Privacy EngineeringforToday

Dr Ian OliverNokia Bell LabsCooperation in CyberTrust WP4

1

Ian Oliver

DIMECC 15.11.2016

Critical Enabling Technologies

2

Privacy is Dead

Ian Oliver

DIMECC 15.11.2016

Critical Enabling Technologies

3

Privacy is Deadconsidered

harmful

Ian Oliver

DIMECC 15.11.2016

Critical Enabling Technologies

4

Privacy is DeadLong Live Privacy!

Ian Oliver

DIMECC 15.11.2016

Critical Enabling Technologies

5

GDPR

Ian Oliver

DIMECC 15.11.2016

Critical Enabling Technologies

6

GDPRPrivacy Shield, HIPAA,COPPA,

ePrivacy Directive, EU Telco Law, SOX...

Ian Oliver

DIMECC 15.11.2016

Critical Enabling Technologies

7

GDPR

Compliance Risk Management

Ian Oliver

DIMECC 15.11.2016

Critical Enabling Technologies

8

GDPR

Compliance Risk Management

More good news: Not a regulated industry

Ian Oliver

DIMECC 15.11.2016

Critical Enabling Technologies

9

GDPR

Compliance Risk Management

More good news: Not a regulated industry ...... yet

Ian Oliver

DIMECC 15.11.2016

Critical Enabling Technologies

10

GDPR

Compliance Risk Management

Bad news: We are not ready as an industry ... still

too focussed on legality, not cross-disciplines

Ian Oliver

DIMECC 15.11.2016

Critical Enabling Technologies

11

Question:

how many of you DO NOT have a camera on your phone?

Ian Oliver

DIMECC 15.11.2016

Critical Enabling Technologies

12

Ian Oliver

DIMECC 15.11.2016

Critical Enabling Technologies

13

Ian Oliver

DIMECC 15.11.2016

Critical Enabling Technologies

ID, LOC, PIC

14

Ian Oliver

DIMECC 15.11.2016

Critical Enabling Technologies

anon(ID, LOC, PIC)

Browser data

Layer 5,6,7

Layer 1,2,3,4

SS7/Diameter/LTE...

15

Ian Oliver

DIMECC 15.11.2016

Critical Enabling Technologies

Oversharing

(nad privacy options)

”Interesting”

3rd party analytics

Information wants to the

FREE!!

Humans!

Marketing...

Keeping information

forever...somewhere...

Do you trust these people?

NSA, CIA, FBI, GCHQ,

MI5, KGB, 007 etc...

Poor software/pri

Your privacy policy is

bad

Device security

Highly simplified points

of privacy pain.

16

System complexity driving innovation

DataCollection

CellID->Location

DataStorage

OperatorPrivacy

Preprocessing

Extraction Hashing

FileStorage

RawData

Processing &Enrichment

External Data

ExternalCross-

referencing

Atomic Data

Aggregation/Report

Generation

CustomerReception

ReportStorage

<<data subject>>Customer

Ian Oliver

DIMECC 15.11.2016

Critical Enabling Technologies

17

Nokia – New Business Drivers:• From Privacy Law to Privacy Engineering• Systems (of Systems) based approaches• Communication & Ontologies• Telco, IoT, V2V, Core Network, Wellness, Critical Systems• Big Data to "Slow" Data• Culture: From Compliance to Risk Management to Trust• Machine Learning & Information Reconstruction• Trusted Geolocation and Data Sovereignty• Metrics & Mathematics – A General Theory of Privacy• Humans

Ian Oliver

DIMECC 15.11.2016

Critical Enabling Technologies

18

Results:• faster & safer ”legal” product development• increased cross-discipline interaction => shorter devel time• improved data utilisation => better results, simpler compliance

Tooling for:• system modelling• anonymisation, encryption – done correctly!• [meaningful] privacy metrics• privacy + machine learning• simpler compliance: ISO 291xx, FIPS, GDPR etc.• future tooling: blockchains, homomorphic encryption

Ian Oliver

DIMECC 15.11.2016

Critical Enabling Technologies

19

One more important result:

Ian Oliver

DIMECC 15.11.2016

Critical Enabling Technologies

20

One more important result:

Customer Trust

Ian Oliver

DIMECC 15.11.2016

Critical Enabling Technologies

21

References:

• Ian Oliver (2016) Using Safety-Critical Concepts in Privacy Engineering. CrIM’16, Oulu

• Yoan Miche, Ian Oliver, Aapo Kalliola, Silke Holtmanns, Anton Akusok, Amaury Lendasse (2016) Data Anonymization as a Vector Quantization Problem: Control over Privacy for Health Data. Privacy and Machine Learning, ARES 2016.

• Ian Oliver (2016) Experiences in the Development and Usage of a Privacy Requirements Framework, Requirements Engineering 16, Beijing, Sept 2016

• Ian Oliver, Yoan Miche (2016) On the Development of A Metric for Quality of Information Content over Anonymised Data-Sets, Quatic 16, Portugal, Sept 2016

• Ian Oliver (2015) Privacy as a Safety Critical Concept. Keynote: 1st IEEE Workshop on Privacy Engineering. San Jose, USA

• Ian Oliver (2014) Privacy Engineering: A Dataflow and Ontological Approach, ISBN: 978-1497569713

More material via SlideShare (ioliver76)

Ian Oliver

DIMECC 15.11.2016

Critical Enabling Technologies

Contact

ian.oliver@nokia-bell-labs.comian.oliver@nokia-bell-labs.com@i_j_oliver

Silke Holtmanns

DIMECC 14.11.2016

CyberTrust WP4

22