engineering privacy by design privacy by design let s
play

Engineering privacy by design Privacy by Design Let's have it! - PowerPoint PPT Presentation

Nov 13, 2023 •134 likes •1.32k views

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy Commissioner of Ontario https://www.ipc.on.ca/images/resources/7foundationalprinciples.pdf Privacy by Design Let's have it! Article 25 European

  1. Privacy-Preserving Electronic Toll Pricing Billing data Location data Billing data Homomorphic Commitments to: + ZK proofs that prices come from a correct policy

  2. Privacy-Preserving Electronic Toll Pricing Homomorphic Commitments to: + ZK proofs that prices come from a correct policy

  3. Privacy-Preserving Electronic Toll Pricing Homomorphic Commitments to: + ZK proofs that prices come from a correct policy

  4. Privacy-Preserving Electronic Toll Pricing Homomorphic Commitments to: + ZK proofs that prices come from a correct policy

  5. Case study: Electronic Toll Pricing Location is not needed, only the amount to bill! Service integrity

  6. Case study: Electronic Toll Pricing Privacy ENABLING Technologies

  7. A change in our way of thinking.... The Usual approach I want all data Data protection compliance Data I can collect

  8. A change in our way of thinking.... The Usual approach I want all data Data protection compliance Data I can collect The PbD approach Data needed for the purpose Maintain service integrity Data I will fjnally collect

  9. A change in our way of thinking.... The Usual approach

  10. Other case studies: Privacy-preserving Biometrics The Usual approach

  11. Other case studies: Privacy-preserving Biometrics The Usual approach t( ) =? t( )

  12. Other case studies: Privacy-preserving Biometrics The Usual approach Templates linkable across databases Reveal clear biometric Not revocable t( ) =? t( ) Many times not externalizable

  13. Other case studies: Privacy-preserving Biometrics The Usual approach Templates linkable across databases Reveal clear biometric Not revocable t( ) =? t( ) Many times not externalizable

  14. Other case studies: Privacy-preserving Biometrics The Usual approach Templates linkable across databases Reveal clear biometric Not revocable t( ) =? t( ) Many times not externalizable

  15. Other case studies: Privacy-preserving Passenger Registry The Usual approach in ?

  16. Other case studies: Privacy-preserving Passenger Registry The Usual approach Surveillance on all passengers in ?

  17. Other case studies: Privacy-preserving Passenger Registry The Usual approach Surveillance on all passengers in ?

  18. PART II: PART I: Evaluating Privacy in Reasoning about Privacy-Preserving Privacy when designing systems systems

  19. PART II: PART I: Evaluating Privacy in Reasoning about Privacy-Preserving Privacy when designing systems systems PRIVACY-PRESERVING SOLUTIONS CRYPTO-BASED VS ANONYMIZATION/OBFUSCATION

  20. PART II: PART I: Evaluating Privacy in Reasoning about Privacy-Preserving Privacy when designing systems systems PRIVACY-PRESERVING SOLUTIONS CRYPTO-BASED VS ANONYMIZATION/OBFUSCATION WELL ESTABLISHED DESIGN AND EVALUATION METHODS – Private searches – Private billing – Private comparison – Private sharing – Private statistics computation – Private electronic cash – Private genomic computations - ...

  21. PART II: PART I: Evaluating Privacy in Reasoning about Privacy-Preserving Privacy when designing systems systems PRIVACY-PRESERVING SOLUTIONS CRYPTO-BASED VS ANONYMIZATION/OBFUSCATION WELL ESTABLISHED DESIGN AND EVALUATION METHODS but expensive and require expertise

  22. PART II: PART I: Evaluating Privacy in Reasoning about Privacy-Preserving Privacy when designing systems systems PRIVACY-PRESERVING SOLUTIONS CRYPTO-BASED VS ANONYMIZATION/OBFUSCATION cheap but...

  23. PART II: PART I: Evaluating Privacy in Reasoning about Privacy-Preserving Privacy when designing systems systems PRIVACY-PRESERVING SOLUTIONS CRYPTO-BASED VS ANONYMIZATION/OBFUSCATION cheap but... DIFFICULT TO DESIGN / EVALUATE

  24. PART II: PART I: Evaluating Privacy in Reasoning about Privacy-Preserving Privacy when designing systems systems PRIVACY-PRESERVING SOLUTIONS CRYPTO-BASED VS ANONYMIZATION/OBFUSCATION cheap but... DIFFICULT TO DESIGN / EVALUATE

  25. PART II: PART I: Evaluating Privacy in Reasoning about Privacy-Preserving Privacy when designing systems systems PRIVACY-PRESERVING SOLUTIONS CRYPTO-BASED VS ANONYMIZATION/OBFUSCATION cheap but... DIFFICULT TO DESIGN / EVALUATE

  26. PART II: PART I: Evaluating Privacy in Reasoning about Privacy-Preserving Privacy when designing systems systems PRIVACY-PRESERVING SOLUTIONS CRYPTO-BASED VS ANONYMIZATION/OBFUSCATION cheap but... DIFFICULT TO DESIGN / EVALUATE

  27. PART II: PART I: Evaluating Privacy in Reasoning about Privacy-Preserving Privacy when designing systems systems PRIVACY-PRESERVING SOLUTIONS CRYPTO-BASED VS ANONYMIZATION/OBFUSCATION cheap but... DIFFICULT TO DESIGN / EVALUATE

  28. PART II: PART I: Evaluating Privacy in Reasoning about Privacy-Preserving Privacy when designing systems systems PRIVACY-PRESERVING SOLUTIONS CRYPTO-BASED VS ANONYMIZATION/OBFUSCATION cheap but... DIFFICULT TO DESIGN / EVALUATE

  29. PART II: PART I: Evaluating Privacy in Reasoning about Privacy-Preserving Privacy when designing systems systems PRIVACY-PRESERVING SOLUTIONS CRYPTO-BASED VS ANONYMIZATION/OBFUSCATION cheap but... DIFFICULT TO DESIGN / EVALUATE

  30. We need technical objectives – PRIVACY GOALS Pseudonymity : pseudonymous as ID (personal data!) Anonymity : decoupling identity and action Unlinkability : hiding link between actions Unobservability : hiding the very existence of actions Plausible deniability : not possible to prove a link between identity and action “obfuscation” : not possible to recover a real item from a noisy item

  31. We need technical objectives – PRIVACY GOALS Pseudonymity : pseudonymous as ID (personal data!) Anonymity : decoupling identity and action Unlinkability : hiding link between actions Unobservability : hiding the very existence of actions Plausible deniability : not possible to prove a link between identity and action “obfuscation” : not possible to recover a real item from a noisy item Why is it so difficult t to Evaluate them?

  32. Let's take one example: Anonymity Art. 29 WP’s opinion on anonymization techniques: 3 criteria to decide a dataset is non-anonymous (pseudonymous): 1) is it still possible to single out an individual 2) is it still possible to link two records within a dataset (or between two datasets) 3) can information be inferred concerning an individual? http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/fjles/2014/wp216_en.pdf

  33. Let's take one example: Anonymity 1) is it still possible to single out an individual “the median size of the individual's anonymity set in the U.S. working population is 1, 21 and 34,980, for locations known at the granularity of a census block, census track and county respectively” location

  34. Let's take one example: Anonymity 1) is it still possible to single out an individual “if the location of an individual is specifjed hourly, and with a spatial resolution equal to that given by the carrier’s antennas, four spatio-temporal points are enough to uniquely identify 95% of the individuals.” [15 montsh, 1.5M people] location

  35. Let's take one example: Anonymity 1) is it still possible to single out an individual location web browser

  36. Let's take one example: Anonymity 1) is it still possible to single out an individual location “It was found that 87% (216 million of 248 million) of the population in the United States had reported characteristics that likely made them unique based only on web browser {5-digit ZIP, gender, date of birth}”

  37. Let's take one example: Anonymity 2) Link two records within a dataset (or datasets) take two graphs representing social networks and map the nodes to each other based on the graph structure alone —no usernames, no nothing Netflix Prize, Kaggle contest social graphs

  38. Let's take one example: Anonymity take two graphs representing social networks and map the nodes to each other based on the graph structure alone —no usernames, no nothing Netflix Prize, Kaggle contest social graphs Technique to automate graph de- anonymization based on machine learning. Does not need to know the algorithm!

  39. Let's take one example: Anonymity 2) Link two records within a dataset (or datasets)

  40. Let's take one example: Anonymity 2) Link two records within a dataset (or datasets)

  41. “Anti-surveillance PETs” technical goals privacy properties: Anonymity 3) infer information about an individual “Based on GPS tracks from, we identify the latitude and longitude of their homes. From these locations, we used a free Web service to do a reverse “white pages” lookup, which takes a latitude and longitude coordinate as input and gives an address and name. [172 individuals]”

  42. Let's take one example: Anonymity 3) infer information about an individual “We investigate the subtle cues to user identity that may be exploited in attacks on the privacy of users in web search query logs. We study the application of simple classifjers to map a sequence of queries into the gender, age, and location of the user issuing the queries.”

  43. Let's take one example: Anonymity Magical thinking! this cannot happen in general! Data anonymization is a weak privacy mechanism Only to be used when other protections are also applied. (contractual, organizational)

  44. Let's take one example: Anonymity Magical thinking! this cannot happen in general! Data anonymization is a weak privacy mechanism Only to be used when other protections are also applied. (contractual, organizational) Impossible to sanitize without severely damaging usefulness Removing PII is not enough! - Any aspect could lead to re-identification

  45. Let's take one example: Anonymity Magical thinking! this cannot happen in general! Data anonymization is a weak privacy mechanism Only to be used when other protections are also applied. (contractual, organizational) Impossible to sanitize without severely damaging usefulness Removing PII is not enough! - Any aspect could lead to re-identification Risk of de-anonymization? Probabilistic Analysis Pr[identity action | observation ] →

  46. Privacy evaluation is a Probabilistic analy lysis systematic reasoning to evaluate a mechanism Anonymity - Pr[identity → action | observation ] Unlinkability - Pr[action A action B | observation ] ↔ Obfuscation - Pr[real action | observed noisy action ]

  47. Privacy evaluation is a Probabilistic analy lysis systematic reasoning to evaluate a mechanism Anonymity - Pr[identity → action | observation ] Unlinkability - Pr[action A action B | observation ] ↔ Obfuscation - Pr[real action | observed noisy action ]

  48. Privacy evaluation is a Probabilistic analy lysis systematic reasoning to evaluate a mechanism Anonymity - Pr[identity → action | observation ] Unlinkability - Pr[action A action B | observation ] ↔ Obfuscation - Pr[real action | observed noisy action ]

  49. Privacy evaluation is a Probabilistic analy lysis systematic reasoning to evaluate a mechanism Anonymity - Pr[identity → action | observation ] Unlinkability - Pr[action A action B | observation ] ↔ Obfuscation - Pr[real action | observed noisy action ]

  50. Privacy evaluation is a Probabilistic analy lysis systematic reasoning to evaluate a mechanism Anonymity - Pr[identity → action | observation ] Unlinkability - Pr[action A action B | observation ] ↔ Obfuscation - Pr[real action | observed noisy action ]

  51. Privacy evaluation is a Probabilistic analy lysis systematic reasoning to evaluate a mechanism Anonymity - Pr[identity → action | observation ] Unlinkability - Pr[action A action B | observation ] ↔ Obfuscation - Pr[real action | observed noisy action ]

  52. Privacy evaluation is a Probabilistic analy lysis systematic reasoning to evaluate a mechanism Anonymity - Pr[identity → action | observation ] Unlinkability - Pr[action A action B | observation ] ↔ Obfuscation - Pr[real action | observed noisy action ]

  53. Privacy evaluation is a Probabilistic analy lysis systematic reasoning to evaluate a mechanism Anonymity - Pr[identity → action | observation ] Unlinkability - Pr[action A action B | observation ] ↔ Obfuscation - Pr[real action | observed noisy action ]

  54. Privacy evaluation is a Probabilistic analy lysis systematic reasoning to evaluate a mechanism Anonymity - Pr[identity → action | observation ] Unlinkability - Pr[action A action B | observation ] ↔ Obfuscation - Pr[real action | observed noisy action ]

  55. “Inversion”? what do you mean? 1) Analytical mechanism inversion Given the description of the system, develop the mathematical expressions that effectively invert the system:

  56. “Inversion”? what do you mean? 1) Analytical mechanism inversion Given the description of the system, develop the mathematical expressions that effectively invert the system:

  57. “Inversion”? what do you mean? 1) Analytical mechanism inversion Given the description of the system, develop the mathematical expressions that effectively invert the system:

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering & Public Policy Lorrie Faith Cranor November 11, 2014 y & c S a e v c i u r P r i t e y l b L a a s

555 views • 21 slides
Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering & Public Policy Lorrie Faith Cranor October 29, 2013 y & c S a e v c i u r P r i t e y l b L a a s

245 views • 20 slides
Privacy engineering, privacy by design, and privacy governance Engineering & Public Policy

Privacy engineering, privacy by design, and privacy governance Engineering & Public Policy

CyLab Privacy engineering, privacy by design, and privacy governance Engineering & Public Policy Lorrie Faith Cranor November 17, 2015 y & c S a e v c i u r P r i t e y l b L a a s b U o 8-533 / 8-733 /

539 views • 22 slides
Privacy by Design Deirdre K. Mulligan Privacy by design, why now? Legal Drivers E- Government

Privacy by Design Deirdre K. Mulligan Privacy by design, why now? Legal Drivers E- Government

Privacy by Design Deirdre K. Mulligan Privacy by design, why now? Legal Drivers E- Government Act of 2002 and OMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002 Resolution on Privacy by Design, Data Protection

556 views • 41 slides
Privacy Engineering Objectives and Risk Model Objective-Based Design for Improving Privacy in

Privacy Engineering Objectives and Risk Model Objective-Based Design for Improving Privacy in

Privacy Engineering Objectives and Risk Model Objective-Based Design for Improving Privacy in Information Systems 1 NIST research has a broad impact shutterstock.com shutterstocom G. Hooijer/ D. Stork/ Facilitates trade and fair Improves

405 views • 18 slides
Engineering Privacy By Design Seda Grses COSIC, ESAT K.U. Leuven Belgium 1 Outline -

Engineering Privacy By Design Seda Grses COSIC, ESAT K.U. Leuven Belgium 1 Outline -

Engineering Privacy By Design Seda Grses COSIC, ESAT K.U. Leuven Belgium 1 Outline - Introduction and Approach - Privacy Requirements Definition Problem - Privacy Requirements Analysis Problem - Policy and Compliance - Privacy By Design -

1.48k views • 63 slides
Privacy and Security by Design: Regulatory Compliance Will Not be Enough to Preserve our Privacy

Privacy and Security by Design: Regulatory Compliance Will Not be Enough to Preserve our Privacy

Privacy and Security by Design: Regulatory Compliance Will Not be Enough to Preserve our Privacy Ann Cavoukian, Ph.D. Distinguished Expert-in-Residence Privacy by Design Centre of Excellence Ryerson University Ryerson CSR Institute / PPOCIR

3.12k views • 64 slides
Privacy by Design Principles of Privacy-Aware Ubiquitous Systems Marc Langheinrich Privacy by

Privacy by Design Principles of Privacy-Aware Ubiquitous Systems Marc Langheinrich Privacy by

Privacy by Design Principles of Privacy-Aware Ubiquitous Systems Marc Langheinrich Privacy by Design ETH Zurich, Switzerland www.inf.ethz.ch/~langhein Ubicomp 2001, Atlanta Contents Ubicomp 2001, Atlanta ! Privacy primer Does privacy

680 views • 22 slides
Paradigms of Privacy Research & Privacy Engineering Seda Grses f.s.gurses@tudelft.nl TU

Paradigms of Privacy Research & Privacy Engineering Seda Grses f.s.gurses@tudelft.nl TU

Paradigms of Privacy Research & Privacy Engineering Seda Grses f.s.gurses@tudelft.nl TU Delft/ KU Leuven 18. June 2019 GDPR requires data protection by design and by default (Article 25) A complex law with many requirements. More

950 views • 58 slides
Privacy by Design A technical perspective Carmela Troncoso Gradiant The usual privacy

Privacy by Design A technical perspective Carmela Troncoso Gradiant The usual privacy

PR eparing I ndustry to P rivacy-by-design by supporting its A pplication in RE search Privacy by Design A technical perspective Carmela Troncoso Gradiant The usual privacy scenario Protect personal data from third parties Data

359 views • 9 slides
From Privacy Protection to Interface Design: Implementing Information Privacy in Human-Computer

From Privacy Protection to Interface Design: Implementing Information Privacy in Human-Computer

From Privacy Protection to Interface Design: Implementing Information Privacy in Human-Computer Interactions Andrew S. Patrick Steve Kenny Independent Consultant National Research Council of Canada stephen_mh_kenny@yahoo.com

407 views • 22 slides
Privacy by Design in EUs GDPR Botjan Brumen University of Maribor Faculty of Electrical

Privacy by Design in EUs GDPR Botjan Brumen University of Maribor Faculty of Electrical

Privacy by Design in EUs GDPR Botjan Brumen University of Maribor Faculty of Electrical Engineering and Computer Science Slovenia Background Respect for privacy: Not a new phenomenon: the polis (gr. ): the public area of

389 views • 6 slides
The Vital Need for Privacy and Security by Design Ann Cavoukian, Ph.D. Executive Director

The Vital Need for Privacy and Security by Design Ann Cavoukian, Ph.D. Executive Director

The Vital Need for Privacy and Security by Design Ann Cavoukian, Ph.D. Executive Director Global Privacy & Security by Design Centre Technion Summer School on Cyber Security Haifa, Israel September 9, 2020 Lets Dispel The Myths

929 views • 55 slides
Privacy Enhancing T echnologies Carmela Troncoso, Gradiant PRIPARE Workshop on Privacy by Design

Privacy Enhancing T echnologies Carmela Troncoso, Gradiant PRIPARE Workshop on Privacy by Design

T rialog, Atos, T rilateral, Inria , AUP, Gradiant, UPM, UUlm, Fraunhofer SIT, WIT , KU Leuve Privacy Enhancing T echnologies Carmela Troncoso, Gradiant PRIPARE Workshop on Privacy by Design Ulm 9 th -10 th March 2015 11/03/2015 Privacy

668 views • 48 slides
Lightning Introductions PRIVACY ENABLING DESIGN May 7-8, 2015 Brian Anderson / IBM Where does

Lightning Introductions PRIVACY ENABLING DESIGN May 7-8, 2015 Brian Anderson / IBM Where does

Lightning Introductions PRIVACY ENABLING DESIGN May 7-8, 2015 Brian Anderson / IBM Where does privacy end and security begin? What are the responsibilities of an organization to protect their assets while balancing the privacy of those who

980 views • 52 slides
Do Not Beg: Moving Beyond Do Not Track with Privacy By Design Mike Perry W3C DNT Nov 28, 2012

Do Not Beg: Moving Beyond Do Not Track with Privacy By Design Mike Perry W3C DNT Nov 28, 2012

Do Not Beg: Moving Beyond Do Not Track with Privacy By Design Mike Perry W3C DNT Nov 28, 2012 Do Not Track as Privacy By Design The meat of the initial IETF DNT Draft: A server acting in a third-party capacity MUST NOT track a user or

293 views • 10 slides
A closer look at upcoming changes Webinar for employers & not-for-profit organisations 22

A closer look at upcoming changes Webinar for employers & not-for-profit organisations 22

A closer look at upcoming changes Webinar for employers & not-for-profit organisations 22 January 2020, 2:30pm 3:30pm IN CONFIDENCE Welcome to the webinar Catherine Simpson, Transformation Account Manager IN CONFIDENCE How to

552 views • 34 slides
Finance and the COVID-19 Crisis: Strategies and Tools Professors Dirk Zetzsche, Douglas Arner

Finance and the COVID-19 Crisis: Strategies and Tools Professors Dirk Zetzsche, Douglas Arner

Finance and the COVID-19 Crisis: Strategies and Tools Professors Dirk Zetzsche, Douglas Arner & Ross Buckley Themes Finance in the 2010s Global Financial Crisis Regulation Technology Finance in the 2020s Sustainability

348 views • 11 slides
Lecture 10: Electronic Cash Helger Lipmaa Helsinki University of Technology helger@tcs.hut.fi

Lecture 10: Electronic Cash Helger Lipmaa Helsinki University of Technology helger@tcs.hut.fi

T-79.159 Cryptography and Data Security Lecture 10: Electronic Cash Helger Lipmaa Helsinki University of Technology helger@tcs.hut.fi T-79.159 Cryptography and Data Security, 09.04.2003 Lecture 10: Electronic Cash, Helger Lipmaa 1 Overview

445 views • 22 slides
Evelyn Follit Evelyn Follit Evelyn Follit Evelyn Follit Evelyn Follit Evelyn Follit Evelyn

Evelyn Follit Evelyn Follit Evelyn Follit Evelyn Follit Evelyn Follit Evelyn Follit Evelyn

Evelyn Follit Evelyn Follit Evelyn Follit Evelyn Follit Evelyn Follit Evelyn Follit Evelyn Follit Evelyn Follit Senior VP and Chief Information Officer Senior VP and Chief Information Officer Agenda Agenda Overview Overview Improve the

407 views • 18 slides
Law, IT and personal data protection - legislative framework lags behind the IT development

Law, IT and personal data protection - legislative framework lags behind the IT development

Law, IT and personal data protection - legislative framework lags behind the IT development framework lags behind the IT development Nataa Pirc Musar Information Commissioner, Republic of Slovenia Hong Kong, 4th of January, 2010 Modern

302 views • 16 slides
Embedded Systems Architecture Davide Bertozzi University of Ferrara Course Presentation

Embedded Systems Architecture Davide Bertozzi University of Ferrara Course Presentation

Embedded Systems Architecture Davide Bertozzi University of Ferrara Course Presentation Course Languages English Italian All the course material will be in english, but the lectures will be in italian. 2 Teaching Staff QUIZ: which

1.26k views • 15 slides
Veleri OI IoT school project Sanja Candrlic, University of Rijeka, Department of

Veleri OI IoT school project Sanja Candrlic, University of Rijeka, Department of

Introducing Veleri OI IoT school project Sanja Candrlic, University of Rijeka, Department of Informatics Alen Jakupovic, Polytechnic of Rijeka Cooperation at Academic Informatics Education across Balkan Countries and Beyond: The

595 views • 23 slides
Disaster Spending and Mitigation: A State-by-State Story Colin Foard Associate Manager, Fiscal

Disaster Spending and Mitigation: A State-by-State Story Colin Foard Associate Manager, Fiscal

Disaster Spending and Mitigation: A State-by-State Story Colin Foard Associate Manager, Fiscal Federalism Initiative Natural Hazards Center/FEMA Making Mitigation Work Webinar November 12, 2019 pewtrusts.org/fiscal-federalism Natural

229 views • 19 slides

More recommend