16:30:00 - 17:30:00,
Wednesday 23 November, 2011
The design and implementation of privacy requirements in systems is a difficult problem and requires the translation of complex social, legal and ethical concerns into systems requirements. The concept of “privacy by design” has been proposed to serve as a guideline on how to address these concerns.
“Privacy by design” consists of a number of principles that can be applied from the onset of systems development to mitigate privacy concerns and achieve data protection compliance. However, these principles remain vague and leave many open questions about their application when engineering systems. In this talk we argue that starting from data minimization is a necessary and foundational first step to engineer systems in line with the principles of privacy by design.
We first discuss what data minimization can mean from a security engineering perspective. We then present a summary of two case studies in which privacy is achieved by minimizing different types of data, according to the purpose of each application. First, we present a privacy- preserving ePetition system, in which user’s privacy is guaranteed by hiding their identity from the provider while revealing their votes. Secondly, we study a road tolling system, in which users have to be identified for billing reasons and data minimization is applied to protect further sensitive information (in this case location information). The case studies make evident that the application of data minimization does not necessarily imply anonymity, but may also be achieved by means of concealing information related to identifiable individuals. In fact, different kinds of data minimization are possible, and each system requires careful crafting of data minimization best suited for its purpose.
Most importantly, the two case studies underline that the interpretation of privacy by design principles requires specific engineering expertise, contextual analysis, and a balancing of multilateral security and privacy interests. They show that privacy by design is a productive space in which there is no one way of solving the problems. Based on our analysis of the two case studies, we argue that engineering systems according to the privacy by design principles requires the development of generalizable methodologies that build upon the principle of data minimization. However, the complexity of this engineering task demands caution against reducing such methodologies to “privacy by design check lists” that can easily be ticked away for compliance reasons while not mitigating some of the risks that privacy by design is meant to address.
Data Dump to delete
- Name: Dr Claudia Diaz
- Affiliation: Katholieke Universiteit Leuven
- URL: http://homes.esat.kuleuven.be/~cdiaz/
- Bio: Claudia Diaz received her master degree in Telecommunications Engineering at the University of Vigo (Spain), and her Ph.D. in engineering at the Katholieke Universiteit Leuven (Belgium). She is currently an assistant professor at the K.U.Leuven group COSIC (Computer Security and Industrial Cryptography). Her research is broadly focused on the topic of Privacy Enhancing Technologies, where she has more than thirty international peer-reviewed publications on topics including anonymous communications, anonymity metrics, steganographic file systems, traffic analysis and privacy by design. She is a member of the advisory board of the Privacy Enhancing Technologies Symposium (PETS) and the scientific committee of CPDP. She has organized several workshops including the 8th Privacy Enhancing Technologies Symposium (PETS), served as program chair of the 16th European Symposium on Research in Computer Security (ESORICS’11), and chair of the PET Award (Award for Outstanding Research in Privacy Enhancing Technologies) in 2011 and 2012.