Privacy Research Paradigms Privacy Engineering and the ... · agile in software engineering...
Transcript of Privacy Research Paradigms Privacy Engineering and the ... · agile in software engineering...
Privacy Research ParadigmsPrivacy Engineeringand the Agile Turn
Seda Gürsesfgurses @ princeton.edu
CITP, Princeton UniversityCOSIC, University of Leuven
13. July 2016Interdisciplinary Privacy
Summer School
1Wednesday, July 13, 16
2Wednesday, July 13, 16
3Wednesday, July 13, 16
getting privacy engineering right?
4Wednesday, July 13, 16
privacy research
getting privacy engineering right?
software engineering
practice
5Wednesday, July 13, 16
privacy research
software engineering
practice
6Wednesday, July 13, 16
privacy research
software engineering
practice
7Wednesday, July 13, 16
8Wednesday, July 13, 16
can it be that the practices around the production of software are an important element of privacy research?
privacy research
software engineering
practice
9Wednesday, July 13, 16
matters?
10Wednesday, July 13, 16
the turn to agile
shrink wrap services
waterfall model agile programming
PC cloud
11Wednesday, July 13, 16
what is the impact of
the turn to agile in
software engineering
practice
on computer science research in privacy?
12Wednesday, July 13, 16
what is the impact of
the turn to agile in
software engineering
practice
on computer science research in privacy?
13Wednesday, July 13, 16
the turn to agile in
software engineering
practice
on computer science research in privacy?
what is the impact of
14Wednesday, July 13, 16
the turn to agile in
software engineering
practice
on computer science research in privacy?
what is the impact of
15Wednesday, July 13, 16
the turn to agile in
software engineering
practice
on computer science research in privacy?
what is the impact of
SOKlit review
42 interviewsevents/papers
16Wednesday, July 13, 16
privacy as control
privacy as confidentiality
privacy as practice
PRIVACY RESEARCH PARADIGMS
17Wednesday, July 13, 16
privacy as confidentiality
PRIVACY RESEARCH PARADIGMS
“the right to be let alone” Warren and Brandeis
data minimization
avoid single point of failure
open source - it takes a village to keep it secure
properties with mathematical guarantees
18Wednesday, July 13, 16
privacy as confidentiality
PRIVACY RESEARCH PARADIGMS
secure messaging
anonymous communications
19Wednesday, July 13, 16
20Wednesday, July 13, 16
privacy as control
PRIVACY RESEARCH PARADIGMS
“right of the individual to decide what information about himself should be
communicated to others and under what circumstances” Westin
data protection/FIPPS compliance
transparency and accountability
individual participation and control
21Wednesday, July 13, 16
privacy as control
PRIVACY RESEARCH PARADIGMS
privacy policy languages
purpose based access control
22Wednesday, July 13, 16
23Wednesday, July 13, 16
privacy as practice
PRIVACY RESEARCH PARADIGMS
“the freedom from unreasonable constraints on the construction of one’s identity” Agre
improve user agency in negotiating privacy
privacy integral to collective info practices
aid in privacy decision making
transparency of social impact
24Wednesday, July 13, 16
privacy as practice
PRIVACY RESEARCH PARADIGMS
feedback & awareness design
privacy nudges
25Wednesday, July 13, 16
26Wednesday, July 13, 16
27Wednesday, July 13, 16
28Wednesday, July 13, 16
privacy as control
privacy as confidentiality
privacy as practice
PRIVACY RESEARCH PARADIGMS
29Wednesday, July 13, 16
diversity in problems & solutions
systematization
generalization
practice
integration
30Wednesday, July 13, 16
privacy engineering
the field of research and practice that designs, implements, adapts and evaluates theories, methods, techniques, and tools to systematically capture and address privacy issues when developing socio-technical systems.
31Wednesday, July 13, 16
privacy theory
methods techniques tools
32Wednesday, July 13, 16
privacy theory
CONTEXTUAL INTEGRITY
33Wednesday, July 13, 16
privacy theory
privacydata protection
FIPPs
non-absolute
relational
contextual
opacity of the individual
procedural safeguards
accountability
transparency
personal data
data minimization
34Wednesday, July 13, 16
surveillanceprivacy theory
35Wednesday, July 13, 16
privacy theory
methods techniques tools
36Wednesday, July 13, 16
methods: approaches for systematically capturing and addressing privacy issues during information system development, management and maintenance
37Wednesday, July 13, 16
techniques: procedures, possibly with a prescribed language or notation, to accomplish privacy-engineering tasks or activities
38Wednesday, July 13, 16
tools: (automated) means that support privacy engineers during part of a privacy engineering process.
39Wednesday, July 13, 16
standalone privacy technology
socio-technical systems
privacy enhancement of
system or functionresearch into
privacy violations
Tor/PreTP privacy policy languages web census
40Wednesday, July 13, 16
future research needs
empirical studies:
how are privacy issues being addressed in engineering contexts?
machine learning and engineering:
methods, techniques and tools to address privacy, fairness
and semantic power
frameworks and metrics:for evaluating
efficacy of privacy engineering methods,
techniques and tools
41Wednesday, July 13, 16
the turn to agile in
software engineering
practice
on computer science research in privacy?
what is the impact of
42Wednesday, July 13, 16
• exploratory study (work in progress)
• develop and shape an agenda for further study
• interviews and chats
• devs, devops, product managers, a/b testers, AI/data product developers, data engineers, privacy officers
• industry white papers
• legal and policy literature
methodology
43Wednesday, July 13, 16
shrink wrap software
44Wednesday, July 13, 16
agile methods
SOAcloud
IaaS/PaaS
SaaS
45Wednesday, July 13, 16
the turn to agile
shrink wrap services
waterfall model agile programming
PC cloud
46Wednesday, July 13, 16
shrink wrap services
47Wednesday, July 13, 16
1) All teams will henceforth expose their data and functionality through service interfaces.
2) Teams must communicate with each other through these interfaces.
3) There will be no other form of interprocess communication allowed: no direct linking, no direct reads of another team's data store, no shared-memory model, no back-doors whatsoever. The only communication allowed is via service interface calls over the network.
4) It doesn't matter what technology they use. HTTP, Corba, Pubsub, custom protocols -- doesn't matter. Bezos doesn't care.
5) All service interfaces, without exception, must be designed from the ground up to be externalizable. That is to say, the team must plan and design to be able to expose the interface to developers in the outside world. No exceptions.
6) Anyone who doesn't do this will be fired.~2001/2002
48Wednesday, July 13, 16
shrink wrap services
server (thin) client model
binary runs solely on client side
requires matching soft & hardware data “secured” by service
collaborative
updates and maintenance server side
updates & maintenance cumbersome
user has control (oh no!)
pay as you use/trialpay in advance
enterprise apps
Microsoft Word office 365
49Wednesday, July 13, 16
server - thin client model
bundled services
licensing and pricing models intensified tracking
pooling of data
transaction throughout use
implications of the shift to services
agile service integration
50Wednesday, July 13, 16
version+
purchase
shrink wrap software production use
time
pay per use
service bundle
use
51Wednesday, July 13, 16
picture album creation service
authentication payment mapsembedded media
social
CRM
team integration
production tools
UX capture
SDK/PaaS cybersecurity performance
AB Testing
advertisement
data brokers analytics
52Wednesday, July 13, 16
53Wednesday, July 13, 16
http://uservoice.com
http://sproutvideo.com
http://startapp.com
http://fitocracy.com
http://meuspedidos.com.br
http://oyorooms.com
http://urbanclap.com
http://himalayastore.com
http://travelport.com
http://credomobile.com
http://deputy.com
fullstory in top 1 million siteshttp://remitly.com
http://wahoofitness.com
http://wayup.com
http://tieks.com
http://referralcandy.com
http://codeschool.com
http://owler.com
http://surfdome.com
http://autopilothq.com
http://conte.it
http://autoeurope.com
http://moosejaw.com
http://clickminded.com
http://keen.io
http://samcart.com
http://thebouqs.com
http://mymove.com
http://scripted.com
http://namely.com
http://shethinx.com
http://castorama.pl
http://nexojornal.com.br
54Wednesday, July 13, 16
waterfall model agile programming
55Wednesday, July 13, 16
waterfall model
spiralmodel
agile programming
Xtreme programming
56Wednesday, July 13, 16
waterfall modelrequirements analysis and
specification
architectural design
implementation and integration
verification
operation and maintenance
57Wednesday, July 13, 16
58Wednesday, July 13, 16
process and tools
individuals and interactions
working software
comprehensive documentation
customer collaboration
contract negotiation
responding to change
following a plan
agile manifesto
59Wednesday, July 13, 16
if short iterations are good, make them as short as possible
eXtreme Programming
if simplicity is good, do the simplest thing that can work
if testing is good, test all the time
if code reviews are good, review code continuously
60Wednesday, July 13, 16
server - thin client model
short iterations
data centric development
simplicity
testing testing testing
rapid feature development
reuse and modularity
user centric development
implications of the shift to agile dev
61Wednesday, July 13, 16
rapid feature development
product manager
boss/VC said so
where do features come from?
designers said so
competitor did it
where do features go?
behavioral analytics
feature inflation
62Wednesday, July 13, 16
data centric development
predictive modeling 4 pricing
user churn
user/behavioral analytics
data products
metrics
anecdotes
data centric development
63Wednesday, July 13, 16
website
new information panel
64Wednesday, July 13, 16
• recursively keeping track:
• capturing behavior of users
• capturing behavior of service components
• capturing behavior of your capture models
• QA and continuous monitoring become one thing
perspective 3: behavior and data centricity
65Wednesday, July 13, 16
time
pay per use
service bundle
use
feature space
consent
66Wednesday, July 13, 16
how is all this fluffy management stuff relevant to privacy research?
67Wednesday, July 13, 16
These systems capture knowledge of people’s behavior, and they reconfigure them through rapid development of features that are able to identify, sequence, reorder and transform human activities.
This also means that they open these human activities to evaluation in terms of economic efficiency. Philip Agre.
Philip Agre: Two models of privacy
68Wednesday, July 13, 16
the turn to agile in
software engineering
practice
on computer science research in privacy?
what is the impact of
69Wednesday, July 13, 16
rapid feature developmentcan’t apply security
frameworks
no threat modeling
no risk assessment
code maturity? lol
defies attackers learning curve
honeymoon++ vulnerability
density
++ immature code
70Wednesday, July 13, 16
privacy as confidentiality
impact of the agile turn?
data minimization
avoid single point of failure
properties with mathematical guarantees
71Wednesday, July 13, 16
72Wednesday, July 13, 16
privacy as control
impact of the agile turn?
data protection/FIPPS compliance
transparency and accountability
73Wednesday, July 13, 16
74Wednesday, July 13, 16
privacy as practice
impact of the agile turn?
improve user agency in negotiating privacy
privacy integral to collective info practices
transparency of social impact
75Wednesday, July 13, 16
the turn to agile in
software engineering
practice
on computer science research in privacy?
what is the impact of
76Wednesday, July 13, 16
77Wednesday, July 13, 16
• Privacy research will need to speak to existing SE approaches
• domain specificity not enough: SE practices matter
• Future research: systemic empirical study of the agile turn
• evaluate the paradigmatic principles that guide privacy research
• study feature inflation and its impact on activities/privacy
• behavioral analytics role in software engineering
• the politics of new service metrics
• Investigate policy implications:
• DP was developed during the time of mainframes!!!
OUTLOOK
78Wednesday, July 13, 16
references
• Please contact me for further references
• Philip E. Agre, Surveillance and capture: Two models of privacy, The Information Society, Vol. 10, Iss. 2, 1994
• Irina Kaldrack and Martina Leeker, There is no software, just services, Meson Press, 2015.
79Wednesday, July 13, 16
capture
everyday activities
grammars of action
system
1. analysis2. articulation
3. imposition
4. instrumentation
optimization
5. elaboration
80Wednesday, July 13, 16
computers can only compute what they capture
what would a total reorganization of all spheres of life in accord with the capture model look like?
81Wednesday, July 13, 16
Capture speaks to current landscape
But he wrote in time of shrink-wrap!
82Wednesday, July 13, 16