top mistakes in system design from a privacy perspective
play

Top Mistakes in System Design from a Privacy Perspective Marit - PowerPoint PPT Presentation

Aug 13, 2023 •229 likes •881 views

Top Mistakes in System Design from a Privacy Perspective Marit Hansen January 29, 2013 privtech12, Gteborg www.datenschutzzentrum.de Overview The legal perspective of privacy and data protection Top mistakes in system design from a

  1. Top Mistakes in System Design from a Privacy Perspective Marit Hansen January 29, 2013 privtech12, Göteborg

  2. www.datenschutzzentrum.de Overview • The legal perspective of privacy and data protection • Top mistakes in system design from a privacy perspective • Conclusion

  3. www.datenschutzzentrum.de Setting of ULD in Schleswig-Holstein • Data Protection Authority (DPA) for both the public and private sector • Also responsible for freedom of information Source: en.wikipedia.org/ wiki/Schleswig-Holstein Source: www.maps-for-free.com

  4. www.datenschutzzentrum.de Complex system of data protection commissioners in Germany • 1 Federal DP Commissioner � for public sector on the federal level; legal basis: Federal DP Act (BDSG) � for telecommunication; legal basis: Telecommunication Act • 16+ DP Commissioners for 16 States � for public sector on the State level; legal basis: 16 State DP Acts � for private sector, i.e., companies located in the State; legal basis: Federal DP Act • Own DP Commissioners for churches and broadcasting corporations Source: David Liuzzo

  5. www.datenschutzzentrum.de Good news: Harmonisation on the EU level European data protection directives: • Data Protection Directive 95/46/EC A N D E u : r p o r p o e p • e-Privacy Directive a o n s a D l a f o t a r a P 2009/136/EC r d o r t a e f c t t i o n R e g u l a t i o n … to be implemented by the Member States in national law Source: NuclearVacuum

  6. www.datenschutzzentrum.de 7 rules of European data protection law 1. Lawfulness Processing of personal data is lawful only if a statutory provision permits it 2. Consent or if the data subject has consented. 3. Purpose Binding Consent means: informed consent and 4. Necessity and Data Minimisation freely given. 5. Transparency and Data Subject’s Rights Personal data obtained for one 6. Data Security purpose must not be processed for other purposes. 7. Audit and Control

  7. www.datenschutzzentrum.de 7 rules of European data protection law 1. Lawfulness Only personal data necessary for the respective purpose may be processed. 2. Consent Personal data must be erased as soon 3. Purpose Binding as they are not needed anymore. 4. Necessity and Data Minimisation 5. Transparency and Data Subject’s Rights 6. Data Security 7. Audit and Control

  8. www.datenschutzzentrum.de 7 rules of European data protection law 1. Lawfulness Collection and use of personal data has to 2. Consent be transparent for data subjects. 3. Purpose Binding Data subjects have rights to access and rectification as well as (constrained) on 4. Necessity and Data Minimisation blocking and erasure of their personal data. 5. Transparency and Data Subject’s Rights 6. Data Security 7. Audit and Control

  9. www.datenschutzzentrum.de 7 rules of European data protection law 1. Lawfulness 2. Consent Unauthorised access to personal data must be prevented by technical and 3. Purpose Binding organisational safeguards. 4. Necessity and Data Minimisation 5. Transparency and Data Subject’s Rights 6. Data Security Need for internal and 7. Audit and Control external auditing/controlling of the data processing

  10. www.datenschutzzentrum.de Extended Set of Protection Goals classical IT security Balancing needed! protection goals privacy protection goals Reference: Martin Rost, Andreas Pfitzmann: Datenschutz-Schutzziele – revisited. Datenschutz und Datensicherheit (DuD) 33(12), 353-358 (2009); further reading…

  11. www.datenschutzzentrum.de Relation of CI A-UTI and 7 rules of European data protection law 1. Lawfulness 2. Consent Transparency Intervenability 3. Purpose Binding Unlinkability 4. Necessity and Data Minimisation Unlinkability Transparency 5. Transparency and Data Subject’s Rights Intervenability 6. Data Security Confidentiality Integrity Availability 7. Audit and Control Transparency Intervenability Integrity

  12. www.datenschutzzentrum.de Overview • The legal perspective of privacy and data protection • Top mistakes in system design from a privacy perspective • Conclusion

  13. www.datenschutzzentrum.de Mistake 1: Storage by default • Statements often heard: � “For functionality tests or debugging, we need data, much data.” � “You never know when you are going to need it.” • Problem: if erasure, often no real erasure • Problem: logfiles+temporary files are often not taken into account – even in privacy assessment

  14. www.datenschutzzentrum.de Mistake 2: Linkability by default • Principle in I T: � Avoidance of redundancies in databases � Naïve approach: central world-wide database of all subjects/objects + access control / different views • Problem: difficult for desired separation of powers (and separation of purposes) ⇒ risk • Problem: unlinkability often means more effort, more complexity • Problem: real life

  15. www.datenschutzzentrum.de pseudonymised Example: 2006: AOL publishes anonymised -------------- search engine requests of 3 months Quelle: http://www.lunchoverip.com/2006/08/being_user_4417.html

  16. www.datenschutzzentrum.de Number 4417749 school supplies for Iraq children the best season to visit Italy termites tea for good health mature living safest place to live nicotine effects on the body bipolar dry mouth hand tremors dog that urinates on everything 60 single men numb fingers Mrs Arnold said she was shocked that her search queries had been recorded and released to the public by AOL. "My goodness, it’s my whole personal life," she said. "I had no idea somebody was looking over my shoulder."

  17. Netflix: Real-life linkability www.datenschutzzentrum.de

  18. www.datenschutzzentrum.de Netflix: Real-life linkability

  19. www.datenschutzzentrum.de Mistake 3: Real identity by default • Tradition: Real name – long-established tradition in many cultures: “Whoever doesn‘t say his/her name, is suspicious” • Problem: Even if pseudonyms are accepted, database design with first name / last name

  20. www.datenschutzzentrum.de Mistake 3: Real identity by default • Real identity: also in biometrics-related applications • E.g. in social networks: � Photos of oneself or others � (Today predominantly self-claimed) height, weight, mood … • E.g. in speech assistance systems: � Voice

  21. www.datenschutzzentrum.de http://woa2012.gigpan.de/

  22. www.datenschutzzentrum.de http://woa2012.gigpan.de/

  23. www.datenschutzzentrum.de http://woa2012.gigpan.de/

  24. www.datenschutzzentrum.de Most tagged individuals have a profile with real data.

  25. www.datenschutzzentrum.de Facebook function: Photo tagging Foto: Screenshot Face.com

  26. www.datenschutzzentrum.de Specialty of photo tagging + biometric matching in Facebook • Photos are not biometrically optimised (unlike in eIDs) • Crowd approach with ongoing correction (also for authentication) • Photo tag suggestion: based on friend list • Opt-out not for biometric matching engine • Because of privacy complaints deactivated in Europe since Oct. 2012 http://www.thomashutter.com/wp-content/uploads/2011/05/ScreenShot11341.jpg

  27. www.datenschutzzentrum.de http://face.naughtyamerica.com/

  28. www.datenschutzzentrum.de http://face.naughtyamerica.com/

  29. www.datenschutzzentrum.de http://face.naughtyamerica.com/

  30. Google, too? www.datenschutzzentrum.de

  31. www.datenschutzzentrum.de Siri: iPhone speech assistance in the iCloud http://www.technologyreview.com/news/428053/wiping-away-your-siri-fingerprint/

  32. www.datenschutzzentrum.de Voice biometrics in the iCloud Trudy Muller, an Apple spokeswoman, confirmed that voice recordings are stored when users ask a spoken question like “What’s the weather now?” “This data is only used for Siri’s operation and to help Siri improve its understanding and recognition,” she said. Muller added that the company takes privacy “very seriously,” noting that questions and responses that Siri sends over the Internet are encrypted, and that recordings of your voice are not linked to other information Apple has generated about you. (Siri does upload your contact list, location, and list of stored songs, though, to help it respond to your requests.)

  33. www.datenschutzzentrum.de Nina: Similar to “Siri” for Android and iOS Built-in vocal biometrics are also said to recognize the speaker, allowing the software to handle account security without passwords. http://www.electronista.com/articles/12/08/06/voice.assistant.includes.voice.biometrics.for.security/

  34. www.datenschutzzentrum.de Mistake 4: Function creep as feature • Principle in I T: � Re-use of applications (multi-purpose) � Naïve approach: digitising everything, context-spanning identifiers, interoperability, openness for new usage possibilities

  35. www.datenschutzzentrum.de Example: Data retention + data usage • Starting point (EU, < 2006): telecommunication providers (phone, e-mail) must erase personal usage data as soon as possible; they must not use available data for other than accounting purposes • 2006: The Europe Commission introduced the Data Retention Directive, forcing telcos to store usage data for 6 months; sole purpose: answering requests of law enforcement bodies • Marketing departments of telcos demanded to use these retention data for additional purposes

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Privacy by Design A technical perspective Carmela Troncoso Gradiant The usual privacy

Privacy by Design A technical perspective Carmela Troncoso Gradiant The usual privacy

PR eparing I ndustry to P rivacy-by-design by supporting its A pplication in RE search Privacy by Design A technical perspective Carmela Troncoso Gradiant The usual privacy scenario Protect personal data from third parties Data

359 views • 9 slides
Engineering privacy by design Privacy by Design Let's have it! Information and Privacy

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy Commissioner of Ontario https://www.ipc.on.ca/images/resources/7foundationalprinciples.pdf Privacy by Design Let's have it! Article 25 European

1.32k views • 118 slides
Use cases from the perspective of Deutsche Telekom's Group Privacy W3C Workshop on Privacy and

Use cases from the perspective of Deutsche Telekom's Group Privacy W3C Workshop on Privacy and

Use cases from the perspective of Deutsche Telekom's Group Privacy W3C Workshop on Privacy and data usage control public Frank Wagner / Use cases from the perspective of Deutsche Telekom's Group Privacy 24.09.2010 1

464 views • 15 slides
Privacy by Design Deirdre K. Mulligan Privacy by design, why now? Legal Drivers E- Government

Privacy by Design Deirdre K. Mulligan Privacy by design, why now? Legal Drivers E- Government

Privacy by Design Deirdre K. Mulligan Privacy by design, why now? Legal Drivers E- Government Act of 2002 and OMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002 Resolution on Privacy by Design, Data Protection

556 views • 41 slides
Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering &amp; Public Policy Lorrie Faith Cranor October 29, 2013 y &amp; c S a e v c i u r P r i t e y l b L a a s

245 views • 20 slides
Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering &amp; Public Policy Lorrie Faith Cranor November 11, 2014 y &amp; c S a e v c i u r P r i t e y l b L a a s

555 views • 21 slides
Privacy and Security by Design: Regulatory Compliance Will Not be Enough to Preserve our Privacy

Privacy and Security by Design: Regulatory Compliance Will Not be Enough to Preserve our Privacy

Privacy and Security by Design: Regulatory Compliance Will Not be Enough to Preserve our Privacy Ann Cavoukian, Ph.D. Distinguished Expert-in-Residence Privacy by Design Centre of Excellence Ryerson University Ryerson CSR Institute / PPOCIR

3.12k views • 64 slides
Privacy by Design Principles of Privacy-Aware Ubiquitous Systems Marc Langheinrich Privacy by

Privacy by Design Principles of Privacy-Aware Ubiquitous Systems Marc Langheinrich Privacy by

Privacy by Design Principles of Privacy-Aware Ubiquitous Systems Marc Langheinrich Privacy by Design ETH Zurich, Switzerland www.inf.ethz.ch/~langhein Ubicomp 2001, Atlanta Contents Ubicomp 2001, Atlanta ! Privacy primer Does privacy

680 views • 22 slides
Design of a Privacy-preserving Document Submission and Grading System Benjamin Greschbach,

Design of a Privacy-preserving Document Submission and Grading System Benjamin Greschbach,

NordSec15 20th Nordic Conference on Secure IT Systems KTH ROYAL INSTITUTE OF TECHNOLOGY STOCKHOLM SWEDEN Design of a Privacy-preserving Document Submission and Grading System Benjamin Greschbach, Guillermo Rodrguez-Cano, Tomas

224 views • 10 slides
Lease-Up Lessons Learned Stephanie R. Barbabosa Head of Build to Rent at Lendlease 2 Common

Lease-Up Lessons Learned Stephanie R. Barbabosa Head of Build to Rent at Lendlease 2 Common

Lease-Up Lessons Learned Stephanie R. Barbabosa Head of Build to Rent at Lendlease 2 Common Area Mistakes 3 Interior Design Mistakes 4 Interior Unit Mistakes 5 Technology Mistakes an expensive one! 6 7 Target Market Mistakes 8 9

238 views • 10 slides
Detailed Design Review Key Objectives? Catch mistakes and improve design Verify

Detailed Design Review Key Objectives? Catch mistakes and improve design Verify

Detailed Design Review Key Objectives? Catch mistakes and improve design Verify readiness to spend money and build prototype: Specs (needs) are addressed Risks are addressed Participants? Guide, TA, and all team members

380 views • 11 slides
Privacy engineering, privacy by design, and privacy governance Engineering &amp; Public Policy

Privacy engineering, privacy by design, and privacy governance Engineering &amp; Public Policy

CyLab Privacy engineering, privacy by design, and privacy governance Engineering &amp; Public Policy Lorrie Faith Cranor November 17, 2015 y &amp; c S a e v c i u r P r i t e y l b L a a s b U o 8-533 / 8-733 /

539 views • 22 slides
CS411: Two Perspectives on DBMS User perspective CS411 how to use a database system

CS411: Two Perspectives on DBMS User perspective CS411 how to use a database system

CS411: Two Perspectives on DBMS User perspective CS411 how to use a database system Database Systems Database design Database programming System perspective 09: Storage how to design and implement a database system

370 views • 9 slides
Mistakes Irrend lernt man (Learning through mistakes) Johann Wolfgang von Goethe 2 Rome

Mistakes Irrend lernt man (Learning through mistakes) Johann Wolfgang von Goethe 2 Rome

Europe and Finland 20 years of Monetary Union Turku Europe Forum 30 August 2018 Intervention of Francesco Papadia Mistakes Irrend lernt man (Learning through mistakes) Johann Wolfgang von Goethe 2 Rome Mistakes Italian fiscal

451 views • 22 slides
From Privacy Protection to Interface Design: Implementing Information Privacy in Human-Computer

From Privacy Protection to Interface Design: Implementing Information Privacy in Human-Computer

From Privacy Protection to Interface Design: Implementing Information Privacy in Human-Computer Interactions Andrew S. Patrick Steve Kenny Independent Consultant National Research Council of Canada stephen_mh_kenny@yahoo.com

407 views • 22 slides
Encrypted DNS Privacy? A Traffic Analysis Perspective Sandra Siby, Marc Juarez, Claudia

Encrypted DNS Privacy? A Traffic Analysis Perspective Sandra Siby, Marc Juarez, Claudia

Encrypted DNS Privacy? A Traffic Analysis Perspective Sandra Siby, Marc Juarez, Claudia Diaz, Narseo Vallina-Rodriguez, Carmela Troncoso NDSS, 25 February 2020 Encrypted DNS &gt; Privacy? Can encrypting DNS protect users from tra ffi

533 views • 40 slides
Assistive Technology Making good out of UbiComp Todays Class 1. Technology in Assistance 2.

Assistive Technology Making good out of UbiComp Todays Class 1. Technology in Assistance 2.

Assistive Technology Making good out of UbiComp Todays Class 1. Technology in Assistance 2. Google Glass for PD a. PD overview b. Step through article with questions 3. Pervasive Computing and Assistive Tech a. Autism overview b. Step

545 views • 25 slides
1 / 29 Outline Introduction Overview Hypothesis and objectives Databases Methodology Data

1 / 29 Outline Introduction Overview Hypothesis and objectives Databases Methodology Data

Aprendizaje por transferencia en redes neuronales convolucionales para el diagn ostico y monitoreo de la enfermedad de Parkinson usando se nales de voz en tres idiomas diferentes Cristian David Rios Urrego BSc. student in Electronic

442 views • 41 slides
Dynamic Bayesian Networks and Hidden Markov Models Decision Trees Marco Chiarandini Deptartment

Dynamic Bayesian Networks and Hidden Markov Models Decision Trees Marco Chiarandini Deptartment

Lecture 11 Dynamic Bayesian Networks and Hidden Markov Models Decision Trees Marco Chiarandini Deptartment of Mathematics &amp; Computer Science University of Southern Denmark Slides by Stuart Russell and Peter Norvig Exercise Uncertainty

2.18k views • 85 slides
Annotation Pro Software Speech signal visualisation, part 1 klessa@amu.edu.pl

Annotation Pro Software Speech signal visualisation, part 1 klessa@amu.edu.pl

Annotation Pro Software Speech signal visualisation, part 1 klessa@amu.edu.pl katarzyna.klessa.pl Katarzyna Klessa ` Topics of the class 1. Introduction: annotation of speech recordings 2. Annotation Pro Graphical representation of the

833 views • 47 slides
VentriLock: Exploring voice-based authentication systems Chaouki K ASMI &amp; Jos L OPES E

VentriLock: Exploring voice-based authentication systems Chaouki K ASMI &amp; Jos L OPES E

VentriLock: Exploring voice-based authentication systems Chaouki K ASMI &amp; Jos L OPES E STEVES ANSSI, F RANCE Hack In Paris 06/2017 WHO WE ARE Chaouki Kasmi and Jos Lopes Esteves ANSSI-FNISA / Wireless Security Lab

901 views • 55 slides
Pre-exposure prophylaxis for HIV in women: daily oral tenofovir, oral tenofovir- emtricitabine,

Pre-exposure prophylaxis for HIV in women: daily oral tenofovir, oral tenofovir- emtricitabine,

Pre-exposure prophylaxis for HIV in women: daily oral tenofovir, oral tenofovir- emtricitabine, or vaginal tenofovir gel in the VOICE Study (MTN 003) Marrazzo JM, Ramjee G, Nair G, Palanee T, Mkhize B, Nakabiito C, Taljaard M, Piper J, Gomez K,

404 views • 15 slides
Welcome to HUDs Virtual Classroom Please mute your phone line at this time. You will find

Welcome to HUDs Virtual Classroom Please mute your phone line at this time. You will find

Welcome to HUDs Virtual Classroom Please mute your phone line at this time. You will find a microphone icon near the right edge of your screen, next to your name. Click on this, it will turn red, and your phone will be muted. If your

380 views • 26 slides
Beverly Middle School Community Communication Plan School Community Presentation March 12, 2018

Beverly Middle School Community Communication Plan School Community Presentation March 12, 2018

Beverly Middle School Community Communication Plan School Community Presentation March 12, 2018 Agenda Technology 1:1 Access Grades 5 and 6 - Grades 7 and 8 Routines Pick up and Drop off Bus and parents

813 views • 43 slides

More recommend