Privacy Engineering

1
Privacy Engineering

• Sarah Spiekermann Lorrie Faith Cranor
• DIMACS Workshop, Rutgers University
• January 2007

2
Privacy Engineering

• Privacy Threats arising through IS activities
• User Privacy Concerns and 2 Layers of
  Responsibility for Privacy Engineers
• Privacy by Policy vs. Privacy by
  Architecture
• Designing Privacy by Architecture
• Client centricity
• Identifiability
• Forms of Trust created through Fair Information
  Practices
• Implementing Fair Information Practices
• Recognizing Responsibility for Data Sharing
  Networks

3
User Privacy Concerns and 2 Layers of
Responsibility for Privacy Engineers
4
Fair Information Practices are the typical
short-cut approach to privacy engineering.

• (1) Notice Data collectors should provide
  consumers with clear and conspicuous notice of
  their information practices, including what
  information they collect, how they collect it
  (e.g., directly or through non-obvious means such
  as cookies), how they use it, how they provide
  Choice, Access, and Security to consumers,
  whether they disclose the information collected
  to other entities, and whether other 3rd entities
  besides themselves are collecting information
  about consumers as part of the service.
• (2) Choice Data collectors should offer
  consumers choices as to how their personal
  identifying information is used beyond the use
  for which the information was provided (e.g., to
  consummate a transaction). Such choice would
  encompass both internal secondary uses (such as
  marketing back to consumers) and external
  secondary uses (such as disclosing data to other
  entities).
• (3) Access Data collectors should offer
  consumers reasonable access to the information
  which is collected about them, including a
  reasonable opportunity to review information and
  to correct inaccuracies or delete information.
• (4) Security Data collectors should take
  reasonable steps to protect the security of the
  information they collect from consumers.

5
Fair Information Practices are the typical
short-cut approach to privacy engineering.
6
Privacy by Policy vs. Privacy by Architecture
7
Designing Privacy by Architecture Client
Centricity
Network Centricity
Client Centricity
services
services
requests
Client
Network
Client
requests
8
Designing Privacy by Architecture Identifiability
9
Fair Information Practices create
Knowledge-based Trust

• Knowledge-based Trust the more someone knows
  about somebody else, the more behavior becomes
  predictable and understandable
• Structural Assurance safety nets, legal
  recourse, guarantees
• Calculative Trust rational assessment of the
  other partys benefits and costs of cheating

• Fair Information Practices
• Privacy Policies Agents (i.e. Privacy Bird)
• Privacy Seals (i.e. TRUSTe)

10
Implementing Fair Information Practices
Information About What?
11
Recognizing Responsibility for Data Sharing
Networks (I)
data sharingalways exists
data sharingcould exist
12
Recognizing Responsibility for Data Sharing
Networks (II)
Party X should inform about party Y
Y
X
?
?
?
?
?
?
?
(?)
?
?
13
Thank you for your attention!For more
information, please contact the authorsSarah
Spiekermann, Humboldt University Berlin
sspiek_at_wiwi.hu-berlin.deLorrie Faith Cranor,
Carnegie Mellon University lorrie_at_cs.cmu.edu