Privacy Engineering for Today
-
Upload
ian-oliver -
Category
Small Business & Entrepreneurship
-
view
229 -
download
1
Transcript of Privacy Engineering for Today
Privacy EngineeringforToday
Dr Ian OliverNokia Bell LabsCooperation in CyberTrust WP4
1
Ian Oliver
DIMECC 15.11.2016
Critical Enabling Technologies
2
Privacy is Dead
Ian Oliver
DIMECC 15.11.2016
Critical Enabling Technologies
3
Privacy is Deadconsidered
harmful
Ian Oliver
DIMECC 15.11.2016
Critical Enabling Technologies
4
Privacy is DeadLong Live Privacy!
Ian Oliver
DIMECC 15.11.2016
Critical Enabling Technologies
5
GDPR
Ian Oliver
DIMECC 15.11.2016
Critical Enabling Technologies
6
GDPRPrivacy Shield, HIPAA,COPPA,
ePrivacy Directive, EU Telco Law, SOX...
Ian Oliver
DIMECC 15.11.2016
Critical Enabling Technologies
7
GDPR
Compliance Risk Management
Ian Oliver
DIMECC 15.11.2016
Critical Enabling Technologies
8
GDPR
Compliance Risk Management
More good news: Not a regulated industry
Ian Oliver
DIMECC 15.11.2016
Critical Enabling Technologies
9
GDPR
Compliance Risk Management
More good news: Not a regulated industry ...... yet
Ian Oliver
DIMECC 15.11.2016
Critical Enabling Technologies
10
GDPR
Compliance Risk Management
Bad news: We are not ready as an industry ... still
too focussed on legality, not cross-disciplines
Ian Oliver
DIMECC 15.11.2016
Critical Enabling Technologies
11
Question:
how many of you DO NOT have a camera on your phone?
Ian Oliver
DIMECC 15.11.2016
Critical Enabling Technologies
12
Ian Oliver
DIMECC 15.11.2016
Critical Enabling Technologies
13
Ian Oliver
DIMECC 15.11.2016
Critical Enabling Technologies
ID, LOC, PIC
14
Ian Oliver
DIMECC 15.11.2016
Critical Enabling Technologies
anon(ID, LOC, PIC)
Browser data
Layer 5,6,7
Layer 1,2,3,4
SS7/Diameter/LTE...
15
Ian Oliver
DIMECC 15.11.2016
Critical Enabling Technologies
Oversharing
(nad privacy options)
”Interesting”
3rd party analytics
Information wants to the
FREE!!
Humans!
Marketing...
Keeping information
forever...somewhere...
Do you trust these people?
NSA, CIA, FBI, GCHQ,
MI5, KGB, 007 etc...
Poor software/pri
Your privacy policy is
bad
Device security
Highly simplified points
of privacy pain.
16
System complexity driving innovation
DataCollection
CellID->Location
DataStorage
OperatorPrivacy
Preprocessing
Extraction Hashing
FileStorage
RawData
Processing &Enrichment
External Data
ExternalCross-
referencing
Atomic Data
Aggregation/Report
Generation
CustomerReception
ReportStorage
<<data subject>>Customer
Ian Oliver
DIMECC 15.11.2016
Critical Enabling Technologies
17
Nokia – New Business Drivers:• From Privacy Law to Privacy Engineering• Systems (of Systems) based approaches• Communication & Ontologies• Telco, IoT, V2V, Core Network, Wellness, Critical Systems• Big Data to "Slow" Data• Culture: From Compliance to Risk Management to Trust• Machine Learning & Information Reconstruction• Trusted Geolocation and Data Sovereignty• Metrics & Mathematics – A General Theory of Privacy• Humans
Ian Oliver
DIMECC 15.11.2016
Critical Enabling Technologies
18
Results:• faster & safer ”legal” product development• increased cross-discipline interaction => shorter devel time• improved data utilisation => better results, simpler compliance
Tooling for:• system modelling• anonymisation, encryption – done correctly!• [meaningful] privacy metrics• privacy + machine learning• simpler compliance: ISO 291xx, FIPS, GDPR etc.• future tooling: blockchains, homomorphic encryption
Ian Oliver
DIMECC 15.11.2016
Critical Enabling Technologies
19
One more important result:
Ian Oliver
DIMECC 15.11.2016
Critical Enabling Technologies
20
One more important result:
Customer Trust
Ian Oliver
DIMECC 15.11.2016
Critical Enabling Technologies
21
References:
• Ian Oliver (2016) Using Safety-Critical Concepts in Privacy Engineering. CrIM’16, Oulu
• Yoan Miche, Ian Oliver, Aapo Kalliola, Silke Holtmanns, Anton Akusok, Amaury Lendasse (2016) Data Anonymization as a Vector Quantization Problem: Control over Privacy for Health Data. Privacy and Machine Learning, ARES 2016.
• Ian Oliver (2016) Experiences in the Development and Usage of a Privacy Requirements Framework, Requirements Engineering 16, Beijing, Sept 2016
• Ian Oliver, Yoan Miche (2016) On the Development of A Metric for Quality of Information Content over Anonymised Data-Sets, Quatic 16, Portugal, Sept 2016
• Ian Oliver (2015) Privacy as a Safety Critical Concept. Keynote: 1st IEEE Workshop on Privacy Engineering. San Jose, USA
• Ian Oliver (2014) Privacy Engineering: A Dataflow and Ontological Approach, ISBN: 978-1497569713
More material via SlideShare (ioliver76)
Ian Oliver
DIMECC 15.11.2016
Critical Enabling Technologies
Contact
[email protected]@nokia-bell-labs.com@i_j_oliver
Silke Holtmanns
DIMECC 14.11.2016
CyberTrust WP4
22