The Fundamentals of Privacy Engineering

1 © Nokia 2016

The Fundamentals of

Privacy Engineering

Public

Dr. Ian Oliver

Bell Labs, Finland

21 April 2016

A Lecture Given at the University of Iowa

2 © Nokia 2016

PRIVACY as a legal construct

Public

•“The Right to Privacy” (Warren and Brandeis, 1890)•EU Data Protection Laws•Human Rights•...

3 © Nokia 2016

PRIVACY as a philisophical construct

Public

•ethics•morals•definition•...

4 © Nokia 2016

PRIVACY as an economic construct

Public

•cost•brand value•$£€

5 © Nokia 2016

PRIVACY as a ...

Public

Privacy by Design

6 © Nokia 2016

PRIVACY as a game theoretic construct

Public

7 © Nokia 2016

Public

Legal Engineering*large* semantic gap

PRIVACY as Systems Engineering

8 © Nokia 2016

Public

From here to here...

9 © Nokia 2016

Public

COMPLIANCE!

10 © Nokia 2016

Public

Privacy compliance

Information assymetry

Compliance

is fragile

11 © Nokia 2016

Compliance

is fragile

Public

char collectDataFlag = 'Y'; // Future proofed boolean// Y for yes, N for no

void collectDataFunction(){//collect IMEI, IMSI, MSISDN, TimeStamp and location//and send to the hardcoded IP address...

}

void checkDataCollection(){switch(collectDataFlag){

case 'N' :// don't do anything

case 'Y' :// ok to collect everythingcollectDataFunction();

}}

12 © Nokia 2016

Public

Engineers

Lawyers

Privacy Engineering Process

How do we address the privacyengineering problem?

Engineers need to speak to privacy lawyers...and vice versa...

The hard bit however is formalising all of this....

13 © Nokia 2016

Public

Engineers

Lawyers

Privacy Engineering Process


14 © Nokia 2016

Public


• Process

15 © Nokia 2016

Public


• Process• Method (Technique, Skills)

• Requirements

• Ontology• Modelling• Metrics• Culture

Richard Hamming

1915-1998

The applications of knowledge, especially mathematics,

reveal the unity of all knowledge. In a new situation almost

anything and everything you ever learned might be

applicable, and the artificial divisions seem to vanish.

16 © Nokia 2016

Public

• Requirements• Ontology & Semantics• Modelling• Metrics• Culture

17 © Nokia 2016

Public

• Requirements

• Ontology & Semantics

• Modelling• Metrics• Culture

How to derive the requirements framework?

18 © Nokia 2016

Public


Everything you thought information was is wrong...

19 © Nokia 2016

Public


What is an IP address?

20 © Nokia 2016

Public


What’s the semantics of an IP address?

21 © Nokia 2016

Public


What’s the semantics of an IP address?

Which interpretation(s) do you want?....and when?....and why?

22 © Nokia 2016

Public


Is this a location?38°N 97°W

23 © Nokia 2016

Public


38°N 97°W

Toto, I've a feeling we're not in Kansas any more.

24 © Nokia 2016

Public


http://fusion.net/story/287592/internet-mapping-glitch-kansas-farm/

Is this a location?38°N 97°W == NULL

25 © Nokia 2016

Public


E-mail address as a login ID....

26 © Nokia 2016

Public


E-mail address as a login ID....

...the proof is left as an exercise to the reader.

27 © Nokia 2016

Public


28 © Nokia 2016

Public

• Requirements



29 © Nokia 2016

Public

• Requirements



30 © Nokia 2016

Public

• Requirements



31 © Nokia 2016

Public

• Requirements



Data

Type, Usage, Purpose, Provenance, Identity

Requirements

Risks

classified by

mapped to

mapped to

Risk Metric

calculates

RequirementAspects

32 © Nokia 2016

Public

• Requirements



Data


Requirements

Risks

classified by

mapped to

mapped to

Risk Metric

calculates

RequirementAspectsFeedback

33 © Nokia 2016

Public

• Requirements



34 © Nokia 2016

Public

• Requirements



Probably not PII / Probably PII

35 © Nokia 2016

Public


An app that takes a photo and shares it *and* stores it in the cloud....

...you probably have at least one of these on your mobile device...

36 © Nokia 2016

Public


37 © Nokia 2016

Public

• Requirements



38 © Nokia 2016

Public

• Requirements



39 © Nokia 2016

Public

• Requirements



40 © Nokia 2016

Public

• Requirements



41 © Nokia 2016

Public

• Requirements



45 © Nokia 2016

Public

• Requirements



There are no [good/usable] metrics for privacy

There are some frameworkseg: NIST

46 © Nokia 2016

Public

• Requirements

• Ontology & Semantics• Modelling• Metrics• Culture

Increasing amount of risk

Take the maximal value of risk for any givencombination of fields

This has all theproperties of a metric

Ian Oliver, Silke Holtmanns (2015). Aligning the Conflicting Needs of Privacy, Malware Detection and Nework Protection. TrustCom’15

48 © Nokia 2016

Public

• Requirements



Overconstrainted systemsRefinement

Retrenchment

Architecting/Engineering

Data


Requirements

Risks

Risk Metric

54 © Nokia 2016

Public

http://www.healthbeatblog.com/2011/05/doctors-heroes-or-members-of-a-pit-crew/

Atul Gawande, 2011

• Requirements



55 © Nokia 2016

Public

”We in privacy, however, have been slow to grasp ... how the volume of information

has changed our work and responsibilities...” he added,”The rapid growth in

information collection is not just a difference in degree but a difference in kind ... the

reality is that privacy’s complexity has exceed our individual capabilities as privacy

advocates.”

• Requirements



56 © Nokia 2016

Public

There can be no [privacy] heroes

James ReasonThe Human Contribution

(with modification by author)

• Requirements



58 © Nokia 2016

Public

The fundamental theorem of

privacy

• Requirements


• Modelling• Metrics• Culture• Bonus

𝑡0

𝑡1

𝐷1 ×⋯ × 𝐷𝑛 < 𝜀𝑈

D1...Dn is a set of linkable data sets, t0 and t1 define an extract over those sets, e is an entropy threshold for a given ”universe” U

actually it is a LOT more complex than this, but there’s fame and glory for the person who writes down the correct equation

59 © Nokia 2016

Public

Summary

• Shared Ontology

• Modelling• Requirements• Analysis• (Libraries and Patterns)

• Metrics and Risk

• Culture

• The Fundamental Equation of Privacy

not discussed in this presentation

The Fundamentals of Privacy Engineering

Technology

Transcript of The Fundamentals of Privacy Engineering