Towards Minimising Timestamp Usage in Application Software A Case - - PowerPoint PPT Presentation

towards minimising timestamp usage in application software
SMART_READER_LITE
LIVE PREVIEW

Towards Minimising Timestamp Usage in Application Software A Case - - PowerPoint PPT Presentation

Sep 10, 2022 323 likes •734 views

Christian Burkert , Hannes Federrath Towards Minimising Timestamp Usage in Application Software A Case Study of the Mattermost Application 26.09.2019 Project: Employee Privacy in Development and Operations 26.09.2019 | Christian Burkert,

slide-1
SLIDE 1

26.09.2019

Christian Burkert, Hannes Federrath

Towards Minimising Timestamp Usage in Application Software

A Case Study of the Mattermost Application

slide-2
SLIDE 2

Project: Employee Privacy in Development and Operations

26.09.2019 | Christian Burkert, Hannes Federrath 2

slide-3
SLIDE 3

Project: Employee Privacy in Development and Operations

26.09.2019 | Christian Burkert, Hannes Federrath 2

slide-4
SLIDE 4

Project: Employee Privacy in Development and Operations

26.09.2019 | Christian Burkert, Hannes Federrath 2

slide-5
SLIDE 5

Project: Employee Privacy in Development and Operations

26.09.2019 | Christian Burkert, Hannes Federrath 2

slide-6
SLIDE 6

Project: Employee Privacy in Development and Operations

26.09.2019 | Christian Burkert, Hannes Federrath 2

slide-7
SLIDE 7

Project: Employee Privacy in Development and Operations

26.09.2019 | Christian Burkert, Hannes Federrath 2

slide-8
SLIDE 8

Monitoring of Employees

26.09.2019 | Christian Burkert, Hannes Federrath 3 Source: Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein (ULD)

slide-9
SLIDE 9

Monitoring of Employees

Monitoring Performance Down on Mondays? Progress Stuck on a task? Habits Working after midnight?

26.09.2019 | Christian Burkert, Hannes Federrath 3 Source: Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein (ULD)

slide-10
SLIDE 10

Monitoring of Employees

Monitoring Performance Down on Mondays? Progress Stuck on a task? Habits Working after midnight? Employment Power imbalance Collective measures vs. individual consent

26.09.2019 | Christian Burkert, Hannes Federrath 3 Source: Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein (ULD)

slide-11
SLIDE 11

People Analytics: Microsoft Workplace Analytics

26.09.2019 | Christian Burkert, Hannes Federrath 4

slide-12
SLIDE 12

People Analytics: IBM Personal Social Dashboard

26.09.2019 | Christian Burkert, Hannes Federrath 5

slide-13
SLIDE 13

Timestamp Metadata

26.09.2019 | Christian Burkert, Hannes Federrath 6

slide-14
SLIDE 14

Timestamp Metadata: Research Questions

RQ1 Where do timestamps occur in the data model?

26.09.2019 | Christian Burkert, Hannes Federrath 7

slide-15
SLIDE 15

Timestamp Metadata: Research Questions

RQ1 Where do timestamps occur in the data model? RQ2 Which of them are personally identifiable?

26.09.2019 | Christian Burkert, Hannes Federrath 7

slide-16
SLIDE 16

Timestamp Metadata: Research Questions

RQ1 Where do timestamps occur in the data model? RQ2 Which of them are personally identifiable? RQ3 For what purpose are they collected/processed?

26.09.2019 | Christian Burkert, Hannes Federrath 7

slide-17
SLIDE 17

Timestamp Metadata: Research Questions

RQ1 Where do timestamps occur in the data model? RQ2 Which of them are personally identifiable? RQ3 For what purpose are they collected/processed? RQ4 Are there more proportionate/data minimal alternatives?

26.09.2019 | Christian Burkert, Hannes Federrath 7

slide-18
SLIDE 18

Case Study: Mattermost

26.09.2019 | Christian Burkert, Hannes Federrath 8 Source: mattermost.com

slide-19
SLIDE 19

Purpose Analysis: Methodology

RQ1 Where do timestamps occur in the data model?

  • 1. Find all uses of int64 keyword in model code
  • 2. Filter out non-timestamp related occurrences

Target of evaluation: Mattermost Server v4.8, Mattermost Web Client v5.5.1

26.09.2019 | Christian Burkert, Hannes Federrath 9

slide-20
SLIDE 20

Purpose Analysis: Methodology

RQ1 Where do timestamps occur in the data model?

  • 1. Find all uses of int64 keyword in model code
  • 2. Filter out non-timestamp related occurrences

RQ2 Which of them are personally identifiable?

  • 3. Keep only timestamps with a connection to User

Target of evaluation: Mattermost Server v4.8, Mattermost Web Client v5.5.1

26.09.2019 | Christian Burkert, Hannes Federrath 9

slide-21
SLIDE 21

Purpose Analysis: Methodology

RQ1 Where do timestamps occur in the data model?

  • 1. Find all uses of int64 keyword in model code
  • 2. Filter out non-timestamp related occurrences

RQ2 Which of them are personally identifiable?

  • 3. Keep only timestamps with a connection to User

RQ3 For what purpose are they collected/processed?

  • 4. Locate all uses of these timestamps with gorename
  • 5. Inspect source code of all uses and categorise them
  • 6. Discard all non-programmatic uses

(i.e., which have no effect on MM’s behaviour)

  • 7. Identify user facing timestamps by in the web client

Target of evaluation: Mattermost Server v4.8, Mattermost Web Client v5.5.1

26.09.2019 | Christian Burkert, Hannes Federrath 9

slide-22
SLIDE 22

Timestamps in Mattermost’s Data Model (Excerpt)

  • User +

Channel + ChannelMember ChannelMemberHistory + Post + Reaction + Session + Status

Legend: + Creation

  • Update
  • Deletion
  • Last Viewed
  • Last Activity
  • Expiration

26.09.2019 | Christian Burkert, Hannes Federrath 10

slide-23
SLIDE 23

PII vs. Non-PII Timestamps

PII 47 No-PII 26

73 Total

26.09.2019 | Christian Burkert, Hannes Federrath 11

slide-24
SLIDE 24

Timestamp Types

Create 15 Update 14 Delete 10 Misc 8

47 PII

26.09.2019 | Christian Burkert, Hannes Federrath 12

slide-25
SLIDE 25

Visibility for Users

Visible 5 Not Visible 42

47 PII

26.09.2019 | Christian Burkert, Hannes Federrath 13

slide-26
SLIDE 26

Programmatic Usage

Used Unused

47 PII

24 23

26.09.2019 | Christian Burkert, Hannes Federrath 14

slide-27
SLIDE 27

Distribution of Types between Used and Unused 3 4 5 6 6 6 8 9 create update delete misc used (23) unused (24)

26.09.2019 | Christian Burkert, Hannes Federrath 15

slide-28
SLIDE 28

Categories of Programmatic Usage

Type of Use Description EditLimit Enforce edit limit for posts Etag Calculate Etag for HTTP header Expiry Enforce the expiry of an object Filter Filter a sequence of objects by time MinElapse Ensure that a minimum amount of time has elapsed PostNovelty Highlight new posts Sort Sort a sequence of objects by time State Track the state of an object Timeout Enforce a timeout

26.09.2019 | Christian Burkert, Hannes Federrath 16

slide-29
SLIDE 29

Categories of Programmatic Usage

State 11 Etag 8 Expiry 4 Novelty 2 Timeout 2 Misc 4

31 Usages

26.09.2019 | Christian Burkert, Hannes Federrath 17

slide-30
SLIDE 30

RQ4: More proportionate/data minimal alternatives

S e q u e n c e N u m b e r R e v i s i

  • n

N u m b e r R e d u c t i

  • n

E n c r y p t i

  • n

E n u m e r a t i

  • n

EditLimit

  • Etag
  • Expiry
  • Filter
  • MinElapse
  • Novelty
  • Sort
  • State
  • Timeout
  • User Information
  • 26.09.2019 | Christian Burkert, Hannes Federrath

18

slide-31
SLIDE 31

Purpose: Sort, Novelty and Etag

Property Monotonic ordering

26.09.2019 | Christian Burkert, Hannes Federrath 19

slide-32
SLIDE 32

Purpose: Sort, Novelty and Etag

Property Monotonic ordering Alternative Sequence or revision numbers

26.09.2019 | Christian Burkert, Hannes Federrath 19

slide-33
SLIDE 33

Purpose: Sort, Novelty and Etag

Property Monotonic ordering Alternative Sequence or revision numbers Example Novelty detection:

  • 1. Add sequence number to post
  • 2. Record last seen seq. number per channel and user
  • 3. On revisits: highlight posts with higher seq. number

26.09.2019 | Christian Burkert, Hannes Federrath 19

slide-34
SLIDE 34

Mattermost Case Study: Summary

Goal Analysis of timestamp usage and purposes

26.09.2019 | Christian Burkert, Hannes Federrath 20

slide-35
SLIDE 35

Mattermost Case Study: Summary

Goal Analysis of timestamp usage and purposes Findings majority of PII timestamps is not used

  • nly a small proportion is visible to users

programmatic usages have potential for data minimisation

26.09.2019 | Christian Burkert, Hannes Federrath 20

slide-36
SLIDE 36

Mattermost Case Study: Summary

Goal Analysis of timestamp usage and purposes Findings majority of PII timestamps is not used

  • nly a small proportion is visible to users

programmatic usages have potential for data minimisation Limitation Case study is not representative

26.09.2019 | Christian Burkert, Hannes Federrath 20

slide-37
SLIDE 37

Mattermost Case Study: Summary

Goal Analysis of timestamp usage and purposes Findings majority of PII timestamps is not used

  • nly a small proportion is visible to users

programmatic usages have potential for data minimisation Limitation Case study is not representative Future Expansion to other software Improvement of the usage analysis (automation, reproducibility) Investigation of possible causes (anti patterns)

26.09.2019 | Christian Burkert, Hannes Federrath 20

slide-38
SLIDE 38

Contact Christian Burkert

Tel. +49 40 42883-2406 Mail burkert@informatik.uni-hamburg.de I’d be happy to hear from you!

OpenPGP Fingerprint: 9B97 CC4B 5FF4 7BA3 EF7B 1966 A5FB 6E0B 41AC CDFB

26.09.2019 | Christian Burkert, Hannes Federrath 21

slide-39
SLIDE 39

Timestamp Type and their Programmatic Usage

Type Usage Category Create EditLimit, Expiry, PostNovelty, Sort, State Update Etag, Filter, State Delete StateDeleted LastActivityAt MinElapse, Timeout LastViewedAt PostNovelty ExpiresAt Expiry

26.09.2019 | Christian Burkert, Hannes Federrath 22