privacy engineering
TRANSCRIPT
![Page 1: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/1.jpg)
1 © Nokia 2016
Privacy Engineering:Privacy Engineering
Public
Dr. Ian Oliver
Bell Labs, Finland
25 May 2016
A Lecture Given at Klarna, Stockholm, Sweden
![Page 2: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/2.jpg)
2 © Nokia 2016
PRIVACY as a legal construct
Public
•“The Right to Privacy” (Warren and Brandeis, 1890)•EU Data Protection Laws•Human Rights•...
![Page 3: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/3.jpg)
3 © Nokia 2016
PRIVACY as a philisophical construct
Public
•ethics•morals•definition•...
![Page 4: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/4.jpg)
4 © Nokia 2016
PRIVACY as an economic construct
Public
•cost•brand value•$£€
![Page 5: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/5.jpg)
5 © Nokia 2016
PRIVACY as a ...
Public
Privacy by Design
![Page 6: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/6.jpg)
6 © Nokia 2016
PRIVACY as a game theoretic construct
Public
![Page 7: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/7.jpg)
7 © Nokia 2016
Public
Legal Engineering*large* semantic gap
PRIVACY as Systems Engineering
![Page 8: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/8.jpg)
8 © Nokia 2016
Public
From here to here...
![Page 9: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/9.jpg)
9 © Nokia 2016
Public
COMPLIANCE!
![Page 10: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/10.jpg)
10 © Nokia 2016
Public
Privacy compliance
Information assymetry
Compliance
is fragile
![Page 11: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/11.jpg)
11 © Nokia 2016
Compliance
is fragile
Public
char collectDataFlag = 'Y'; // Future proofed boolean// Y for yes, N for no
void collectDataFunction(){//collect IMEI, IMSI, MSISDN, TimeStamp and location//and send to the hardcoded IP address...
}
void checkDataCollection(){switch(collectDataFlag){
case 'N' :// don't do anything
case 'Y' :// ok to collect everythingcollectDataFunction();
}}
![Page 12: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/12.jpg)
12 © Nokia 2016
Public
Engineers
Lawyers
Privacy Engineering Process
How do we address the privacyengineering problem?
![Page 13: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/13.jpg)
13 © Nokia 2016
Public
Engineers
Lawyers
Privacy Engineering Process
How do we address the privacyengineering problem?
Engineers need to speak to privacy lawyers...and vice versa...
The hard bit however is formalising all of this....
![Page 14: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/14.jpg)
14 © Nokia 2016
Public
How do we currently address the privacy engineering problem?
![Page 15: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/15.jpg)
15 © Nokia 2016
Public
How do we address the privacyengineering problem?
• Invent a new Process
![Page 16: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/16.jpg)
16 © Nokia 2016
Public
How do we address the privacyengineering problem?
• Invent a new Process• Method (Technique, Skills)
• Requirements
• Ontology• Modelling• Metrics• Culture
Richard Hamming
1915-1998
The applications of knowledge, especially mathematics,
reveal the unity of all knowledge. In a new situation almost
anything and everything you ever learned might be
applicable, and the artificial divisions seem to vanish.
![Page 17: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/17.jpg)
17 © Nokia 2016
Public
• Requirements• Ontology & Semantics• Modelling• Metrics• Culture
![Page 18: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/18.jpg)
18 © Nokia 2016
Public
• Requirements• Ontology & Semantics• Modelling• Metrics• Culture
Everything you thought information was is wrong...
![Page 19: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/19.jpg)
19 © Nokia 2016
Public
• Requirements• Ontology & Semantics• Modelling• Metrics• Culture
What’s the semantics of an IP address?
![Page 20: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/20.jpg)
20 © Nokia 2016
Public
• Requirements• Ontology & Semantics• Modelling• Metrics• Culture
What’s the semantics of an IP address?
Which interpretation(s) do you want?....and when?....and why?
![Page 21: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/21.jpg)
21 © Nokia 2016
Public
• Requirements• Ontology & Semantics• Modelling• Metrics• Culture
Is this a location?38°N 97°W
![Page 22: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/22.jpg)
22 © Nokia 2016
Public
• Requirements• Ontology & Semantics• Modelling• Metrics• Culture
38°N 97°W
Toto, I've a feeling we're not in Kansas any more.
![Page 23: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/23.jpg)
23 © Nokia 2016
Public
• Requirements• Ontology & Semantics• Modelling• Metrics• Culture
http://fusion.net/story/287592/internet-mapping-glitch-kansas-farm/
Is this a location?38°N 97°W == NULL
![Page 24: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/24.jpg)
24 © Nokia 2016
Public
• Requirements• Ontology & Semantics• Modelling• Metrics• Culture
E-mail address as a login ID....
![Page 25: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/25.jpg)
25 © Nokia 2016
Public
• Requirements• Ontology & Semantics• Modelling• Metrics• Culture
E-mail address as a login ID....
...the proof is left as an exercise to the reader.
![Page 26: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/26.jpg)
26 © Nokia 2016
Public
• Requirements• Ontology & Semantics• Modelling• Metrics• Culture
![Page 27: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/27.jpg)
27 © Nokia 2016
Public
• Requirements
• Ontology & Semantics
• Modelling• Metrics• Culture
![Page 28: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/28.jpg)
28 © Nokia 2016
Public
• Requirements
• Ontology & Semantics
• Modelling• Metrics• Culture
![Page 29: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/29.jpg)
29 © Nokia 2016
Public
• Requirements
• Ontology & Semantics
• Modelling• Metrics• Culture
![Page 30: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/30.jpg)
30 © Nokia 2016
Public
• Requirements
• Ontology & Semantics
• Modelling• Metrics• Culture
Data
Type, Usage, Purpose, Provenance, Identity
Requirements
Risks
classified by
mapped to
mapped to
Risk Metric
calculates
RequirementAspects
![Page 31: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/31.jpg)
31 © Nokia 2016
Public
• Requirements
• Ontology & Semantics
• Modelling• Metrics• Culture
Data
Type, Usage, Purpose, Provenance, Identity
Requirements
Risks
classified by
mapped to
mapped to
Risk Metric
calculates
RequirementAspectsFeedback
![Page 32: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/32.jpg)
32 © Nokia 2016
Public
• Requirements• Ontology & Semantics• Modelling• Metrics• Culture
![Page 33: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/33.jpg)
33 © Nokia 2016
Public
• Requirements
• Ontology & Semantics
• Modelling• Metrics• Culture
Personally Identifiable Information
Personal Data
![Page 34: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/34.jpg)
34 © Nokia 2016
Public
• Requirements
• Ontology & Semantics
• Modelling• Metrics• Culture
Personally Identifiable Information
Personal Data
![Page 35: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/35.jpg)
35 © Nokia 2016
Public
• Requirements
• Ontology & Semantics
• Modelling• Metrics• Culture
![Page 36: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/36.jpg)
36 © Nokia 2016
Public
• Requirements
• Ontology & Semantics
• Modelling• Metrics• Culture
Probably not personal data/ Probably personal data
![Page 37: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/37.jpg)
37 © Nokia 2016
Public
• Requirements• Ontology & Semantics• Modelling• Metrics• Culture
An app that takes a photo and shares it *and* stores it in the cloud....
...you probably have at least one of these on your mobile device...
![Page 38: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/38.jpg)
38 © Nokia 2016
Public
• Requirements• Ontology & Semantics• Modelling• Metrics• Culture
Traditional compliance....
![Page 39: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/39.jpg)
39 © Nokia 2016
Public
• Requirements
• Ontology & Semantics
• Modelling• Metrics• Culture
![Page 40: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/40.jpg)
40 © Nokia 2016
Public
• Requirements
• Ontology & Semantics
• Modelling• Metrics• Culture
![Page 41: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/41.jpg)
41 © Nokia 2016
Public
• Requirements
• Ontology & Semantics
• Modelling• Metrics• Culture
![Page 42: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/42.jpg)
42 © Nokia 2016
Public
• Requirements
• Ontology & Semantics
• Modelling• Metrics• Culture
![Page 43: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/43.jpg)
43 © Nokia 2016
Public
• Requirements
• Ontology & Semantics
• Modelling• Metrics• Culture
![Page 44: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/44.jpg)
44 © Nokia 2016
Public
• Requirements
• Ontology & Semantics
• Modelling• Metrics• Culture
Forget process, just get the information about what’s going on...
![Page 45: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/45.jpg)
45 © Nokia 2016
Public
• Requirements
• Ontology & Semantics
• Modelling• Metrics• Culture
There are no [good/usable] metrics for privacy
![Page 46: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/46.jpg)
46 © Nokia 2016
Public
• Requirements
• Ontology & Semantics• Modelling• Metrics• Culture
Increasing amount of risk
Take the maximal value of risk for any givencombination of fields
This has all theproperties of a metric
Ian Oliver, Silke Holtmanns (2015). Aligning the Conflicting Needs of Privacy, Malware Detection and Nework Protection. TrustCom’15
![Page 47: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/47.jpg)
47 © Nokia 2016
Public
• Requirements
• Ontology & Semantics• Modelling• Metrics• Culture
![Page 48: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/48.jpg)
48 © Nokia 2016
Public
• Requirements
• Ontology & Semantics
• Modelling• Metrics• Culture
1. How many engineers do you have working at the highests levels in your company on privacy?
![Page 49: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/49.jpg)
49 © Nokia 2016
Public
• Requirements
• Ontology & Semantics
• Modelling• Metrics• Culture
1. How many engineers do you have working at the highests levels in your company on privacy?
2. Do you treat privacy as a critical aspect of your systems?
(or security, or performance etc)
![Page 50: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/50.jpg)
50 © Nokia 2016
Public
privacy breach
• Requirements
• Ontology & Semantics
• Modelling• Metrics• Culture
![Page 51: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/51.jpg)
51 © Nokia 2016
Public
• Requirements
• Ontology & Semantics
• Modelling• Metrics• Culture
![Page 52: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/52.jpg)
52 © Nokia 2016
Public
• Requirements
• Ontology & Semantics
• Modelling• Metrics• Culture
![Page 53: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/53.jpg)
53 © Nokia 2016
Public
• Requirements
• Ontology & Semantics
• Modelling• Metrics• Culture
![Page 54: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/54.jpg)
54 © Nokia 2016
Public
http://www.healthbeatblog.com/2011/05/doctors-heroes-or-members-of-a-pit-crew/
Atul Gawande, 2011
• Requirements
• Ontology & Semantics
• Modelling• Metrics• Culture
![Page 55: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/55.jpg)
55 © Nokia 2016
Public
”We in privacy, however, have been slow to grasp ... how the volume of information
has changed our work and responsibilities...” he added,”The rapid growth in
information collection is not just a difference in degree but a difference in kind ... the
reality is that privacy’s complexity has exceed our individual capabilities as privacy
advocates.”
• Requirements
• Ontology & Semantics
• Modelling• Metrics• Culture
![Page 56: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/56.jpg)
56 © Nokia 2016
Public
There can be no [privacy] heroes
James ReasonThe Human Contribution
(with modification by author)
• Requirements
• Ontology & Semantics
• Modelling• Metrics• Culture
![Page 57: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/57.jpg)
57 © Nokia 2016
Public
Privacy is safety-critical
Ian Oliver
• Requirements
• Ontology & Semantics
• Modelling• Metrics• Culture
![Page 58: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/58.jpg)
58 © Nokia 2016
Public
Privacy is safety-critical
Ian Oliver
• Requirements
• Ontology & Semantics
• Modelling• Metrics• Culture
implies:• communication• integrity, ie: know the state
![Page 59: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/59.jpg)
59 © Nokia 2016
Public
Summary
• Shared Ontology
• Modelling• Requirements• Analysis• (Libraries and Patterns)
• Metrics and Risk
• Culture
not discussed in this presentation
![Page 60: Privacy Engineering](https://reader034.vdocuments.us/reader034/viewer/2022042706/587441441a28ab0e6c8b6fe7/html5/thumbnails/60.jpg)