O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

Privacy engineering tietosuojavataava2_lakikoulutus_oliver_14feb2014_public

200 visualizações

Publicada em

Privacy Engineering Tutorial Slides from Alma Media's Tietosuojavaatava 2.0 training for Lakikoulutus

Publicada em: Direito
  • Seja o primeiro a comentar

  • Seja a primeira pessoa a gostar disto

Privacy engineering tietosuojavataava2_lakikoulutus_oliver_14feb2014_public

  1. 1. 1 © Nokia 2016 Privacy Engineering: A very quick and incomplete introduction Public Dr. Ian Oliver Bell Labs, Finland 14 February 2017 A Lecture Given at Tietosuojavataava 2.0, Helsinki, Finland
  2. 2. 2 © Nokia 2016 PRIVACY as a legal construct Public • “The Right to Privacy” (Warren and Brandeis, 1890) • EU Data Protection Laws • Human Rights • ...
  3. 3. 3 © Nokia 2016 PRIVACY as a philisophical construct Public • ethics • morals • definition • ...
  4. 4. 4 © Nokia 2016 PRIVACY as an economic construct Public • cost • brand value • $£€
  5. 5. 5 © Nokia 2016 PRIVACY as a ... Public Privacy by Design
  6. 6. 6 © Nokia 2016 PRIVACY as a game theoretic construct Public
  7. 7. 7 © Nokia 2016 Public From here to here...
  8. 8. 8 © Nokia 2016 Public COMPLIANCE!
  9. 9. 9 © Nokia 2016 Public Privacy compliance Privacy compliance Information assymetry Information assymetry Compliance is fragile
  10. 10. 10 © Nokia 2016 Compliance is fragile Public char collectDataFlag = 'Y'; // Future proofed boolean // Y for yes, N for no void collectDataFunction(){ //collect IMEI, IMSI, MSISDN, TimeStamp and location //and send to the hardcoded IP address ... } void checkDataCollection(){ switch(collectDataFlag){ case 'N' : // don't do anything case 'Y' : // ok to collect everything collectDataFunction(); } }
  11. 11. 11 © Nokia 2016 Public How do we address the privacy in an engineering context?
  12. 12. 12 © Nokia 2016 Public How do we address the privacy engineering problem? • Process
  13. 13. 13 © Nokia 2016 Public How do we address the privacy engineering problem? • Process
  14. 14. 14 © Nokia 2016 Public How do we address the privacy engineering problem? • Process • Method (Technique, Skills) • Requirements • Ontology • Modelling • Metrics • Culture Richard Hamming 1915-1998 The applications of knowledge, especially mathematics, reveal the unity of all knowledge. In a new situation almost anything and everything you ever learned might be applicable, and the artificial divisions seem to vanish.
  15. 15. 15 © Nokia 2016 Public • Requirements • Ontology & Semantics • Modelling • Metrics • Culture
  16. 16. 16 © Nokia 2016 Public • Requirements • Ontology & Semantics • Modelling • Metrics • Culture Stop using the term “Personal Data”
  17. 17. 17 © Nokia 2016 Public • Requirements • Ontology & Semantics • Modelling • Metrics • Culture What is an IP address?
  18. 18. 18 © Nokia 2016 Public • Requirements • Ontology & Semantics • Modelling • Metrics • Culture What’s the semantics of an IP address?
  19. 19. 19 © Nokia 2016 Public • Requirements • Ontology & Semantics • Modelling • Metrics • Culture What’s the semantics of an IP address? Which interpretation(s) do you want? ....and when?....and why?
  20. 20. 20 © Nokia 2016 Public • Requirements • Ontology & Semantics • Modelling • Metrics • Culture Is this a location? 38°N 97°W
  21. 21. 21 © Nokia 2016 Public • Requirements • Ontology & Semantics • Modelling • Metrics • Culture 38°N 97°W Toto, I've a feeling we're not in Kansas any more.
  22. 22. 22 © Nokia 2016 Public • Requirements • Ontology & Semantics • Modelling • Metrics • Culture http://fusion.net/story/287592/internet-mapping-glitch-kansas-farm/ Is this a location? 38°N 97°W == NULL
  23. 23. 23 © Nokia 2016 Public • Requirements • Ontology & Semantics • Modelling • Metrics • Culture E-mail address as a login ID....
  24. 24. 24 © Nokia 2016 Public • Requirements • Ontology & Semantics • Modelling • Metrics • Culture E-mail address as a login ID.... ...left as an exercise to the reader.
  25. 25. 25 © Nokia 2016 Public • Requirements • Ontology & Semantics • Modelling • Metrics • Culture
  26. 26. 26 © Nokia 2016 Public • Requirements • Ontology & Semantics • Modelling • Metrics • Culture
  27. 27. 27 © Nokia 2016 Public • Requirements • Ontology & Semantics • Modelling • Metrics • Culture
  28. 28. 28 © Nokia 2016 Public • Requirements • Ontology & Semantics • Modelling • Metrics • Culture
  29. 29. 29 © Nokia 2016 Public • Requirements • Ontology & Semantics • Modelling • Metrics • Culture
  30. 30. 30 © Nokia 2016 Public • Requirements • Ontology & Semantics • Modelling • Metrics • Culture Probably not personal data / Probably personal data Warning: Highly Simplified!
  31. 31. 31 © Nokia 2016 Public • Requirements • Ontology & Semantics • Modelling • Metrics • Culture Worked example: An app that takes a photo and shares it *and* stores it in the cloud.... ...you probably have at least one of these on your mobile device...
  32. 32. 32 © Nokia 2016 Public • Requirements • Ontology & Semantics • Modelling • Metrics • Culture
  33. 33. 33 © Nokia 2016 Public • Requirements • Ontology & Semantics • Modelling • Metrics • Culture
  34. 34. 34 © Nokia 2016 Public • Requirements • Ontology & Semantics • Modelling • Metrics • Culture
  35. 35. 35 © Nokia 2016 Public • Requirements • Ontology & Semantics • Modelling • Metrics • Culture
  36. 36. 36 © Nokia 2016 Public • Requirements • Ontology & Semantics • Modelling • Metrics • Culture
  37. 37. 37 © Nokia 2016 Public • Requirements • Ontology & Semantics • Modelling • Metrics • Culture
  38. 38. 38 © Nokia 2016 Public • Requirements • Ontology & Semantics • Modelling • Metrics • Culture
  39. 39. 39 © Nokia 2016 Public • Requirements • Ontology & Semantics • Modelling • Metrics • Culture Metrics for privacy are “mathematically” hard
  40. 40. 40 © Nokia 2016 Public • Requirements • Ontology & Semantics • Modelling • Metrics • Culture Simple rule of thumb: Take the maximal value of risk for any given combination of fields This has all the properties of a metric This has all the properties of a metric
  41. 41. 41 © Nokia 2016 Public • Requirements • Ontology & Semantics • Modelling • Metrics • Culture Overconstrained Systems
  42. 42. 42 © Nokia 2016 Public • Requirements • Ontology & Semantics • Modelling • Metrics • Culture Overconstrained Systems Risk Management through FMEA analysis
  43. 43. 43 © Nokia 2016 Public • Requirements • Ontology & Semantics • Modelling • Metrics - Anonymisation • Culture Amount of anonymisation Amountofinformation
  44. 44. 44 © Nokia 2016 Public • Requirements • Ontology & Semantics • Modelling • Metrics - Anonymisation • Culture Amount of anonymisation Amountofinformation sufficiently and correctly applied
  45. 45. 45 © Nokia 2016 Public • Requirements • Ontology & Semantics • Modelling • Metrics - Anonymisation • Culture Amount of anonymisation Amountofinformation NOT sufficiently anonymised Sufficiently anonymised
  46. 46. 46 © Nokia 2016 Public • Requirements • Ontology & Semantics • Modelling • Metrics - Anonymisation • Culture Amount of anonymisation Amountofinformation Useful NOT useful
  47. 47. 47 © Nokia 2016 Public • Requirements • Ontology & Semantics • Modelling • Metrics - Anonymisation • Culture Amount of anonymisation Amountofinformation With luck your useful data will be sufficiently anonymised
  48. 48. 48 © Nokia 2016 Public • Requirements • Ontology & Semantics • Modelling • Metrics - Anonymisation • Culture ● Suppression ● Hashing ● Encryption ● “Noise” ● Aside: Maintaining Links for enabling revocation of consent to use ● Equivalence Classes ● K-Anon, l-Div, t-Close, etc... ● Differential Privacy ● ...
  49. 49. 49 © Nokia 2016 Public • Requirements • Ontology & Semantics • Modelling • Metrics - Anonymisation • Culture ID x LOCATION x TIME ID x LOCATION ID x TIME LOCATION x TIMEID x LOCATION ID LOCATION TIME Rules of Thumb: Practically all data sets can be reduced down to structures involving identites, locations and timestamps. Identifing the structures (which will likely be overlapping) is hard Each individual structure has its own “privacy properties” and links to others (principal component analysis)
  50. 50. 50 © Nokia 2016 Public • Requirements • Ontology & Semantics • Modelling • Metrics - Anonymisation • Culture Exercise 1: ● Describe how to “sufficiently” anonymise the following data points, ● Which can be recovered after anonymisation? ● Which can be combined (even after anonymisation) ● Which can be used as identifiers – either wholly, partially or composite? ● Which can be used as locations, and which infer locations? ● When do these need to be anonymised ● Define “sufficiently” for each individually and then in combinations ● When do you apply supress, hash, encrypt, k-anon, diff Priv etc? Your name Your country of birth Your date of birth Your home router/computer’s MAC address Your home router/computer’s IP address Your mobile phone number Your IMEI (mobile device identifier) Your shopping list Your web browsing history Your web browser identification string Number of children Your medical records (complete) Finland’s cizitens’ medical records Your heart rate, blood pressure etc Your exercise route Your car’s movements (traffic management) Your last speeding/parking ticket Your web server logs Your mobile phone bill Your email address Your password Your credit card number Your credit card usage Your login-ID Your holiday travel plans The information you send via the US ESTA Programme The attendance to this lecture The attendance to this lecture plus each attendee’s route here Your usage of public transport Your social media postings (FB, Twitter etc) Your shared media (photos)
  51. 51. 51 © Nokia 2016 Public • Requirements • Ontology & Semantics • Modelling • Metrics - Anonymisation • Culture Exercise 2 What are the properties of a data set (and its subsets) that make that data “personal data”? Discuss.
  52. 52. 52 © Nokia 2016 Public • Requirements • Ontology & Semantics • Modelling • Metrics • Culture
  53. 53. 53 © Nokia 2016 Public • Requirements • Ontology & Semantics • Modelling • Metrics • Culture
  54. 54. 54 © Nokia 2016 Public • Requirements • Ontology & Semantics • Modelling • Metrics • Culture
  55. 55. 55 © Nokia 2016 Public • Requirements • Ontology & Semantics • Modelling • Metrics • Culture Standard “safety-critical” system tooling & techniques FMEA, RCA, etc
  56. 56. 56 © Nokia 2016 Public Summary • Terminology and Ontology • Modelling • Requirements • Analysis • Metrics and Anonymisation • Culture
  57. 57. 57 © Nokia 2016 Public Additional Material https://www.bell-labs.com/usr/ian.oliver Ian Oliver (2016). Experiences in the Development and Usage of a Privacy Requirements Framework. Requirements Engineering 2016, Beijing, China Ian Oliver, Yoan Miche (2016). On the Development of A Metric for Quality of Information Content over Anonymised Data-Sets. Quatic 2016, Lisbon, Portugal Ian Oliver (2016). Using Safety-Critical Concepts in Privacy Engineering. Sixteenth International Crisis Management Workshop (CriM'16) and Oulu Winter School Silke Holtmanns, Siddharth Prakash Rao, Ian Oliver (2016) User location tracking attacks for LTE networks using the interworking functionality. Networking 2016: 315-322 Ian Oliver, Silke Holtmanns (2015) Aligning the Conflicting Needs of Privacy, Malware Detection and Network Protection. TrustCom/BigDataSE/ISPA (1) 2015: 547-554 Ian Oliver (2014). Privacy Engineering: A Data Flow and Ontoligical Approach. ISBN-13: 978-1497569713 (Paperback) via Amazon

×