engineering privacy by design
play

Engineering Privacy By Design Seda Grses COSIC, ESAT K.U. Leuven - PowerPoint PPT Presentation

Oct 06, 2022 •838 likes •1.48k views

Engineering Privacy By Design Seda Grses COSIC, ESAT K.U. Leuven Belgium 1 Outline - Introduction and Approach - Privacy Requirements Definition Problem - Privacy Requirements Analysis Problem - Policy and Compliance - Privacy By Design -

  1. Engineering Privacy By Design Seda Gürses COSIC, ESAT K.U. Leuven Belgium 1

  2. Outline - Introduction and Approach - Privacy Requirements Definition Problem - Privacy Requirements Analysis Problem - Policy and Compliance - Privacy By Design - Data Minimization - Conclusion 2 2

  3. privacy? - what is privacy? - what are privacy requirements? - in security engineering: confidentiality 3 3

  4. online social networks (SNS) 4 4

  5. 100m 350m 500m 680m 50m 12m 5m 1m universal 1 in 5 divorces User “ comment ” and telephone due to numbers and “ send ” buttons on facebook data addresses 50K sites in addition revealed to Third Parties to “ like ” NHS Discriminatory Behavioral Profiling reveals data to Facebook User IDs revealed to Homeland Security cyberbullying bans Third Parties protests friends Aliens protests Canadian Privacy Commissioner protests FACECLOAK user 50.000 in 3 days NOYB BEACON friends lists 740.000 SCRAMBLE voting newsfeed chat protests Mobile facebook unlimited leak google xss attacks Facebook API 1.600.000 CONNECTIONS license to Highschools LIVE FEED Facebook PUBLIC user content 2011 2004 2005 2006 2007 2008 2009 2010 5 5

  6. - all of these are (somehow) about privacy and the design of the system - how do we deal with these issues when developing systems? - specifically: during requirements engineering 6 6

  7. Zave and Jackson Model of RE ENVIRONMENT SYSTEM - domain assumptions describe the behavior of the environment as it is - requirements are statements about the desired conditions in an environment - specification is a restricted form of requirement providing enough information for the engineer to implement the system 7 7

  8. requirements - functional requirements state the desired behavior of the environment - non-functional requirements either constrain the behavior of the environment or define certain desired qualities of the environment 8 8

  9. multilateral privacy requirements engineering - reconcile: - privacy notions (legal & surveillance studies) - privacy solutions (computer science) - in a social context - multilaterally - during requirements engineering 9 9

  10. data protection privacy 10 10

  11. data protection privacy non-absolute contextual relational opacity of the individual 10 10

  12. data protection privacy non-absolute contextual procedural safeguards relational accountability transparency opacity of the individual personal data 10 10

  13. surveillance studies 11 11

  14. surveillance studies surveillance 11 11

  15. surveillance studies surveillance dataveillance covaillance sousveillance 11 11

  16. privacy requirements definition subjectivity lack of contrivability lack of satisfiability universality legal compliance agonism negotiability counter - factuality environmental factors temporality 12 12

  17. multilateral privacy requirements engineering - reconcile: - privacy notions (legal & surveillance studies) - privacy solutions (computer science) - in a social context - multilaterally - during requirements engineering 13 13

  18. solutions from privacy research data Differential confidentiality anonymous Privacy database communications anonymization anonymous Discrimination certificates aware data mining IDMS anonymous Feedback and certificates Awareness Systems Privacy Policy Languages 14 14

  19. privacy research paradigms hiding information and identity the right to be let alone. Warren & Brandeis (1890) privacy as confidentiality 15 15

  20. privacy research paradigms hiding information and identity right of the individual to decide what information about himself should be communicated to the right to be let alone. others and under what Warren & Brandeis (1890) circumstances. (Westin 1970) privacy as separation of privacy confidentiality identities, data as control protection principles 16 16

  21. privacy research paradigms hiding information and identity right of the individual to decide what information about himself should be communicated to the right to be let alone. others and under what Warren & Brandeis (1890) circumstances. (Westin 1970) privacy as separation of privacy confidentiality identities, data as control protection principles privacy as practice the freedom from unreasonable constraints on the construction of one’s own identity (Agre, 1999) transparency and feedback 17 17

  22. privacy research paradigms hiding information and identity privacy as separation of privacy confidentiality identities, data as control protection principles privacy as practice transparency and feedback 18 18

  23. security engineering & paradigms SECURITY ENGINEERING privacy privacy as control as confidentiality privacy as practice 19 19

  24. multilateral privacy requirements engineering - reconcile: - privacy notions (legal & surveillance studies) - privacy solutions (computer science) - in a social context - multilaterally - during requirements engineering 20 20

  25. privacy and the Zave & Jackson Model - Zave and Jackson model is limited: - does not account for requirements that are not absolutely satisfiable - does not facilitate subjective articulations of domain assumptions, requirements or specifications - does not express stakeholder attitudes and emotions (only beliefs, desires and intentions) 21 21

  26. Zave and Jackson Model of RE ENVIRONMENT SYSTEM - domain assumptions describe the behavior of the environment as it is - requirements are statements about the desired conditions in an environment - specification is a restricted form of requirement providing enough information for the engineer to implement the system 22 22

  27. requirements - functional requirements state the desired behavior of the environment - non-functional requirements either constrain the behavior of the environment or define certain desired qualities of the environment 23 23

  28. privacy requirements ontology quality ill-defined well-defined quality subjective structured space privacy privacy concern constraint Σ Q 24 24

  29. privacy requirements ontology quality ill-defined well-defined quality subjective structured space privacy privacy concern constraint Σ Q munsell color notation: 10 red color: red hue 7 chroma 8 25 25

  30. quality ill-defined well-defined quality subjective structured space privacy privacy concern constraint justified approximation Σ Q evaluation 26 26

  31. privacy requirements ontology stakeholder surveillance functionality arbitration information privacy concerns due to experiences or expectations of harms due to informational constraints on info. self-determination due to significance of information 27 27

  32. privacy requirements ontology stakeholder surveillance functionality functionality arbitration information privacy concerns due to experiences or expectations of harms due to informational constraints on info. self-determination due to significance of information 27 27

  33. privacy requirements ontology stakeholder surveillance functionality arbitration information privacy concerns justified designation privacy goals control confidentiality SECURITY ENGINEERING practice 28 28

  34. privacy requirements ontology stakeholder surveillance functionality arbitration information privacy concerns justified designation privacy goals justified approximation privacy constraints 29 29

  35. privacy requirements ontology stakeholder surveillance functionality arbitration information privacy concerns justified designation communication analysis privacy goals justified confidentiality approximation privacy strength of anonymity constraints 30 30

  36. role of security engineering SECURITY ENGINEERING privacy privacy as control as confidentiality privacy as practice 31 31

  37. data protection trust stakeholder privacy concerns assumptions adversary privacy goals functionality information threats privacy usability constraints justified approximation justified designation 32 32

  38. privacy engineering - requires learning skills (craft) - complicated practice - market incentives - assume functionality vs. privacy - policy and regulation 33 33

  39. Policy and Privacy By Design communication of the ec data protection compliance throughout the entire life cycle of technologies and procedures FTC report data security, reasonable collection limits, sound retention practices, data accuracy 34 34

  40. Policy and Privacy By Design define the purpose further legitimize collection generally to collect any through consent and “technical data control” vulnerabilities of PbyD as compliance limit the scope of “personal data” 35 35

  41. centralized engineer introduces databases PbyD symbolic mimicry of bureaucracy as compliance leaves out security “trust us, we engineering do not do increase consumer evil” confidence 36 36

  42. the Cavoukian PbyD principles privacy by design is privacy embedded into design 37 37

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy Commissioner of Ontario https://www.ipc.on.ca/images/resources/7foundationalprinciples.pdf Privacy by Design Let's have it! Article 25 European

1.32k views • 118 slides
Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering & Public Policy Lorrie Faith Cranor October 29, 2013 y & c S a e v c i u r P r i t e y l b L a a s

245 views • 20 slides
Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering & Public Policy Lorrie Faith Cranor November 11, 2014 y & c S a e v c i u r P r i t e y l b L a a s

555 views • 21 slides
Privacy engineering, privacy by design, and privacy governance Engineering & Public Policy

Privacy engineering, privacy by design, and privacy governance Engineering & Public Policy

CyLab Privacy engineering, privacy by design, and privacy governance Engineering & Public Policy Lorrie Faith Cranor November 17, 2015 y & c S a e v c i u r P r i t e y l b L a a s b U o 8-533 / 8-733 /

539 views • 22 slides
Privacy Engineering Objectives and Risk Model Objective-Based Design for Improving Privacy in

Privacy Engineering Objectives and Risk Model Objective-Based Design for Improving Privacy in

Privacy Engineering Objectives and Risk Model Objective-Based Design for Improving Privacy in Information Systems 1 NIST research has a broad impact shutterstock.com shutterstocom G. Hooijer/ D. Stork/ Facilitates trade and fair Improves

405 views • 18 slides
Paradigms of Privacy Research & Privacy Engineering Seda Grses f.s.gurses@tudelft.nl TU

Paradigms of Privacy Research & Privacy Engineering Seda Grses f.s.gurses@tudelft.nl TU

Paradigms of Privacy Research & Privacy Engineering Seda Grses f.s.gurses@tudelft.nl TU Delft/ KU Leuven 18. June 2019 GDPR requires data protection by design and by default (Article 25) A complex law with many requirements. More

950 views • 58 slides
Privacy by Design Deirdre K. Mulligan Privacy by design, why now? Legal Drivers E- Government

Privacy by Design Deirdre K. Mulligan Privacy by design, why now? Legal Drivers E- Government

Privacy by Design Deirdre K. Mulligan Privacy by design, why now? Legal Drivers E- Government Act of 2002 and OMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002 Resolution on Privacy by Design, Data Protection

556 views • 41 slides
Privacy and Security by Design: Regulatory Compliance Will Not be Enough to Preserve our Privacy

Privacy and Security by Design: Regulatory Compliance Will Not be Enough to Preserve our Privacy

Privacy and Security by Design: Regulatory Compliance Will Not be Enough to Preserve our Privacy Ann Cavoukian, Ph.D. Distinguished Expert-in-Residence Privacy by Design Centre of Excellence Ryerson University Ryerson CSR Institute / PPOCIR

3.12k views • 64 slides
Privacy by Design Principles of Privacy-Aware Ubiquitous Systems Marc Langheinrich Privacy by

Privacy by Design Principles of Privacy-Aware Ubiquitous Systems Marc Langheinrich Privacy by

Privacy by Design Principles of Privacy-Aware Ubiquitous Systems Marc Langheinrich Privacy by Design ETH Zurich, Switzerland www.inf.ethz.ch/~langhein Ubicomp 2001, Atlanta Contents Ubicomp 2001, Atlanta ! Privacy primer Does privacy

680 views • 22 slides
Privacy by Design in EUs GDPR Botjan Brumen University of Maribor Faculty of Electrical

Privacy by Design in EUs GDPR Botjan Brumen University of Maribor Faculty of Electrical

Privacy by Design in EUs GDPR Botjan Brumen University of Maribor Faculty of Electrical Engineering and Computer Science Slovenia Background Respect for privacy: Not a new phenomenon: the polis (gr. ): the public area of

389 views • 6 slides
PET Semetary: Privacys return from the dead and the Future of Privacy Engineering Seda

PET Semetary: Privacys return from the dead and the Future of Privacy Engineering Seda

PET Semetary: Privacys return from the dead and the Future of Privacy Engineering Seda Grses CITP , Princeton University COSIC, University of Leuven getting privacy engineering right? getting privacy engineering right? software

471 views • 20 slides
2016 International Workshop on Privacy Engineering IWPE 16 Tools in support of

2016 International Workshop on Privacy Engineering IWPE 16 Tools in support of

2016 International Workshop on Privacy Engineering IWPE 16 Tools in support of privacy engineering methodologies Tools for privacy communications Aleecia M. McDonald, PhD Non-resident Fellow, Stanford Center for Internet &

902 views • 15 slides
Privacy by Design A technical perspective Carmela Troncoso Gradiant The usual privacy

Privacy by Design A technical perspective Carmela Troncoso Gradiant The usual privacy

PR eparing I ndustry to P rivacy-by-design by supporting its A pplication in RE search Privacy by Design A technical perspective Carmela Troncoso Gradiant The usual privacy scenario Protect personal data from third parties Data

359 views • 9 slides
From Privacy Protection to Interface Design: Implementing Information Privacy in Human-Computer

From Privacy Protection to Interface Design: Implementing Information Privacy in Human-Computer

From Privacy Protection to Interface Design: Implementing Information Privacy in Human-Computer Interactions Andrew S. Patrick Steve Kenny Independent Consultant National Research Council of Canada stephen_mh_kenny@yahoo.com

407 views • 22 slides
www.privitar.com Engineering Privacy London, UK WHY ARE ORGANISATIONS SLOW TO ADOPT PETS?

www.privitar.com Engineering Privacy London, UK WHY ARE ORGANISATIONS SLOW TO ADOPT PETS?

www.privitar.com Engineering Privacy London, UK WHY ARE ORGANISATIONS SLOW TO ADOPT PETS? Differential Privacy as a case study Theresa Stadler, SuRI at EPFL 2018 What are you talking about? Everybody wants data privacy as fast as

604 views • 38 slides
Towards Privacy by Design in Personal e-Health Systems George Drosatos Pavlos S. Efraimidis,

Towards Privacy by Design in Personal e-Health Systems George Drosatos Pavlos S. Efraimidis,

Towards Privacy by Design in Personal e-Health Systems George Drosatos Pavlos S. Efraimidis, Garrath Williams and Eleni Kaldoudi School of Medicine Dept. of Electric and Computer Engineering Democritus University of Thrace This work was

486 views • 14 slides
SoK: Security Evaluation of Home-based IoT Deployments Omar Alrawi , Chaz Lever, Fabian Monrose,

SoK: Security Evaluation of Home-based IoT Deployments Omar Alrawi , Chaz Lever, Fabian Monrose,

SoK: Security Evaluation of Home-based IoT Deployments Omar Alrawi , Chaz Lever, Fabian Monrose, Manos Antonakakis 1 2 Alexa, unlock the front door. 3 Internet of Things 4 5 Prior Work Security Analysis of Emerging Smart Home

592 views • 22 slides
How much will the platform learn about consumers in the end? \begin{theorem} In the long run,

How much will the platform learn about consumers in the end? \begin{theorem} In the long run,

Dynamic Privacy Choices (Shota Ichihashi, Bank of Canada) In each period Activity produces Consumer data on persistent type uses platform Platform monetizes info Privacy cost (e.g., data leakage) How much will the

412 views • 4 slides
GJGNY Advisory Council Meeting May 13, 2016 2 Principles Three principles need to be

GJGNY Advisory Council Meeting May 13, 2016 2 Principles Three principles need to be

GJGNY Advisory Council Meeting May 13, 2016 2 Principles Three principles need to be maintained. The program should: Preserve On-Bill Recovery loans Preserve access to funding for all market segments Focus attention on access

372 views • 8 slides
Set 5: Perl and Database Connections Assumptions You know Perl Well review Can use

Set 5: Perl and Database Connections Assumptions You know Perl Well review Can use

IT452 Advanced Web and Internet Systems Set 5: Perl and Database Connections Assumptions You know Perl Well review Can use PHP instead (maybe??) You know how to use SQL Help to be provided 1 Perl Basics Scalar

578 views • 8 slides
CRITICAL INFORMATICS Our stuff keeps your stuff from becoming their stuff CRITICAL INFORMATICS

CRITICAL INFORMATICS Our stuff keeps your stuff from becoming their stuff CRITICAL INFORMATICS

CRITICAL INFORMATICS www.criticalinformatics.com January 31, 2018 CRITICAL INFORMATICS Our stuff keeps your stuff from becoming their stuff CRITICAL INFORMATICS www.criticalinformatics.com Page 2 UW UW T Tec ech h Co Conn nnec ect

585 views • 21 slides
How to change the world with content strategy a Contentious workshop Laura Robertson @laurazoee

How to change the world with content strategy a Contentious workshop Laura Robertson @laurazoee

How to change the world with content strategy a Contentious workshop Laura Robertson @laurazoee Julius Honnor @juliushonnor contentious.ltd What will we be covering during the day? 1. What is good content? Good content... Why doesnt it

824 views • 67 slides
How to get the most out of T A R A M A I T R I Who are you? I am Tara Parashar, the ethical

How to get the most out of T A R A M A I T R I Who are you? I am Tara Parashar, the ethical

How to get the most out of T A R A M A I T R I Who are you? I am Tara Parashar, the ethical digital marketing strategist. These days I go by Tara Maitr. Maitr is a Buddhist word meaning 'compassion'. I structure all of my work around

986 views • 64 slides
Parents Go to School Night: Teacher-Led Sessions Session Facilitators Session Description

Parents Go to School Night: Teacher-Led Sessions Session Facilitators Session Description

Parents Go to School Night: Teacher-Led Sessions Session Facilitators Session Description Supporting Your K-3 Students Spanish Luci Galvan In this session we will explore the difference between learning and acquiring, some specific

282 views • 3 slides

More recommend