paradigms of privacy research privacy engineering
play

Paradigms of Privacy Research & Privacy Engineering Seda - PowerPoint PPT Presentation

Jan 14, 2023 •365 likes •950 views

Paradigms of Privacy Research & Privacy Engineering Seda Grses f.s.gurses@tudelft.nl TU Delft/ KU Leuven 18. June 2019 GDPR requires data protection by design and by default (Article 25) A complex law with many requirements. More

  1. Paradigms of Privacy Research & Privacy Engineering Seda Gürses f.s.gurses@tudelft.nl TU Delft/ KU Leuven 18. June 2019

  4. GDPR requires data protection by design and by default (Article 25) A complex law with many requirements. More about creating a vision than a checklist

  5. How to of Article 25!? recommendations are abundant

  6. European Data Protection Board https://edpb.europa.eu/edpb_en

  7. European Data Protection Supervisor https://edps.europa.eu

  8. ENISA https://www.enisa.europa.eu/publications

  9. Norwegian Data Protection Authority https://www.datatilsynet.no

  10. Unabhängiges Landeszentrum für Datenschutz https://www.datenschutzzentrum.de/sdm/

  11. Federal Trade Commission https://www.ftc.gov/tips-advice/business-center/privacy-and-security/tech

  12. National Institute of Standards and Technology (NIST) https://www.nist.gov/itl/applied-cybersecurity/privacy-engineering

  13. Data Protection as a Service http://cdn.ttgtmedia.com/informationsecurity/images/vol4iss7/ism_v4i7_f4_DataLifecycle.pdf

  14. getting privacy engineering right?

  15. getting privacy engineering right? software privacy engineering research practice

  16. software privacy engineering research practice

  17. software privacy engineering research practice

  19. can it be that the practices around the production of software are an important element of privacy research? software privacy engineering research practice

  20. matters?

  21. 800

  23. Profiling and ranking is becoming a common practice Tinder decides based on your profile who you see first! LinkedIn uses similar inferences to decide which job ads to show you! Insurance companies, banks, universities, and many others are ready to follow suit!

  24. scenario imagine you want to share a picture on a social network. picture of a meeting with your colleagues discussing the introduction of code commits as a performance metric you want to share the excitement of the moment with your friends (not your manager) How would you use OR design a system to do the following? you would like to tag your colleagues in the picture in an appropriate manner you do not want your managers and 3rd parties (like Tinder) to see the picture you do not want the social network to run facial recognition on the pictures

  25. study: lit review 42 interviews events/papers

  26. PRIVACY RESEARCH PARADIGMS privacy as privacy as privacy as confidentiality control practice

  27. PRIVACY RESEARCH PARADIGMS “the right to be let alone” Warren and Brandeis data minimization privacy as properties with mathematical guarantees confidentiality avoid single point of failure open source - it takes a village to keep it secure

  28. PRIVACY RESEARCH PARADIGMS you are worried that the social privacy as network may run facial recognition confidentiality encrypt the picture before uploading obfuscate the image

  29. PRIVACY RESEARCH PARADIGMS secure messaging privacy as Signal - WhisperSystems confidentiality WhatsApp - Facebook iMessage - Apple Off The Record - Cypherpunks

  33. data minimization

  34. data minimization

  35. Unpacking Data Minimization: Privacy By Design Strategies minimizing privacy risks and trust assumptions placed on other entities Overarching goal Minimize Minimize Minimize Linkability Collection Disclosure strategies Minimize Minimize Replication Minimize Retention Centralization Seda Gurses, Carmela Troncoso, Claudia Diaz. Engineering Privacy by Design Reloaded. Amsterdam Privacy Conference. 2015

  36. PRIVACY RESEARCH PARADIGMS “right of the individual to decide what information about himself should be communicated to others and under what circumstances” Westin transparency and accountability FIPPS/GDPR compliance privacy as control individual participation and control control sharing of picture with managers and 3rd parties FB and CambridgeAnalytica

  37. PRIVACY RESEARCH PARADIGMS privacy policy purpose based privacy as languages access control control Attribute Based Credentials

  40. Android Permissions Remystified: A field study of Contextual Integrity (Wijesekera et al. 2015)

  41. Android Permissions Remystified: A field study of Contextual Integrity (Wijesekera et al.)

  42. Android Permissions Remystified: A field study of Contextual Integrity (Wijesekera et al.)

  43. Android Permissions Remystified: A field study of Contextual Integrity (Wijesekera et al.)

  44. FB and CambridgeAnalytica

  49. Dark Patterns invoked in a case by the Norwegian Consumer Council

  50. CNIL (French Data Protection Authority) already fined Google $50million Euros

  51. PRIVACY RESEARCH PARADIGMS “the freedom from unreasonable constraints on the construction of one’s identity” Agre improve user agency in negotiating privacy privacy as practice privacy integral to collective info practices aid in privacy decision making transparency of social impact

  52. PRIVACY RESEARCH PARADIGMS “the freedom from unreasonable constraints on the construction of one’s identity” Agre enhance design of collective info practices privacy as practice appropriate way to tag your colleagues? try different designs for tagging/ permissions/confirmations/removal

  53. PRIVACY RESEARCH PARADIGMS feedback & privacy as privacy nudges awareness design practice

  55. Shvartzshnaider et al., Crowdsourced, Actionable and Verifiable Contextual Informational Norms, Arxiv 2016. Contextual Integrity: actors type of information transmission principles Liu et al., Follow My Recommendations: A Personalized Privacy Assistant for Mobile App Permission, USENIX, 2016.

  56. PRIVACY RESEARCH PARADIGMS privacy as privacy as privacy as confidentiality control practice

  57. the paradigms are the basis of engineering privacy privacy as confidentiality: especially valuable in current data practices privacy as control: personal data-centric, likely to have great traction with GDPR privacy as practice: fundamental to smart environment and understanding user needs privacy engineering requires rethinking software engineering ideally, all three approaches ought to be considered together good systems engineering includes privacy engineering privacy engineering will be important for GDPR compliance, too

  58. thank you! • Please contact me for further references • f.s.gurses@tudelft.nl • Interdisciplinary Summer School on Privacy • Theme: Dark Patterns • September 2.-6., 2019 Nijmegen, The Netherlands

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering & Public Policy Lorrie Faith Cranor October 29, 2013 y & c S a e v c i u r P r i t e y l b L a a s

245 views • 20 slides
Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering & Public Policy Lorrie Faith Cranor November 11, 2014 y & c S a e v c i u r P r i t e y l b L a a s

555 views • 21 slides
Engineering privacy by design Privacy by Design Let's have it! Information and Privacy

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy Commissioner of Ontario https://www.ipc.on.ca/images/resources/7foundationalprinciples.pdf Privacy by Design Let's have it! Article 25 European

1.32k views • 118 slides
Privacy engineering, privacy by design, and privacy governance Engineering & Public Policy

Privacy engineering, privacy by design, and privacy governance Engineering & Public Policy

CyLab Privacy engineering, privacy by design, and privacy governance Engineering & Public Policy Lorrie Faith Cranor November 17, 2015 y & c S a e v c i u r P r i t e y l b L a a s b U o 8-533 / 8-733 /

539 views • 22 slides
$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

Presentation Slides $ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

318 views • 13 slides
Privacy Engineering Objectives and Risk Model Objective-Based Design for Improving Privacy in

Privacy Engineering Objectives and Risk Model Objective-Based Design for Improving Privacy in

Privacy Engineering Objectives and Risk Model Objective-Based Design for Improving Privacy in Information Systems 1 NIST research has a broad impact shutterstock.com shutterstocom G. Hooijer/ D. Stork/ Facilitates trade and fair Improves

405 views • 18 slides
Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; Security and Cooperation in Wireless Networks Georg-August University Gttingen Chapter outline 1 Important privacy related

1.12k views • 33 slides
Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

CISPA Center for IT Security, Privacy and Accountabiltiy Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when,

573 views • 26 slides
$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

Presentation Slides $ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

429 views • 13 slides
CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies

CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies

CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies US Privacy Laws Sources: Baase: A Gift of Fire and Quinn: Ethics for the Information Age Ethics Spring 2010 Privacy 1 Privacy The original

725 views • 45 slides
Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is

1.01k views • 76 slides
Paper review 1 Privacy is a Process, not a PET A Theory for Effective Privacy Practice

Paper review 1 Privacy is a Process, not a PET A Theory for Effective Privacy Practice

Paper review 1 Privacy is a Process, not a PET A Theory for Effective Privacy Practice Accepted at New Security Paradigms Workshop 2012 Paper review 2 Too Close for Comfort: A Study of the Effectiveness and Acceptability of

515 views • 18 slides
Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in

Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in

Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in many ways over the years. Usually privacy is concerned with the individual human being. We may talk about privacy as the control over your own

230 views • 21 slides
Anonymity & Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy.

Anonymity & Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy.

Anonymity & Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy. College Bescherming Persoonsgegevens (CBP) What is privacy? Users must be able to determine for themselves when, how, to what extent and

798 views • 45 slides
Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics

Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics

ECE598NB Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics Course Structure Privacy Define privacy Privacy History Privacy has always existed Cities / large populations have made

173 views • 14 slides
www.privitar.com Engineering Privacy London, UK WHY ARE ORGANISATIONS SLOW TO ADOPT PETS?

www.privitar.com Engineering Privacy London, UK WHY ARE ORGANISATIONS SLOW TO ADOPT PETS?

www.privitar.com Engineering Privacy London, UK WHY ARE ORGANISATIONS SLOW TO ADOPT PETS? Differential Privacy as a case study Theresa Stadler, SuRI at EPFL 2018 What are you talking about? Everybody wants data privacy as fast as

604 views • 38 slides
Mixminion: Design of a Type III Anonymous Remailer Protocol Roger Dingledine The Free Haven

Mixminion: Design of a Type III Anonymous Remailer Protocol Roger Dingledine The Free Haven

Mixminion: Design of a Type III Anonymous Remailer Protocol Roger Dingledine The Free Haven Project 1 Threat Model (what we aim to defend against) Global passive adversary can observe everything Owns half the nodes We are not

656 views • 41 slides
The Joy of Open, Agile Government Security Compliance Using F/LOSS, Agile and DevSecOps to help

The Joy of Open, Agile Government Security Compliance Using F/LOSS, Agile and DevSecOps to help

The Joy of Open, Agile Government Security Compliance Using F/LOSS, Agile and DevSecOps to help make compliance secure Fen Labalme TOC How did I get here What is CivicActions What is compliance Making compliance fun Culture

1.24k views • 89 slides
Associate Professor Panos Vlachopoulos, Macquarie University Associate Professor Eva Dobozy,

Associate Professor Panos Vlachopoulos, Macquarie University Associate Professor Eva Dobozy,

Associate Professor Panos Vlachopoulos, Macquarie University Associate Professor Eva Dobozy, Curtin University What? What do we know about Learning Design? What approaches, models, frameworks have been developed over the years? Why? Why

500 views • 13 slides
Approche Algorithmique des Syst` emes Distribu es (AASR) Guillaume Pierre

Approche Algorithmique des Syst` emes Distribu es (AASR) Guillaume Pierre

Approche Algorithmique des Syst` emes Distribu es (AASR) Guillaume Pierre guillaume.pierre@irisa.fr Dapr` es un jeu de transparents de Maarten van Steen VU Amsterdam, Dept. Computer Science 04b: Communication (2/2) Contents Chapter

685 views • 39 slides
Tracking Prey in the Cyberfores t Bruce Potter gdead@shmoo.com Brian Wotring brian@shmoo.com

Tracking Prey in the Cyberfores t Bruce Potter gdead@shmoo.com Brian Wotring brian@shmoo.com

Tracking Prey in the Cyberfores t Bruce Potter gdead@shmoo.com Brian Wotring brian@shmoo.com July 29, 2004 Blackhat Briefings USA 2004 The Ground Rules Dont believe anything I say Daytime - Security consultant Beltway

759 views • 35 slides
Monero an anonymous altcoin Dionysis Zindros ATHECRYPT 2016 Overview Bitcoins problems

Monero an anonymous altcoin Dionysis Zindros ATHECRYPT 2016 Overview Bitcoins problems

Monero an anonymous altcoin Dionysis Zindros ATHECRYPT 2016 Overview Bitcoins problems Moneros solutions Fungibility Anonymity Unlinkability Untraceability Acknowledgments Bitcoin Genve, Universit

734 views • 52 slides
A B Verschlsselung schtzt nur Inhalte, nicht die Metadaten! Wer mit wem? Wann?

A B Verschlsselung schtzt nur Inhalte, nicht die Metadaten! Wer mit wem? Wann?

Anonymitt? nberwachbare Kommunikation! A B Verschlsselung schtzt nur Inhalte, nicht die Metadaten! Wer mit wem? Wann? Was? 1-hop proxy (VPN, SSH Tunnel etc) Alice1 Bob1 Y Alice2 Z Bob2 Relay

764 views • 32 slides
Bitcoin, Blockchain and Beyond... Satj tjsh Babu Chair, ISOC-TRV Chair, APRALO LO/ICANN

Bitcoin, Blockchain and Beyond... Satj tjsh Babu Chair, ISOC-TRV Chair, APRALO LO/ICANN

Bitcoin, Blockchain and Beyond... Satj tjsh Babu Chair, ISOC-TRV Chair, APRALO LO/ICANN Overview Whats a (Digital) Currency ? Bitcoin: Revolutjonary ? The Blockchain Ethereum and recent developments The Future 2/35

616 views • 35 slides

More recommend