privacy tools and techniques for developers
play

Privacy Tools and Techniques for Developers -Amber Welch - PowerPoint PPT Presentation

Oct 01, 2023 •208 likes •779 views

Privacy Tools and Techniques for Developers -Amber Welch bit.ly/2x1UXWX Amber Welch MA, CISSP, CISA, CIPP/E, CIPM, FIP, CCSK, and ISO 27001 Lead Auditor linkedin.com/in/amberwelch1 github.com/msamberwelch @MsAmberWelch bit.ly/2WRAGh8

  1. Privacy Tools and Techniques for Developers -Amber Welch bit.ly/2x1UXWX

  2. Amber Welch MA, CISSP, CISA, CIPP/E, CIPM, FIP, CCSK, and ISO 27001 Lead Auditor linkedin.com/in/amberwelch1 github.com/msamberwelch @MsAmberWelch bit.ly/2WRAGh8

  3. ● Privacy Engineering Intro ● Privacy by Design ● Privacy Enhancing Technologies bit.ly/2WXJTcR

  4. First, an apology. bit.ly/2x1UXWX

  5. Legal teams have often kept tech out of privacy. bit.ly/2ZBiEBz

  6. Developers don’t know privacy concepts. Privacy teams haven’t taught them. bit.ly/2J3yEWn

  7. Privacy Impact Assessment bit.ly/2x1UXWX

  8. Description A Privacy Impact Assessment (PIA) is a method to: ● Identify privacy risk ● Map personal data flows ● Document privacy risk mitigations ● Fulfill regulatory requirements bit.ly/2KmuLyI

  9. bit.ly/2x7BlRh

  10. Use Cases ● New applications ● Adding functions and features ● Collecting new sensitive personal data ● Annual reviews or audits

  11. Tasting Notes Benefits ● Legal compliance ● Identify and reduce privacy risks ● Catch privacy errors bit.ly/2qbrnu5

  12. Tasting Notes Benefits Limitations ● Legal compliance ● High time investment ● Identify and reduce ● Ineffective if not privacy risks completed well ● Catch privacy errors ● Not a security risk assessment bit.ly/2qbrnu5

  13. Data Minimization and Retention bit.ly/2x1UXWX

  14. Description Data minimization is: ● Collecting only necessary data ● Maintaining and updating data ● Deleting old data that isn’t needed bit.ly/2KmuLyI

  15. Use Cases ● New applications ● API integrations ● Adding functions and features ● Collecting new personal data ● Customer termination

  16. Tasting Notes Benefits ● Legal compliance ● Minimize volume of data to be breached ● Improve data quality bit.ly/2qbrnu5

  17. Tasting Notes Benefits Limitations ● Legal compliance ● Users may be frustrated ● Minimize volume of data ● Companies like to keep to be breached all the data ● Improve data quality bit.ly/2qbrnu5

  18. Default Settings bit.ly/2x1UXWX

  19. Description Default settings for privacy should: ● Minimize personal data collected ● Prevent default data sharing ● Require enabling of intrusive settings ● Avoid making data public by default bit.ly/2KmuLyI

  20. Less than 5% of general users change any default settings, while programmers change 40% of settings. bit.ly/2UmLXEP

  21. bit.ly/2Hic0qm

  22. bit.ly/2Yg4i9D

  23. Tasting Notes Benefits ● Reputation for privacy ● Reduce user frustration ● Protect less educated users bit.ly/2qbrnu5

  24. Tasting Notes Benefits Limitations ● Legal compliance ● Companies may want to ● Reputation for privacy monetize intrusive apps ● Reduce user frustration ● Requires privacy ● Protect less educated awareness at design users bit.ly/2qbrnu5

  25. Encryption bit.ly/2x1UXWX

  26. Encrypt these: ● TLS ● Email and messaging ● Databases ● Cloud storage ● Backups ● Password management ● Endpoint devices bit.ly/2qbrnu5

  27. Don’t: ● Make your own crypto ● Use deprecated crypto (i.e., SHA1) ● Hard code keys ● Store keys on the same server as the data ● Use one key for everything ● Skip password hash and salt ● Forget to restore certificates after testing ● Use old crypto libraries bit.ly/2qbrnu5

  28. Differential Privacy bit.ly/2x1UXWX

  29. Description Differential privacy: ● Adds statistical noise to a data set ● Prevents identification of one individual’s record ● Provides the same results as the raw data would, with or without one record bit.ly/2KmuLyI

  30. bit.ly/2IwDufR

  31. bit.ly/2Pk7fEG

  32. bit.ly/2Pk7fEG

  33. Tasting Notes Benefits ● Limit insider threats ● Increase data usability ● Allows for collaboration without exposing data bit.ly/2qbrnu5

  34. Tasting Notes Benefits Limitations ● Legal compliance ● Works best on large ● Limit exposure from databases security incidents ● Must be tuned well ● Limit insider threats bit.ly/2qbrnu5

  35. Privacy Preserving Ad Click Attribution bit.ly/2x1UXWX

  36. Description Privacy preserving ad click attribution: ● Allows ad attribution monetization ● Prevents user ad click tracking ● Uses the browser to mediate ad clicks bit.ly/2KmuLyI

  37. bit.ly/30FFBoj

  38. bit.ly/30FFBoj

  39. Available now as an experimental feature bit.ly/30FFBoj

  40. Tasting Notes Benefits ● Allows websites to still monetize content ● Could become a W3C web standard bit.ly/2qbrnu5

  41. Tasting Notes Benefits Limitations ● Allows websites to still ● Needs widespread monetize content adoption to be effective ● Could become a W3C ● Users may not believe web standard any ads respect privacy bit.ly/2qbrnu5

  42. Federated Learning bit.ly/2x1UXWX

  43. Description Federated learning: ● Trains a central model on decentralized data ● Never transmits device data ● Sends iterative model updates to devices which return new results ● Uses secure aggregation to decrypt only the aggregate and no user data bit.ly/2KmuLyI

  44. bit.ly/2J4Fx9H

  45. bit.ly/2J4Fx9H

  46. Use Cases ● Android’s Gboard prediction model ● Health diagnostics ● Behavioral preference learning ● Driver behavior

  47. Tasting Notes Benefits ● Speeds up modeling and testing ● Minimally intrusive ● Individual data is not accessible to the central model bit.ly/2qbrnu5

  48. Tasting Notes Benefits Limitations ● Speeds up modeling ● Errors could cause and testing private data leakage ● Minimally intrusive ● Requires a large user ● Individual data is not base accessible to the central model bit.ly/2qbrnu5

  49. Homomorphic Encryption bit.ly/2x1UXWX

  50. Description Homomorphic encryption: ● Allows computation on ciphertext ● Enables collaboration without disclosing confidential data ● Only the calculation results can be decrypted bit.ly/2KmuLyI

  51. bit.ly/2WWvkB4

  52. Use Cases ● Computations on data shared across organizations ● Research using highly sensitive records ● Processing by employees with a lower clearance ● Google’s open source Private Join and Compute

  53. Tasting Notes Benefits ● Reduces insider threat ● Increases collaboration ● Increases data usability bit.ly/2qbrnu5

  54. Tasting Notes Benefits Limitations ● Reduces insider threat ● Resource-intensive ● Increases collaboration ● Limited functions ● Increases data usability ● No fully homomorphic encryption available yet bit.ly/2qbrnu5

  55. Becoming a Privacy Champion bit.ly/2x1UXWX

  56. Amber Welch MA, CISSP, CISA, CIPP/E, CIPM, FIP, CCSK, and ISO 27001 Lead Auditor linkedin.com/in/amberwelch1 github.com/msamberwelch @MsAmberWelch bit.ly/2WRAGh8

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Differential Privacy Li Xiong Outline Differential Privacy Definition Basic techniques

Differential Privacy Li Xiong Outline Differential Privacy Definition Basic techniques

CS573 Data Privacy and Security Differential Privacy Li Xiong Outline Differential Privacy Definition Basic techniques Composition theorems Statistical Data Privacy Non-interactive vs interactive Privacy goal: individual is

1.15k views • 64 slides
Differential Privacy Techniques Beyond Differential Privacy Steven Wu Assistant Professor

Differential Privacy Techniques Beyond Differential Privacy Steven Wu Assistant Professor

Differential Privacy Techniques Beyond Differential Privacy Steven Wu Assistant Professor University of Minnesota 1 Differential privacy? Isnt it just adding noise? How to add smart noise to guarantee privacy without sacrificing

592 views • 57 slides
Tools and Techniques for Floating-Point Analysis Ignacio Laguna Jan 7, 2020 @ LLNL Modified

Tools and Techniques for Floating-Point Analysis Ignacio Laguna Jan 7, 2020 @ LLNL Modified

Tools and Techniques for Floating-Point Analysis Ignacio Laguna Jan 7, 2020 @ LLNL Modified version of: IDEAS Webinar Best Practices for HPC Software Developers Webinar Series October 16, 2019 This work was performed under the auspices of

928 views • 47 slides
2016 International Workshop on Privacy Engineering IWPE 16 Tools in support of

2016 International Workshop on Privacy Engineering IWPE 16 Tools in support of

2016 International Workshop on Privacy Engineering IWPE 16 Tools in support of privacy engineering methodologies Tools for privacy communications Aleecia M. McDonald, PhD Non-resident Fellow, Stanford Center for Internet &

902 views • 15 slides
What are Programming Tools? Programs and applications that help developers to create

What are Programming Tools? Programs and applications that help developers to create

Department of Computer Science - COS121 08/30/2012 COS121 Programming Tools Introduction to programming tools for C++ development What are Programming Tools? Programs and applications that help developers to create software debug

414 views • 19 slides
Tools & Techniques Triage Using 99 Business Analyst Techniques to better understand

Tools & Techniques Triage Using 99 Business Analyst Techniques to better understand

Tools & Techniques Triage Using 99 Business Analyst Techniques to better understand your teams skills and training needs. Agenda Introduction The idea explained Round 1: Card sorting techniques Round 2: Visualising

370 views • 10 slides
The Privacy and CyLab Security Behaviors of Smartphone Engineering & App Developers

The Privacy and CyLab Security Behaviors of Smartphone Engineering & App Developers

The Privacy and CyLab Security Behaviors of Smartphone Engineering & App Developers Public Policy Rebecca Balebako, Abigail Marsh, Jialiu Lin, Jason Hong, Lorrie Faith y & c S a e v c i u r P r i t e y l b L a

646 views • 26 slides
22-02-18 Privacy Seminar Basic Techniques I Jaap-Henk Hoepman Privacy & Identity Lab

22-02-18 Privacy Seminar Basic Techniques I Jaap-Henk Hoepman Privacy & Identity Lab

22-02-18 Privacy Seminar Basic Techniques I Jaap-Henk Hoepman Privacy & Identity Lab Radboud University Tilburg University University of Groningen * jhh@cs.ru.nl // 8 www.cs.ru.nl/~jhh // 8 blog.xot.nl // @xotoxot Agenda n Privacy by

322 views • 13 slides
Should I Protect You? Understanding Developers Behavior to Privacy-Preserving APIs Shubham

Should I Protect You? Understanding Developers Behavior to Privacy-Preserving APIs Shubham

Should I Protect You? Understanding Developers Behavior to Privacy-Preserving APIs Shubham Jain and Janne Lindqvist Department of Electrical and Computer Engineering Rutgers University Workshop on Usable Security (USEC14) February 23,

230 views • 21 slides
EU Art.29 Data Protection Users care about privacy Working Party From: Special Eurobarometer

EU Art.29 Data Protection Users care about privacy Working Party From: Special Eurobarometer

28/05/15 Outline Data privacy and the evolving regulation Privacy threats from LBS to geoSN EveryWare Lab Main (location) privacy protection techniques Data Management for Mobile Protecting geo-tagged resource publication

411 views • 7 slides
PRETTY EASY PRIVACY 05-2014 It is called kinko Overview introduction spot the problem

PRETTY EASY PRIVACY 05-2014 It is called kinko Overview introduction spot the problem

PRETTY EASY PRIVACY 05-2014 It is called kinko Overview introduction spot the problem building good crypto tools challenges more than tools get involved Snowden 2013... ...rekindled interest in privacy. Privacy after

643 views • 46 slides
Karl-Johan Dahlstrm Head of Developer Relations developer world sonymobile.com/developer

Karl-Johan Dahlstrm Head of Developer Relations developer world sonymobile.com/developer

Karl-Johan Dahlstrm Head of Developer Relations developer world sonymobile.com/developer @sonyxperiadev 2 2013-02-21 PA1 Confidential Developers Custom ROM Developers Application and Game Developers Tools Tools Support

982 views • 34 slides
CS573 Data Privacy and Security Location Privacy Location Privacy Yonghui (Yohu) Xiao htt //

CS573 Data Privacy and Security Location Privacy Location Privacy Yonghui (Yohu) Xiao htt //

CS573 Data Privacy and Security Location Privacy Location Privacy Yonghui (Yohu) Xiao htt // http://yxiao.info i i f Outline Outline What is Location Privacy Basic Techniques Private Information Retrieval Probabilistic

415 views • 24 slides
Ti e Voice of Reason We have all of these tools and techniques, but are we any better?

Ti e Voice of Reason We have all of these tools and techniques, but are we any better?

And Ti e Voice of Reason We have all of these tools and techniques, but are we any better? PRESENT Modern Software Development Anti-Patterns Reconciliation by Scot A Harvest Note the lack of flu fg y animals in this talk - that's right

349 views • 34 slides
Tools and Techniques to automate the discovery of Zero Day Vulnerabilities A.K.A Fuzzing 101

Tools and Techniques to automate the discovery of Zero Day Vulnerabilities A.K.A Fuzzing 101

Tools and Techniques to automate the discovery of Zero Day Vulnerabilities A.K.A Fuzzing 101 Agenda GEEKZONE Overview of fuzzing techniques Tutorials on specific open-source fuzzers Demonstrations DIY fuzzing! Who

825 views • 50 slides
Privacy-preserving Information Sharing: Crypto Tools and Applications Emiliano De Cristofaro

Privacy-preserving Information Sharing: Crypto Tools and Applications Emiliano De Cristofaro

Privacy-preserving Information Sharing: Crypto Tools and Applications Emiliano De Cristofaro University College London (UCL) https://emilianodc.com Privacy-preserving what ? Parties with limited mutual trust willing or required to share

1.1k views • 66 slides
Facebook Strategies Facebook www.facebook.com Facebook TIPS Idea #1: Share the School Calendar.

Facebook Strategies Facebook www.facebook.com Facebook TIPS Idea #1: Share the School Calendar.

Facebook Strategies Facebook www.facebook.com Facebook TIPS Idea #1: Share the School Calendar. Idea #2: Link to Positive Stories. Idea #3: Post Photos of Events. Idea #4: Congratulate Students and Staff Who Achieve. Facebook TIPS Going

427 views • 39 slides
Pay-Per-Click (PPC) Advertising 1.6 billion people worldwide are connected to a small business

Pay-Per-Click (PPC) Advertising 1.6 billion people worldwide are connected to a small business

Pay-Per-Click (PPC) Advertising 1.6 billion people worldwide are connected to a small business on Facebook. Become genuinely interested in other people. Know your target audience! Where do they live? How old are they? Male / Female?

383 views • 22 slides
Investor Presentation Q1 2017 Safe Harbor FO FORWARD-LO LOOKING STATEMENTS These slides and

Investor Presentation Q1 2017 Safe Harbor FO FORWARD-LO LOOKING STATEMENTS These slides and

Investor Presentation Q1 2017 Safe Harbor FO FORWARD-LO LOOKING STATEMENTS These slides and the accompanying oral presentation contain forward - looking statements. All statements other than statements of historical facts contained in these

289 views • 24 slides
Arthur Schopenhauer 1818 Der Wahrheit ist allerzeit nur ein kurzes Siegesfest beschieden

Arthur Schopenhauer 1818 Der Wahrheit ist allerzeit nur ein kurzes Siegesfest beschieden

3/27/2018 Attachment-Focused EMDR for Complex Trauma Building on the Standard Protocol: an Audit of Reflective Practice Mark Brayne EMDR Europe Accred Consultant / Parnell Institute Facilitator London March 2018 Powered by Arthur

505 views • 34 slides
BrainJuicer Group PLC Feel more: Buy more system1agency.com @system1agency Leading Founded in

BrainJuicer Group PLC Feel more: Buy more system1agency.com @system1agency Leading Founded in

Feel more: Buy more. Results Presentation | Twelve months ended 31 December 2016 BrainJuicer Group PLC Feel more: Buy more system1agency.com @system1agency Leading Founded in 1999 exponent of behavioural Floated on AIM in December 2006 at

478 views • 9 slides
Panel Discussion Insights: The Killer of Creative? Or the Driver of Killer Creative? ARF

Panel Discussion Insights: The Killer of Creative? Or the Driver of Killer Creative? ARF

Panel Discussion Insights: The Killer of Creative? Or the Driver of Killer Creative? ARF Creative Council Moderator: Andrew Smith Jay Mattlin Consultant #CxS2018 ARF Creative Council Working Group on Driving the Power of Creative Through

327 views • 14 slides
1) Overview 2) Definition of Marketing Research 3) A

1) Overview 2) Definition of Marketing Research 3) A

FEP An Introduction to Marketing Research Market Research LGE 508

336 views • 16 slides
Re-Engineering Your Documentation Collection Process for the Research Credit William A.

Re-Engineering Your Documentation Collection Process for the Research Credit William A.

Re-Engineering Your Documentation Collection Process for the Research Credit William A. Schmalzl, Chicago, IL September 26, 2016 wschmalzl@mayerbrown.com 312-701-7225 Michael Kaupa, Chicago, IL mkaupa@mayerbrown.com 312-701-8209 Mayer

446 views • 41 slides

More recommend