mapped to
mapped to
Risk Metric
calculates
RequirementAspectsFeedback
32 © Nokia 2016
Public
• Requirements• Ontology & Semantics• Modelling• Metrics• Culture
33 © Nokia 2016
Public
• Requirements
• Ontology & Semantics
• Modelling• Metrics• Culture
Personally Identifiable Information
Personal Data
34 © Nokia 2016
Public
• Requirements
• Ontology & Semantics
• Modelling• Metrics• Culture
Personally Identifiable Information
Personal Data
35 © Nokia 2016
Public
• Requirements
• Ontology & Semantics
• Modelling• Metrics• Culture
36 © Nokia 2016
Public
• Requirements
• Ontology & Semantics
• Modelling• Metrics• Culture
Probably not personal data/ Probably personal data
37 © Nokia 2016
Public
• Requirements• Ontology & Semantics• Modelling• Metrics• Culture
An app that takes a photo and shares it *and* stores it in the cloud....
...you probably have at least one of these on your mobile device...
38 © Nokia 2016
Public
• Requirements• Ontology & Semantics• Modelling• Metrics• Culture
Traditional compliance....
39 © Nokia 2016
Public
• Requirements
• Ontology & Semantics
• Modelling• Metrics• Culture
40 © Nokia 2016
Public
• Requirements
• Ontology & Semantics
• Modelling• Metrics• Culture
41 © Nokia 2016
Public
• Requirements
• Ontology & Semantics
• Modelling• Metrics• Culture
42 © Nokia 2016
Public
• Requirements
• Ontology & Semantics
• Modelling• Metrics• Culture
43 © Nokia 2016
Public
• Requirements
• Ontology & Semantics
• Modelling• Metrics• Culture
44 © Nokia 2016
Public
• Requirements
• Ontology & Semantics
• Modelling• Metrics• Culture
Forget process, just get the information about what’s going on...
45 © Nokia 2016
Public
• Requirements
• Ontology & Semantics
• Modelling• Metrics• Culture
There are no [good/usable] metrics for privacy
46 © Nokia 2016
Public
• Requirements
• Ontology & Semantics• Modelling• Metrics• Culture
Increasing amount of risk
Take the maximal value of risk for any givencombination of fields
This has all theproperties of a metric
Ian Oliver, Silke Holtmanns (2015). Aligning the Conflicting Needs of Privacy, Malware Detection and Nework Protection. TrustCom’15
47 © Nokia 2016
Public
• Requirements
• Ontology & Semantics• Modelling• Metrics• Culture
48 © Nokia 2016
Public
• Requirements
• Ontology & Semantics
• Modelling• Metrics• Culture
1. How many engineers do you have working at the highests levels in your company on privacy?
49 © Nokia 2016
Public
• Requirements
• Ontology & Semantics
• Modelling• Metrics• Culture
1. How many engineers do you have working at the highests levels in your company on privacy?
2. Do you treat privacy as a critical aspect of your systems?
(or security, or performance etc)
50 © Nokia 2016
Public
privacy breach
• Requirements
• Ontology & Semantics
• Modelling• Metrics• Culture
51 © Nokia 2016
Public
• Requirements
• Ontology & Semantics
• Modelling• Metrics• Culture
52 © Nokia 2016
Public
• Requirements
• Ontology & Semantics
• Modelling• Metrics• Culture
53 © Nokia 2016
Public
• Requirements
• Ontology & Semantics
• Modelling• Metrics• Culture
54 © Nokia 2016
Public
http://www.healthbeatblog.com/2011/05/doctors-heroes-or-members-of-a-pit-crew/
Atul Gawande, 2011
• Requirements
• Ontology & Semantics
• Modelling• Metrics• Culture
55 © Nokia 2016
Public
”We in privacy, however, have been slow to grasp ... how the volume of information
has changed our work and responsibilities...” he added,”The rapid growth in
information collection is not just a difference in degree but a difference in kind ... the
reality is that privacy’s complexity has exceed our individual capabilities as privacy
advocates.”
• Requirements
• Ontology & Semantics
• Modelling• Metrics• Culture
56 © Nokia 2016
Public
There can be no [privacy] heroes
James ReasonThe Human Contribution
(with modification by author)
• Requirements
• Ontology & Semantics
• Modelling• Metrics• Culture
57 © Nokia 2016
Public
Privacy is safety-critical
Ian Oliver
• Requirements
• Ontology & Semantics
• Modelling• Metrics• Culture
58 © Nokia 2016
Public
Privacy is safety-critical
Ian Oliver
• Requirements
• Ontology & Semantics
• Modelling• Metrics• Culture
implies:• communication• integrity, ie: know the state
59 © Nokia 2016
Public
Summary
• Shared Ontology
• Modelling• Requirements• Analysis• (Libraries and Patterns)
• Metrics and Risk
• Culture
not discussed in this presentation
top related