Privacy Engineering

1 © Nokia 2016

Privacy Engineering:Privacy Engineering

Public

Dr. Ian Oliver

Bell Labs, Finland

25 May 2016

A Lecture Given at Klarna, Stockholm, Sweden

2 © Nokia 2016

PRIVACY as a legal construct

Public

•“The Right to Privacy” (Warren and Brandeis, 1890)•EU Data Protection Laws•Human Rights•...

3 © Nokia 2016

PRIVACY as a philisophical construct

Public

•ethics•morals•definition•...

4 © Nokia 2016

PRIVACY as an economic construct

Public

•cost•brand value•$£€

5 © Nokia 2016

PRIVACY as a ...

Public

Privacy by Design

6 © Nokia 2016

PRIVACY as a game theoretic construct

Public

7 © Nokia 2016

Public

Legal Engineering*large* semantic gap

PRIVACY as Systems Engineering

8 © Nokia 2016

Public

From here to here...

9 © Nokia 2016

Public

COMPLIANCE!

10 © Nokia 2016

Public

Privacy compliance

Information assymetry

Compliance

is fragile

11 © Nokia 2016

Compliance

is fragile

Public

char collectDataFlag = 'Y'; // Future proofed boolean// Y for yes, N for no

void collectDataFunction(){//collect IMEI, IMSI, MSISDN, TimeStamp and location//and send to the hardcoded IP address...

}

void checkDataCollection(){switch(collectDataFlag){

case 'N' :// don't do anything

case 'Y' :// ok to collect everythingcollectDataFunction();

}}

12 © Nokia 2016

Public

Engineers

Lawyers

Privacy Engineering Process

How do we address the privacyengineering problem?

13 © Nokia 2016

Public

Engineers

Lawyers

Privacy Engineering Process


Engineers need to speak to privacy lawyers...and vice versa...

The hard bit however is formalising all of this....

14 © Nokia 2016

Public

How do we currently address the privacy engineering problem?

15 © Nokia 2016

Public


• Invent a new Process

16 © Nokia 2016

Public


• Invent a new Process• Method (Technique, Skills)

• Requirements

• Ontology• Modelling• Metrics• Culture

Richard Hamming

1915-1998

The applications of knowledge, especially mathematics,

reveal the unity of all knowledge. In a new situation almost

anything and everything you ever learned might be

applicable, and the artificial divisions seem to vanish.

17 © Nokia 2016

Public

• Requirements• Ontology & Semantics• Modelling• Metrics• Culture

18 © Nokia 2016

Public


Everything you thought information was is wrong...

19 © Nokia 2016

Public


What’s the semantics of an IP address?

20 © Nokia 2016

Public


What’s the semantics of an IP address?

Which interpretation(s) do you want?....and when?....and why?

21 © Nokia 2016

Public


Is this a location?38°N 97°W

22 © Nokia 2016

Public


38°N 97°W

Toto, I've a feeling we're not in Kansas any more.

23 © Nokia 2016

Public


http://fusion.net/story/287592/internet-mapping-glitch-kansas-farm/

Is this a location?38°N 97°W == NULL

24 © Nokia 2016

Public


E-mail address as a login ID....

25 © Nokia 2016

Public


E-mail address as a login ID....

...the proof is left as an exercise to the reader.

26 © Nokia 2016

Public


27 © Nokia 2016

Public

• Requirements

• Ontology & Semantics

• Modelling• Metrics• Culture

28 © Nokia 2016

Public

• Requirements



29 © Nokia 2016

Public

• Requirements



30 © Nokia 2016

Public

• Requirements



Data

Type, Usage, Purpose, Provenance, Identity

Requirements

Risks

classified by

mapped to

mapped to

Risk Metric

calculates

RequirementAspects

31 © Nokia 2016

Public

• Requirements



Data

Type, Usage, Purpose, Provenance, Identity

Requirements

Risks

classified by

mapped to

mapped to

Risk Metric

calculates

RequirementAspectsFeedback

32 © Nokia 2016

Public


33 © Nokia 2016

Public

• Requirements



Personally Identifiable Information

Personal Data

34 © Nokia 2016

Public

• Requirements



Personally Identifiable Information

Personal Data

35 © Nokia 2016

Public

• Requirements



36 © Nokia 2016

Public

• Requirements



Probably not personal data/ Probably personal data

37 © Nokia 2016

Public


An app that takes a photo and shares it *and* stores it in the cloud....

...you probably have at least one of these on your mobile device...

38 © Nokia 2016

Public


Traditional compliance....

39 © Nokia 2016

Public

• Requirements



40 © Nokia 2016

Public

• Requirements



41 © Nokia 2016

Public

• Requirements



46 © Nokia 2016

Public

• Requirements

• Ontology & Semantics• Modelling• Metrics• Culture

Increasing amount of risk

Take the maximal value of risk for any givencombination of fields

This has all theproperties of a metric

Ian Oliver, Silke Holtmanns (2015). Aligning the Conflicting Needs of Privacy, Malware Detection and Nework Protection. TrustCom’15

48 © Nokia 2016

Public

• Requirements



1. How many engineers do you have working at the highests levels in your company on privacy?

49 © Nokia 2016

Public

• Requirements



1. How many engineers do you have working at the highests levels in your company on privacy?

2. Do you treat privacy as a critical aspect of your systems?

(or security, or performance etc)

54 © Nokia 2016

Public

http://www.healthbeatblog.com/2011/05/doctors-heroes-or-members-of-a-pit-crew/

Atul Gawande, 2011

• Requirements



55 © Nokia 2016

Public

”We in privacy, however, have been slow to grasp ... how the volume of information

has changed our work and responsibilities...” he added,”The rapid growth in

information collection is not just a difference in degree but a difference in kind ... the

reality is that privacy’s complexity has exceed our individual capabilities as privacy

advocates.”

• Requirements



56 © Nokia 2016

Public

There can be no [privacy] heroes

James ReasonThe Human Contribution

(with modification by author)

• Requirements



58 © Nokia 2016

Public

Privacy is safety-critical

Ian Oliver

• Requirements



implies:• communication• integrity, ie: know the state

59 © Nokia 2016

Public

Summary

• Shared Ontology

• Modelling• Requirements• Analysis• (Libraries and Patterns)

• Metrics and Risk

• Culture

not discussed in this presentation

Privacy Engineering

Technology

Transcript of Privacy Engineering