Privacy Engineering Technologies

Ian Oliver Privacy Officer & Architect, HERE Research Fellow, University of Brighton

Areas

!  Foundations !  Privacy by x ◦  Where x \in { design, architecture, coding, brute force, surveillance,…} ◦  Metrics for Privacy

!  Notice and Consent to Usage !  Privacy Engineering ◦  Modelling and Methodology ◦  Consent Tracking and Integration ◦  Programming Language Support

!  Human Factors

Foundational Aspects of Privacy

Privacy Legal

Economic

Engineering

Human Factors

Foundations

Legal is well-defined and well represented Economics realities of Privacy are similarly understood if not with absolute certainty Engineering aspects are now, finally, starting to be tackled in detail Human factors are known in the security domain, but less so in privacy engineering, cf: safety-critical system design The mathematical foundations are known but there is a huge semantic gap between this and the rest.

Privacy by <X> 7 Principles Privacy’s “Agile Manifesto” No implementation specified

Tools, metrics and techniques for the practicing software engineer

Process, metrics and techniques for the software engineering process

wel

l-def

ined

un

defin

ed

Metrics

Audits Complete Complexity Risk Compliance

Management & Process

Metrics

Information Theory Metrics

Software Engineering

Metrics

K-anonymyty L-diversity

Differential Privacy Semantics

? Missing link

Data set analysis, Data set combination

BigData Analytics Metrics

Anonymisation and Reidentification

The implementation…

Notice and Consent !  Upfront admission of

all currently known: ◦  Data points ◦  Purposes ◦  Usages ◦  Flows

!  Requires: ◦  Frequent updates ◦  Active consent ◦  Consumer understanding ◦  Supplemental Notices

Notice and Consent !  Upfront admission of all

currently known: ◦  Data points ◦  Purposes ◦  Usages ◦  Flows

!  Requires: ◦  Frequent updates ◦  Active consent ◦  Consumer understanding ◦  Supplemental Notices

!  Move away from N&C to active consumer participation

!  Emphasis on usage of data !  Allows more freedom and

granularity than N&C !  Consumer oriented

Notice and Consent !  Upfront admission of all

currently known ◦  Data points ◦  Purposes ◦  Usages ◦  Flows

!  Requires ◦  Frequent updates ◦  Active consent ◦  Consumer understanding ◦  Supplemental Notices

!  Move away from N&C to active consumer participation

!  Emphasis on usage of data

!  Allows more freedom and granularity than N&C

!  Consumer oriented

!  Problem: ◦  How will this actually work? ◦  Legal Challenges

Privacy Engineering !  Modelling and Methodology ◦  Data Flow ◦  Ontologies for Privacy

◦  Analysis Techniques

◦  Definitions of Risk ◦  Definitions of Information Content

◦  Metrics!

Privacy Engineering !  Modelling and Methodology ◦  Data Flow ◦  Ontologies for Privacy

◦  Analysis Techniques

◦  Definitions of Risk ◦  Definitions of Information Content

◦  Metrics!

!  Consent Tracking ◦  DNT 2.0?

◦  Formalisation and Semantics of consent (we have the languages: XACML etc)

◦  Usage based consent

Privacy Engineering !  Modelling and Methodology ◦  Data Flow ◦  Ontologies for Privacy ◦  Analysis Techniques ◦  Definitions of Risk ◦  Definitions of Information Content ◦  Metrics!

!  Consent Tracking ◦  DNT 2.0? ◦  Formalisation and Semantics of consent (we

have the languages: XACML etc) ◦  Usage based consent

!  Programming Language Support ◦  Machine types to Information Types and Aspects ◦  Consent as “Type Checking” ◦  Dynamic Languages, Data Flow Languages

(BigData)

Human Factors

!  90% of Privacy Breaches are due to humans

!  Phones, USB sticks, unencrypted laptops, poor access control, system configuration, misclassification of data, naivety, key management, cloud, data mixing and reidentification, etc etc etc…

!  Learnings from Aviation, Anaesthesia, Surgery, Chemical Plant Design

!  Privacy is a SAFTEY CRITICAL concern

!  Change of culture

Boeing Model 299 30 Oct 1935

WHO Surgical Safety Checklist (Provnost, Gawande et al)

Privacy & Customers !  Privacy inherent in the system

design and functionality !  Consumer choice is always present

through the data flows, by default and on demand: ◦  Identification ◦  Anonymisation ◦  Aggregation ◦  Forgetting

!  Privacy is never a zero-sum game! !  Data quality improvement !  Enables the question “Why?!”

Image ©2014 Innorange Oy, Used with permission

Contact Privacy Engineering – A Data Flow and Ontological Approach.

Amazon, Early July 2014. ISBN 978-1497569713(print edition)

PrivacyEngineeringBook.net

Facebook.com/privacyengineering

i_j_oliver

http://ijosblog.blogspot.com

Image ©2014 Innorange Oy, Used with permission