Privacy by Design: Research and Action. Deirdre K. Mulligan

Similar documents
Privacy by Design. Deirdre K. Mulligan

APEC Internet and Digital Economy Roadmap

Executive Summary Industry s Responsibility in Promoting Responsible Development and Use:

ITAC RESPONSE: Modernizing Consent and Privacy in PIPEDA

RECOMMENDATIONS. COMMISSION RECOMMENDATION (EU) 2018/790 of 25 April 2018 on access to and preservation of scientific information

Privacy engineering, privacy by design, and privacy governance

Our position. ICDPPC declaration on ethics and data protection in artificial intelligence

COMPETITIVE ADVANTAGES AND MANAGEMENT CHALLENGES. by C.B. Tatum, Professor of Civil Engineering Stanford University, Stanford, CA , USA

PIA Expectations of the OPC

EXPLORATION DEVELOPMENT OPERATION CLOSURE

Initial draft of the technology framework. Contents. Informal document by the Chair

Ethics Guideline for the Intelligent Information Society

TechAmerica Europe comments for DAPIX on Pseudonymous Data and Profiling as per 19/12/2013 paper on Specific Issues of Chapters I-IV

A Roadmap for Connected & Autonomous Vehicles. David Skipp Ford Motor Company

Protection of Privacy Policy

Internet 2020: The Next Billion Users

Enabling ICT for. development

The ALA and ARL Position on Access and Digital Preservation: A Response to the Section 108 Study Group

March 27, The Information Technology Industry Council (ITI) appreciates this opportunity

BUREAU OF LAND MANAGEMENT INFORMATION QUALITY GUIDELINES

Global Harmonization Task Force

DRAFT TEXT on. Version 2 of 9 September 13:00 hrs

NCRIS Capability 5.7: Population Health and Clinical Data Linkage

Pan-Canadian Trust Framework Overview

UNITED STATES DEPARTMENT OF COMMERCE NATIONAL TELECOMMUNICATIONS AND INFORMATION ADMINISTRATION. COMMENTS OF Deirdre K. Mulligan.

Privacy by Design Assessment and Certification. For discussion purposes only

European Charter for Access to Research Infrastructures - DRAFT

Trusted Data Intermediaries

Privacy by design: the definitive workshop. A foreword by Ann Cavoukian, Ph.D

Ten Principles for a Revised US Privacy Framework

Interagency Working Group on Import Safety. Executive Order July 18, 2007

Information & Communication Technology Strategy

Privacy Policy Framework

About the Office of the Australian Information Commissioner

Q1 Under the subject "Future of Work and the New Economy", which topics do you find important?

Biometric Data, Deidentification. E. Kindt Cost1206 Training school 2017

Whatever Happened to the. Fair Information Practices?

Toward Objective Global Privacy Standards. Ari Schwartz Senior Internet Policy Advisor

Privacy Values and Privacy by Design Annie I. Antón

From the Experts: Ten Tips to Save Costs in Patent Litigation

EUROPEAN COMMISSION Directorate-General for Communications Networks, Content and Technology CONCEPT NOTE

Project Libra. Optimizing Individual and Public Interests in Information Technology

Dr George Gillespie. CEO HORIBA MIRA Ltd. Sponsors

The Role of the Intellectual Property Office

Operational Objectives Outcomes Indicators

CONSENT IN THE TIME OF BIG DATA. Richard Austin February 1, 2017

2017 Report from St. Vincent & the Grenadines. Cultural Diversity 2005 Convention

Responsible Data Use Policy Framework

Privacy by Design-Engineering Privacy Workshop 3 Report. Executive Summary

Encouraging Economic Growth in the Digital Age A POLICY CHECKLIST FOR THE GLOBAL DIGITAL ECONOMY

The 26 th APEC Economic Leaders Meeting

The World Economic Forum Center for the Fourth Industrial Revolution

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Privacy framework

21st International Conference of The Coastal Society IMPROVING FISHERIES MANAGEMENT THROUGH A GRANT COMPETITION

A Critical Analysis of Privacy Design Strategies Michael Colesky. Our Goals

Smart Grid Maturity Model: A Vision for the Future of Smart Grid

Standards and privacy engineering ISO, OASIS, PRIPARE and Other Important Developments

Applying Privacy by Design in Software Engineering - An European Perspective

TOOL #21. RESEARCH & INNOVATION

RESEARCH AND INNOVATION STRATEGY. ANZPAA National Institute of Forensic Science

Latin-American non-state actor dialogue on Article 6 of the Paris Agreement

EXIN Privacy and Data Protection Foundation. Preparation Guide. Edition

Industry 4.0: the new challenge for the Italian textile machinery industry

Strategy for a Digital Preservation Program. Library and Archives Canada

Engaging UK Climate Service Providers a series of workshops in November 2014

Comments of Shared Spectrum Company

Over the 10-year span of this strategy, priorities will be identified under each area of focus through successive annual planning cycles.

Media Literacy Policy

Progress in FDA s Drug Product Quality Initiative. Janet Woodcock, M.D. November 13, 2003

ICC POSITION ON LEGITIMATE INTERESTS

IV/10. Measures for implementing the Convention on Biological Diversity

Digital Identity Innovation Canada s Opportunity to Lead the World. Digital ID and Authentication Council of Canada Pre-Budget Submission

RADIO SPECTRUM POLICY GROUP. Commission activities related to radio spectrum policy


Privacy Policy SOP-031

The IEEE Global Initiative for Ethical Considerations in Artificial Intelligence and Autonomous Systems. Overview June, 2017

the pharmaceutical sector in achieving both its long-term growth objective and the expectation of society.

Regulatory Science and Innovation: FDA s Role in Transformation of the MCM Enterprise

CCTV Policy. Policy reviewed by Academy Transformation Trust on June This policy links to: Safeguarding Policy Data Protection Policy

Economic and Social Council

Robert Bond Partner, Commercial/IP/IT

Violent Intent Modeling System

Shaping the Protocols for the Technologies of the Fourth Industrial Revolution through Public-Private Cooperation

Accessing NASA Earth Science Data / Open Data Policy

The Internet of Things: an overview

FP9 s ambitious aims for societal impact call for a step change in interdisciplinarity and citizen engagement.

MINISTRY OF HEALTH STAGE PROBITY REPORT. 26 July 2016

ASSEMBLY - 35TH SESSION

GUIDELINES ON PRIVACY BY DESIGN AND PRIVACY IMPACT ASSESSMENT

DRAFT. February 21, Prepared for the Implementing Best Practices (IBP) in Reproductive Health Initiative by:

COMMISSION OF THE EUROPEAN COMMUNITIES COMMISSION RECOMMENDATION

Food Product Standards to Support Exports

Open Science. challenge and chance for medical librarians in Europe.

Presentation Outline

GENERAL PRINCIPLES OF INTERNET GOVERNANCE

Extract of Advance copy of the Report of the International Conference on Chemicals Management on the work of its second session

Big Data & AI Governance: The Laws and Ethics

ITU/ITSO Workshop on Satellite Communications, AFRALTI, Nairobi Kenya, 17-21, July, Policy and Regulatory Guidelines for Satellite Services

LETTER OF MOTIVATION INDEPENDENT EXPERT

Report OIE Animal Welfare Global Forum Supporting implementation of OIE Standards Paris, France, March 2018

Transcription:

Privacy by Design: Research and Action Deirdre K. Mulligan

Privacy by Design: Legal Drivers E- Government Act of 2002 and OMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002 Resolution on Privacy by Design, Data Protection and Privacy Commissioners, October, 2010 Consumer Data Privacy: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy, White House, February 2012 Protecting Consumer Privacy in an Era of Rapid Change: Recommendations For Businesses and Policymakers, Federal Trade Commission March 2012 2

Privacy by Design: Early Examples Platform for Privacy Preferences, World Wide Web Consortium 1995-2002 (machine readable notices) Tor, Syverson, Dingledine, Mathewson 2002 Geopriv Requirements, IETF, February 2004 3

Privacy by Design: Disconnect Definitional issues Regulators: privacy as control or self-determination Technical community: privacy as anonymity (Tor); privacy as control (P3P); privacy as obfuscation (Geopriv) Public: ambiguous concept (all the above + limited access, expectations, security etc.) Orientation (what does it mean to design for privacy) Checklist legal orientation (FIPS) (aspirational legal language and tools for lawyers) PETS orientation (tools but how to leverage to produce privacy?) Missing Bridges Concepts Languages Methods Markets 4

Efforts to Move Privacy into Practice Engineering: ENISA Privacy and Data Protection by Design-from Policy to Engineering (2015); NIST Privacy Engineering Objectives and Risk Model draft (2014); Microsoft Privacy Guidelines for Developing Software Products and Services (2007) Technical Standards: IETF Privacy Considerations for Internet Protocols (RFC 6973) 2013; W3C ongoing since mid-90s; Oasis Privacy Management Reference Model, Privacy by Design Documentation for Software Engineers Conceptual: Academic work: Solove, Nissenbaum, Mulligan; Draft NIST Interagency Report (NISTIR) 8062, Privacy Risk Management for Information Systems (May 2015). Compliance: Global Network Initiative Principles; Privacy by Design Certification Program: Assessment Control Framework, Deloitte & Ryerson University Education and Certification: CMU Master of Science in Information Technology Privacy Engineering; IAPP CIP Technologist and CIP Manager 5

Privacy through Design: CCC Project Clarification of Goals what is being called for; how do we measure it? development method involving the adoption of certain processes such as human or value-centered design, or PbD (Cavoukian)? adoption of tools such as privacy impact assessments? the use of privacy protective mechanisms such as TOR and other privacy enhancing technologies? the achievement of specific privacy objectives such as reduced collection of personal information? Not mutually exclusive, but some are, and surely clarity is required if we expect organizations to pursue and broader range of professionals to figure out the opportunities, roles, and responsibilities. 6

Privacy by Design: CCC Project Preview The goal of privacy by design is: to build systems that advance relevant concepts of privacy, by leveraging machines, policies, and processes for its protection and assurance. This requires an intentional decision to understand privacy in the context of the system and to discharge privacy obligations where they can be most effectively met. 7

Privacy by Design: CCC Project Privacy by design requires organizations to: Identify the privacy concepts, and risks, relevant to a system; Design the system to respect those concepts, and to mitigate threats to them; Assign responsibility for meeting privacy related objectives to system components; and, Evaluate the efficacy of different system configurations for meeting privacy objectives. 8

Privacy by Design: CCC Project Privacy by design requires regulatory approaches that support internal and external environments that motivate and support it. Addressing the privacy by design challenge requires attention to how economics, organizational arrangement, legal, and regulatory environment can support and hinder its adoption. 9

Privacy through Design: CCC Project Workshop Series proposed in 2014 by diverse team of academic researchers: Deirdre Mulligan (Chair), UC Berkeley Annie Anton, Georgia Tech Ken Bamberger, UC Berkeley Travis Breaux, Carnegie Mellon Nathan Good, Good Research Peter Swire, Georgia Tech Ira Rubinstein, New York University Helen Nissenbaum, New York University Additional Members of Organizing Committee: Fred Schneider, Cornell University Susan Landau, WPI Susan Graham, UC Berkeley / CCC 10

Privacy through Design: CCC Project State of Research and Practice February, 2015 UC, Berkeley Privacy Enabling Design May, 2015 Georgia Tech Engineering Privacy August, 2015 Carnegie Mellon University Regulation as Catalyst January, 2016 Georgetown University http://cra.org/ccc/visioning/visioning-activities/privacy-by-design 11

State of Research and Practice 49 Participants: 23 academia; 11 industry; 6 civil society; 9 government (US St/fed) Key Insights Privacy is an essentially contested concept There are many sources of privacy law, which reflects different conceptualizations of privacy Research in CS has produced a large variety of solutions for privacy, which operate at different levels of use and reflect different concepts of privacy Standards setting bodies have begun engaging more with privacy Engaging academics and practitioners from multiple disciplines and sectors is essential to develop a privacy research strategy that addresses the complexity of privacy in practice 12

Privacy-enabling design 49 Participants: 27 academic;18 industry (several design firms); 4 government (18F) Key Insights Designers lack adequate heuristics for designing applications Users want control of their privacy for different relationships Designs likely to engender trust should be preferred Encroaching Externalities limit the freedom to support privacy in system designs Users trust themselves most to protect their own privacy Even non-traditional interfaces should support privacy because they could become widespread There is a lack of economic incentive for designing with privacy 13

Privacy as Engineering Practice 65 Participants: 36 academia 14 industry 8 government 7 nonprofit Key Insights privacy must be addressed at design time Formal specifications of systems must balance abstraction and realism, improve transparency and ensure humans are involved in privacy-critical decisions. Definitions of privacy and how they support users and designers must be clear at the outset. Privacy is distinct from security and requires additional engineering approaches. Quantifying privacy and privacy risk can inform the allocation of limited design resources. Privacy design patterns offer promise for sharing design knowledge and have emerged from both academia and industry. Market incentives have made it difficult to achieve practical privacy standards. De-identification techniques should be tailored to the privacy risk and legal context. Engineers should increase transparency, empower users, and recognize the liability of collecting personal data. 14

Regulation as Catalyst 71 Participants: 38 academia 14 industry 10 government 9nonprofit Key Insights Multiple factors confound privacy investments in the market place. Regulatory choices influences whether privacy is viewed as part of design. Lack of information and information asymmetries can undermine privacy investments. Environmental field may offer some useful tools and regulatory approaches. Professionals can play an important role. 15

Example: from concept to design Airport Screening Technology Privacy objectives? Privacy concerns? What harms? What concepts? What design solutions make sense? people, process, technical

Working With Privacy Airport Screening Technology Privacy Objectives DHS Privacy office PIAs should determine the risks and effects of collecting, maintaining, and disseminating information about individuals; and evaluate protections and alternative processes that mitigate privacy risks. and Privacy protections should aim to minimize intrusiveness into the lives of individuals; maximize fairness in institutional decisions made about individuals; and, provide individuals with legitimate, enforceable expectations of confidentiality.

Working With Privacy Airport Screening Technology What concepts? Objects of protection: information about individuals the lives of individuals enforceable expectations of confidentiality Targets of protection: any information that permits the identity of an individual to be directly or indirectly inferred, including any information that is linked or linkable to that individual Subject of protection: individual

Working With Privacy Airport Screening Technology: Objectives in Practice (images) do not present sufficient details that the image could be used for personal identification. (target, action) TSO who views the image will be located remotely from the individual being screened... (from whom + action) If there is an anomaly (the TSO at the checkpoint) will (see) highlight (of) the anomaly location on a generic figure... (target, action) capability of collecting and storing an image those functions are disabled and (cannot be reactivated). (action)

Working With Privacy Airport Screening Technology: Objectives in Practice Images on the screen only for as long as it takes to resolve any anomalies (action, time) TSOs will be prohibited from bringing any device into the viewing area that has any photographic capability, including cell phone cameras. (from-whom, action) the millimeter wave image rotates and both technologies place a blur over the face as the front appears in view. (harm, target)

Working With Privacy Airport Screening Technology All these privacy protections built in yet, concerns remain. Partial conceptual mismatch? What were people concerned about?

Working With Privacy Airport Screening Technology Were people concerned about this?

Airport Screening Technology Or was this the concern? Privacy from the ogling man in the booth, not government data analysts. Different concepts of privacy: Access to the physical self Exposure of naked body Dignity interests Cagle Cartoons)

Working With Privacy Airport Screening Technology New concept: New solution space

Airport Screening Technology.but, new problems emerge I am being held by the TSA in Orlando because of an "anomaly ---Shadi Petofsky I d e

Future Complex work Professional expertise is required across fields Conceptual work required Design methods important to unearthing privacy Control (FIPS) insufficient, at times counterproductive Bridges required Translating between concepts, language, system requirements Objectives and Properties People required to fill niche Education and training Research Essential to all NITRD, National Privacy Research Strategy (NPRS) Ongoing CCC, Towards a Privacy Research Roadmap for the Computing Community May 2015 CCC Report on Privacy by Design Visioning Series Fall 2016 26

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback